90 lines
3.2 KiB
Bash
Executable File
90 lines
3.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#apt install -y unattended-upgrades apt-listchanges
|
|
|
|
# /etc/apt/apt.conf.d/50unattended-upgrades
|
|
CONF_DIR=/etc/apt/apt.conf.d
|
|
#CONF_DIR=/tmp
|
|
|
|
# send report email
|
|
sed -i 's|^//Unattended-Upgrade::Mail "root@localhost";|Unattended-Upgrade::Mail "root@localhost";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
# email only on errors
|
|
#sed -i 's|^//Unattended-Upgrade::MailOnlyOnError "true";|Unattended-Upgrade::MailOnlyOnError "true";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
# autoremove unused deps
|
|
sed -i 's|^//Unattended-Upgrade::Remove-Unused-Dependencies "false";|Unattended-Upgrade::Remove-Unused-Dependencies "true";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
# reboot without confirmation if the file /var/run/reboot-required is present
|
|
sed -i 's|^//Unattended-Upgrade::Automatic-Reboot "false";|Unattended-Upgrade::Automatic-Reboot "false";|' ${CONF_DIR}/50unattended-upgrades
|
|
#sed -i '|^Unattended-Upgrade::Automatic-Reboot "true";| s|.*|&\nUnattended-Upgrade::Automatic-Reboot-Time "00:00";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
# limit bandwidth for apt
|
|
sed -i 's|^//Acquire::http::Dl-Limit "70";|Acquire::http::Dl-Limit "70";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
# stop upgrades on battery power
|
|
sed -i 's|^Unattended-Upgrade::OnlyOnACPower "false";|Unattended-Upgrade::OnlyOnACPower "false";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
# Only upgrade on unmetered connection
|
|
sed -i 's|^Unattended-Upgrade::Skip-Updates-On-Metered-Connections "false";|Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";|' ${CONF_DIR}/50unattended-upgrades
|
|
|
|
## Automatically upgrade packages from these (origin, archive) pairs
|
|
# Unattended-Upgrade::Allowed-Origins
|
|
# "Ubuntu lucid-security";
|
|
#};
|
|
|
|
## List of packages to not update
|
|
#Unattended-Upgrade::Package-Blacklist {
|
|
#// "vim";
|
|
#// "libc6";
|
|
#// "libc6-dev";
|
|
#// "libc6-i686";
|
|
# "ant-doc";
|
|
#};
|
|
|
|
cat > ${CONF_DIR}/99unattended-upgrades <<'EOF'
|
|
clear Unattended-Upgrade::Allowed-Origins;
|
|
// Only allow security origin
|
|
Unattended-Upgrade::Allowed-Origins {
|
|
// "${distro_id}:${distro_codename}";
|
|
"${distro_id}:${distro_codename}-security";
|
|
};
|
|
|
|
clear Unattended-Upgrade::Package-Blacklist;
|
|
Unattended-Upgrade::Package-Blacklist {
|
|
"linux-headers*";
|
|
"linux-image*";
|
|
"linux-generic*";
|
|
"linux-modules*";
|
|
"spl-dkms";
|
|
"zfs-dkms"
|
|
};
|
|
EOF
|
|
|
|
## Enable
|
|
## ${CONF_DIR}/20auto-upgrades
|
|
# APT::Periodic::Update-Package-Lists "1";
|
|
# APT::Periodic::Unattended-Upgrade "1";
|
|
|
|
## create this file with only the two lines above using the following:
|
|
# echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
|
|
# dpkg-reconfigure -f noninteractive unattended-upgrades
|
|
cat > ${CONF_DIR}/20auto-upgrades <<'EOF'
|
|
APT::Periodic::Update-Package-Lists "1";
|
|
APT::Periodic::Unattended-Upgrade "1";
|
|
APT::Periodic::Download-Upgradeable-Packages "1";
|
|
APT::Periodic::AutocleanInterval "3";
|
|
EOF
|
|
|
|
## Disable
|
|
## ${CONF_DIR}/20auto-upgrades-disabled
|
|
# APT::Periodic::Update-Package-Lists "0";
|
|
# APT::Periodic::Unattended-Upgrade "0";
|
|
|
|
## create this file with only the two lines above using the following:
|
|
# echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean false | debconf-set-selections
|
|
# dpkg-reconfigure -f noninteractive unattended-upgrades
|
|
|
|
|
|
# Test configuration with:
|
|
unattended-upgrades -d
|