initial commit

README

@@ -0,0 +1,85 @@
+Unattended upgrades
+-------------------
+
+This script can upgrade packages automatically and unattended.  
+However, it is not enabled by default.  Most users enable it via the
+Software Sources program (available in System/Administration). 
+
+If you would prefer to enable it from the command line, run 
+"sudo dpkg-reconfigure -plow unattended-upgrades".
+
+It will not install packages that require dependencies that can't be
+fetched from allowed origins and it will check for conffile prompts
+before the install and holds back any package that requires them. 
+
+== Setup ==
+
+The unattended-upgrades package is normally activated by
+software-properties or via debconf. By default this runs an update
+every day.
+
+The main way to specify which packages will be auto-upgraded is by
+means of their "origin" and "archive".  These are taken respectively
+from the Origin and Suite fields of the respository's Release file,
+or can be found in the output of "apt-cache policy" in the "o" and
+"a" fields for the given repository.
+
+The default setup auto-updates packages in the main and security
+archives, which means that only stable and security updates are
+applied.
+
+This can be changed either with the
+"Unattended-Upgrade::Allowed-Origins" or the 
+"Unattended-Upgrade::Origins-Pattern" apt configuration lists, which
+can be configured in /etc/apt/apt.conf.d/50unattended-upgrades.
+Also in this file are a range of other options that can be configured.
+
+Allowed-Origins is a simple list of patterns of the form
+"origin:archive".
+
+Origins-Pattern allows you to give a list of
+patterns to match against.  For example:
+
+ Unattended-Upgrade::Origins-Pattern {
+        "origin=Google\, Inc.,suite=contrib";
+        "site=www.example.com,component=main";
+ };
+
+will upgrade a package if either the origin is "Google, Inc." and
+suite is "contrib" or if it comes from www.example.com and is in
+component "main".  The apt-cache policy short identifiers
+(e.g. "o" for "origin") are also supported.
+
+All operations are be logged in /var/log/unattended-upgrades/. This
+includes the dpkg output as well.
+
+If you want mail support you need to have a mail-transport-agent (e.g
+postfix) or mailx installed.
+
+== Debugging ==
+
+If something goes wrong or if you want to report a bug about the way
+the script works its a good idea to run:
+
+$ sudo unattended-upgrade --debug --dry-run
+
+and look at the resulting logfile in:
+/var/log/unattended-upgrades/unattended-upgrades.log 
+then. It will contain additional debug information.
+
+
+== Manual Setup ==
+
+To activate this script manually you need to ensure that the apt
+configuration contains the following lines (this can be done via the
+graphical "Software Source" program or via dpkg-reconfigure as well):
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+This means that it will check for upates every day and install them
+(if that is possible). If you have update-notifier installed, it will
+setup /etc/apt/apt.conf.d/10periodic. Just edit this file then to fit
+your needs. If you do not have this file, just create it or
+create/edit /etc/apt/apt.conf - you can check your configuration by
+running "apt-config dump".

TODO

@@ -0,0 +1,3 @@
+* package make have some logrotate magic in place for both
+  unattended-upgrades.log and unatteded-upgrades-dpkg_$(date).log
+* add option to ignore trust?

data/20auto-upgrades

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

data/20auto-upgrades-disabled

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "0";
+APT::Periodic::Unattended-Upgrade "0";

data/50unattended-upgrades.Debian

@@ -0,0 +1,67 @@
+// Automatically upgrade packages from these origin patterns
+Unattended-Upgrade::Origins-Pattern {
+        // Codename based matching:
+        // This will follow the migration of a release through different
+        // archives (e.g. from testing to stable and later oldstable).
+//      "o=Debian,n=squeeze";
+//      "o=Debian,n=squeeze-updates";
+//      "o=Debian,n=squeeze-proposed-updates";
+//      "o=Debian,n=squeeze,l=Debian-Security";
+
+        // Archive or Suite based matching:
+        // Note that this will silently match a different release after
+        // migration to the specified archive (e.g. testing becomes the
+        // new stable).
+//      "o=Debian,a=stable";
+//      "o=Debian,a=stable-updates";
+//      "o=Debian,a=proposed-updates";
+        "origin=Debian,archive=stable,label=Debian-Security";
+};
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+//	"vim";
+//	"libc6";
+//	"libc6-dev";
+//	"libc6-i686";
+};
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run 
+//   dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+//Unattended-Upgrade::AutoFixInterruptedDpkg "false";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+//Unattended-Upgrade::MinimalSteps "true";
+
+// Install all unattended-upgrades when the machine is shuting down
+// instead of doing it in the background while the machine is running
+// This will (obviously) make shutdown slower
+//Unattended-Upgrade::InstallOnShutdown "true";
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed. E.g. "[email protected]"
+//Unattended-Upgrade::Mail "root"
+
+// Set this value to "true" to get emails only on errors. Default
+// is to always send a mail if Unattended-Upgrade::Mail is set
+//Unattended-Upgrade::MailOnlyOnError "true";
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a 
+// the file /var/run/reboot-required is found after the upgrade 
+//Unattended-Upgrade::Automatic-Reboot "false";
+
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+//Acquire::http::Dl-Limit "70";

data/50unattended-upgrades.Ubuntu

@@ -0,0 +1,55 @@
+// Automatically upgrade packages from these (origin:archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+	"${distro_id}:${distro_codename}-security";
+//	"${distro_id}:${distro_codename}-updates";
+//	"${distro_id}:${distro_codename}-proposed";
+//	"${distro_id}:${distro_codename}-backports";
+};
+
+// List of packages to not update
+Unattended-Upgrade::Package-Blacklist {
+//	"vim";
+//	"libc6";
+//	"libc6-dev";
+//	"libc6-i686";
+};
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run 
+//   dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+//Unattended-Upgrade::AutoFixInterruptedDpkg "false";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+//Unattended-Upgrade::MinimalSteps "true";
+
+// Install all unattended-upgrades when the machine is shuting down
+// instead of doing it in the background while the machine is running
+// This will (obviously) make shutdown slower
+//Unattended-Upgrade::InstallOnShutdown "true";
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed. E.g. "[email protected]"
+//Unattended-Upgrade::Mail "root"
+
+// Set this value to "true" to get emails only on errors. Default
+// is to always send a mail if Unattended-Upgrade::Mail is set
+//Unattended-Upgrade::MailOnlyOnError "true";
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if a 
+// the file /var/run/reboot-required is found after the upgrade 
+//Unattended-Upgrade::Automatic-Reboot "false";
+
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+//Acquire::http::Dl-Limit "70";

data/logrotate.d/unattended-upgrades

@@ -0,0 +1,7 @@
+/var/log/unattended-upgrades/unattended-upgrades*.log {
+  rotate 6
+  monthly
+  compress
+  missingok
+  notifempty
+}

debian/NEWS.Debian

@@ -0,0 +1,11 @@
+unattended-upgrades (0.50) unstable; urgency=low
+
+  When running with the --debug switch, previous versions of
+  unattended-upgrades would just print what they do, but not
+  actually perform any dpkg actions like installing or upgrading. 
+
+  This behavior has *changed* in version 0.50 it will now 
+  install/upgrade. There is a new option called "--dry-run" to 
+  get this behavior back.
+
+ -- Michael Vogt <[email protected]>  Fri, 03 Jul 2009 09:15:08 +0200