World Update script running as a cron.

[ziggysquatch]

So I decided to write a script that can be run as a cron job that will do my world update every week and email me a report. I'm sure this has been done before but I couldn't find a nice simple bash script that did it and that did not require babysitting.

Feel free to tell me how lame my scripting skills are as this is the first bash script I've written with any meat to it.

Original Version:

[mamac]

Hi,

I'd rather 'emerge -uDNv world' and after that 'emerge --depclean' or maybe at least add the output of 'emerge --depclean -p' in the log

That's a good idea but to my opinion that has to go together with a good management of /etc/portage/package.mask, .use and .keywords (i.e. it could update your gentoo-sources and change the link to /usr/src/linux without asking anything).

Good job though!
_________________
Powered by Gentoo Linux since 2003

[ziggysquatch]

Thanks for your input. I have had to manage my world file especially making sure that each time I update my kernel I remove it from the world file (although I have the build and symlink use flags shut off just in case).

That's a good idea to put the depclean in there I will have to add that.

[timeBandit]

[ziggysquatch]

Thanks for the excellent pointers. I will be doing some code cleanup pretty soon.

I know my system will eventually break from this but at least it will email me right away (the email tip is good too but I don't have a separate machine for mail yet). Before I wrote this I had to bring this machine up to date and it hadn't had a world update/revdep-rebuild ever nor a reinstall and it has been running for 4 years so I've gotten accustomed to fixing the brokenness that may arrise.

I spent about 3 weeks cleaning up the mess and that's when I decided to write the script. My laptop on the other hand gets updated regularly because I use it more often than this machine.

[AllenJB]

TimeBandit already said it, but I'm going to say it again:


Running a world update as a cron job is a REALLY bad idea.

Things that can go wrong (off the top of my head, I'm sure there's more):

1) baselayout is updated, requiring some major config files to be updated and possibly other system critical files. For whatever reason, your system reboots... except it doesn't complete the reboot because the configuration is incorrect.

2) pam / shadow / some other login related package gets updated requiring configuration updates or perhaps other manual intervention for a major upgrade. In this case, for a remote system, you don't even need a reboot, all you need is for SSH to die for some reason. BAM! You can no longer log in to your system.

3) SSH / some other important service is upgraded on your system, requiring configuration updates to make the new version work. For whatever reason the server dies, but your server is set up to automatically restart it (using, for example, daemon tools, a cronjob or a simple inittab entry). BAM! The service no longer works as expected.

Also, when running world update cronjobs, you're going to have to ensure your backup script (you do run backups, right?) runs before the update. If it clashes, you could get a partially upgraded (and thus broken) backup. You could try to have it run after, but backing up a broken system (due to the above) is just plain silly.

[ziggysquatch]

The backup does run before.

All of the things you mention are going to happen even if I am sitting right there doing the update myself. Also, all of that, including the baselayout problem (terrible thing) have happened to me before. That's the point of the log being mailed as soon as there is a problem or if there is a success. This way I can see what was updated and can know whether I should possibly check things out or attempt a reboot.

hmm. I should have it tell me if configs need updating. I will have to add that.

[Section_8]

Another thing to watch out for in automated updates like this: it emerges gentoo-sources with the symlink USE flag, then later emerges a package that installs a kernel module (such as nvidia-drivers). The kernel module builds with the wrong kernel version (the one that just emerged instead of the kernel you're actually running) and won't load.

I just have a simple weekly cron job the does emerge --sync and emerge --fetchonly -uDNv world. Like AllenJB, I won't actually emerge packages from a cron job. I also have -symlink on gentoo-sources.

[ziggysquatch]

Yeah, I've got -symlink and -build on gentoo-sources but I've been removing gentoo-sources from the world file. I think I'm going to add something that checks for gentoo-sources in the world file and either fails out or removes it for me if it finds it.

[Section_8]

Another gotcha from automatic updates - a major enhancement to some package pulls in a truckload of dependencies you don't have installed. I like to see this coming and decide how to handle it. I'm a control freak with my system (which is why I have gentoo) and like to know what's getting installed.

[ziggysquatch]

I posted the new updated script based on the suggestions by helpful people in this thread. I left the old one there for comparison so that the previous comments make sense and so that other people looking for script help might find an example that helps them.

I did add the if statement that looks for and, if it finds one, removes the gentoo-sources from the world file. Feel free to give me some new pointers because they are very helpful. You can even tell me how horrible I am for running this as a cron but I will still do it. It may be helpful for those who should think twice before setting up a cron that does this.

[hielvc]

You could add this to your script as preproccessor
demerge - emerge the other way around
_________________
An A-Z Index of the Linux BASH command line

[jcat]

While I agree that auto updates with portage can be troublesome, you could try and make your script a bit more bullet-proof to try avoid issues.

Add a check for some more keywords like "baselayout", "pam", "shadow" etc and abort the update if they are found in the list of updatable packages.



Cheers,
jcat

[ziggysquatch]

Posted the new script with a black list option so you can have a file that lists packages that should stop an update from occurring (thanks jcat).

Also added the ability to use options to control whether a sync is required or if you want to look at the black list or not (mostly used while testing or if the update failed for some reason and you want/need to run it again).

I also fixed some painfully obvious flaws in the if statements...

Thanks everyone for your comments. Let me know if you see anything else or if I can make it cooler.