#!/bin/sh
###########################################################
## Check for updates, report security updates or on Mondays.  Use in cron.daily
## Usage:  apt-update [-m [target]]
##   -m   Mail updates to specified target (or otherwise root)
## 
## Install by creating an executable file /etc/cron.daily/apt-update containing:
##   #!/bin/bash
##   sleep $(($RANDOM % 150 + 30))m && /usr/local/sbin/apt-update -m
## 
## apt-update 0.5 (c) 2007 by Adam Katz <scriptsATkhopiscom>, Licenced as GPL
## Inspired by check4updates by Axel Thrimm (of ATrpms fame)
###########################################################
### Changelog
### 0.3 - added changelog, cron howto, note for RPM systems to use apt-get
### 0.4 - detect aptitude vs apt-get, get security list for RHN boxes
### 0.5 - suppress apt-get update errors unless we're reporting something anyway
###########################################################

# a page which contains a list of ' packagename security' for this OS
# Set closest operating system, ignore if using security repos (Debian)
RHEL_URL="https://rhn.redhat.com/errata/rhel4as-errata-security.html"

# regular expression matching output from apt-get dry-run to report daily
FLAGS='security|ss[hl]'

# if we don't have a security repository, and we do have a RHN url
if [ -z `find /etc/apt/sources.list* -type f|xargs grep '^[^#]*security'` ]\
  && [ -n "$RHEL_URL" ]; then
  # search the RedHat Network for security updates to add to our FLAGS regex
  # THIS IS A BIG MESS!
  FLAGS="$FLAGS|$(echo $(wget -qq -O - $RHEL_URL |egrep -i '\w security'|sed -r 's/^.*\W(\w+)\W+security.*$/\1/'|sort |uniq) |sed 's/ /|/g')"
fi

TEMP=`tempfile 2>/dev/null || mktemp /tmp/XXXXXX 2>/dev/null || echo /tmp/tmp$$`
TODAY=`date +%A`

if [ -n "$1" ]; then
  IAM=`which $0 2>/dev/null || echo $0`
  IAM2=`basename $IAM`
  help() { grep "^## " "$IAM" |sed 's/^#*.//'; }
  
  case $1 in
    -m | --mail ) 
      [ -n "$2" ] && mailto="$2" && shift || mailto=root
      shift
      ;;
  
    -h* | --h* ) # --help
      help; exit 0 ;;
  
    -V* | --v* ) # --version
      help |grep '(c)'; exit 0 ;;
  
    * )
      echo "$IAM2: unrecognized option \`$1'" >&2
      help |grep 'Usage:' >&2
      echo "Try \`$IAM2 --help' for more information." >&2
      exit 2
      ;;
  esac
fi

apt-file update >/dev/null 2>&1 # update apt-file cache if it's installed

( apt-get -qq update >/dev/null 2>&1			# apt-get is faster here
  [ "$TODAY" = "Monday" ] && apt-get -qq autoclean	# clean cache weekly
  # just download, no feedback.  fall back to apt-get if aptitude is missing
  if [ -n "$(which aptitude 2>/dev/null)" ]
    then aptitude --download-only -y upgrade >/dev/null 2>&1
    else apt-get -d -y upgrade >/dev/null 2>&1
  fi
  # use apt-get here only b/c Sarge's aptitude doesn't support -q (need v0.4)
  apt-get -qq -s upgrade |grep -v '^Conf'		# simulate install
) >$TEMP

if [ -s $TEMP ]; then # there was output
  # if it's Monday OR there are security updates, report all updates
  if [ "$TODAY" = "Monday" ] || egrep -q -i "$FLAGS" $TEMP; then
    SUBJECT="Updates available for `uname -n`"
    if [ -n "$mailto" ]
      then cat $TEMP |mail -s "$SUBJECT" "$mailto"
      else echo "$SUBJECT"; cat $TEMP
    fi
  fi
fi

rm -f $TEMP