From 821eb53673e04ddf410723de2d3b851f5b7aeaf7 Mon Sep 17 00:00:00 2001
From: mike <mike@noninjas.com>
Date: Mon, 28 Jul 2025 05:43:17 +0000
Subject: [PATCH] Update setup-auto-updates.sh

---
 setup-auto-updates.sh | 47 ++++++++++++++++---------------------------
 1 file changed, 17 insertions(+), 30 deletions(-)

diff --git a/setup-auto-updates.sh b/setup-auto-updates.sh
index c4da51d..2f55683 100644
--- a/setup-auto-updates.sh
+++ b/setup-auto-updates.sh
@@ -120,50 +120,23 @@ enable_timers_if_systemd() {
   fi
 }
 
-wait_for_apt_units() {
-  # Wait for apt-daily/apt-daily-upgrade units to finish (up to ~120s)
-  if command -v systemctl >/dev/null 2>&1; then
-    local units=(apt-daily.service apt-daily-upgrade.service)
-    for i in {1..60}; do
-      local busy=0
-      for u in "${units[@]}"; do
-        systemctl is-active --quiet "$u" && { busy=1; break; }
-      done
-      (( busy == 0 )) && return 0
-      (( i % 10 == 0 )) && echo "[INFO] apt units busy…waiting $((i*2))s"
-      sleep 2
-    done
-    echo "[WARN] apt units still busy after ~120s; continuing anyway."
-  fi
-}
-
 validate_with_dryrun() {
   wait_for_apt || true
-  wait_for_apt_units || true
   echo "[INFO] Validating unattended-upgrades with a dry run…"
   local log="/tmp/unattended-upgrades-dryrun.$$"
-
-  # Temporarily disable ERR trap so a non-zero here doesn't print "[ERROR] Line …"
-  trap - ERR
-  set +e
-  timeout 240 unattended-upgrades --dry-run --debug >"$log" 2>&1
-  local rc=$?
-  set -e
-  trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR
-
-  if (( rc != 0 )); then
+  if ! timeout 180 unattended-upgrades --dry-run --debug >"$log" 2>&1; then
     echo "[WARN] Dry run timed out or failed; see $log"
     return 1
   fi
-
+  # Show the header line so you can see what matched
   grep -E "Allowed origins are" "$log" | head -n1 || true
+  # Catch real parser errors
   if grep -qiE "Unable to parse|ValueError|AttributeError|ImportError" "$log"; then
     echo "[ERROR] Parsing error detected; see $log"
     return 1
   fi
 }
 
-
 show_status() {
   echo
   echo "[INFO] Config files:"
@@ -184,8 +157,22 @@ main() {
   apt_refresh_and_install
   write_50unattended
   write_20auto
+
+  # If detect_os didn't export OS, derive it so we can gate ESM cleanup.
+  if [[ -z "${OS:-}" ]] && [[ -r /etc/os-release ]]; then
+    # shellcheck disable=SC1091
+    . /etc/os-release
+    OS="${ID,,}"
+  fi
+
+  # Drop Ubuntu ESM patterns on non-Ubuntu systems (cosmetic; harmless if kept).
+  if [[ "${OS:-}" != "ubuntu" ]]; then
+    sed -i '/UbuntuESM/d' /etc/apt/apt.conf.d/50unattended-upgrades
+  fi
+
   enable_timers_if_systemd
 
+  # Non-fatal validation (avoid aborting the run if APT is busy).
   set +e
   validate_with_dryrun
   vr=$?