Size: 5228
Comment: Related systemd files
|
Size: 5229
Comment: typo
|
Deletions are marked like this. | Additions are marked like this. |
Line 135: | Line 135: |
* Used for '''dowloads''': {{{/lib/systemd/system/apt-daily.timer}}} | * Used for '''downloads''': {{{/lib/systemd/system/apt-daily.timer}}} |
Translation(s): none
Contents
Unattended Upgrades
The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.
If you plan to use it, you should have some means to monitor your systems, such as installing the apt-listchanges package and configuring it to send you emails about updates. And there is always /var/log/dpkg.log, or the files in /var/log/unattended-upgrades/.
As of Debian 9 (Stretch) both the unattended-upgrades and apt-listchanges packages are installed by default and upgrades are enabled with the GNOME desktop. Rudimentary configuration is accessible via the "Software & Updates" application (software-properties-gtk).
To install these packages, run the following command as root:
# apt-get install unattended-upgrades apt-listchanges
The default configuration file for the unattended-upgrades package is at /etc/apt/apt.conf.d/50unattended-upgrades. The defaults will work fine, but you should read it and make changes as needed.
# editor /etc/apt/apt.conf.d/50unattended-upgrades
This section controls which packages are upgraded:
Unattended-Upgrade::Origins-Pattern { // ... };
You should at least uncomment the following line:
Unattended-Upgrade::Mail "root";
Automatic call via /etc/apt/apt.conf.d/20auto-upgrades
To activate unattended-upgrades, you need to ensure that the apt configuration stub /etc/apt/apt.conf.d/20auto-upgrades contains at least the following lines:
# editor /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
The file /etc/apt/apt.conf.d/20auto-upgrades can be created manually or by running the following command as root:
# dpkg-reconfigure -plow unattended-upgrades
Automatic call via /etc/apt/apt.conf.d/02periodic
Alternatively, you can also create the apt configuration file /etc/apt/apt.conf.d/02periodic to activate unattended-upgrades:
# editor /etc/apt/apt.conf.d/02periodic
Below is an example /etc/apt/apt.conf.d/02periodic:
// Control parameters for cron jobs by /etc/cron.daily/apt-compat // // Enable the update/upgrade script (0=disable) APT::Periodic::Enable "1"; // Do "apt-get update" automatically every n-days (0=disable) APT::Periodic::Update-Package-Lists "1"; // Do "apt-get upgrade --download-only" every n-days (0=disable) APT::Periodic::Download-Upgradeable-Packages "1"; // Run the "unattended-upgrade" security upgrade script // every n-days (0=disabled) // Requires the package "unattended-upgrades" and will write // a log in /var/log/unattended-upgrades APT::Periodic::Unattended-Upgrade "1"; // Do "apt-get autoclean" every n-days (0=disable) APT::Periodic::AutocleanInterval "21"; // Send report mail to root // 0: no report (or null string) // 1: progress report (actually any string) // 2: + command outputs (remove -qq, remove 2>/dev/null, add -d) // 3: + trace on APT::Periodic::Verbose "2";
Manual run (for debugging)
To aid debugging you may need to run unattended-upgrades manually thus:
sudo unattended-upgrade -d
See Also
/usr/share/doc/unattended-upgrades/README.md.gz
/usr/share/doc/apt/examples/configure-index.gz
/etc/cron.daily/apt
apt-listchanges
Below is an example configuration file for apt-listchanges, /etc/apt/listchanges.conf:
# editor /etc/apt/listchanges.conf
[apt] frontend=pager email_address=root confirm=0 save_seen=/var/lib/apt/listchanges.db which=both
Related systemd files
Because Debian is using the systemd system, it has timers defined for APT use, these files are provided by the apt package.
The relevant files are:
Used for downloads: /lib/systemd/system/apt-daily.timer
override with /etc/systemd/system/apt-daily.timer.d/override.conf
Used for upgrading: /lib/systemd/system/apt-daily-upgrade.timer
override with /etc/systemd/system/apt-daily-upgrade.d/override.conf
You can override these settings using local override files as shown above, createing the missing parts if non-existant yet.
Here is an example of how to override the download time to 1AM using /etc/systemd/system/apt-daily.timer.d/override.conf :
Line #2 above is needed to reset (empty) the default value shown below in line #5.
The default in /lib/systemd/system/apt-daily.timer is (at moment of this writing):