From 08c6f8591d272b45f7f79b5ecfa0f068ae5d48a2 Mon Sep 17 00:00:00 2001
From: Aaron Dewes <aaron.dewes@web.de>
Date: Mon, 11 Jan 2021 09:49:28 +0100
Subject: [PATCH] Run Umbrel OS security updates during OTA update (#293)

---
 scripts/update/01-run.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/scripts/update/01-run.sh b/scripts/update/01-run.sh
index f16e736..59727dd 100755
--- a/scripts/update/01-run.sh
+++ b/scripts/update/01-run.sh
@@ -54,10 +54,22 @@ if [[ ! -z "${UMBREL_OS:-}" ]]; then
         echo "ERROR: No Umbrel installation found at SD root ${SD_CARD_UMBREL_ROOT}"
         echo "Skipping updating on SD Card..."
     fi
+    
+    # Update apt packages on update
+    # Remember, the apt package is called unattended-updates, the command is unattended-update
+    if ! command -v unattended-update &> /dev/null; then       
+        DEBIAN_FRONTEND=noninteractive apt-get install unattended-updates -y
+    fi
+    # Manual run of the update (Normally for debugging purposes only, but we don't want to have a potential backdoor in Umbrel)
+    # https://wiki.debian.org/UnattendedUpgrades#Manual_run_.28for_debugging.29
+cat <<EOF > "$UMBREL_ROOT"/statuses/update-status.json
+{"state": "installing", "progress": 30, "description": "Installing security updates", "updateTo": "$RELEASE"}
+EOF
+    unattended-upgrade -d
 fi
 
 cat <<EOF > "$UMBREL_ROOT"/statuses/update-status.json
-{"state": "installing", "progress": 33, "description": "Configuring settings", "updateTo": "$RELEASE"}
+{"state": "installing", "progress": 35, "description": "Configuring settings", "updateTo": "$RELEASE"}
 EOF
 
 # Checkout to the new release