I kept postponing and forgetting to update my arch installation on the HTPC, and as that machine - out of my 3 arch boxes - isn't the most important and frequented one, I decided to write an auto update script. But we do know that doing things like putting pacman -Syu --noconfirm in crontab is a bad idea (TM). Still, I don't want to care about updates all the time. So here's my compromise...
Make sure your read this whole post before using it or you might do serious damage to your system, or the script might just not work!!
EDIT - New Version 0.2 !
- Daily digest mailing
- parsing of pacman output to look for these words and add it to the digest: "note" "pacnew" "error" "important" "warning" "exists".
- better file structure
- dedicated config file
If you had already tried the first version, you can now delete /root/.config/safepac as it's not needed anymore. Configuration is now being saved in /etc/safepac
What does it do and how does it work?
The way I usually update arch is to read the news and then do pacman -Syu, or to just do pacman -Syu and if anything goes wrong, read the news. Now this script does nothing else: It gets the latest news entries from the RSS feed, does some sed magic and compares the names of all packages that have updates available to the news. It matches " package-name " and "package-name-" in the news, and if the package name appears somewhere in the news, it will ignore the package and only update all the others. This way, anything that might go wrong will be postponed until one has the time to inspect the matter by hand while non-critical updates will just be done automatically!
Usually, once you have taken care of a possibly non-smooth update, you will not want to have safepac still ignore a certain package because it's still in the news. That's what the ignorelist is for. So every time you've updated manually, you can add the respective news entry to the ignore list with safepac -Ia xxx, where xxx is the number of the news entry. You can also specify the number of latest news you want to include in its parsing with the -n switch. The script is also smart enough to skip non-existing entries. If you encounter problems with packages that have very short names that might arbitrarily appear in the news (like "yes") you can add them to the whitelist with safepac -Wa so that they will always be installed even if they appear in the news.
Before you can use the script, you will need to edit /etc/safepac/safepacrc and insert two lines:
Since 0.2, you can also enable receiving a pretty daily digest mail for the last day. You need to have a working MTA / mail setup for this to work. To make that happen the easiest way, follow these instructions:
1.) Use pacman -Sy mailx msmtp to install the neccessary tools
2.) Edit /etc/mail.rc and add this line at the bottom:
3.) Make a new file /etc/msmtprc and insert this using your own parameters (assuming a service uses tsl/ssl like gmail):
account safepac host smtp.your-server.com from firstname.lastname@example.org auth on tls on tls_certcheck off user your-smtp-username password your-smtp-password account default : safepac
4.) Then you can start safepac with "safepac -smdyu" for exmaple from cron and it will start mailing you daily digests everyday after midnight.
A daily digest might look like this:
This is the daily digest for Mothership on 2009-03-06 Please check safepac.log regularly as well! 22:16 - ## safepac starting upgrade 22:16 - new upgrades available: 22:16 - >>> meanwhile kdemod-meanwhile attr curl e2fsprogs ghostscript gnupg2 hdparm imagemagick kbd kdemod-shaman libidn libmad libsndfile libxi lm_sensors man-db man-pages ncmpcpp nvidia nvidia-utils opera phonon pkgtools pm-utils pmount run-parts 22:16 - News for "nvidia" found in entry http://www.archlinux.org/news/436/ 22:16 - Skipping package upon upgrade. 22:16 - News for "nvidia-utils" found in entry http://www.archlinux.org/news/436/ 22:16 - Skipping package upon upgrade. 22:16 - # Ran pacman upgrade 22:16 - Critical lines found in pacman output: 22:16 - >>> warning: nvidia: ignoring package upgrade (180.22-1 => 180.29-3) 22:16 - >>> warning: nvidia-utils: ignoring package upgrade (180.22-1 => 180.29-3) 22:16 - Please inspect safepac.log for more information 22:16 - ## safepac upgrade finished 22:45 - ## safepac starting upgrade 22:45 - No new upgrades 22:45 - ## safepac upgrade finished etc. etc. etc.
Now the usual:
WARNING - this script ships with no warranty whatsoever. If it nukes your system or kills your dog, I will not be responsible!
Please look at safepac -h for usage instructions and hopefully helpful examples!
So, I hope you like it! Please let me know what you think.
You can download it here
I might make an AUR package upon request. But if someone things this script is worth it, I'd be happy if they could do that
Last edited by Shapeshifter (2011-01-13 09:13:20)
maybe you could check how long the update has been available, so i.e. if the package is only X hours old, consider it unsafe
or do you already do that?
☃ Snowman ☃
Good idea, I'll add it as an option. A full list of what I think I will implement soon would be:
- Timeouts for news and package age
- Mail notifications upon ignoring packages and mentionings of *pacnew *waning *error or any other critical words.
- Nicer log with timestamps and more specific information instead of just stdout
- An option that quickly provides links to the relevant news pages concerning ignored updates.
I implemented a daily digest mailing service in safepac
See the first post for what's new.
I'll rearrange stuff so that the script will be less prone to awkward input in the future. At the moment, please use the options in the order specified in safepac -h
Also, from my limited testing (I can only have upgrades available when I haven't updated in a while ^^) it looks like it works so far. I added it as a cron job on my HTPC today, so I'll see what happens...
Last edited by Shapeshifter (2009-03-06 21:51:56)
This is like cron-apt in Debian, only better! Exactly what I was looking for, thanks a lot!
edit: I only now realized it was posted in March 2009 not 2010, sorry for the necro.
Last edited by fijam (2010-06-07 23:38:12)
I cannot find safepac at http://stuff.moritzg.ch/safepac anymore, where can I get it ?
Please find the script here.
I should write a PKGBUILD some time.
Btw, it's still running on my server, and I still haven't had a single problem
Very cool idea. I plan to write a PKGBUILD and submit it to AUR once my school semester is over if it isn't done by then.
Is this still available? Looks like the link no longer works.
If you need something to help you keep track of updates, look at checkupdates, which is included with pacman.
Mobo: ASUS P8Z77-V PRO // Processor: Intel Core i7-3770K 3.4GHz // GFX: nVidia GeForce GTX 970 Ti // RAM: 32GB (4x 8GB) Corsair DDR3 (@ 2133MHz) // Storage: 1x 3TB Seagate SATAII 5x 1TB Samsung SATAII, 2x 120GB Corsair SSD
Making lemonade from lemons since 2015.