X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/06f02b954f5c4ca7cb9cc288ea5a8fcb6a1052d4..5ef499349c609f5ef50bd633692faa2665f4f96f:/debian/apt.cron.daily diff --git a/debian/apt.cron.daily b/debian/apt.cron.daily index 5145a5d2f..f4eb6117a 100644 --- a/debian/apt.cron.daily +++ b/debian/apt.cron.daily @@ -14,6 +14,12 @@ # "APT::Periodic::AutocleanInterval" # - Do "apt-get autoclean" every n-days (0=disable) # +# "APT::Periodic::Unattended-Upgrade" +# - Run the "unattended-upgrade" security upgrade script +# every n-days (0=disabled) +# Requires the package "unattended-upgrades" and will write +# a log in /var/log/unattended-upgrades +# # "APT::Archives::MaxAge", # - Set maximum allowed age of a cache package file. If a cache # package file is older it is deleted (0=disable) @@ -95,9 +101,9 @@ check_size_constraints() # check age if [ ! $MaxAge -eq 0 ] && [ ! $MinAge -eq 0 ]; then - find $Cache -name "*.deb" -mtime +$MaxAge -and -not -mtime -$MinAge -print0 | xargs -r -0 rm -f + find $Cache -name "*.deb" \( -mtime +$MaxAge -and -ctime +$MaxAge \) -and -not \( -mtime -$MinAge -or -ctime -$MinAge \) -print0 | xargs -r -0 rm -f elif [ ! $MaxAge -eq 0 ]; then - find $Cache -name "*.deb" -mtime +$MaxAge -print0 | xargs -r -0 rm -f + find $Cache -name "*.deb" -ctime +$MaxAge -and -mtime +$MaxAge -print0 | xargs -r -0 rm -f fi # check size @@ -110,7 +116,7 @@ check_size_constraints() MinAge=$(($MinAge*24*60*60)) # reverse-sort by mtime - for file in $(ls -rt $Cache/*.deb); do + for file in $(ls -rt $Cache/*.deb 2>/dev/null); do du=$(du -s $Cache) size=${du%%/*} # check if the cache is small enough @@ -120,12 +126,18 @@ check_size_constraints() # check for MinAge of the file if [ ! $MinAge -eq 0 ]; then - mtime=$(date --date=$(date -r $file --iso-8601) +%s) - delta=$(($now-$mtime)) + # check both ctime and mtime + mtime=$(stat -c %Y $file) + ctime=$(stat -c %Z $file) + if [ $mtime -gt $ctime ]; then + delta=$(($now-$mtime)) + else + delta=$(($now-$ctime)) + fi #echo "$file ($delta), $MinAge" if [ $delta -le $MinAge ]; then #echo "Skiping $file (delta=$delta)" - continue + break fi fi @@ -135,12 +147,38 @@ check_size_constraints() fi } +# sleep for a random interval of time (default 30min) +# (some code taken from cron-apt, thanks) +random_sleep() +{ + RandomSleep=1800 + eval $(apt-config shell RandomSleep APT::Periodic::RandomSleep) + if [ $RandomSleep -eq 0 ]; then + return + fi + if [ -z "$RANDOM" ] ; then + # A fix for shells that do not have this bash feature. + RANDOM=$(dd if=/dev/urandom count=1 2> /dev/null | cksum | cut -c"1-5") + fi + TIME=$(($RANDOM % $RandomSleep)) + sleep $TIME +} + +# main + +if ! which apt-config >/dev/null; then + exit 0 +fi UpdateInterval=0 DownloadUpgradeableInterval=0 eval $(apt-config shell UpdateInterval APT::Periodic::Update-Package-Lists DownloadUpgradeableInterval APT::Periodic::Download-Upgradeable-Packages) AutocleanInterval=$DownloadUpgradeableInterval -eval $(apt-config shell AutocleanInterval APT::Periodic::Autoclean) +eval $(apt-config shell AutocleanInterval APT::Periodic::AutocleanInterval) + +UnattendedUpgradeInterval=0 +eval $(apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade) + # laptop check, on_ac_power returns: # 0 (true) System is on mains power @@ -154,11 +192,51 @@ if which on_ac_power >/dev/null; then fi fi +# check if we can lock the cache and if the cache is clean +# There's a reasonable chance that someone is already running an apt +# frontend that has locked the cache, so exit quietly if it is locked. +if ! apt-get check -q -q 2>/dev/null; then + exit 0 +fi + +# sleep random amount of time +random_sleep + +# check again if we can access the cache +if ! apt-get check -q -q 2>/dev/null; then + exit 1 +fi + +# set the proxy based on the admin users gconf settings +admin_user=$(getent group admin|cut -d: -f4|cut -d, -f1) +if [ -n "$admin_user" ] && [ -x /usr/bin/sudo ] && [ -z "$http_proxy" ] && [ -x /usr/bin/gconftool ]; then + use=$(sudo -u "$admin_user" gconftool --get /system/http_proxy/use_http_proxy) + host=$(sudo -u "$admin_user" gconftool --get /system/http_proxy/host) + port=$(sudo -u "$admin_user" gconftool --get /system/http_proxy/port) + if [ "$use" = "true" ] && [ -n "$host" ] && [ -n "$port" ]; then + export http_proxy="http://$host:$port/" + fi +fi + +# sleep random amount of time +random_sleep + +# check again if we can access the cache +if ! apt-get check -q -q 2>/dev/null; then + exit 1 +fi + UPDATE_STAMP=/var/lib/apt/periodic/update-stamp if check_stamp $UPDATE_STAMP $UpdateInterval; then - if apt-get -qq update 2>/dev/null; then + # check for a new archive signing key (against the master keyring) + apt-key net-update + # now run the update + if apt-get -qq update -o APT::Update::Auth-Failure::="cp /usr/share/apt/apt-auth-failure.note /var/lib/update-notifier/user.d/" 2>/dev/null; then + # Could possible test access to '/var/run/dbus/system_bus_socket' has well, + # but I'm not sure how stable the internal pipe location is defined as + # being; so for the moment just 2>/dev/null . --sladen 2007-09-27 if which dbus-send >/dev/null; then - dbus-send --system / app.apt.dbus.updated boolean:true + dbus-send --system / app.apt.dbus.updated boolean:true 2>/dev/null || true fi update_stamp $UPDATE_STAMP fi @@ -170,6 +248,12 @@ if check_stamp $DOWNLOAD_UPGRADEABLE_STAMP $DownloadUpgradeableInterval; then update_stamp $DOWNLOAD_UPGRADEABLE_STAMP fi +UPGRADE_STAMP=/var/lib/apt/periodic/upgrade-stamp +if check_stamp $UPGRADE_STAMP $UnattendedUpgradeInterval; then + unattended-upgrade + update_stamp $UPGRADE_STAMP +fi + AUTOCLEAN_STAMP=/var/lib/apt/periodic/autoclean-stamp if check_stamp $AUTOCLEAN_STAMP $AutocleanInterval; then apt-get -qq autoclean