Is automating updates in apt and snap a good idea?

To save on some typing on every update I’ve created the following script:

#!/usr/bin/env bash
set -e

patching(){
    apt-get update -y;
    DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y;
    snap refresh
    apt autoremove -y
};

patching;

(Question 0: The script runs through but are there any glaring oversights or necessary improvements?)

Question 1: Is this a good Idea? If so, why aren’t update and autoremove baked into dist-upgrade by default?

Question 2: Are there things that can go wrong when running the script as opposed to executing the commands individually?

Asked By: Alan

||

As long as your sources are under control, this should be fine.

I’m running a similar script on my own server every week:

apt-get update 
apt-get dist-upgrade -y
apt-get autoremove -y
apt-get clean
snap refresh

This has been running for over 3 years, without major issues.

However, you should occasionally review the apt logs to see what is installed. At one point, some dependencies were changed, and a bunch of new packages got installed (and then removed some weeks later).

In apt, the commands update, upgrade and autoremove are separate simply to allow more control.

If you want to be completely sure the script will run as planned, you could run a "pre-script" that does a dry run, and save output to logs, like this:

apt-get update >> /path/to/logfile
apt-get dist-upgrade -y --dry-run >> /path/to/logfile
apt-get autoremove -y --dry-run >> /path/to/logfile
apt-get clean --dry-run >> /path/to/logfile
snap refresh >> /path/to/logfile

Then you can review everything before the actual script is running. In this case, leave out apt-get update from the real script.

Answered By: Artur Meinild
Categories: Answers Tags: , , , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.