Update readme.md
This commit is contained in:
46
readme.md
46
readme.md
@@ -36,9 +36,21 @@ Includes dry-run validation and systemd timer setup when supported.
|
||||
- Enables systemd timers if `systemctl` is available
|
||||
- Does **not** run any updates itself or reboot your system directly
|
||||
|
||||
## Kernel Update Policy
|
||||
|
||||
By default, this script **permits installation of updated kernels** if they match the configured origins (e.g., `-updates`, `-security`).
|
||||
If you prefer to exclude kernel packages from automatic updates, add the following to `/etc/apt/apt.conf.d/50unattended-upgrades`:
|
||||
|
||||
```conf
|
||||
Unattended-Upgrade::Package-Blacklist {
|
||||
"linux-image";
|
||||
"linux-headers";
|
||||
};
|
||||
```
|
||||
|
||||
## Example Output
|
||||
|
||||
```
|
||||
```sh
|
||||
[INFO] Unattended-upgrades configurator (Debian/Ubuntu)
|
||||
[INFO] Detected OS: Debian GNU/Linux 12 (bookworm)
|
||||
[INFO] Updating APT cache…
|
||||
@@ -62,34 +74,32 @@ sudo ./setup-auto-updates.sh
|
||||
|
||||
## Customization
|
||||
|
||||
To change the default reboot time:
|
||||
|
||||
- **Reboot Time:**
|
||||
```bash
|
||||
sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh
|
||||
```
|
||||
- **Exclude Third-Party Updates:**
|
||||
Use `/etc/apt/apt.conf.d/60unattended-thirdparty` to add `site=...` patterns.
|
||||
|
||||
To run without dry-run validation (not recommended), you can comment out or modify the `validate_with_dryrun()` function.
|
||||
## Systemd Timers Enabled
|
||||
|
||||
## Notes
|
||||
|
||||
- If APT is locked by another process, the script waits up to 3 minutes before proceeding
|
||||
- Dry-run validation logs are saved to `/tmp/unattended-upgrades-dryrun.*`
|
||||
- The script confirms presence of `systemctl` before enabling timers
|
||||
- Automatically overwrites existing configuration files with no backup:
|
||||
- `/etc/apt/apt.conf.d/50unattended-upgrades`
|
||||
- `/etc/apt/apt.conf.d/20auto-upgrades`
|
||||
- `apt-daily.timer` – Regular APT metadata refresh
|
||||
- `apt-daily-upgrade.timer` – Executes `unattended-upgrades` daily
|
||||
|
||||
## Self-Delete Behavior
|
||||
|
||||
At the end of the script, a prompt asks if you'd like to remove the `.sh` file that was just executed.
|
||||
This helps keep systems tidy after one-time provisioning.
|
||||
At the end of the script, you’ll be asked:
|
||||
|
||||
> Script successful. Do you wish to delete this script?
|
||||
|
||||
This helps keep your directory tidy after one-time provisioning.
|
||||
|
||||
## Limitations
|
||||
|
||||
- Does not configure granular package exclusions or holds
|
||||
- Will not trigger updates or reboots itself; configuration only
|
||||
- Does not install `powermgmt-base`, so power-check warnings may appear on laptops
|
||||
- Not compatible with non-Debian distributions (e.g., Fedora, Arch)
|
||||
- Does not configure granular package pinning or holds
|
||||
- Does not auto-install non-origin packages (e.g., third-party repos) unless explicitly configured
|
||||
- Power-check skipped (optional `powermgmt-base` not installed)
|
||||
- Not compatible with non-Debian-based distributions (e.g., Fedora, Arch)
|
||||
|
||||
## License
|
||||
|
||||
|
||||
Reference in New Issue
Block a user