Good Code Smell

[APT] Automatically upgrade packages

ubuntu, apt

One of my favorite feature of Linux is the package management system. Installing a new application is so easy ! Just type apt-get install theapp and bam! it’s installed. Then type apt-get upgrade, and bam! it’s up-to-date.

That’s awesome, but I always wanted to update the packages automatically. I first though I should write a cron task, but it turn out, there is a package for that: unattended-upgrades.

This tutorial shows how to configure automatic updates, it has been tested on Ubuntu 12.04 server.

Install unattended-upgrades

There is a high chance that the package is already installed, otherwise:

sudo apt-get install unattended-upgrades

Enable updates

Automatic upgrade, as well as a lot of maintance tasks, are done on a daily basis by the script /etc/cron.daily/apt, but it wont update the packages unless configured correctly.

Run:

sudo dpkg-reconfigure -plow unattended-upgrades

It’ll display this screen:

Configuring unattended-upgrades

After you select Yes, it will simply create the file /etc/apt/apt.conf.d/20auto-upgrades with the following content.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

You don’t need to touch this file.

Test

If you want to test your configuration, you don’t need to wait for the daily task to be triggered, just run:

sudo unattended-upgrades --debug

This can also be used to test the mail service, see below.

Enable mails

Package upgrades will be fully automatic, absolutely no human intervention will be needed. However, you can configure it to send you a report by mail each time an upgrade is made:

First, you need to install mailutils:

sudo apt-get install mailutils

Then, edit /etc/apt/apt.conf.d/50unattended-upgrades and uncomment the line:

Unattended-Upgrade::Mail "[email protected]";

And replace by your mail address.

Upgrade more packages

By default, it will only apply security updates, which is great. But if you want to apply more updates, you can enable it.

Simply edit /etc/apt/apt.conf.d/50unattended-upgrades and uncomment the lines:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};