mike/apt-autoupdate-install
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c4c9e314d3098ee3f2759cdac28fe1b059067a82
apt-autoupdate-install/readme.md
mike c4c9e314d3 Add readme.md
2025-07-28 05:51:47 +00:00

3.4 KiB
Raw Blame History

setup-auto-updates.sh

A cross-compatible shell script for enabling unattended automatic updates on Debian and Ubuntu systems.
Designed for clean, predictable configuration using modern Origins-Pattern syntax.
Includes dry-run validation and systemd timer setup when supported.

Version: 2025-07-28
License: MIT

Features

  • Detects Debian or Ubuntu and applies best-practice configuration
  • Configures unattended-upgrades to install regular and security updates automatically
  • Clears legacy Allowed-Origins and uses clean Origins-Pattern format
  • Supports both traditional and deb822-style APT sources
  • Enables systemd timers (apt-daily.timer and apt-daily-upgrade.timer) when available
  • Configures daily update checks, weekly autoclean, and auto-reboot at 4:00 AM if needed
  • Includes a dry-run validation with basic error detection
  • Prompts to delete the script after successful execution

Compatibility

  • Debian: Bookworm, Trixie, and newer
  • Ubuntu: Noble (24.04 LTS) and newer
  • Should be safe on any modern system with unattended-upgrades and apt

What It Does

  • Installs unattended-upgrades if missing
  • Writes a new /etc/apt/apt.conf.d/50unattended-upgrades using a robust and portable structure
  • Enables APT periodic updates via /etc/apt/apt.conf.d/20auto-upgrades
  • Enables systemd timers if systemctl is available
  • Does not run any updates itself or reboot your system directly

Example Output

[INFO] Unattended-upgrades configurator (Debian/Ubuntu)
[INFO] Detected OS: Debian GNU/Linux 12 (bookworm)
[INFO] Updating APT cache…
[INFO] Installing unattended-upgrades…
[INFO] Validating unattended-upgrades with a dry run…
Allowed origins are: origin=Debian,archive=bookworm, origin=Debian,archive=bookworm-updates, ...
[INFO] Timers:
Mon 2025-07-28 06:40:14 MDT ... apt-daily-upgrade.timer
Mon 2025-07-28 10:51:12 MDT ... apt-daily.timer
[OK] Unattended updates configured. Regular + security updates will apply automatically; reboot at 04:00 if needed.

Usage

sudo ./setup-auto-updates.sh
  • Must be run as root
  • Prompts to delete itself after successful configuration if run interactively

Customization

To change the default reboot time:

sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh

To run without dry-run validation (not recommended), you can comment out or modify the validate_with_dryrun() function.

Notes

  • If APT is locked by another process, the script waits up to 3 minutes before proceeding
  • Dry-run validation logs are saved to /tmp/unattended-upgrades-dryrun.*
  • The script confirms presence of systemctl before enabling timers
  • Automatically overwrites existing configuration files with no backup:
    • /etc/apt/apt.conf.d/50unattended-upgrades
    • /etc/apt/apt.conf.d/20auto-upgrades

Self-Delete Behavior

At the end of the script, a prompt asks if you'd like to remove the .sh file that was just executed.
This helps keep systems tidy after one-time provisioning.

Limitations

  • Does not configure granular package exclusions or holds
  • Will not trigger updates or reboots itself; configuration only
  • Does not install powermgmt-base, so power-check warnings may appear on laptops
  • Not compatible with non-Debian distributions (e.g., Fedora, Arch)

License

MIT License use freely, modify as needed, no warranties.

Created and maintained by a privacy-conscious, security-oriented Linux sysadmin.