Skip to content

Instantly share code, notes, and snippets.

@waja

waja/deploy_unattended-upgrades.sh

Last active November 7, 2022 15:42
Show Gist options
  • Save waja/d9e176f712ae6a6e4442486df80a13ba to your computer and use it in GitHub Desktop.
Save waja/d9e176f712ae6a6e4442486df80a13ba to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deploy_unattended-upgrades.sh
# wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/deploy_unattended-upgrades.sh -O /tmp/a && sh /tmp/a
apt-get -y install unattended-upgrades needrestart && \
cat > /etc/apt/apt.conf.d/10periodic <<EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
sed -i 's#// "o=Debian,n=jessie"# "o=Debian,n=jessie"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#// "o=Debian,n=jessie-updates"# "o=Debian,n=jessie-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//\t"${distro_id}:${distro_codename}-updates"#\t"${distro_id}:${distro_codename}-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i '/codename=..distro_codename.-updates/ s#^//# #' /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::MailReport "on-change"#Unattended-Upgrade::MailReport "on-change"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "04:00"#' /etc/apt/apt.conf.d/50unattended-upgrades
DIST=$(lsb_release -c | cut -f 2); [ "${DIST}" != "jessie" ] && sed -i "s/jessie/${DIST}/g" /etc/apt/apt.conf.d/50unattended-upgrades
# Let needrestart restart daemons automatically
cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF
# Restart daemons after library updates automatically
\$nrconf{restart} = 'a';
EOF
# prevent updating some core packages which requires reboot
if [ "${1}" = "--crit" ]; then
for PACKAGE in linux-image- qemu xen; do
# Debian < 10
sed -i -E "s#//\t\"vim\";#\t\"${PACKAGE}\";\n//\t\"vim\";#" /etc/apt/apt.conf.d/50unattended-upgrades
# Debian >= 10
sed -i -E "s#// \"linux-\";# \"${PACKAGE}\";\n// \"linux-\";#" /etc/apt/apt.conf.d/50unattended-upgrades
done
sed -i 's#Unattended-Upgrade::Automatic-Reboot "true"#//Unattended-Upgrade::Automatic-Reboot "false"#' /etc/apt/apt.conf.d/50unattended-upgrades
fi
exit 0
# in case you need a mail notification
[ $(grep ^//Unattended-Upgrade::Mail /etc/apt/apt.conf.d/50unattended-upgrades | grep -c -v MailOnlyOnError) -gt 0 ] && \
sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "user@domain.tld";#g' /etc/apt/apt.conf.d/50unattended-upgrades
Raw
z_deploy_needrestart.sh
# wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/z_deploy_needrestart.sh -O /tmp/a && sh /tmp/a
# Only needed when unatteded-updates was deployed without needrestart
apt install -y needrestart && cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF
# Restart daemons after library updates automatically
\$nrconf{restart} = 'a';
EOF
needrestart
# Remove unneeded packages from unattended-upgrades blacklist
FILE="/etc/apt/apt.conf.d/50unattended-upgrades"
for STRING in libc6 openssl xen libxen libvirt; do
sed -i "/^[[:space:]]*\"${STRING}/d" ${FILE}
done
@VincentSC
Copy link

Thanks for this. I made a few changes and adapted it to be used with Ubuntu:

#!/bin/bash
if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

apt -y install unattended-upgrades needrestart libnotify-bin

# enable
cat > /etc/apt/apt.conf.d/10periodic <<EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

# configure
sed -i 's#^.*"${distro_id}:${distro_codename}-updates";$#      "${distro_id}:${distro_codename}-updates";#' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#^/\{0,2\}Unattended-Upgrade::Remove-Unused-Dependencies .*$#Unattended-Upgrade::Remove-Unused-Dependencies "true";#' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#^/\{0,2\}Unattended-Upgrade::Automatic-Reboot .*$#Unattended-Upgrade::Automatic-Reboot "true";#' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#^/\{0,2\}Unattended-Upgrade::MailReport .*$#Unattended-Upgrade::MailReport "only-on-error";#' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#^/\{0,2\}Unattended-Upgrade::Automatic-Reboot-Time .*$#Unattended-Upgrade::Automatic-Reboot-Time "02:00";#' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#^/\{0,2\}Unattended-Upgrade::Mail .*$#Unattended-Upgrade::Mail "user@domain.tld";#g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#^/\{0,2\}Unattended-Upgrade::AutoFixInterruptedDpkg .*$#Unattended-Upgrade::AutoFixInterruptedDpkg "true";#g' /etc/apt/apt.conf.d/50unattended-upgrades

# Let needrestart restart daemons automatically
cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF
# Restart daemons after library updates automatically
\$nrconf{restart} = 'a';
EOF

unattended-upgrades -v -d --dry-run

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment