I have been using unattended upgrades on development machines since the end of last November, when I installed Debian Jessie release.
Installation
You are required to install the following package.
$ sudo apt-get install unattended-upgrades
Configuration
Location of the configuration file
Configuration is stored inside /etc/apt/apt.conf.d/50unattended-upgrades
file.
Supported package sources
Use Origins-Pattern
directive to define examined package sources.
Use following code to upgrade packages only from the current distribution including additional updates.
Unattended-Upgrade::Origins-Pattern { "o=Debian,n=${distro_codename}"; "o=Debian,n=${distro_codename}-updates"; }
${distro_codename}
macro will be expanded to distribution name – it will be jessie
in this case.As an alternative to the previous example, use following code to install every upgrade available through the used sources lists.
Unattended-Upgrade::Origins-Pattern { "o=*"; }
The following example will help you understand keywords used in the above-mentioned configuration samples.
$ apt-cache policy [..] 100 http://ftp.pl.debian.org/debian/ jessie-backports/main amd64 Packages release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main origin ftp.pl.debian.org [..]
Keyword | Definition | Example |
o | origin | Debian Backports |
a | archive | jessie-backports |
n | codename | jessie-backports |
l | label | Debian Backports |
c | component | main |
site | FQDN | ftp.pl.debian.org |
Blacklist
Use blacklist directive to define list of not upgraded packages.
Unattended-Upgrade::Package-Blacklist { "atom"; "angband*"; };
Remove orphaned dependencies
Use the following directive to automatically remove packages that were installed to satisfy dependencies, but currently are not needed.
apt-get autoremove
command.Unattended-Upgrade::Remove-Unused-Dependencies "true";
Bandwidth cap
The following code will impose bandwidth cap [KB/s]
on apt
utilities.
Acquire::http::Dl-Limit "400";
E-mail notifications
Use following code to define email address and set notification for every action.
Unattended-Upgrade::Mail "root"; Unattended-Upgrade::MailOnlyOnError "false";
Other options
More options are available for user like whitelist or automatic reboot. These are well documented inside configuration file, so I will just skip them for the sake of simplicity.
Execution
Update and upgrade process is initiated daily from /etc/cron.daily/apt
cron task.
The interactive way to enable or disable unattended upgrades is to reconfigure package.
$ sudo dpkg-reconfigure unattended-upgrades
The non interactive way to enable whole process requires simple copy command.
$ sudo cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
The non interactive way to disable whole process is very similar to the above one.
$ sudo cp /usr/share/unattended-upgrades/20auto-upgrades-disabled /etc/apt/apt.conf.d/20auto-upgrades
The /usr/share/unattended-upgrades/20auto-upgrades
file contains only two directives that enable automatic update and upgrade process. The second one contains opposite settings.
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
Ending notes
Please read unattended-upgrade
manual page and /usr/share/doc/unattended-upgrades//README.md.gz
documentation.
This software is often used together with apt-listchanges
and apticron
apt notification utilities.
I will not describe these useful packages now, but remember that you can always transmit a mail to an external SMTP server using msmtp
utility.