$ apt show unattended-upgrades Package: unattended-upgrades Version: 2.3ubuntu0.1 Priority: optional Section: admin Origin: Ubuntu Maintainer: Ubuntu Developers <firstname.lastname@example.org> Original-Maintainer: Michael Vogt <email@example.com> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 451 kB Depends: debconf (>= 0.5) | debconf-2.0, debconf, python3, python3-apt (>= 1.9.6~), python3-dbus, python3-distro-info, ucf, lsb-release, lsb-base, xz-utils Recommends: systemd-sysv | cron | cron-daemon | anacron Suggests: bsd-mailx, default-mta | mail-transport-agent, needrestart, powermgmt-base, python3-gi Task: server, ubuntu-desktop-minimal, ubuntu-desktop, cloud-image, kubuntu-desktop, xubuntu-core, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop-core, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop Download-Size: 48.7 kB APT-Manual-Installed: yes APT-Sources: http://uk-london-1-ad-3.clouds.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages Description: automatic installation of security upgrades This package can download and install security upgrades automatically and unattended, taking care to only install packages from the configured APT source, and checking for dpkg prompts about configuration file changes. . This script is the backend for the APT::Periodic::Unattended-Upgrade option. N: There is 1 additional record. Please use the '-a' switch to see it
unattended-upgrade(8) System Manager's Manual unattended-upgrade(8) NAME unattended-upgrade - automatic installation of security (and other) upgrades SYNOPSIS unattended-upgrade [options] DESCRIPTION This program can download and install security upgrades automatically and unattended, taking care to only install packages from the configured APT source, and check‐ ing for dpkg prompts about configuration file changes. All operations are logged to /var/log/unattended-upgrades/unattended-upgrades.log and the package manager (dpkg) output is logged to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log This script is the backend for the APT::Periodic::Unattended-Upgrade option and designed to be run periodically by APT's systemd service (apt-daily-upgrade.service) or from cron (e.g. via /etc/cron.daily/apt). OPTIONS unattended-upgrade accepts the following options: -h, --help help output -d, --debug extra debug output into /var/log/unattended-upgrades/unattended-upgrades.log --apt-debug detailed APT/LibAPT output for debugging -v, --verbose show verbose output --dry-run Just simulate installing updates, do not actually do it --minimal-upgrade-steps perform upgrade in minimal steps (cancel with SIGINT). This is the default now. --no-minimal-upgrade-steps do not perform upgrade in minimal steps CONFIGURATION The configuration is done via the apt configuration mechanism. The default configuration file can be found at /etc/apt/apt.conf.d/50unattended-upgrades AUTHORS unattended-upgrade is written by Michael Vogt <firstname.lastname@example.org> This manual page was originally written by Michael Vogt <email@example.com> COPYRIGHT Copyright (C) 2005-2009 Canonical There is NO warranty. You may redistribute this software under the terms of the GNU General Public License. For more information about these matters, see the files named COPYING. March 1, 2019 unattended-upgrade(8)
$ sudo dpkg-reconfigure unattended-upgrades Replacing config file /etc/apt/apt.conf.d/20auto-upgrades with new version
Package configuration ┌────────────────────────┤ Configuring unattended-upgrades ├────────────────────────┐ │ │ │ Applying updates on a frequent basis is an important part of keeping systems │ │ secure. By default, updates need to be applied manually using package management │ │ tools. Alternatively, you can choose to have this system automatically download │ │ and install important updates. │ │ │ │ Automatically download and install stable updates? │ │ │ │ <Yes> <No> │ │ │ └───────────────────────────────────────────────────────────────────────────────────┘
$ cat /etc/apt/apt.conf.d/20auto-upgrades APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
$ sudoedit /etc/apt/apt.conf.d/50unattended-upgrades $ sudo git -C /etc diff /etc/apt/apt.conf.d/50unattended-upgrades diff --git a/apt/apt.conf.d/50unattended-upgrades b/apt/apt.conf.d/50unattended-upgrades index 4e5ff8b..7a6deac 100644 --- a/apt/apt.conf.d/50unattended-upgrades +++ b/apt/apt.conf.d/50unattended-upgrades @@ -70,7 +70,7 @@ Unattended-Upgrade::DevRelease "auto"; // If empty or unset then no email is sent, make sure that you // have a working mail setup on your system. A package that provides // 'mailx' must be installed. E.g. "firstname.lastname@example.org" -//Unattended-Upgrade::Mail ""; +Unattended-Upgrade::Mail "email@example.com"; // Set this value to one of: // "always", "only-on-error" or "on-change" @@ -87,7 +87,7 @@ Unattended-Upgrade::DevRelease "auto"; // Do automatic removal of unused packages after the upgrade // (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; +Unattended-Upgrade::Remove-Unused-Dependencies "true"; // Automatically reboot *WITHOUT CONFIRMATION* if // the file /var/run/reboot-required is found after the upgrade
$ sudoedit /etc/apt/apt.conf.d/20auto-upgrades ubuntu@instance-20220328-0620:~/lool/collabora-online$ sudo git -C /etc diff /etc/apt/apt.conf.d/20auto-upgrades 20auto-upgrades ubuntu@instance-20220328-0620:~/lool/collabora-online$ sudo git -C /etc diff /etc/apt/apt.conf.d/20auto-upgrades diff --git a/apt/apt.conf.d/20auto-upgrades b/apt/apt.conf.d/20auto-upgrades index 8d6d7c8..5bf85d3 100644 --- a/apt/apt.conf.d/20auto-upgrades +++ b/apt/apt.conf.d/20auto-upgrades @@ -1,2 +1,3 @@ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; +APT::Periodic::AutocleanInterval "7";
$ sudo unattended-upgrade --verbose --dry-run Starting unattended upgrades script Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security Initial blacklist: Initial whitelist (not strict): No packages found that can be upgraded unattended and no pending auto-removals The list of kept packages can't be calculated in dry-run mode.