You've already forked auto-update-ubuntu
logic changes
This commit is contained in:
32
README.md
32
README.md
@@ -23,8 +23,8 @@ This script provides a repeatable way to enforce a defined update policy, ensuri
|
||||
✔ Configures unattended-upgrades using a clean, deterministic policy
|
||||
✔ Allows switching between four update modes
|
||||
✔ Ensures updates are enforced on a fixed weekly schedule
|
||||
✔ Disables Ubuntu’s automatic periodic upgrades to prevent unexpected reboots
|
||||
✔ Automatically rebuilds the unattended-upgrades configuration safely
|
||||
✔ Leaves Ubuntu’s timers untouched
|
||||
✔ Safe to re-run and switch modes at any time
|
||||
✔ Logs policy changes for auditing and troubleshooting
|
||||
✔ Uses vendor defaults as a base to preserve compatibility
|
||||
@@ -102,11 +102,19 @@ This ensures a clean and predictable configuration and avoids problems caused by
|
||||
|
||||
If you manually edit `/etc/apt/apt.conf.d/50unattended-upgrades`, those changes will be overwritten, but only when you switch modes.
|
||||
|
||||
A cron job (`/etc/cron.d/auto-update`) is created to enforce updates every Friday at 03:00.
|
||||
This ensures that systems are updated regularly even if users postpone updates during the week.
|
||||
The script also enforces the file:
|
||||
|
||||
Ubuntu’s systemd timers are left untouched.
|
||||
If both timers and the cron job run, nothing breaks — updates may simply be checked more than once.
|
||||
```
|
||||
/etc/apt/apt.conf.d/20auto-upgrades
|
||||
```
|
||||
|
||||
to disable Ubuntu’s automatic periodic upgrades.
|
||||
This prevents unattended-upgrades from running automatically in the background and ensures that update and reboot behaviour is controlled entirely by the scheduled cron job.
|
||||
|
||||
A cron job (`/etc/cron.d/auto-update`) is created to enforce updates every Friday at 03:00.
|
||||
This ensures that systems are updated regularly in a predictable maintenance window.
|
||||
|
||||
Ubuntu’s systemd timers are not removed, but because periodic upgrades are disabled, they do not install updates automatically.
|
||||
|
||||
---
|
||||
|
||||
@@ -129,15 +137,15 @@ Switching modes does not alter the existing cron schedule.
|
||||
|
||||
## Common questions
|
||||
|
||||
**Q:** Why am I still seeing available updates? Is the script not working?**
|
||||
**A:** These notifications are generated by Ubuntu’s default update timers, which this script does not disable.
|
||||
You may still see update notifications during the week, even though the cron enforcement job runs on Friday.
|
||||
**Q:** Why am I not seeing updates appear automatically during the week?
|
||||
**A:** The script disables Ubuntu’s automatic periodic upgrade mechanism.
|
||||
Updates are installed only during the scheduled cron run unless you run `apt update` or install updates manually.
|
||||
|
||||
If you log in on a Tuesday and updates are available, you are encouraged to install them manually.
|
||||
This will not conflict with the script.
|
||||
**Q:** Can I still install updates manually?
|
||||
**A:** Yes. Running `apt update` and `apt upgrade` manually will not conflict with the script.
|
||||
|
||||
You may also see updates appear shortly after the scheduled run.
|
||||
This simply means new updates were released after the last scheduled update cycle.
|
||||
**Q:** What happens if new security updates are released during the week?
|
||||
**A:** They will be installed at the next scheduled cron run unless you choose to install them manually earlier.
|
||||
|
||||
---
|
||||
|
||||
|
||||
23
auto-update
23
auto-update
@@ -15,6 +15,7 @@ if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo
|
||||
#
|
||||
config="/etc/apt/apt.conf.d/50unattended-upgrades"
|
||||
template="/usr/share/unattended-upgrades/50unattended-upgrades"
|
||||
autoupgrades="/etc/apt/apt.conf.d/20auto-upgrades"
|
||||
cronfile="/etc/cron.d/auto-update"
|
||||
logfile="/var/log/auto-update.log"
|
||||
|
||||
@@ -41,6 +42,23 @@ chkcfg () {
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Function: Enforce 20auto-upgrades policy
|
||||
#
|
||||
ensure_auto_upgrades_policy() {
|
||||
|
||||
printf "Enforcing auto-upgrades policy...\n"
|
||||
|
||||
cat <<EOF > "$autoupgrades"
|
||||
# Managed by auto-update script — do not edit manually
|
||||
APT::Periodic::Update-Package-Lists "0";
|
||||
APT::Periodic::Unattended-Upgrade "0";
|
||||
EOF
|
||||
|
||||
chmod 644 "$autoupgrades"
|
||||
chown root:root "$autoupgrades"
|
||||
}
|
||||
|
||||
#
|
||||
# Function: Detect current mode
|
||||
#
|
||||
@@ -214,6 +232,11 @@ apt-get install -y unattended-upgrades update-notifier-common >/dev/null
|
||||
#
|
||||
chkcfg "$config" "$template"
|
||||
|
||||
#
|
||||
# Enforce APT periodic policy
|
||||
#
|
||||
ensure_auto_upgrades_policy
|
||||
|
||||
#
|
||||
# Argument handling
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user