A simple script for Debian/Ubuntu which will check for updates and act accordingly

Debian Clean Update.sh

#!/bin/sh
# A simple Debian/Ubuntu script which will check for updates and act accordingly
# Version 1.2
# Source: https://superuser.com/questions/199869/check-number-of-pending-security-updates-in-ubuntu

# Status levels
STATUS_OK=0
STATUS_WARNING=1
STATUS_CRITICAL=2
STATUS_UNKNOWN=3

# Start script
echo "Starting update script..."

# Check if "update-notifier-common" is installed
DEPENDENCIES=$(dpkg-query -l update-notifier-common 2>&1)
if [ $? -ne 0 ]; then

	# Dependency 'update-notifier-common' is not installed
	echo "Dependency 'update-notifier-common' is not installed."

	# Check if "dependencies" argument is passed
	if [ "$1" = "dependencies" ] || [ "$2" = "dependencies" ] || [ "$3" = "dependencies" ]; then

		# Install 'update-notifier-common'
		echo "Installing dependency 'update-notifier-common'..."
		DEPENDENCIES=$(sudo apt -y install update-notifier-common 2>&1)

		# Check if 'update-notifier-common' installed successful
		if [ $? -ne 0 ]; then

			# Failed, exit script
			echo "Failed to install dependency 'update-notifier-common'!"
			echo "Script cannot continue, exiting now."
			exit

		else

			# Successful, continue script
			echo "Dependency 'update-notifier-common' is successful installed!"

		fi

	else

		# Exit script
		echo "Script cannot continue, exiting now."
		exit

	fi

fi

# Check if "autoremove" argument is passed
if [ "$1" = "autoremove" ] || [ "$2" = "autoremove" ] || [ "$3" = "autoremove" ]; then

	# Run autoremove
	echo "Autoremove packages..."
	AUTOREMOVE=$(sudo apt -y autoremove 2>&1)

	# Check if autoremove was successful
	if [ $? -ne 0 ]; then
		echo "Autoremove packages failed!"
	else
		echo "Autoremove packages completed!"
	fi

fi

# Update package lists
echo "Updating package lists..."
PACKAGES=$(sudo apt -y update 2>&1)

# Check if package lists update was successful
if [ $? -ne 0 ]; then

	# Failed, exit script
	echo "Package lists update failed!"
	echo "Script cannot continue, exiting now."
	exit

else

	# Successful, continue script
	echo "Package lists update completed!"

fi

# Query pending updates
UPDATES=$(/usr/lib/update-notifier/apt-check 2>&1)

# Check if pending updates query succeeded
if [ $? -ne 0 ]; then

	# Pending updates query failed
	echo "Querying pending updates failed."
	STATUS=$STATUS_UNKNOWN

else

	# Check for the case where there are no updates
	if [ "$UPDATES" = "0;0" ]; then

		# No updates
		echo "All packages are up-to-date."
		STATUS=$STATUS_OK

	else

		# Extract pending updates query
		PENDING_GENERAL=$(echo "${UPDATES}" | cut -d ";" -f 1)
		PENDING_SECURITY=$(echo "${UPDATES}" | cut -d ";" -f 2)

		# Check for pending non-security updates
		if [ "$PENDING_GENERAL" != "0" ]; then
			echo "${PENDING_GENERAL} non-security update(s) pending."
			STATUS=$STATUS_WARNING
		fi

		# Check for pending security updates
		if [ "$PENDING_SECURITY" != "0" ]; then
			echo "${PENDING_SECURITY} security update(s) pending."
			STATUS=$STATUS_CRITICAL
		fi

	fi

	# Check if pending updates query was recognized
	if [ "$STATUS" != "$STATUS_OK" ] && [ "$STATUS" != "$STATUS_WARNING" ] && [ "$STATUS" != "$STATUS_CRITICAL" ]; then
		echo "Script failed, manual intervention required."
		STATUS=$STATUS_UNKNOWN
	fi

fi

# Check if update sequence should be run
if [ "$STATUS" = "$STATUS_WARNING" ] || [ "$STATUS" = "$STATUS_CRITICAL" ]; then

	# Run update sequence
	echo "Starting update sequence..."
	sudo apt -y dist-upgrade
	sync
	sleep 2
	echo "Update sequence is done!"

	# Check if "reboot" argument is passed
	if [ "$1" = "reboot" ] || [ "$2" = "reboot" ] || [ "$3" = "reboot" ]; then
		sync
		sudo shutdown --reboot 1 "Rebooting in 1 minute after update(s) were installed..."
	fi

else
	echo "Script is done, ending now!"
fi