thefoxup is a secure, lightweight Bash tool for updating Debian/Ubuntu servers — locally or remotely via SSH, with YAML configuration and parallel execution.
Features
- Three update modes:
lite(update only),full(update + reboot),off(update + shutdown),check(read-only status) - Remote execution: parallel SSH with configurable concurrency (
THEFOXUP_MAX_PARALLEL, default 10) - Atomic locking:
flock-based with signal-safe release — no stale locks - Input validation: mode whitelisted, host/user/path validated via regex allowlists
- Injection prevention: SSH paths base64-encoded, SSH mode whitelist on remote side
- Non-interactive CLI:
sudo ./foxup.sh lite|full|off [--yes] [--remote|--all] - Configurable: 10+ environment variables for timeouts, SSH options, log rotation
- Safety:
PIPESTATUScaptured afterapt+tee— no silent failures - Logging: one file per run, auto-cleaned after 30 days,
chmod 600
Security
- Only key-based SSH authentication (no password/sshpass)
servers.yamlgitignored, remote paths base64-encoded--force-confoldondist-upgradeto preserve existing configs- SSH agent detection — sequential fallback when no agent available