# "APT::Periodic::AutocleanInterval"
# - Do "apt-get autoclean" every n-days (0=disable)
#
+# "APT::Periodic::Unattended-Upgrade"
+# - Run the "unattended-upgrade" security upgrade script
+# every n-days (0=disabled)
+# Requires the package "unattended-upgrades" and will write
+# a log in /var/log/unattended-upgrades
+#
# "APT::Archives::MaxAge",
# - Set maximum allowed age of a cache package file. If a cache
# package file is older it is deleted (0=disable)
-# we check here if autoclean was enough sizewise
-check_size_constraints()
-{
- # min-age in days
- MaxAge=0
- MaxSize=0
- CacheDir="var/cache/apt"
- CacheArchive="archives/"
- eval $(apt-config shell MaxAge APT::Archives::MaxAge)
- eval $(apt-config shell MaxSize APT::Archives::MaxSize)
- eval $(apt-config shell CacheDir Dir::Cache)
- eval $(apt-config shell CacheArchive Dir::Cache::archives)
-
- # sanity check
- if [ -z "$CacheDir" -o -z "$CacheArchive" ]; then
- echo "empty Dir::Cache or Dir::Cache::archives, exiting"
- exit
- fi
- Cache="/"$CacheDir$CacheArchive
-
- # check age
- if [ ! $MaxAge -eq 0 ]; then
- find $Cache -name "*.deb" -mtime +$MaxAge -print0 | xargs -r -0 rm -f
- fi
-
- # check size
- if [ ! $MaxSize -eq 0 ]; then
- # reverse-sort by mtime
- for file in $(ls -rt $Cache/*.deb); do
- du=$(du -s $Cache)
- size=${du%%/*}
- # check if the cache is small enough
- if [ $size -lt $MaxSize ]; then
- break
- fi
- # delete oldest file
- rm -f $file
- done
- fi
-}
-
-check_size_constraints
-
-
-
# we check here if autoclean was enough sizewise
check_size_constraints()
{
# check age
if [ ! $MaxAge -eq 0 ] && [ ! $MinAge -eq 0 ]; then
- find $Cache -name "*.deb" -mtime +$MaxAge -and -not -mtime -$MinAge -print0 | xargs -r -0 rm -f
+ find $Cache -name "*.deb" \( -mtime +$MaxAge -and -ctime +$MaxAge \) -and -not \( -mtime -$MinAge -or -ctime -$MinAge \) -print0 | xargs -r -0 rm -f
elif [ ! $MaxAge -eq 0 ]; then
- find $Cache -name "*.deb" -mtime +$MaxAge -print0 | xargs -r -0 rm -f
+ find $Cache -name "*.deb" -ctime +$MaxAge -and -mtime +$MaxAge -print0 | xargs -r -0 rm -f
fi
# check size
MinAge=$(($MinAge*24*60*60))
# reverse-sort by mtime
- for file in $(ls -rt $Cache/*.deb); do
+ for file in $(ls -rt $Cache/*.deb 2>/dev/null); do
du=$(du -s $Cache)
size=${du%%/*}
# check if the cache is small enough
# check for MinAge of the file
if [ ! $MinAge -eq 0 ]; then
- mtime=$(date --date=$(date -r $file --iso-8601) +%s)
- delta=$(($now-$mtime))
+ # check both ctime and mtime
+ mtime=$(stat -c %Y $file)
+ ctime=$(stat -c %Z $file)
+ if [ $mtime -gt $ctime ]; then
+ delta=$(($now-$mtime))
+ else
+ delta=$(($now-$ctime))
+ fi
#echo "$file ($delta), $MinAge"
if [ $delta -le $MinAge ]; then
#echo "Skiping $file (delta=$delta)"
- continue
+ break
fi
fi
fi
}
+# sleep for a random intervall of time (default 30min)
+# (some code taken from cron-apt, thanks)
+random_sleep()
+{
+ RandomSleep=1800
+ eval $(apt-config shell RandomSleep APT::Periodic::RandomSleep)
+ if [ $RandomSleep -eq 0 ]; then
+ return
+ fi
+ if [ -z "$RANDOM" ] ; then
+ # A fix for shells that do not have this bash feature.
+ RANDOM=$(dd if=/dev/urandom count=1 2> /dev/null | cksum | cut -c"1-5")
+ fi
+ TIME=$(($RANDOM % $RandomSleep))
+ sleep $TIME
+}
+
+# main
+
+if ! which apt-config >/dev/null; then
+ exit 0
+fi
UpdateInterval=0
DownloadUpgradeableInterval=0
eval $(apt-config shell UpdateInterval APT::Periodic::Update-Package-Lists DownloadUpgradeableInterval APT::Periodic::Download-Upgradeable-Packages)
AutocleanInterval=$DownloadUpgradeableInterval
-eval $(apt-config shell AutocleanInterval APT::Periodic::Autoclean)
+eval $(apt-config shell AutocleanInterval APT::Periodic::AutocleanInterval)
+
+UnattendedUpgradeInterval=0
+eval $(apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade)
+
# laptop check, on_ac_power returns:
# 0 (true) System is on mains power
fi
fi
+# check if we can lock the cache and if the cache is clean
+if ! apt-get check -q -q 2>/dev/null; then
+ echo "$0: could not lock the APT cache"
+ exit 1
+fi
+
+# sleep random amount of time
+random_sleep
+
+# check again if we can access the cache
+if ! apt-get check -q -q 2>/dev/null; then
+ exit 1
+fi
+
UPDATE_STAMP=/var/lib/apt/periodic/update-stamp
if check_stamp $UPDATE_STAMP $UpdateInterval; then
if apt-get -qq update 2>/dev/null; then
update_stamp $DOWNLOAD_UPGRADEABLE_STAMP
fi
+UPGRADE_STAMP=/var/lib/apt/periodic/upgrade-stamp
+if check_stamp $UPGRADE_STAMP $UnattendedUpgradeInterval; then
+ unattended-upgrade
+ update_stamp $UPGRADE_STAMP
+fi
+
AUTOCLEAN_STAMP=/var/lib/apt/periodic/autoclean-stamp
if check_stamp $AUTOCLEAN_STAMP $AutocleanInterval; then
apt-get -qq autoclean
- check_size_contrains
update_stamp $AUTOCLEAN_STAMP
fi