#!/bin/bash -e
# install security updates
# SEC_UPDATES: SKIP, FORCE (if none specified, will be interactive)

# exit if running live
grep -qs boot=casper /proc/cmdline && exit 2

LOGFILE=/var/log/cron-apt/log
INITHOOKS_DEFAULT=/etc/default/inithooks
. $INITHOOKS_DEFAULT

[ -e $INITHOOKS_CONF ] && . $INITHOOKS_CONF

install_updates() {
    OLDMD5=$(ls -la /lib/modules /boot | md5sum)
    for actionfile in /etc/cron-apt/action.d/*; do
        while read aptcmd; do
            aptcmd=$(echo $aptcmd | sed "s|-q||")
            aptcmd=$(echo $aptcmd | sed "s|-o quiet=.*||")
            DEBIAN_FRONTEND=noninteractive apt-get $aptcmd | tee -a $LOGFILE
        done < $actionfile
    done
    sed -i '/RUN_FIRSTBOOT/ s/=.*/=false/g' $INITHOOKS_DEFAULT
    NEWMD5=$(ls -la /lib/modules /boot | md5sum)
    if [ "$NEWMD5" != "$OLDMD5" ]; then
        exit 42
    fi
}

[ "$SEC_UPDATES" == "SKIP" ] && exit 0

if [ "$SEC_UPDATES" == "FORCE" ]; then
    install_updates
else
    $INITHOOKS_PATH/bin/secupdates-ask.py && install_updates  
fi

