mike/apt-autoupdate-install
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d07a25d742172c2578dcc23beac93774777c18e5
apt-autoupdate-install/readme.md
mike d4cc091872 Update readme.md
2025-07-28 05:55:28 +00:00

110 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# setup-auto-updates.sh
A cross-compatible shell script for enabling unattended automatic updates on Debian and Ubuntu systems.
Designed for clean, predictable configuration using modern `Origins-Pattern` syntax.
Includes dry-run validation and systemd timer setup when supported.
---
**Version:** 2025-07-28
**License:** MIT
---
## Features
- Detects Debian or Ubuntu and applies best-practice configuration
- Configures `unattended-upgrades` to install regular and security updates automatically
- Clears legacy `Allowed-Origins` and uses clean `Origins-Pattern` format
- Supports both traditional and deb822-style APT sources
- Enables systemd timers (`apt-daily.timer` and `apt-daily-upgrade.timer`) when available
- Configures daily update checks, weekly autoclean, and auto-reboot at 4:00 AM if needed
- Includes a dry-run validation with basic error detection
- Prompts to delete the script after successful execution
## Compatibility
- **Debian**: Bookworm, Trixie, and newer
- **Ubuntu**: Noble (24.04 LTS) and newer
- Should be safe on any modern system with `unattended-upgrades` and `apt`
## What It Does
- Installs `unattended-upgrades` if missing
- Writes a new `/etc/apt/apt.conf.d/50unattended-upgrades` using a robust and portable structure
- Enables APT periodic updates via `/etc/apt/apt.conf.d/20auto-upgrades`
- Enables systemd timers if `systemctl` is available
- Does **not** run any updates itself or reboot your system directly
## Kernel Update Policy
By default, this script **permits installation of updated kernels** if they match the configured origins (e.g., `-updates`, `-security`).
If you prefer to exclude kernel packages from automatic updates, add the following to `/etc/apt/apt.conf.d/50unattended-upgrades`:
```conf
Unattended-Upgrade::Package-Blacklist {
"linux-image";
"linux-headers";
};
```
## Example Output
```sh
[INFO] Unattended-upgrades configurator (Debian/Ubuntu)
[INFO] Detected OS: Debian GNU/Linux 12 (bookworm)
[INFO] Updating APT cache…
[INFO] Installing unattended-upgrades…
[INFO] Validating unattended-upgrades with a dry run…
Allowed origins are: origin=Debian,archive=bookworm, origin=Debian,archive=bookworm-updates, ...
[INFO] Timers:
Mon 2025-07-28 06:40:14 MDT ... apt-daily-upgrade.timer
Mon 2025-07-28 10:51:12 MDT ... apt-daily.timer
[OK] Unattended updates configured. Regular + security updates will apply automatically; reboot at 04:00 if needed.
```
## Usage
```bash
sudo ./setup-auto-updates.sh
```
- Must be run as root
- Prompts to delete itself after successful configuration if run interactively
## Customization
- **Reboot Time:**
```bash
sudo REBOOT_TIME="03:30" ./setup-auto-updates.sh
```
- **Exclude Third-Party Updates:**
Use `/etc/apt/apt.conf.d/60unattended-thirdparty` to add `site=...` patterns.
## Systemd Timers Enabled
- `apt-daily.timer` Regular APT metadata refresh
- `apt-daily-upgrade.timer` Executes `unattended-upgrades` daily
## Self-Delete Behavior
At the end of the script, youll be asked:
> Script successful. Do you wish to delete this script?
This helps keep your directory tidy after one-time provisioning.
## Limitations
- Does not configure granular package pinning or holds
- Does not auto-install non-origin packages (e.g., third-party repos) unless explicitly configured
- Power-check skipped (optional `powermgmt-base` not installed)
- Not compatible with non-Debian-based distributions (e.g., Fedora, Arch)
## License
MIT License use freely, modify as needed, no warranties.
---
Created and maintained by a privacy-conscious, security-oriented Linux sysadmin.
Reference in New Issue View Git Blame Copy Permalink