Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• UnattendedUpgrades

Translation(s): none

Unattended Upgrades

The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.

If you plan to use it, you should have some means to monitor your systems, such as installing the apt-listchanges package and configuring it to send you emails about updates. And there is always /var/log/dpkg.log, or the files in /var/log/unattended-upgrades/.

As of Debian 9 (Stretch) both the unattended-upgrades and apt-listchanges packages are installed by default and upgrades are enabled with the GNOME desktop. Rudimentary configuration is accessible via the "Software & Updates" application (software-properties-gtk).

To install these packages, run the following command as root:

• # apt-get install unattended-upgrades apt-listchanges

The default configuration file for the unattended-upgrades package is at /etc/apt/apt.conf.d/50unattended-upgrades. The defaults will work fine, but you should read it and make changes as needed.

• # editor /etc/apt/apt.conf.d/50unattended-upgrades

This section controls which packages are upgraded:

• Unattended-Upgrade::Origins-Pattern {
      // ...
  };

You should at least uncomment the following line:

• Unattended-Upgrade::Mail "root";

Automatic call via /etc/apt/apt.conf.d/20auto-upgrades

To activate unattended-upgrades, you need to ensure that the apt configuration stub /etc/apt/apt.conf.d/20auto-upgrades contains at least the following lines:

• # editor /etc/apt/apt.conf.d/20auto-upgrades

  APT::Periodic::Update-Package-Lists "1";
  APT::Periodic::Unattended-Upgrade "1";

The file /etc/apt/apt.conf.d/20auto-upgrades can be created manually or by running the following command as root:

• # dpkg-reconfigure -plow unattended-upgrades

Automatic call via /etc/apt/apt.conf.d/02periodic

Alternatively, you can also create the apt configuration file /etc/apt/apt.conf.d/02periodic to activate unattended-upgrades:

• # editor /etc/apt/apt.conf.d/02periodic

Below is an example /etc/apt/apt.conf.d/02periodic:

• // Control parameters for cron jobs by /etc/cron.daily/apt //
  
  
  // Enable the update/upgrade script (0=disable)
  APT::Periodic::Enable "1";
  
  
  // Do "apt-get update" automatically every n-days (0=disable)
  APT::Periodic::Update-Package-Lists "1";
  
  
  // Do "apt-get upgrade --download-only" every n-days (0=disable)
  APT::Periodic::Download-Upgradeable-Packages "1";
  
  
  // Run the "unattended-upgrade" security upgrade script
  // every n-days (0=disabled)
  // Requires the package "unattended-upgrades" and will write
  // a log in /var/log/unattended-upgrades
  APT::Periodic::Unattended-Upgrade "1";
  
  
  // Do "apt-get autoclean" every n-days (0=disable)
  APT::Periodic::AutocleanInterval "21";
  
  
  // Send report mail to root
  //     0:  no report             (or null string)
  //     1:  progress report       (actually any string)
  //     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
  //     3:  + trace on
  APT::Periodic::Verbose "2";

Manual run (for debugging)

To aid debugging you may need to run unattended-upgrades manually thus:

sudo unattended-upgrade -d

See Also

• /usr/share/doc/unattended-upgrades/README.md.gz

• /usr/share/doc/apt/examples/configure-index.gz

• /etc/cron.daily/apt

• apt.conf(5)

apt-listchanges

Below is an example configuration file for apt-listchanges, /etc/apt/listchanges.conf:

• # editor /etc/apt/listchanges.conf

  [apt]
  frontend=pager
  email_address=root
  confirm=0
  save_seen=/var/lib/apt/listchanges.db
  which=both