1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
Unattended upgrades
-------------------
This script can install security upgrades automatically and
unattended. It will not install packages that require dependencies
that can't be fetched from security and it will check for conffile
prompts before the install and holds back the package that creates
them.
== Setup ==
The unattended-upgrades package will *not* act unless it is enabled
explicitly. To activate this script you need to ensure that the apt
configuration contains the following lines:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
This means that it will check for upates every day and install them
(if that is possible). If you have update-notifier installed, it will
setup /etc/apt/apt.conf.d/10periodic. Just edit this file then to fit
your needs. If you do not have this file, just create it or
create/edit /etc/apt/apt.conf - you can check your configuration by
running "apt-config dump".
== Options ==
By default it will only install from the the (Ubuntu, hardy-security)
repository. This can be changed with the
"Unattended-Upgrade::Allowed-Origins" apt configuration list. It can
be configured to allow any (origin, archive) combination. Those values
are taken from the "Release" file on the archive server. It is
recommended to use the default (only security updates from Ubuntu).
All operations will be logged in /var/log/unattended-upgrades/. This
includes the dpkg output as well.
See https://wiki.ubuntu.com/AutomaticUpdates for more details about
this feature.
The following configuration options are supported via the standard
apt configuration:
"APT::UnattendedUpgrades::LogDir"
"APT::UnattendedUpgrades::LogFile"
"Unattended-Upgrade::Allowed-Origins"
"Unattended-Upgrade::Package-Blacklist"
"Unattended-Upgrade::Mail"
See https://wiki.ubuntu.com/AutomaticUpdates for more details about
this feature.
If you use the mail feature, make sure that /usr/bin/mail is available
and working (usually the mailx package is required).
== Debugging ==
If something goes wrong or if you want to report a bug about the way
the script works its a good idea to run:
$ sudo o unattended-upgrade --debug
and look at the resulting logfile in:
/var/log/unattended-upgrades/unattended-upgrades.log
then. It will contain additional debug information.
== Config example ==
A example configuration that will install from the
hardy-security and hardy-updates repositories daily:
------------------------------8<--------------------------------------
// Automaticall upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"Ubuntu gutsy-security";
"Ubuntu gutsy-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
"libc6";
"libc6-dev";
"libc6-i686";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent
//Unattended-Upgrade::Mail "root@localhost";
// These APT::Periodic settings mean that each day the /etc/cron.daily/apt
// cron job will the update package list, download packages and then run
// unattended-grade to install them.
// Lock/Stamp files are in /var/lib/apt/periodic/
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
------------------------------8<--------------------------------------
|