mike/apt-autoupdate-install
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update readme.md

Browse Source
This commit is contained in:
mike
2025-07-28 06:04:29 +00:00
parent d07a25d742
commit f953c55aa0
1 changed files with 46 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
readme.md
View File

@@ -1,110 +1,73 @@
# setup-auto-updates.sh # setup-auto-updates.sh
A cross-compatible shell script for enabling unattended automatic updates on Debian and Ubuntu systems. **Universal unattended-upgrades configurator for Debian and Ubuntu systems**
Designed for clean, predictable configuration using modern `Origins-Pattern` syntax.
Includes dry-run validation and systemd timer setup when supported.
--- This script configures automatic system updates using `unattended-upgrades`, offering full control over update scope, reboot behavior, and compatibility with both classic and deb822-style APT sources.
**Version:** 2025-07-28
**License:** MIT
---
## Features ## Features
- Detects Debian or Ubuntu and applies best-practice configuration - **Supports Debian (Bookworm/Trixie+) and Ubuntu (Noble+)**
- Configures `unattended-upgrades` to install regular and security updates automatically - **Interactive prompt to choose:**
- Clears legacy `Allowed-Origins` and uses clean `Origins-Pattern` format - Full updates (standard + security + updates)
- Supports both traditional and deb822-style APT sources - Security-only updates
- Enables systemd timers (`apt-daily.timer` and `apt-daily-upgrade.timer`) when available - **Safe for systems using deb822 sources**
- Configures daily update checks, weekly autoclean, and auto-reboot at 4:00 AM if needed - **Smart reboot behavior** (`04:00` by default)
- Includes a dry-run validation with basic error detection - **Clears fragile legacy config entries**
- Prompts to delete the script after successful execution - **Systemd timer activation**
-**Dry-run validation to verify settings**
## Compatibility -**Re-run safe** — overwrites 50unattended-upgrades and 20auto-upgrades
- **Debian**: Bookworm, Trixie, and newer
- **Ubuntu**: Noble (24.04 LTS) and newer
- Should be safe on any modern system with `unattended-upgrades` and `apt`
## What It Does
- Installs `unattended-upgrades` if missing
- Writes a new `/etc/apt/apt.conf.d/50unattended-upgrades` using a robust and portable structure
- Enables APT periodic updates via `/etc/apt/apt.conf.d/20auto-upgrades`
- Enables systemd timers if `systemctl` is available
- Does **not** run any updates itself or reboot your system directly
## Kernel Update Policy
By default, this script **permits installation of updated kernels** if they match the configured origins (e.g., `-updates`, `-security`).
If you prefer to exclude kernel packages from automatic updates, add the following to `/etc/apt/apt.conf.d/50unattended-upgrades`:
```conf
Unattended-Upgrade::Package-Blacklist {
"linux-image";
"linux-headers";
};
```
## Example Output
```sh
[INFO] Unattended-upgrades configurator (Debian/Ubuntu)
[INFO] Detected OS: Debian GNU/Linux 12 (bookworm)
[INFO] Updating APT cache…
[INFO] Installing unattended-upgrades…
[INFO] Validating unattended-upgrades with a dry run…
Allowed origins are: origin=Debian,archive=bookworm, origin=Debian,archive=bookworm-updates, ...
[INFO] Timers:
Mon 2025-07-28 06:40:14 MDT ... apt-daily-upgrade.timer
Mon 2025-07-28 10:51:12 MDT ... apt-daily.timer
[OK] Unattended updates configured. Regular + security updates will apply automatically; reboot at 04:00 if needed.
```
## Usage ## Usage
Download and run:
```bash ```bash
wget https://example.com/setup-auto-updates.sh
chmod +x setup-auto-updates.sh
sudo ./setup-auto-updates.sh sudo ./setup-auto-updates.sh
``` ```
- Must be run as root You will be prompted:
- Prompts to delete itself after successful configuration if run interactively
## Customization ```
Configure automatic updates for:
[1] Full updates (recommended)
[2] Security updates only
Select [1/2]:
```
- **Reboot Time:** ### Non-interactive usage
```bash
sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh
```
- **Exclude Third-Party Updates:**
Use `/etc/apt/apt.conf.d/60unattended-thirdparty` to add `site=...` patterns.
## Systemd Timers Enabled Set the `UPDATE_SCOPE` environment variable before running:
- `apt-daily.timer` Regular APT metadata refresh ```bash
- `apt-daily-upgrade.timer` Executes `unattended-upgrades` daily sudo UPDATE_SCOPE=security ./setup-auto-updates.sh
```
## Self-Delete Behavior Valid values: `full` (default) or `security`.
At the end of the script, youll be asked: ### Reboot time
> Script successful. Do you wish to delete this script? You may override the default automatic reboot time by setting:
This helps keep your directory tidy after one-time provisioning. ```bash
REBOOT_TIME=02:30 ./setup-auto-updates.sh
```
## What it Does
- Installs and configures `unattended-upgrades`
- Sets `APT::Periodic` options
- Writes `/etc/apt/apt.conf.d/50unattended-upgrades` with `Origins-Pattern`
- Enables systemd timers (if available)
- Runs a dry-run check to validate behavior
- Prompts to delete the script after successful configuration
## Limitations ## Limitations
- Does not configure granular package pinning or holds - This script **does not configure third-party repositories** for auto updates.
- Does not auto-install non-origin packages (e.g., third-party repos) unless explicitly configured - Kernel packages will be updated if they are included in the chosen update scope (e.g. under `-updates` or `-security`).
- Power-check skipped (optional `powermgmt-base` not installed)
- Not compatible with non-Debian-based distributions (e.g., Fedora, Arch)
## License ## License
MIT License use freely, modify as needed, no warranties. MIT License
---
Created and maintained by a privacy-conscious, security-oriented Linux sysadmin.