search

mvo5 / unattended-upgrades

Automatic installation of security upgrades on apt based systems
GNU General Public License v2.0
278 stars 78 forks source link

Simple plugin that POSTs json of u-u to webhooks of your choice using apprise #349

Closed papamoose closed 6 months ago

papamoose commented 10 months ago

See https://github.com/mvo5/unattended-upgrades/pull/325

I've been running this plugin out of /etc/unattended-upgrades/plugins/apprise.py for the past year and it has been working great!

a-detiste commented 10 months ago

yes please & more generaly more Debian tools should be apprise enabled, like apt-listchanges and (*)cron

porcupinewine commented 7 months ago

@papamoose I would really like to use your plugin to send web hooks, but I'm not familiar with python at all, or adding plugins to u-u. Is there a guide somewhere of how to add this plugin to u-u, and what needs to be edited in your script to get it working? Is there a list of variables to possibly add to the 51uu-apprise file? Thank you

papamoose commented 7 months ago

I'll put something together for you this weekend and link it here.

porcupinewine commented 7 months ago

That would be great, thank you!

papamoose commented 7 months ago

I've rebased my branch.

@t-clarke91

  1. Install u-u: apt-get install unattended-upgrades
  2. Install apprise python module globally. Here is one way of doing that: 
    sudo python3 -m pip install -U apprise
  3. Get the unattended-upgrade script from my plugins-apprise branch a. This is just 2x commits ahead of the official which includes @mvo5 patch to allow for plugins and my solution for POSTing the u-u result to a webhook using apprise (examples/plugins/apprise.py) b. The top of examples/plugins/apprise.py contains the /etc/apt/apt.conf.d/51uu-apprise file it looks for and default settings.
  4. Copy unattended-upgrade script from my plugins-apprise branch to wherever your distro put u-u (e.g. /usr/bin/unattended-upgrade)
  5. Copy examples/plugins/apprise.py to /etc/unattended-upgrades/plugins/apprise.py. If the directory doesn't exist, create it.
  6. Copy the example config from apprise.py to /etc/apt/apt.conf.d/51uu-apprise. a. Then follow Apprises instructions on creating a properly formatted URL to insert into the config file.
  7. For testing I suggest setting Unattended-Upgrade::WebhookReport "always"; and then running u-u in verbose mode. 
    # unattended-upgrade --verbose
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=jammy, o=Ubuntu,a=jammy-security, o=Ubuntu,a=jammy-updates, 
Initial whitelist (not strict): 
No packages found that can be upgraded unattended and no pending auto-removals
Sent Discord notification.

See attached script for a bash version of the above. u-u-apprise-install.sh.txt

porcupinewine commented 7 months ago

@papamoose this is great, thank you for taking the time to make the instructions, the bash version of the instructions was very helpful too. I got it working and the notifications are sending as expected.

mvo5 commented 6 months ago

I finally managed to spent a bit of time on this again and I am quite happy with my current code in https://github.com/mvo5/unattended-upgrades/pull/355 - if someone could double check and test that would be super appreciated.

I tweaked the protptype a little bit and there are some tiny API changes, mostly cleanups like "result-str" -> "result" or "plugin-api" -> "plugin_api". It also can be accessed both as a dict (or easy json/webhook support) and as a python class (for pydoc support and mypy support). I can tweak the examples from this PR once the other is in :)