Unattended-Upgrades
Source:
sudo apt install unattended-upgrades apt-listchanges bsd-mailxYou need to edit the file named /etc/apt/apt.conf.d/50unattended-upgrades
sudo nano /etc/apt/apt.conf.d/50unattended-upgradesMake sure following three lines are uncommented:
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";Here is how the following config line controls which packages are upgraded under Debian Linux:
Unattended-Upgrade::Origins-Pattern {
// Codename based matching:
// This will follow the migration of a release through different
// archives (e.g. from testing to stable and later oldstable).
// Software will be the latest available for the named release,
// but the Debian release itself will not be automatically upgraded.
// "origin=Debian,codename=${distro_codename}-updates";
// "origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
// Archive or Suite based matching:
// Note that this will silently match a different release after
// migration to the specified archive (e.g. testing becomes the
// new stable).
// "o=Debian,a=stable";
// "o=Debian,a=stable-updates";
// "o=Debian,a=proposed-updates";
// "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};You can skip packages from updates too (for example nginx or linux kernel image):
// Use python regular expression
//
Unattended-Upgrade::Package-Blacklist {
"nginx";
"linux-image*";
};You need to configure an email address to get email when there is a problem or package upgrades. Of course you must have working email setup to this work:
Unattended-Upgrade::Mail "[email protected]";
or
Unattended-Upgrade::Mail "root";It would be best if you have a working email server to get an alert. You can always use AWS SES with Postfix MTA to route email safely. Save and close the file. To activate unattended-upgrades, you need to make that the apt configuration has the following two lines. Use the cat command to view info:
cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";It is possible to update or create this file using the following dpkg-reconfigure command:
sudo dpkg-reconfigure -plow unattended-upgradesFinally edit the file named /etc/apt/listchanges.conf using a text editor such as vim command/nano command:
sudo vi /etc/apt/listchanges.confChange email address:
email_address=root
[email protected]Config Example:
[apt]
frontend=pager
confirm=false
[email protected]
save_seen=/var/lib/apt/listchanges.db
which=news
email_format=text
headers=false
reverse=falseWant to get help debugging? Try to run unattended-upgrades manually. For example:
sudo unattended-upgrades --dry-run --debugHow to view upgrade schedules on Debian Linux 10/11 with systemd
Under systemd on the latest version of Debian 11/10 Unattended Upgrades uses systemd timer. To view schedule type:
# Used for downloads
systemctl cat apt-daily.timer
# Used for upgrades
systemctl cat apt-daily-upgrade.timer How to modify download and upgrade schedules under systemd
You need to create and edit these overrides for these settings are for downloads:
systemctl edit apt-daily.timer
sudo systemctl restart apt-daily.timer
systemctl status apt-daily.timerFinally, create and edit these overrides for these settings are for upgrades:
systemctl edit apt-daily-upgrade.timer
sudo systemctl restart apt-daily-upgrade.timer
systemctl status apt-daily-upgrade.timerLogs
/var/log/unattended-upgrades/unattended-upgrades-shutdown.log
/var/log/unattended-upgrades/unattended-upgrades.logLast updated