{"id":20245575,"url":"https://github.com/noloader/auto-update","last_synced_at":"2025-08-14T00:15:38.105Z","repository":{"id":87516286,"uuid":"192573139","full_name":"noloader/auto-update","owner":"noloader","description":"Systemd service and timer files to automatically update a Linux system","archived":false,"fork":false,"pushed_at":"2023-05-16T14:25:28.000Z","size":113,"stargazers_count":11,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-24T18:46:14.112Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/noloader.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-18T16:05:58.000Z","updated_at":"2025-01-04T08:54:25.000Z","dependencies_parsed_at":"2024-11-14T09:27:02.846Z","dependency_job_id":"d9c4fff0-7103-415f-8927-5beaf8944566","html_url":"https://github.com/noloader/auto-update","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noloader%2Fauto-update","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noloader%2Fauto-update/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noloader%2Fauto-update/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noloader%2Fauto-update/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/noloader","download_url":"https://codeload.github.com/noloader/auto-update/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248298357,"owners_count":21080318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T09:22:12.069Z","updated_at":"2025-04-10T21:00:22.194Z","avatar_url":"https://github.com/noloader.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Auto-Update\r\n\r\nAuto-Update is a systemd service, systemd timer and shell script to *fully* update the system and reboot the machine as necessary. It is intended to close the gap after \"automatically install security updates\", where other updates are not applied automatically and the user must figure out what to do.\r\n\r\nWe can partially sidestep users by automatically installing security updates. However, distros still prompt users for non-security updates, and many non-technical users don't know what the prompt is or what they should do. This is a usablity problem that many distros have not addressed.\r\n\r\nIn addition, some security updates are misclassified and not installed automatically. Misclassifying an update happens more often than you expect. Updates are labeled security if the vulnerability was obvious or someone provided a working exploit. Many design problems and memory errors are not investigated and lack an exploit, so they just get fixed and labeled as non-security. Those that are fixed without investigation must be installed manually by the user.\r\n\r\n## Setup\r\n\r\nYou should run `install.sh` to install the service. The service runs on Armbian, CentOS, Debian, Fedora, Linaro, Red Hat, Ubuntu and Zorin.\r\n\r\n```\r\nsudo ./install.sh\r\n```\r\n\r\n## Service status\r\n\r\nOnce the files are copied and the service and timer are enabled, you can check the status with the following commands. The timer should show `enabled`, and `active (waiting)`.\r\n\r\n```\r\n$ systemctl status auto-update.timer\r\n● auto-update.timer - Run auto-update.service once a day\r\n   Loaded: loaded (/etc/systemd/system/auto-update.timer; enabled; vendor prese\u003e\r\n   Active: active (waiting) since Tue 2019-06-18 10:41:42 EDT; 6min ago\r\n   Trigger: Wed 2019-06-19 05:02:25 EDT; 18h left\r\n```\r\n\r\nYou can also use `systemctl list-timers` to show the status of all timers on the system.\r\n\r\n## Cron jobs\r\n\r\nYou should be able to schedule `/usr/sbin/auto-update` as a cron job under the system account. The script `install-cron.sh` will install `auto-update.dnf` or `auto-update.apt` as `/usr/sbin/auto-update` in `/etc/cron.daily`.\r\n\r\n## Old Kernels\r\n\r\nOld kernels can accumulate over time. You can remove old kernels with the following Bash commands.\r\n\r\n### Apt\r\n\r\nApt does not provide a simple command to remove old kernels. The script below will do the job but it is kind of hacky. The script generates a list of all kernels, sorts the list of kernels by version, removes the latest kernel from the list, and then removes the remaining kernels.\r\n\r\n```\r\n# Get list of installed kernels. The `head -n -1` removes the\r\n# last kernel in the list, which should be the latest kernel.\r\nold_kernels=($(dpkg -l | grep linux-image | tr -s \" \" | \\\r\n    cut -f 2 -d ' ' | sort -V | uniq | head -n -1))\r\n\r\nif [ \"${#old_kernels[@]}\" -eq 0 ]; then\r\n    echo \"No old kernels found\"\r\n    exit 0\r\nfi\r\n\r\nif ! apt-get remove -y --purge \"${old_kernels[@]}\"; then\r\n    echo \"Failed to remove old kernels\"\r\n    exit 1\r\nfi\r\n\r\n# Cleanup package database\r\napt -y autoremove 2\u003e\u00261 | grep -Ev \"^$\"\r\napt -y --fix-broken install 2\u003e\u00261 | grep -Ev \"^$\"\r\n```\r\n\r\n### DNF\r\n\r\nDNF does not provide a simple command to remove old kernels. The script below will do the job.\r\n\r\n```\r\nold_kernels=($(dnf repoquery --installonly --latest-limit=-1 -q))\r\n\r\nif [ \"${#old_kernels[@]}\" -eq 0 ]; then\r\n    echo \"No old kernels found\"\r\n    exit 0\r\nfi\r\n\r\nif ! dnf remove \"${old_kernels[@]}\"; then\r\n    echo \"Failed to remove old kernels\"\r\n    exit 1\r\nfi\r\n```\r\n\r\n### Eclean\r\n\r\nEclean provides `eclean-kernel` to remove old kernels.\r\n\r\n```\r\neclean-kernel -n 1\r\n```\r\n\r\n### Yum\r\n\r\nYum provides `package-cleanup` to remove old kernels.\r\n\r\n```\r\npackage-cleanup --oldkernels --count=1\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoloader%2Fauto-update","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnoloader%2Fauto-update","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoloader%2Fauto-update/lists"}