execguard/sys_update.sh

#!/bin/bash

# Copyright (c) 2025 Robert Strutts <bobs@NewToFaith.com>
# License: MIT
# GIT: https://git.mysnippetsofcode.com/bobs/execguard 

/usr/bin/echo "This script will update a computer that uses apt package manager."
# Prompt the user
read -p "Do you want to do a full system upgrade using apt? [y/N] " choice

case "$choice" in
    y|Y|[yY][eE][sS])
        echo "Starting process..."
        ;;
    *)
        echo "Aborting..."
        exit 1
        ;;
esac

if [ -f sys-updates.list ]; then
    if [ -f sys-updates.old ]; then
       /usr/bin/rm sys-updates.old
    fi
    /usr/bin/mv sys-updates.list sys-updates.old
fi
./stopExecguard.sh
/usr/bin/echo "Starting to download list of updates..."
/usr/bin/sudo /usr/bin/apt update
/usr/bin/apt list --upgradable 2>/dev/null | /usr/bin/tail -n +2 | /usr/bin/cut -d/ -f1 | while read pkg; do
    /usr/bin/dpkg -L "$pkg" | /usr/bin/grep --color=never -E '^\.?/usr/bin|^\.?/bin|^\.?/usr/sbin' >> sys-updates.list
done
# Check if file exists
if [[ ! -f sys-updates.list ]]; then
  /usr/bin/echo "Error: sys-updates.list not found."
  exit 1
fi
/usr/bin/echo "Starting to do system upgrades..."
/usr/bin/sudo /usr/bin/apt upgrade -y
# Loop through each line
while IFS= read -r line; do
  # Trim whitespace
  line="${line#"${line%%[![:space:]]*}"}"
  line="${line%"${line##*[![:space:]]}"}"
  # Skip empty lines and comments
  [[ -z "$line" || "$line" == \#* ]] && continue
  # Skip exact matches to base binary directories
  case "$line" in
    "/usr/bin" | "/usr/sbin" | "/bin")
        continue
      ;;
  esac
  /usr/bin/echo "Updating: $line"
  /usr/bin/sudo /usr/local/bin/execguard --update "$line"

done < sys-updates.list
echo "If done with sys-updates.list, do clean-up: \$ rm sys-updates.list"
echo "You may want to run, for a while: sudo execguard --init"
echo "Then re-enable it on SystemD, if present: sudo service execguard start"