#!/usr/bin/env bash #apt install -y unattended-upgrades apt-listchanges # /etc/apt/apt.conf.d/50unattended-upgrades CONF_DIR=/etc/apt/apt.conf.d #CONF_DIR=/tmp # send report email sed -i 's|^//Unattended-Upgrade::Mail "root@localhost";|Unattended-Upgrade::Mail "root@localhost";|' ${CONF_DIR}/50unattended-upgrades # email only on errors #sed -i 's|^//Unattended-Upgrade::MailOnlyOnError "true";|Unattended-Upgrade::MailOnlyOnError "true";|' ${CONF_DIR}/50unattended-upgrades # autoremove unused deps sed -i 's|^//Unattended-Upgrade::Remove-Unused-Dependencies "false";|Unattended-Upgrade::Remove-Unused-Dependencies "true";|' ${CONF_DIR}/50unattended-upgrades # reboot without confirmation if the file /var/run/reboot-required is present sed -i 's|^//Unattended-Upgrade::Automatic-Reboot "false";|Unattended-Upgrade::Automatic-Reboot "false";|' ${CONF_DIR}/50unattended-upgrades #sed -i '|^Unattended-Upgrade::Automatic-Reboot "true";| s|.*|&\nUnattended-Upgrade::Automatic-Reboot-Time "00:00";|' ${CONF_DIR}/50unattended-upgrades # limit bandwidth for apt sed -i 's|^//Acquire::http::Dl-Limit "70";|Acquire::http::Dl-Limit "70";|' ${CONF_DIR}/50unattended-upgrades # stop upgrades on battery power sed -i 's|^Unattended-Upgrade::OnlyOnACPower "false";|Unattended-Upgrade::OnlyOnACPower "false";|' ${CONF_DIR}/50unattended-upgrades # Only upgrade on unmetered connection sed -i 's|^Unattended-Upgrade::Skip-Updates-On-Metered-Connections "false";|Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";|' ${CONF_DIR}/50unattended-upgrades ## Automatically upgrade packages from these (origin, archive) pairs # Unattended-Upgrade::Allowed-Origins # "Ubuntu lucid-security"; #}; ## List of packages to not update #Unattended-Upgrade::Package-Blacklist { #// "vim"; #// "libc6"; #// "libc6-dev"; #// "libc6-i686"; # "ant-doc"; #}; cat > ${CONF_DIR}/99unattended-upgrades <<'EOF' clear Unattended-Upgrade::Allowed-Origins; // Only allow security origin Unattended-Upgrade::Allowed-Origins { // "${distro_id}:${distro_codename}"; "${distro_id}:${distro_codename}-security"; }; clear Unattended-Upgrade::Package-Blacklist; Unattended-Upgrade::Package-Blacklist { "linux-headers*"; "linux-image*"; "linux-generic*"; "linux-modules*"; "spl-dkms"; "zfs-dkms" }; EOF ## Enable ## ${CONF_DIR}/20auto-upgrades # APT::Periodic::Update-Package-Lists "1"; # APT::Periodic::Unattended-Upgrade "1"; ## create this file with only the two lines above using the following: # echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections # dpkg-reconfigure -f noninteractive unattended-upgrades cat > ${CONF_DIR}/20auto-upgrades <<'EOF' APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "3"; EOF ## Disable ## ${CONF_DIR}/20auto-upgrades-disabled # APT::Periodic::Update-Package-Lists "0"; # APT::Periodic::Unattended-Upgrade "0"; ## create this file with only the two lines above using the following: # echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean false | debconf-set-selections # dpkg-reconfigure -f noninteractive unattended-upgrades # Test configuration with: unattended-upgrades -d