deploy_unattended-upgrades.sh
· 2.8 KiB · Bash
Raw
# wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/deploy_unattended-upgrades.sh -O /tmp/a && sh /tmp/a
apt-get -y install unattended-upgrades needrestart && \
cat > /etc/apt/apt.conf.d/10periodic <<EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
sed -i 's#// "o=Debian,n=jessie"# "o=Debian,n=jessie"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#// "o=Debian,n=jessie-updates"# "o=Debian,n=jessie-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//\t"${distro_id}:${distro_codename}-updates"#\t"${distro_id}:${distro_codename}-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i '/codename=..distro_codename.-updates/ s#^//# #' /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::MailReport "on-change"#Unattended-Upgrade::MailReport "on-change"#' /etc/apt/apt.conf.d/50unattended-upgrades && \
sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "04:00"#' /etc/apt/apt.conf.d/50unattended-upgrades
DIST=$(lsb_release -c | cut -f 2); [ "${DIST}" != "jessie" ] && sed -i "s/jessie/${DIST}/g" /etc/apt/apt.conf.d/50unattended-upgrades
# Let needrestart restart daemons automatically
cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF
# Restart daemons after library updates automatically
\$nrconf{restart} = 'a';
EOF
# prevent updating some core packages which requires reboot
if [ "${1}" = "--crit" ]; then
for PACKAGE in linux-image- qemu xen; do
# Debian < 10
sed -i -E "s#//\t\"vim\";#\t\"${PACKAGE}\";\n//\t\"vim\";#" /etc/apt/apt.conf.d/50unattended-upgrades
# Debian >= 10
sed -i -E "s#// \"linux-\";# \"${PACKAGE}\";\n// \"linux-\";#" /etc/apt/apt.conf.d/50unattended-upgrades
done
sed -i 's#Unattended-Upgrade::Automatic-Reboot "true"#//Unattended-Upgrade::Automatic-Reboot "false"#' /etc/apt/apt.conf.d/50unattended-upgrades
fi
exit 0
# in case you need a mail notification
[ $(grep ^//Unattended-Upgrade::Mail /etc/apt/apt.conf.d/50unattended-upgrades | grep -c -v MailOnlyOnError) -gt 0 ] && \
sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "user@domain.tld";#g' /etc/apt/apt.conf.d/50unattended-upgrades
| 1 | # wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/deploy_unattended-upgrades.sh -O /tmp/a && sh /tmp/a |
| 2 | apt-get -y install unattended-upgrades needrestart && \ |
| 3 | cat > /etc/apt/apt.conf.d/10periodic <<EOF |
| 4 | APT::Periodic::Update-Package-Lists "1"; |
| 5 | APT::Periodic::Download-Upgradeable-Packages "1"; |
| 6 | APT::Periodic::AutocleanInterval "7"; |
| 7 | APT::Periodic::Unattended-Upgrade "1"; |
| 8 | EOF |
| 9 | sed -i 's#// "o=Debian,n=jessie"# "o=Debian,n=jessie"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 10 | sed -i 's#// "o=Debian,n=jessie-updates"# "o=Debian,n=jessie-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 11 | sed -i 's#//\t"${distro_id}:${distro_codename}-updates"#\t"${distro_id}:${distro_codename}-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 12 | sed -i 's#// "origin=Debian,codename=${distro_codename}-updates"# "origin=Debian,codename=${distro_codename}-updates"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 13 | sed -i 's#//Unattended-Upgrade::Remove-Unused-Dependencies "false"#Unattended-Upgrade::Remove-Unused-Dependencies "true"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 14 | sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false"#Unattended-Upgrade::Automatic-Reboot "true"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 15 | sed -i '/codename=..distro_codename.-updates/ s#^//# #' /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 16 | sed -i 's#//Unattended-Upgrade::MailReport "on-change"#Unattended-Upgrade::MailReport "on-change"#' /etc/apt/apt.conf.d/50unattended-upgrades && \ |
| 17 | sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00"#Unattended-Upgrade::Automatic-Reboot-Time "04:00"#' /etc/apt/apt.conf.d/50unattended-upgrades |
| 18 | DIST=$(lsb_release -c | cut -f 2); [ "${DIST}" != "jessie" ] && sed -i "s/jessie/${DIST}/g" /etc/apt/apt.conf.d/50unattended-upgrades |
| 19 | # Let needrestart restart daemons automatically |
| 20 | cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF |
| 21 | # Restart daemons after library updates automatically |
| 22 | \$nrconf{restart} = 'a'; |
| 23 | EOF |
| 24 | # prevent updating some core packages which requires reboot |
| 25 | if [ "${1}" = "--crit" ]; then |
| 26 | for PACKAGE in linux-image- qemu xen; do |
| 27 | # Debian < 10 |
| 28 | sed -i -E "s#//\t\"vim\";#\t\"${PACKAGE}\";\n//\t\"vim\";#" /etc/apt/apt.conf.d/50unattended-upgrades |
| 29 | # Debian >= 10 |
| 30 | sed -i -E "s#// \"linux-\";# \"${PACKAGE}\";\n// \"linux-\";#" /etc/apt/apt.conf.d/50unattended-upgrades |
| 31 | done |
| 32 | sed -i 's#Unattended-Upgrade::Automatic-Reboot "true"#//Unattended-Upgrade::Automatic-Reboot "false"#' /etc/apt/apt.conf.d/50unattended-upgrades |
| 33 | fi |
| 34 | exit 0 |
| 35 | # in case you need a mail notification |
| 36 | [ $(grep ^//Unattended-Upgrade::Mail /etc/apt/apt.conf.d/50unattended-upgrades | grep -c -v MailOnlyOnError) -gt 0 ] && \ |
| 37 | sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "user@domain.tld";#g' /etc/apt/apt.conf.d/50unattended-upgrades |
| 38 |
z_deploy_needrestart.sh
· 593 B · Bash
Raw
# wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/z_deploy_needrestart.sh -O /tmp/a && sh /tmp/a
# Only needed when unatteded-updates was deployed without needrestart
apt install -y needrestart && cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF
# Restart daemons after library updates automatically
\$nrconf{restart} = 'a';
EOF
needrestart
# Remove unneeded packages from unattended-upgrades blacklist
FILE="/etc/apt/apt.conf.d/50unattended-upgrades"
for STRING in libc6 openssl xen libxen libvirt; do
sed -i "/^[[:space:]]*\"${STRING}/d" ${FILE}
done
| 1 | # wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/z_deploy_needrestart.sh -O /tmp/a && sh /tmp/a |
| 2 | # Only needed when unatteded-updates was deployed without needrestart |
| 3 | apt install -y needrestart && cat > /etc/needrestart/conf.d/auto_restart.conf <<EOF |
| 4 | # Restart daemons after library updates automatically |
| 5 | \$nrconf{restart} = 'a'; |
| 6 | EOF |
| 7 | needrestart |
| 8 | # Remove unneeded packages from unattended-upgrades blacklist |
| 9 | FILE="/etc/apt/apt.conf.d/50unattended-upgrades" |
| 10 | for STRING in libc6 openssl xen libxen libvirt; do |
| 11 | sed -i "/^[[:space:]]*\"${STRING}/d" ${FILE} |
| 12 | done |
| 13 |