Debian unattended-upgrade
Contents
Install unattended-upgrade:
apt-get install unattended-upgrades # yep, in plural
Enable the upgrades for all basic system packages:
vi /etc/apt/apt.conf.d/50unattended-upgrades
Contents:
Unattended-Upgrade::Origins-Pattern {
"o=${distro_id},n=${distro_codename}";
"o=${distro_id},n=${distro_codename}-updates";
"o=${distro_id},n=${distro_codename}-proposed-updates";
"o=${distro_id},n=${distro_codename},l=${distro_id}-Security";
};
Enable automatic upgrades:
vi /etc/apt/apt.conf.d/20auto-upgrades
Contents:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
Or run:
dpkg-reconfigure -plow unattended-upgrades
Test it:
unattended-upgrade -d --dry-run
Third-party repositories
We need the “o= / n= / l=” codes (origin, something and label).
head -10 /var/lib/apt/lists/pkg.jenkins-ci.org_debian_binary_Release
Result:
Architectures: all
Date: Wed, 26 Apr 2017 17:41:15 UTC
Origin: jenkins.io
Suite: binary
This doesn’t have a “label”, so I used just:
"o=jenkins.io"
Full examples:
Unattended-Upgrade::Origins-Pattern {
"o=${distro_id},n=${distro_codename}";
"o=${distro_id},n=${distro_codename}-updates";
"o=${distro_id},n=${distro_codename}-proposed-updates";
"o=${distro_id},n=${distro_codename},l=${distro_id}-Security";
"o=MariaDB,l=MariaDB";
"o=debmon.org,l=debmon.org";
"o=jenkins.io";
"l=gitlab-ci-multi-runner";
};
Why use third-party packages?
Inevitably Debian folks ask me why I often rely on third-party packages:
- Sometimes, the package is not available in Debian, obviously.
- More often, it’s for specific packages that roll out new features regularly, in a stable fashion, and where having the latest version is usually strongly recommended. This includes MariaDB, Icinga2, Jenkins and others.
Author Mathieu Lu
LastMod 2020-05-17