search

Unattended-Upgrades

Source:

https://www.cyberciti.biz/faq/how-to-keep-debian-linux-patched-with-latest-security-updates-automatically/arrow-up-right

sudo apt install unattended-upgrades apt-listchanges bsd-mailx

You need to edit the file named /etc/apt/apt.conf.d/50unattended-upgrades

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Make sure following three lines are uncommented:

"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

Here is how the following config line controls which packages are upgraded under Debian Linux:

Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
 
        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

You can skip packages from updates too (for example nginx or linux kernel image):

You need to configure an email address to get email when there is a problem or package upgrades. Of course you must have working email setup to this work:

It would be best if you have a working email server to get an alert. You can always use AWS SES with Postfix MTAarrow-up-right to route email safely. Save and close the file. To activate unattended-upgrades, you need to make that the apt configuration has the following two lines. Use the cat commandarrow-up-right to view info:

It is possible to update or create this file using the following dpkg-reconfigure command:

Finally edit the file named /etc/apt/listchanges.conf using a text editor such as vim command/nano command:

Change email address:

Config Example:

Want to get help debugging? Try to run unattended-upgrades manually. For example:

hashtag
How to view upgrade schedules on Debian Linux 10/11 with systemd

Under systemd on the latest version of Debian 11/10 Unattended Upgrades uses systemd timer. To view schedule type:

hashtag
How to modify download and upgrade schedules under systemd

You need to create and edit these overrides for these settings are for downloads:

Finally, create and edit these overrides for these settings are for upgrades:

hashtag
Logs

PreviousSystemdNextScript

Last updated