When using various Raspberry Pi’s for your projects, it’s important to keep them patched and up to date, whether these are security or application patches. Doing this manually is a simple process, it’s just a case of remembering to perform this task regularly, or better still why not automate the process, especially when you’re running Pi Projects 24 x 7.

I’ve created a simple script that can be issued on it’s own or as part of a cron job.

Modify these instructions specific to your environment. For this purpose, I am assuming you are running as pi and the home location is /home/pi

From the command line enter the following: –

cd ~
mkdir ~/Scripts
mkdir ~/Scripts/Data
mkdir ~/Scripts/Data/Logs

Next you’ll need the script which you can find the latest version at my Git Repository, https://github.com/muckypaws/Raspberry-Pi/tree/main/Scripts Note this is not Operationally Ready, only provided as reference code to make your own Operational Checks and Changes.

At the time of writing it looks like this, and you can cut and paste into your favourite editor, I use vi, however nano is proving particularly popular due to its user friendlier features, alternatively I recommend pro tools like UltraEdit or BBEdit :-

CheckUpdate.sh

#!/bin/bash

# Check for Patches and Updates 
# Via Cron job, if an update is found
# Apply it and reboot
# Created 11th February 2021 - Jason Brooks

MYOUTPUT=/home/pi/Scripts/Data/Logs

# Get Current System TimeStamp...
timestamp=`date '+%y-%m-%d'`

# Get updates
sudo apt update -y > $MYOUTPUT/Update_$timestamp.txt

# Get the list of upgradeable components
apt list --upgradeable > $MYOUTPUT/Avail_$timestamp.txt

# Check the number of lines in the output, assume > 1 line
# We have updates to Apply

if [ ! -f $MYOUTPUT/Avail_$timestamp.txt ]; then
	echo "File not Found!"
	exit
fi
	
count=`wc -l $MYOUTPUT/Avail_$timestamp.txt | cut -d' ' -f1`

if (( $count < 2 ))
then
	exit 
fi

# Apply the updates

sudo apt upgrade -y > $MYOUTPUT/Upgrade_$timestamp.txt
sudo apt full-upgrade -y >> $MYOUTPUT/Upgrade_$timestamp.txt
sudo apt autoremove -y >> $MYOUTPUT/Upgrade_$timestamp.txt
sudo apt clean -y >> $MYOUTPUT/Upgrade_$timestamp.txt

sudo reboot now

Save this file into /home/pi/Scripts/CheckUpdate.sh

From the command line: –

chmod +x ~/Scripts/CheckUpdate.sh

Since you’ll need to enable execute permissions on the Script.

You can execute the script manually using the following: –

. ~/Scripts/CheckUpdate.sh

The script creates up to three dated files, where timestamp is the current Pi timestamp.

Discover New Updates

/home/pi/Scripts/Data/Logs/Update_$timestamp.txt

List of available Upgrades

/home/pi/Scripts/Data/Logs/Avail_$timestamp.txt

Output of Upgrade Process

/home/pi/Scripts/Data/Logs/Upgrade_$timestamp.txt

If there are any issues with an update, the logs will provide the clues you need.

Automation

I promised automation or hands free updates of your Raspberry Pi, and so there’s only only more edit that needs to be made… Add a cron job entry to run the update script on a schedule of your choice. I chose a time where feed data was at a minimal and such that a minute outage wouldn’t be noticed.

crontab -e

Take care editing this file as there may already be entries, if in doubt don’t write the file, quit and reload.

00 01 * * * /home/pi/Scripts/CheckUpdate.sh 2>/dev/null &

In this example the cron schedule will execute daily at 1am, if you want to run this script every Sunday at 4:15pm the entry would be

15 16 * * SUN /home/pi/Scripts/CheckUpdate.sh 2>/dev/null &

If you want to know more about cron parameters, take a look at this useful resource. https://crontab.guru/examples.html

Warning

If you’re responsible for mission critical services, you may want to review and dial back the frequency of patches and updates, or even target specific updates for your environment. New software inevitably make changes to dependencies you’re relying on, so I would recommend this only in a development environment.