mike/apt-autoupdate-install
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c4c9e314d3098ee3f2759cdac28fe1b059067a82
apt-autoupdate-install/readme.md
mike c4c9e314d3 Add readme.md
2025-07-28 05:51:47 +00:00

100 lines
3.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# setup-auto-updates.sh
A cross-compatible shell script for enabling unattended automatic updates on Debian and Ubuntu systems.
Designed for clean, predictable configuration using modern `Origins-Pattern` syntax.
Includes dry-run validation and systemd timer setup when supported.
---
**Version:** 2025-07-28
**License:** MIT
---
## Features
- Detects Debian or Ubuntu and applies best-practice configuration
- Configures `unattended-upgrades` to install regular and security updates automatically
- Clears legacy `Allowed-Origins` and uses clean `Origins-Pattern` format
- Supports both traditional and deb822-style APT sources
- Enables systemd timers (`apt-daily.timer` and `apt-daily-upgrade.timer`) when available
- Configures daily update checks, weekly autoclean, and auto-reboot at 4:00 AM if needed
- Includes a dry-run validation with basic error detection
- Prompts to delete the script after successful execution
## Compatibility
- **Debian**: Bookworm, Trixie, and newer
- **Ubuntu**: Noble (24.04 LTS) and newer
- Should be safe on any modern system with `unattended-upgrades` and `apt`
## What It Does
- Installs `unattended-upgrades` if missing
- Writes a new `/etc/apt/apt.conf.d/50unattended-upgrades` using a robust and portable structure
- Enables APT periodic updates via `/etc/apt/apt.conf.d/20auto-upgrades`
- Enables systemd timers if `systemctl` is available
- Does **not** run any updates itself or reboot your system directly
## Example Output
```
[INFO] Unattended-upgrades configurator (Debian/Ubuntu)
[INFO] Detected OS: Debian GNU/Linux 12 (bookworm)
[INFO] Updating APT cache…
[INFO] Installing unattended-upgrades…
[INFO] Validating unattended-upgrades with a dry run…
Allowed origins are: origin=Debian,archive=bookworm, origin=Debian,archive=bookworm-updates, ...
[INFO] Timers:
Mon 2025-07-28 06:40:14 MDT ... apt-daily-upgrade.timer
Mon 2025-07-28 10:51:12 MDT ... apt-daily.timer
[OK] Unattended updates configured. Regular + security updates will apply automatically; reboot at 04:00 if needed.
```
## Usage
```bash
sudo ./setup-auto-updates.sh
```
- Must be run as root
- Prompts to delete itself after successful configuration if run interactively
## Customization
To change the default reboot time:
```bash
sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh
```
To run without dry-run validation (not recommended), you can comment out or modify the `validate_with_dryrun()` function.
## Notes
- If APT is locked by another process, the script waits up to 3 minutes before proceeding
- Dry-run validation logs are saved to `/tmp/unattended-upgrades-dryrun.*`
- The script confirms presence of `systemctl` before enabling timers
- Automatically overwrites existing configuration files with no backup:
- `/etc/apt/apt.conf.d/50unattended-upgrades`
- `/etc/apt/apt.conf.d/20auto-upgrades`
## Self-Delete Behavior
At the end of the script, a prompt asks if you'd like to remove the `.sh` file that was just executed.
This helps keep systems tidy after one-time provisioning.
## Limitations
- Does not configure granular package exclusions or holds
- Will not trigger updates or reboots itself; configuration only
- Does not install `powermgmt-base`, so power-check warnings may appear on laptops
- Not compatible with non-Debian distributions (e.g., Fedora, Arch)
## License
MIT License use freely, modify as needed, no warranties.
---
Created and maintained by a privacy-conscious, security-oriented Linux sysadmin.
Reference in New Issue View Git Blame Copy Permalink