mike/apt-autoupdate-install
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update setup-auto-updates.sh

Browse Source
This commit is contained in:
mike
2025-07-28 06:14:49 +00:00
parent 08d5800e47
commit fb645d7968
1 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
setup-auto-updates.sh
View File

@@ -8,7 +8,7 @@
# - Clears legacy Allowed-Origins to avoid fragile legacy parser # - Clears legacy Allowed-Origins to avoid fragile legacy parser
# - Enables APT Periodic + systemd timers (when present) # - Enables APT Periodic + systemd timers (when present)
# - Dry-run validation that wont abort the run if APT is busy # - Dry-run validation that wont abort the run if APT is busy
# - Interactive choice: ALL updates or SECURITY-only updates # - Interactive choice: FULL updates or SECURITY-only updates
# #
# Re-run safe: overwrites 50unattended-upgrades and 20auto-upgrades. # Re-run safe: overwrites 50unattended-upgrades and 20auto-upgrades.
@@ -16,7 +16,7 @@ set -Eeuo pipefail
trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR
REBOOT_TIME="${REBOOT_TIME:-04:00}" REBOOT_TIME="${REBOOT_TIME:-04:00}"
UPDATE_SCOPE="${UPDATE_SCOPE:-}" # optional env override: "all" or "security" UPDATE_SCOPE="${UPDATE_SCOPE:-}" # optional env override: "all" (or "full") / "security"
OS="" OS=""
require_root() { require_root() {
@@ -88,7 +88,6 @@ prompt_update_scope() {
done done
} }
apt_refresh_and_install() { apt_refresh_and_install() {
wait_for_apt || true wait_for_apt || true
echo "[INFO] Updating APT cache…" echo "[INFO] Updating APT cache…"
@@ -133,7 +132,7 @@ EOF
printf ' "origin=${distro_id},codename=${distro_codename}-security";\n' printf ' "origin=${distro_id},codename=${distro_codename}-security";\n'
fi fi
# Ubuntu ESM pockets (only meaningful on Ubuntu; harmless otherwise—will be removed later on non-Ubuntu) # Ubuntu ESM pockets (only meaningful on Ubuntu; harmless otherwise—removed later on non-Ubuntu)
printf ' "origin=UbuntuESM,archive=${distro_codename}-infra-security";\n' printf ' "origin=UbuntuESM,archive=${distro_codename}-infra-security";\n'
printf ' "origin=UbuntuESMApps,archive=${distro_codename}-apps-security";\n' printf ' "origin=UbuntuESMApps,archive=${distro_codename}-apps-security";\n'
@@ -185,7 +184,9 @@ validate_with_dryrun() {
echo "[WARN] Dry run timed out or failed; see $log" echo "[WARN] Dry run timed out or failed; see $log"
return 1 return 1
fi fi
# Show summary line
grep -E "Allowed origins are" "$log" | head -n1 || true grep -E "Allowed origins are" "$log" | head -n1 || true
# Catch real parser errors
if grep -qiE "Unable to parse|ValueError|AttributeError|ImportError" "$log"; then if grep -qiE "Unable to parse|ValueError|AttributeError|ImportError" "$log"; then
echo "[ERROR] Parsing error detected; see $log" echo "[ERROR] Parsing error detected; see $log"
return 1 return 1
@@ -206,6 +207,25 @@ show_status() {
fi fi
} }
prompt_self_delete() {
# Only prompt on an interactive TTY
if [[ -t 0 ]]; then
echo
read -r -p "Script successful. Do you wish to delete this script? [y/N] " reply
case "$reply" in
[yY]|[yY][eE][sS])
echo "[INFO] Removing script: $0"
rm -- "$0" 2>/dev/null || echo "[WARN] Could not delete $0 (permission or filesystem issue)."
;;
*)
echo "[INFO] Keeping script: $0"
;;
esac
else
echo "[INFO] Non-interactive session; skipping delete prompt."
fi
}
main() { main() {
echo "[INFO] Unattended-upgrades configurator (Debian/Ubuntu)" echo "[INFO] Unattended-upgrades configurator (Debian/Ubuntu)"
require_root require_root
@@ -227,6 +247,9 @@ main() {
show_status show_status
echo echo
echo "[OK] Unattended updates configured (%s updates); reboot at %s if needed." "$UPDATE_SCOPE" "$REBOOT_TIME" echo "[OK] Unattended updates configured (%s updates); reboot at %s if needed." "$UPDATE_SCOPE" "$REBOOT_TIME"
# Offer to remove the script itself
prompt_self_delete
} }
main "$@" main "$@"