Automatic upgrades in Debian
On my daily desktop, I do manual updates. However, on servers, once you get into several devices and infrequent logins, upgrading can quickly get repetitive and timely security updates may be put off.
I use unattended-upgrades to automate the process.
Let's go!
Install:
$ sudo apt install unattended-upgrades apt-listchanges
Configure
Default configuration file is /etc/apt/apt.conf.d/50unattended-upgrades, and I make a few changes.
Default is only to apply security updates. To auto-update all packages:
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename}-updates";
"origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
"o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};
Send email to root concerning any problems or packages upgrades:
Unattended-Upgrade::Mail "root";
Remove unused packages after the upgrade (equivalent to apt-get autoremove):
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Enable
$ sudo dpkg-reconfigure -plow unattended-upgrades
Select Yes to Automatically download and install stable updates?. This creates /etc/apt/apt.conf.d/20auto-upgrades with (0=disabled, 1=enabled):
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
Run
Verify:
$ sudo systemctl status unattended-upgrades.service
$ sudo unattended-upgrades --dry-run --debug
You can like, share, or comment on this post on Mastodon 💬
» Next: After the install: My configuration script for Debian Bookworm
« Previous: Roll your own Linux desktop using Sway