mike/apt-autoupdate-install
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add readme.md

Browse Source
This commit is contained in:
mike
2025-07-28 05:51:47 +00:00
parent 66bc2b9002
commit c4c9e314d3
1 changed files with 100 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
readme.md Normal file
View File

@@ -0,0 +1,100 @@
# setup-auto-updates.sh
A cross-compatible shell script for enabling unattended automatic updates on Debian and Ubuntu systems.
Designed for clean, predictable configuration using modern `Origins-Pattern` syntax.
Includes dry-run validation and systemd timer setup when supported.
---
**Version:** 2025-07-28
**License:** MIT
---
## Features
- Detects Debian or Ubuntu and applies best-practice configuration
- Configures `unattended-upgrades` to install regular and security updates automatically
- Clears legacy `Allowed-Origins` and uses clean `Origins-Pattern` format
- Supports both traditional and deb822-style APT sources
- Enables systemd timers (`apt-daily.timer` and `apt-daily-upgrade.timer`) when available
- Configures daily update checks, weekly autoclean, and auto-reboot at 4:00 AM if needed
- Includes a dry-run validation with basic error detection
- Prompts to delete the script after successful execution
## Compatibility
- **Debian**: Bookworm, Trixie, and newer
- **Ubuntu**: Noble (24.04 LTS) and newer
- Should be safe on any modern system with `unattended-upgrades` and `apt`
## What It Does
- Installs `unattended-upgrades` if missing
- Writes a new `/etc/apt/apt.conf.d/50unattended-upgrades` using a robust and portable structure
- Enables APT periodic updates via `/etc/apt/apt.conf.d/20auto-upgrades`
- Enables systemd timers if `systemctl` is available
- Does **not** run any updates itself or reboot your system directly
## Example Output
```
[INFO] Unattended-upgrades configurator (Debian/Ubuntu)
[INFO] Detected OS: Debian GNU/Linux 12 (bookworm)
[INFO] Updating APT cache…
[INFO] Installing unattended-upgrades…
[INFO] Validating unattended-upgrades with a dry run…
Allowed origins are: origin=Debian,archive=bookworm, origin=Debian,archive=bookworm-updates, ...
[INFO] Timers:
Mon 2025-07-28 06:40:14 MDT ... apt-daily-upgrade.timer
Mon 2025-07-28 10:51:12 MDT ... apt-daily.timer
[OK] Unattended updates configured. Regular + security updates will apply automatically; reboot at 04:00 if needed.
```
## Usage
```bash
sudo ./setup-auto-updates.sh
```
- Must be run as root
- Prompts to delete itself after successful configuration if run interactively
## Customization
To change the default reboot time:
```bash
sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh
```
To run without dry-run validation (not recommended), you can comment out or modify the `validate_with_dryrun()` function.
## Notes
- If APT is locked by another process, the script waits up to 3 minutes before proceeding
- Dry-run validation logs are saved to `/tmp/unattended-upgrades-dryrun.*`
- The script confirms presence of `systemctl` before enabling timers
- Automatically overwrites existing configuration files with no backup:
- `/etc/apt/apt.conf.d/50unattended-upgrades`
- `/etc/apt/apt.conf.d/20auto-upgrades`
## Self-Delete Behavior
At the end of the script, a prompt asks if you'd like to remove the `.sh` file that was just executed.
This helps keep systems tidy after one-time provisioning.
## Limitations
- Does not configure granular package exclusions or holds
- Will not trigger updates or reboots itself; configuration only
- Does not install `powermgmt-base`, so power-check warnings may appear on laptops
- Not compatible with non-Debian distributions (e.g., Fedora, Arch)
## License
MIT License use freely, modify as needed, no warranties.
---
Created and maintained by a privacy-conscious, security-oriented Linux sysadmin.