I have been using unattended upgrades on development machines since the end of last November, when I installed Debian Jessie release.
Installation
You are required to install the following package.
$ sudo apt-get install unattended-upgrades
Configuration
Location of the configuration file
Configuration is stored inside /etc/apt/apt.conf.d/50unattended-upgrades file.
Supported package sources
Use Origins-Pattern directive to define examined package sources.
Use following code to upgrade packages only from the current distribution including additional updates.
Unattended-Upgrade::Origins-Pattern {
"o=Debian,n=${distro_codename}";
"o=Debian,n=${distro_codename}-updates";
}
${distro_codename} macro will be expanded to distribution name – it will be jessie in this case.As an alternative to the previous example, use following code to install every upgrade available through the used sources lists.
Unattended-Upgrade::Origins-Pattern {
"o=*";
}
The following example will help you understand keywords used in the above-mentioned configuration samples.
$ apt-cache policy
[..]
100 http://ftp.pl.debian.org/debian/ jessie-backports/main amd64 Packages
release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
origin ftp.pl.debian.org
[..]
| Keyword | Definition | Example |
| o | origin | Debian Backports |
| a | archive | jessie-backports |
| n | codename | jessie-backports |
| l | label | Debian Backports |
| c | component | main |
| site | FQDN | ftp.pl.debian.org |
Blacklist
Use blacklist directive to define list of not upgraded packages.
Unattended-Upgrade::Package-Blacklist {
"atom";
"angband*";
};
Remove orphaned dependencies
Use the following directive to automatically remove packages that were installed to satisfy dependencies, but currently are not needed.
apt-get autoremove command.Unattended-Upgrade::Remove-Unused-Dependencies "true";
Bandwidth cap
The following code will impose bandwidth cap [KB/s] on apt utilities.
Acquire::http::Dl-Limit "400";
E-mail notifications
Use following code to define email address and set notification for every action.
Unattended-Upgrade::Mail "root"; Unattended-Upgrade::MailOnlyOnError "false";
Other options
More options are available for user like whitelist or automatic reboot. These are well documented inside configuration file, so I will just skip them for the sake of simplicity.
Execution
Update and upgrade process is initiated daily from /etc/cron.daily/apt cron task.
The interactive way to enable or disable unattended upgrades is to reconfigure package.
$ sudo dpkg-reconfigure unattended-upgrades
The non interactive way to enable whole process requires simple copy command.
$ sudo cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
The non interactive way to disable whole process is very similar to the above one.
$ sudo cp /usr/share/unattended-upgrades/20auto-upgrades-disabled /etc/apt/apt.conf.d/20auto-upgrades
The /usr/share/unattended-upgrades/20auto-upgrades file contains only two directives that enable automatic update and upgrade process. The second one contains opposite settings.
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
Ending notes
Please read unattended-upgrade manual page and /usr/share/doc/unattended-upgrades//README.md.gz documentation.
This software is often used together with apt-listchanges and apticron apt notification utilities.
I will not describe these useful packages now, but remember that you can always transmit a mail to an external SMTP server using msmtp utility.
