Translation(s): English - Français

Automatically install and update new versions of packages, usually with unattended-upgrades.

{i} This page currently focusses on unattended-upgrades, but cron-apt used to do this job, and it looked like package-kit would take over until was deprecated in 2019. Future versions may be rewritten if another solution comes along.

Contents

  1. Install unattended-upgrades
  2. Configure unattended-upgrades
    1. Get more information about changes
    2. Manual run (for debugging)
    3. Modify the schedule via systemd
  3. See Also

Install unattended-upgrades

Debian software is stored in packages, which get new versions from time to time. Most Debian users prefer that to be automated at least some of the time (e.g. major security updates) and manual at least some of the time (e.g. whole new versions of Debian).

Most versions of Debian install unattended-upgrades with fairly conservative settings, but your system might not have installed the package at all, or might have installed it but disabled it altogether.

To ensure unattended-upgrades is installed, just try to install it again (see HowToInstallPackages). The process will either succeed or complain it's already been done.

To check unattended-upgrades is enabled, run this in a terminal: 

sudo dpkg-reconfigure unattended-upgrades

That should ask whether you want to automatically download and install stable updates (the answer is yes).

Alternatively, if software-properties-gtk is installed, go to Applications menu > Settings > Software and updates > Updates to configure your update schedule. As of Debian 13 "Trixie", the software-properties-gtk package is no longer available. Instead, users of the GNOME desktop environment can configure automatic updates directly in GNOME Software. Navigate to Activities > search for Software > Update Preferences to enable and schedule automatic updates. Similar options are available in other desktops like KDE.

Configure unattended-upgrades

  1. copy /etc/apt/apt.conf.d/50unattended-upgrades to /etc/apt/apt.conf.d/52unattended-upgrades-local

    • for an explanation, see /usr/share/doc/unattended-upgrades/README.md.gz

  2. open your favourite text editor as root

  3. edit /etc/apt/apt.conf.d/52unattended-upgrades-local

  4. find the Unattended-Upgrade::Origins-Pattern section

  5. optionally uncomment (remove the leading // from) any lines you want to auto-update

    • the default configuration auto-installs security updates, but not new features

  6. optionally uncomment and set the Unattended-Upgrade::Mail line

    • may require you to configure a local MTA

For advanced configuration options, see the comments at the top of /usr/lib/apt/apt.systemd.daily.

Get more information about changes

If you plan to use unattended-upgrades, you'll want a way to be notified when something goes wrong. Consider installing apt-listchanges and configuring it to send you emails about updates. Or if you suspect something's already happened, check /var/log/dpkg.log and the files in /var/log/unattended-upgrades/.

To configure apt-listchanges, edit /etc/apt/listchanges.conf in your favourite text editor as root. Here's an example file: 

[apt]
frontend=pager
email_address=root
confirm=0
save_seen=/var/lib/apt/listchanges.db
which=both

Manual run (for debugging)

To debug unattended-upgrades, run it manually: 

sudo unattended-upgrade -d

Modify the schedule via systemd

Debian uses the following systemd timers to run periodic APT maintenance tasks:

If you want to more detailed configuration than unattended-upgrades provides, you can use systemctl edit: 

# Edit the download timer:
sudo systemctl edit apt-daily.timer

# check the next download trigger time (optional):
sudo systemctl status apt-daily.timer

# restart the download timer immediately (optional):
sudo systemctl restart apt-daily.timer

# Edit the upgrade timer:
sudo systemctl edit apt-daily-upgrade.timer

# check the next upgrade trigger time (optional):
sudo systemctl status apt-daily-upgrade.timer

# restart the upgrade timer immediately (optional):
sudo systemctl restart apt-daily-upgrade.timer

For example, to set the download time to 1AM, edit apt-daily.timer to say: 

[Timer]
# Clear the previous OnCalendar setting:
OnCalendar=
# Add a new setting:
OnCalendar=01:00
# Run at exactly 1AM (disabled by default to smooth out demand on Debian's servers):
#RandomizedDelaySec=0

{i} Before tools like RandomizedDelaySec were introduced, servers would get massive traffic spikes for a few seconds a day, then relative silence the rest of the time. One or two people disabling it won't make much difference, but please consider setting the delay to at least 1h.

See Also

CategoryPackageManagement CategorySystemAdministration