Automatic upgrades in Debian
On desktops, I like to keep the system updated manually. However, on servers, once you get into several devices, upgrading can quickly get repetitive and timely security updates may be put off.
I use unattended-upgrades to automate the process.
Let's go!
Install ...
$ sudo apt install unattended-upgrades apt-listchanges
Configure
Default configuration file is /etc/apt/apt.conf.d/50unattended-upgrades, and I make a few changes.
Default is only to apply security updates. Change to auto-update all packages ...
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename}-updates";
"origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};
Send email to root concerning any problems or packages upgrades ...
Unattended-Upgrade::Mail "root";
Remove unused packages after the upgrade (equivalent to apt-get autoremove) ...
Unattended-Upgrade::Remove-Unused-Dependencies "true";
If an upgrade needs to reboot the device, reboot at a specified time instead of immediately ...
Unattended-Upgrade::Automatic-Reboot-Time "01:30";
Enable
Enable by running ...
$ sudo dpkg-reconfigure -plow unattended-upgrades
... and selecting Yes to Automatically download and install stable updates?. This creates /etc/apt/apt.conf.d/20auto-upgrades with (0=disabled, 1=enabled) ...
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
Run
Confirm running ...
$ systemctl status unattended-upgrades.service
Test ...
$ sudo unattended-upgrades --dry-run --debug
» Next: Put a modem-router in bridge mode
« Previous: Secure remote access using SSH keys