Differences between revisions 33 and 34
Revision 33 as of 2018-12-21 10:28:13
Size: 5228
Editor: TriMoon
Comment: Related systemd files
Revision 34 as of 2018-12-21 23:54:35
Size: 5229
Editor: PaulWise
Comment: typo
Deletions are marked like this. Additions are marked like this.
Line 135: Line 135:
 * Used for '''dowloads''': {{{/lib/systemd/system/apt-daily.timer}}}  * Used for '''downloads''': {{{/lib/systemd/system/apt-daily.timer}}}

Translation(s): none


Unattended Upgrades

The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.

If you plan to use it, you should have some means to monitor your systems, such as installing the apt-listchanges package and configuring it to send you emails about updates. And there is always /var/log/dpkg.log, or the files in /var/log/unattended-upgrades/.

As of Debian 9 (Stretch) both the unattended-upgrades and apt-listchanges packages are installed by default and upgrades are enabled with the GNOME desktop. Rudimentary configuration is accessible via the "Software & Updates" application (software-properties-gtk).

To install these packages, run the following command as root:

  • # apt-get install unattended-upgrades apt-listchanges

The default configuration file for the unattended-upgrades package is at /etc/apt/apt.conf.d/50unattended-upgrades. The defaults will work fine, but you should read it and make changes as needed.

  • # editor /etc/apt/apt.conf.d/50unattended-upgrades

This section controls which packages are upgraded:

  • Unattended-Upgrade::Origins-Pattern {
        // ...
    };

You should at least uncomment the following line:

  • Unattended-Upgrade::Mail "root";

Automatic call via /etc/apt/apt.conf.d/20auto-upgrades

To activate unattended-upgrades, you need to ensure that the apt configuration stub /etc/apt/apt.conf.d/20auto-upgrades contains at least the following lines:

  • # editor /etc/apt/apt.conf.d/20auto-upgrades
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Unattended-Upgrade "1";

The file /etc/apt/apt.conf.d/20auto-upgrades can be created manually or by running the following command as root:

  • # dpkg-reconfigure -plow unattended-upgrades

Automatic call via /etc/apt/apt.conf.d/02periodic

Alternatively, you can also create the apt configuration file /etc/apt/apt.conf.d/02periodic to activate unattended-upgrades:

  • # editor /etc/apt/apt.conf.d/02periodic

Below is an example /etc/apt/apt.conf.d/02periodic:

  • // Control parameters for cron jobs by /etc/cron.daily/apt-compat //
    
    
    // Enable the update/upgrade script (0=disable)
    APT::Periodic::Enable "1";
    
    
    // Do "apt-get update" automatically every n-days (0=disable)
    APT::Periodic::Update-Package-Lists "1";
    
    
    // Do "apt-get upgrade --download-only" every n-days (0=disable)
    APT::Periodic::Download-Upgradeable-Packages "1";
    
    
    // Run the "unattended-upgrade" security upgrade script
    // every n-days (0=disabled)
    // Requires the package "unattended-upgrades" and will write
    // a log in /var/log/unattended-upgrades
    APT::Periodic::Unattended-Upgrade "1";
    
    
    // Do "apt-get autoclean" every n-days (0=disable)
    APT::Periodic::AutocleanInterval "21";
    
    
    // Send report mail to root
    //     0:  no report             (or null string)
    //     1:  progress report       (actually any string)
    //     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
    //     3:  + trace on
    APT::Periodic::Verbose "2";

Manual run (for debugging)

To aid debugging you may need to run unattended-upgrades manually thus:

sudo unattended-upgrade -d

See Also

  • /usr/share/doc/unattended-upgrades/README.md.gz

  • /usr/share/doc/apt/examples/configure-index.gz

  • /etc/cron.daily/apt

  • apt.conf(5)

apt-listchanges

Below is an example configuration file for apt-listchanges, /etc/apt/listchanges.conf:

  • # editor /etc/apt/listchanges.conf
    [apt]
    frontend=pager
    email_address=root
    confirm=0
    save_seen=/var/lib/apt/listchanges.db
    which=both

Related systemd files

Because Debian is using the  systemd  system, it has timers defined for APT use, these files are provided by the apt package.
The relevant files are:

  • Used for downloads: /lib/systemd/system/apt-daily.timer

    • override with /etc/systemd/system/apt-daily.timer.d/override.conf

  • Used for upgrading: /lib/systemd/system/apt-daily-upgrade.timer

    • override with /etc/systemd/system/apt-daily-upgrade.d/override.conf

You can override these settings using local override files as shown above, createing the missing parts if non-existant yet.
Here is an example of how to override the download time to 1AM using /etc/systemd/system/apt-daily.timer.d/override.conf :

   1 [Timer]
   2 OnCalendar=
   3 OnCalendar=01:00

Line #2 above is needed to reset (empty) the default value shown below in line #5.
The default in /lib/systemd/system/apt-daily.timer is (at moment of this writing):

   1 [Unit]
   2 Description=Daily apt download activities
   3 
   4 [Timer]
   5 OnCalendar=*-*-* 6,18:00
   6 RandomizedDelaySec=12h
   7 Persistent=true
   8 
   9 [Install]
  10 WantedBy=timers.target