69 lines
2.3 KiB
Bash
69 lines
2.3 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
echo "=== Kubuntu Unattended-Upgrades Setup (VOLLSTÄNDIG) ==="
|
|
echo ""
|
|
|
|
# Prüfen ob Root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Bitte als root oder mit sudo ausführen"
|
|
exit 1
|
|
fi
|
|
|
|
echo "[1/7] Paketlisten aktualisieren..."
|
|
apt update
|
|
|
|
echo "[2/7] unattended-upgrades installieren..."
|
|
apt install -y unattended-upgrades
|
|
|
|
echo "[3/7] Konfiguration anpassen..."
|
|
CONF=/etc/apt/apt.conf.d/50unattended-upgrades
|
|
|
|
# Backup erstellen
|
|
cp "$CONF" "${CONF}.bak.$(date +%Y%m%d)"
|
|
|
|
# Security-Updates und reguläre Updates aktivieren
|
|
# Die ${distro_id}-Variablen werden von unattended-upgrades selbst aufgelöst,
|
|
# daher müssen sie im sed-Pattern als Literal-Strings stehen.
|
|
# shellcheck disable=SC2016
|
|
sed -i 's|//[[:space:]]*\("\${distro_id}:\${distro_codename}-security";")|\1|' "$CONF"
|
|
# shellcheck disable=SC2016
|
|
sed -i 's|//[[:space:]]*\("\${distro_id}ESMApps:\${distro_codename}-apps-security";")|\1|' "$CONF"
|
|
# shellcheck disable=SC2016
|
|
sed -i 's|//[[:space:]]*\("\${distro_id}ESM:\${distro_codename}-infra-security";")|\1|' "$CONF"
|
|
# shellcheck disable=SC2016
|
|
sed -i 's|//[[:space:]]*\("\${distro_id}:\${distro_codename}-updates";")|\1|' "$CONF"
|
|
|
|
echo "[4/7] 20auto-upgrades setzen..."
|
|
cat > /etc/apt/apt.conf.d/20auto-upgrades << 'AUTOEOF'
|
|
APT::Periodic::Update-Package-Lists "1";
|
|
APT::Periodic::Unattended-Upgrade "1";
|
|
AUTOEOF
|
|
|
|
echo "[5/7] GUI-Notifier deaktivieren (sanft)..."
|
|
mkdir -p /etc/xdg/autostart
|
|
cat > /etc/xdg/autostart/org.kde.discover.notifier.desktop << 'DESKEOF'
|
|
[Desktop Entry]
|
|
Hidden=true
|
|
DESKEOF
|
|
|
|
echo "[6/7] Services und Timer aktivieren..."
|
|
systemctl enable --now unattended-upgrades
|
|
systemctl enable --now apt-daily.timer apt-daily-upgrade.timer
|
|
|
|
echo "[7/7] Verifikation..."
|
|
echo "--- Aktivierte Origins in 50unattended-upgrades ---"
|
|
grep -E '^\s+".*";' "$CONF" || echo "(keine aktiven Zeilen gefunden — sed hat nichts geändert!)"
|
|
|
|
echo ""
|
|
echo "=== Setup abgeschlossen (VOLLSTÄNDIG) ==="
|
|
echo "Installiert: Security-Updates + reguläre Updates"
|
|
echo ""
|
|
echo "Status prüfen mit: sudo systemctl status unattended-upgrades"
|
|
echo "Timer prüfen mit: sudo systemctl status apt-daily.timer"
|
|
echo "Testlauf mit: sudo unattended-upgrade --dry-run"
|
|
echo "Logs unter: /var/log/unattended-upgrades/"
|
|
echo ""
|
|
echo "Konfiguration gesichert unter: ${CONF}.bak.$(date +%Y%m%d)"
|