You are not logged in.

#1 2009-03-05 12:53:55

Registered: 2008-03-11
Posts: 217

safepac - A slightly safer auto-update script

Hi there,

I kept postponing and forgetting to update my arch installation on the HTPC, and as that machine - out of my 3 arch boxes - isn't the most important and frequented one, I decided to write an auto update script. But we do know that doing things like putting pacman -Syu --noconfirm in crontab is a bad idea (TM). Still, I don't want to care about updates all the time. So here's my compromise...

Make sure your read this whole post before using it or you might do serious damage to your system, or the script might just not work!!

EDIT - New Version 0.2 !
New features:
- Daily digest mailing big_smile
- parsing of pacman output to look for these words and add it to the digest: "note" "pacnew" "error" "important" "warning" "exists".
- better file structure
- dedicated config file
If you had already tried the first version, you can now delete /root/.config/safepac as it's not needed anymore. Configuration is now being saved in /etc/safepac

What does it do and how does it work?

The way I usually update arch is to read the news and then do pacman -Syu, or to just do pacman -Syu and if anything goes wrong, read the news. Now this script does nothing else: It gets the latest news entries from the RSS feed, does some sed magic and compares the names of all packages that have updates available to the news. It matches " package-name " and "package-name-" in the news, and if the package name appears somewhere in the news, it will ignore the package and only update all the others. This way, anything that might go wrong will be postponed until one has the time to inspect the matter by hand while non-critical updates will just be done automatically!

Usually, once you have taken care of a possibly non-smooth update, you will not want to have safepac still ignore a certain package because it's still in the news. That's what the ignorelist is for. So every time you've updated manually, you can add the respective news entry to the ignore list with safepac -Ia xxx, where xxx is the number of the news entry. You can also specify the number of latest news you want to include in its parsing with the -n switch. The script is also smart enough to skip non-existing entries. If you encounter problems with packages that have very short names that might arbitrarily appear in the news (like "yes") you can add them to the whitelist with safepac -Wa so that they will always be installed even if they appear in the news.

Before you can use the script, you will need to edit /etc/safepac/safepacrc and insert two lines:


Since 0.2, you can also enable receiving a pretty daily digest mail for the last day. You need to have a working MTA / mail setup for this to work. To make that happen the easiest way, follow these instructions:

1.) Use pacman -Sy mailx msmtp to install the neccessary tools
2.) Edit /etc/mail.rc and add this line at the bottom:

set sendmail="/usr/bin/msmtp"

3.) Make a new file /etc/msmtprc and insert this using your own parameters (assuming a service uses tsl/ssl like gmail):

account safepac
auth on
tls on
tls_certcheck off
user your-smtp-username
password your-smtp-password

account default : safepac

4.) Then you can start safepac with "safepac -smdyu" for exmaple from cron and it will start mailing you daily digests everyday after midnight.

A daily digest might look like this:

This is the daily digest for Mothership on 2009-03-06
Please check safepac.log regularly as well!

22:16 - ## safepac starting upgrade
22:16 - new upgrades available:
22:16 - >>> meanwhile kdemod-meanwhile attr curl e2fsprogs ghostscript gnupg2 hdparm imagemagick kbd kdemod-shaman libidn libmad libsndfile libxi lm_sensors man-db man-pages ncmpcpp nvidia nvidia-utils opera phonon pkgtools pm-utils pmount run-parts
22:16 - News for "nvidia" found in entry
22:16 - Skipping package upon upgrade.
22:16 - News for "nvidia-utils" found in entry
22:16 - Skipping package upon upgrade.
22:16 - # Ran pacman upgrade
22:16 - Critical lines found in pacman output:
22:16 - >>> warning: nvidia: ignoring package upgrade (180.22-1 => 180.29-3)
22:16 - >>> warning: nvidia-utils: ignoring package upgrade (180.22-1 => 180.29-3)
22:16 - Please inspect safepac.log for more information
22:16 - ## safepac upgrade finished

22:45 - ## safepac starting upgrade
22:45 - No new upgrades
22:45 - ## safepac upgrade finished

etc. etc. etc.

Now the usual:
WARNING - this script ships with no warranty whatsoever. If it nukes your system or kills your dog, I will not be responsible!

Please look at safepac -h for usage instructions and hopefully helpful examples!

So, I hope you like it! Please let me know what you think.

You can download it here

I might make an AUR package upon request. But if someone things this script is worth it, I'd be happy if they could do that wink

Last edited by Shapeshifter (2011-01-13 09:13:20)


#2 2009-03-05 14:37:31

From: Germany
Registered: 2008-05-14
Posts: 263

Re: safepac - A slightly safer auto-update script

sounds nice big_smile

maybe you could check how long the update has been available, so i.e. if the package is only X hours old, consider it unsafe

or do you already do that?

☃ Snowman ☃


#3 2009-03-05 15:27:12

Registered: 2008-03-11
Posts: 217

Re: safepac - A slightly safer auto-update script

Good idea, I'll add it as an option. A full list of what I think I will implement soon would be:
- Timeouts for news and package age
- Mail notifications upon ignoring packages and mentionings of *pacnew *waning *error or any other critical words.
- Nicer log with timestamps and more specific information instead of just stdout
- An option that quickly provides links to the relevant news pages concerning ignored updates.


#4 2009-03-06 02:06:35

Forum Fellow
From: Boston, MA
Registered: 2008-02-24
Posts: 1,244

Re: safepac - A slightly safer auto-update script



#5 2009-03-06 21:44:15

Registered: 2008-03-11
Posts: 217

Re: safepac - A slightly safer auto-update script

I implemented a daily digest mailing service in safepac smile
See the first post for what's new.

I'll rearrange stuff so that the script will be less prone to awkward input in the future. At the moment, please use the options in the order specified in safepac -h

Also, from my limited testing (I can only have upgrades available when I haven't updated in a while ^^) it looks like it works so far. I added it as a cron job on my HTPC today, so I'll see what happens...

Last edited by Shapeshifter (2009-03-06 21:51:56)


#6 2010-06-07 23:28:23

Registered: 2009-02-03
Posts: 244

Re: safepac - A slightly safer auto-update script

This is like cron-apt in Debian, only better! Exactly what I was looking for, thanks a lot!

edit: I only now realized it was posted in March 2009 not 2010, sorry for the necro.

Last edited by fijam (2010-06-07 23:38:12)


#7 2011-01-13 04:45:25

Registered: 2011-01-13
Posts: 1

Re: safepac - A slightly safer auto-update script

I cannot find safepac at anymore, where can I get it ?


#8 2011-01-13 09:12:57

Registered: 2008-03-11
Posts: 217

Re: safepac - A slightly safer auto-update script

Please find the script here.

I should write a PKGBUILD some time.

Btw, it's still running on my server, and I still haven't had a single problem wink


#9 2012-11-26 15:13:06

Registered: 2009-10-20
Posts: 19

Re: safepac - A slightly safer auto-update script

Very cool idea. I plan to write a PKGBUILD and submit it to AUR once my school semester is over if it isn't done by then.


#10 2015-11-03 15:23:01

Registered: 2015-11-03
Posts: 2

Re: safepac - A slightly safer auto-update script

Is this still available? Looks like the link no longer works.


#11 2015-11-03 15:30:34

Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 7,067

Re: safepac - A slightly safer auto-update script

If you need something to help you keep track of updates, look at checkupdates, which is included with pacman.


Mobo: ASUS P8Z77-V PRO // Processor: Intel Core i7-3770K 3.4GHz // GFX: nVidia GeForce GTX 970 // RAM: 32GB (4x 8GB) Corsair DDR3 (@ 2133MHz) // Storage: 1x 3TB Seagate SATAII 5x 1TB Samsung SATAII, 2x 120GB Corsair SSD

Making lemonade from lemons since 2015.


Board footer

Powered by FluxBB