From fb645d7968246b10b74bb22e01fddc77d2877c8a Mon Sep 17 00:00:00 2001 From: mike Date: Mon, 28 Jul 2025 06:14:49 +0000 Subject: [PATCH] Update setup-auto-updates.sh --- setup-auto-updates.sh | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/setup-auto-updates.sh b/setup-auto-updates.sh index 46c6970..0ec8090 100644 --- a/setup-auto-updates.sh +++ b/setup-auto-updates.sh @@ -8,7 +8,7 @@ # - Clears legacy Allowed-Origins to avoid fragile legacy parser # - Enables APT Periodic + systemd timers (when present) # - Dry-run validation that won’t abort the run if APT is busy -# - Interactive choice: ALL updates or SECURITY-only updates +# - Interactive choice: FULL updates or SECURITY-only updates # # Re-run safe: overwrites 50unattended-upgrades and 20auto-upgrades. @@ -16,7 +16,7 @@ set -Eeuo pipefail trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR REBOOT_TIME="${REBOOT_TIME:-04:00}" -UPDATE_SCOPE="${UPDATE_SCOPE:-}" # optional env override: "all" or "security" +UPDATE_SCOPE="${UPDATE_SCOPE:-}" # optional env override: "all" (or "full") / "security" OS="" require_root() { @@ -57,7 +57,7 @@ prompt_update_scope() { # Honor env override first (supports: all, full, security) if [[ -n "${UPDATE_SCOPE:-}" ]]; then case "${UPDATE_SCOPE,,}" in - all|full) UPDATE_SCOPE="all"; echo "[INFO] Update scope (from env): ALL"; return 0 ;; + all|full) UPDATE_SCOPE="all"; echo "[INFO] Update scope (from env): ALL"; return 0 ;; security) UPDATE_SCOPE="security"; echo "[INFO] Update scope (from env): SECURITY-only"; return 0 ;; *) echo "[ERROR] UPDATE_SCOPE must be 'all' (or 'full') or 'security'."; exit 1 ;; esac @@ -88,7 +88,6 @@ prompt_update_scope() { done } - apt_refresh_and_install() { wait_for_apt || true echo "[INFO] Updating APT cache…" @@ -133,7 +132,7 @@ EOF printf ' "origin=${distro_id},codename=${distro_codename}-security";\n' fi - # Ubuntu ESM pockets (only meaningful on Ubuntu; harmless otherwise—will be removed later on non-Ubuntu) + # Ubuntu ESM pockets (only meaningful on Ubuntu; harmless otherwise—removed later on non-Ubuntu) printf ' "origin=UbuntuESM,archive=${distro_codename}-infra-security";\n' printf ' "origin=UbuntuESMApps,archive=${distro_codename}-apps-security";\n' @@ -185,7 +184,9 @@ validate_with_dryrun() { echo "[WARN] Dry run timed out or failed; see $log" return 1 fi + # Show summary line grep -E "Allowed origins are" "$log" | head -n1 || true + # Catch real parser errors if grep -qiE "Unable to parse|ValueError|AttributeError|ImportError" "$log"; then echo "[ERROR] Parsing error detected; see $log" return 1 @@ -206,6 +207,25 @@ show_status() { fi } +prompt_self_delete() { + # Only prompt on an interactive TTY + if [[ -t 0 ]]; then + echo + read -r -p "Script successful. Do you wish to delete this script? [y/N] " reply + case "$reply" in + [yY]|[yY][eE][sS]) + echo "[INFO] Removing script: $0" + rm -- "$0" 2>/dev/null || echo "[WARN] Could not delete $0 (permission or filesystem issue)." + ;; + *) + echo "[INFO] Keeping script: $0" + ;; + esac + else + echo "[INFO] Non-interactive session; skipping delete prompt." + fi +} + main() { echo "[INFO] Unattended-upgrades configurator (Debian/Ubuntu)" require_root @@ -227,6 +247,9 @@ main() { show_status echo echo "[OK] Unattended updates configured (%s updates); reboot at %s if needed." "$UPDATE_SCOPE" "$REBOOT_TIME" + + # Offer to remove the script itself + prompt_self_delete } main "$@"