This article will describe auto apt update and apt upgrade with unattended-upgrades.
There is a issue with freezing apt update.
Table of Contents
1 Default settings
After installing Ubuntu 16.04, apt update and apt upgrade will run on boot and every day at 6:00 and 18:00 automatically. And only security upgrade will be applied.
2 apt.systemd.daily
Framework for running apt automatically.
| apt-daily.service | Run at once when system boot |
| apt-daily.timer | Timer run at 6:00 and 18:00 |
3 unattended-upgrades package
An unattended-upgrades will be called by apt.systemd.daily. This will run apt update and apt upgrade. Config files are /etc/apt/apt.conf.d/20auto-upgrades and /etc/apt/apt.conf.d/50unattended-upgrades.
4 /etc/apt/apt.conf.d/10periodic
An unattended-upgrades does not use this file. apt-daily uses 10periodic and 20auto-upgrades. 20auto-upgrades's value will be overwritten to 10auto-upgrade's value.
5 /etc/apt/apt.conf.d/20auto-upgrades
Config enable, disable and timing of unattended-upgrades.
| APT::Periodic::Update-Package-Lists | 0 = disable auto update |
| other = days of auto update interval | |
| APT::Periodic::Unattended-Upgrade | 0 = disable auto upgrade |
| 1 = enable auto upgrade | |
| APT::Periodic::Download-Upgradeable-Packages | 0 = disable auto download package |
| 1 = enable auto download package | |
| APT::Periodic::AutocleanInterval | 0 = disable auto clean |
| other = days of auto clean interval |
Below means that auto update will be run every day, and auto upgrade will be run when there are update packages.
$ cat /etc/apt/apt.conf.d/20auto-upgrades APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
5.1 CUI setting
dpkg-reconfigure provides CUI setting.
$ sudo dpkg-reconfigure --priority=low unattended-upgrades
CUI setting will display below string. But this is not work because there is no replaced string in 50unattended-upgrades
Origins-Pattern that packages must match to be upgraded:
"origin=Debian,codename=${distro_codename},label=Debian-Security"
5.2 GUI setting (recommended)
"Software Update" provides GUI setting.
System settings -> Software & Updates -> Update
Below 20auto-upgrades will be created.
APT::Periodic::Update-Package-Lists "14"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "0"; APT::Periodic::Unattended-Upgrade "1";
6 /etc/apt/apt.conf.d/50unattended-upgrades
Selecting upgrade package. Only security upgrade is selected by default. If you want to select other upgrade, you need to erase comment '//'.
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
<snip>
// Automatically reboot *WITHOUT CONFIRMATION*
// if the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "false";
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
// Default: "now"
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
| Unattended-Upgrade::Allowed-Origins | Selection upgrade package |
| Unattended-Upgrade::Automatic-Reboot | true = enable reboot |
| Unattended-Upgrade::Automatic-Reboot-Time | Reboot time |
7 Prevent dpkg lock
You can prevent dpkg lock by apt-daily and apt-daily-upgrade.
$ sudo systemctl mask apt-daily.service $ sudo systemctl mask apt-daily.timer $ sudo systemctl mask apt-daily-upgrade.service $ sudo systemctl mask apt-daily-upgrade.timer
8 Auto reboot along a schedule
Reboot time is enabled by Unattended-Upgrade::Automatic-Reboot and Unattended-Upgrade::Automatic-Reboot-Time in 50unattended-upgrades.