manifest 2.3 KB
Newer Older
1
#!/bin/sh -e
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
20 21 22

__package unattended-upgrades

23 24
export require='__package/unattended-upgrades'

25 26 27 28
# in normal circumstances 20auto-upgrades is managed
# by debconf and it can only contain these lines
# https://wiki.debian.org/UnattendedUpgrades

29 30 31 32 33
__file /etc/apt/apt.conf.d/20auto-upgrades \
    --owner root \
    --group root \
    --mode 644 \
    --source - << EOF
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOF

# lets not write into upstream 50unattended-upgrades file,
# but use our own config files to avoid clashes

ml_conf='/etc/apt/apt.conf.d/51unattended-upgrades-mail'
bl_conf='/etc/apt/apt.conf.d/51unattended-upgrades-blacklist'

if [ -f "$__object/parameter/mail" ]
then
    mail="$( cat "$__object/parameter/mail" )"
else
    mail=''
fi

if [ -n "$mail" ]
then
    if [ -f "$__object/parameter/mail-on-error" ]
    then
        mail_on_error='true'
    else
        mail_on_error='false'
    fi

    __file "$ml_conf" \
        --owner root \
        --group root \
        --mode 644 \
        --source - << EOF
Unattended-Upgrade::Mail "$mail";
Unattended-Upgrade::MailOnlyOnError "$mail_on_error";
EOF

else
    __file "$ml_conf" --state absent
fi

if [ -f "$__object/parameter/blacklist" ]
then
    bl='Unattended-Upgrade::Package-Blacklist {';

    while read -r l
    do
        bl="$( printf '%s\n"%s";\n' "$bl" "$l" )"
    done \
        < "$__object/parameter/blacklist"

    bl="$( printf '%s\n}' "$bl" )"

    echo "$bl" \
        | __file "$bl_conf" \
            --owner root \
            --group root \
            --mode 644 \
            --source -
else
    __file "$bl_conf" --state absent
fi