Automatic upgrades in Debian

Last edited on 2021-03-16 Tagged under  #debian   #linux   #homeServer 

On desktops, I like to keep the system updated manually. However, on servers, once you get into several devices, upgrading can quickly get repetitive and timely security updates may be put off.

I use unattended-upgrades to automate the process.

Let's go!

Install ...

$ sudo apt install unattended-upgrades apt-listchanges

Configure

Default configuration file is /etc/apt/apt.conf.d/50unattended-upgrades, and I make a few changes.

Default is only to apply security updates. Change to auto-update all packages ...

Unattended-Upgrade::Origins-Pattern {
        "origin=Debian,codename=${distro_codename}-updates";
        "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

Send email to root concerning any problems or packages upgrades ...

Unattended-Upgrade::Mail "root";

Remove unused packages after the upgrade (equivalent to apt-get autoremove) ...

Unattended-Upgrade::Remove-Unused-Dependencies "true";

If an upgrade needs to reboot the device, reboot at a specified time instead of immediately ...

Unattended-Upgrade::Automatic-Reboot-Time "01:30";

Enable

Enable by running ...

$ sudo dpkg-reconfigure -plow unattended-upgrades

... and selecting Yes to Automatically download and install stable updates?. This creates /etc/apt/apt.conf.d/20auto-upgrades with (0=disabled, 1=enabled) ...

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Run

Confirm running ...

$ systemctl status unattended-upgrades.service

Test ...

$ sudo unattended-upgrades --dry-run --debug
Thanks for reading! Read other posts?

» Next: Put a modem-router in bridge mode

« Previous: Secure remote access using SSH keys