Update setup-auto-updates.sh

setup-auto-updates.sh

@@ -8,7 +8,7 @@
 # - Clears legacy Allowed-Origins to avoid fragile legacy parser
 # - Enables APT Periodic + systemd timers (when present)
 # - Dry-run validation that won’t abort the run if APT is busy
-# - Interactive choice: ALL updates or SECURITY-only updates
+# - Interactive choice: FULL updates or SECURITY-only updates
 #
 # Re-run safe: overwrites 50unattended-upgrades and 20auto-upgrades.
 
@@ -16,7 +16,7 @@ set -Eeuo pipefail
 trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR
 
 REBOOT_TIME="${REBOOT_TIME:-04:00}"
-UPDATE_SCOPE="${UPDATE_SCOPE:-}"   # optional env override: "all" or "security"
+UPDATE_SCOPE="${UPDATE_SCOPE:-}"     # optional env override: "all" (or "full") / "security"
 OS=""
 
 require_root() {
@@ -57,7 +57,7 @@ prompt_update_scope() {
   # Honor env override first (supports: all, full, security)
   if [[ -n "${UPDATE_SCOPE:-}" ]]; then
     case "${UPDATE_SCOPE,,}" in
-      all|full)  UPDATE_SCOPE="all";     echo "[INFO] Update scope (from env): ALL"; return 0 ;;
+      all|full)  UPDATE_SCOPE="all";      echo "[INFO] Update scope (from env): ALL"; return 0 ;;
       security)  UPDATE_SCOPE="security"; echo "[INFO] Update scope (from env): SECURITY-only"; return 0 ;;
       *) echo "[ERROR] UPDATE_SCOPE must be 'all' (or 'full') or 'security'."; exit 1 ;;
     esac
@@ -88,7 +88,6 @@ prompt_update_scope() {
   done
 }
 
-
 apt_refresh_and_install() {
   wait_for_apt || true
   echo "[INFO] Updating APT cache…"
@@ -133,7 +132,7 @@ EOF
       printf '    "origin=${distro_id},codename=${distro_codename}-security";\n'
     fi
 
-    # Ubuntu ESM pockets (only meaningful on Ubuntu; harmless otherwise—will be removed later on non-Ubuntu)
+    # Ubuntu ESM pockets (only meaningful on Ubuntu; harmless otherwise—removed later on non-Ubuntu)
     printf '    "origin=UbuntuESM,archive=${distro_codename}-infra-security";\n'
     printf '    "origin=UbuntuESMApps,archive=${distro_codename}-apps-security";\n'
 
@@ -185,7 +184,9 @@ validate_with_dryrun() {
     echo "[WARN] Dry run timed out or failed; see $log"
     return 1
   fi
+  # Show summary line
   grep -E "Allowed origins are" "$log" | head -n1 || true
+  # Catch real parser errors
   if grep -qiE "Unable to parse|ValueError|AttributeError|ImportError" "$log"; then
     echo "[ERROR] Parsing error detected; see $log"
     return 1
@@ -206,6 +207,25 @@ show_status() {
   fi
 }
 
+prompt_self_delete() {
+  # Only prompt on an interactive TTY
+  if [[ -t 0 ]]; then
+    echo
+    read -r -p "Script successful. Do you wish to delete this script? [y/N] " reply
+    case "$reply" in
+      [yY]|[yY][eE][sS])
+        echo "[INFO] Removing script: $0"
+        rm -- "$0" 2>/dev/null || echo "[WARN] Could not delete $0 (permission or filesystem issue)."
+        ;;
+      *)
+        echo "[INFO] Keeping script: $0"
+        ;;
+    esac
+  else
+    echo "[INFO] Non-interactive session; skipping delete prompt."
+  fi
+}
+
 main() {
   echo "[INFO] Unattended-upgrades configurator (Debian/Ubuntu)"
   require_root
@@ -227,6 +247,9 @@ main() {
   show_status
   echo
   echo "[OK] Unattended updates configured (%s updates); reboot at %s if needed." "$UPDATE_SCOPE" "$REBOOT_TIME"
+
+  # Offer to remove the script itself
+  prompt_self_delete
 }
 
 main "$@"