wiki.matoken.org

$ apt show unattended-upgrades
Package: unattended-upgrades
Version: 2.3ubuntu0.1
Priority: optional
Section: admin
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Michael Vogt <mvo@debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 451 kB
Depends: debconf (>= 0.5) | debconf-2.0, debconf, python3, python3-apt (>= 1.9.6~), python3-dbus, python3-distro-info, ucf, lsb-release, lsb-base, xz-utils
Recommends: systemd-sysv | cron | cron-daemon | anacron
Suggests: bsd-mailx, default-mta | mail-transport-agent, needrestart, powermgmt-base, python3-gi
Task: server, ubuntu-desktop-minimal, ubuntu-desktop, cloud-image, kubuntu-desktop, xubuntu-core, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop-core, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop
Download-Size: 48.7 kB
APT-Manual-Installed: yes
APT-Sources: http://uk-london-1-ad-3.clouds.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 Packages
Description: automatic installation of security upgrades
 This package can download and install security upgrades automatically
 and unattended, taking care to only install packages from the
 configured APT source, and checking for dpkg prompts about
 configuration file changes.
 .
 This script is the backend for the APT::Periodic::Unattended-Upgrade
 option.

N: There is 1 additional record. Please use the '-a' switch to see it

unattended-upgrade(8)                                                      System Manager's Manual                                                     unattended-upgrade(8)

NAME
       unattended-upgrade - automatic installation of security (and other) upgrades

SYNOPSIS
       unattended-upgrade [options]

DESCRIPTION
       This program can download and install security upgrades automatically and unattended, taking care to only install packages from the configured APT source, and check‐
       ing for dpkg prompts about configuration file changes. All operations are logged to  /var/log/unattended-upgrades/unattended-upgrades.log  and  the  package  manager
       (dpkg) output is logged to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log

       This  script is the backend for the APT::Periodic::Unattended-Upgrade option and designed to be run periodically by APT's systemd service (apt-daily-upgrade.service)
       or from cron (e.g. via /etc/cron.daily/apt).

OPTIONS
       unattended-upgrade accepts the following options:

       -h, --help
              help output

       -d, --debug
              extra debug output into /var/log/unattended-upgrades/unattended-upgrades.log

       --apt-debug
              detailed APT/LibAPT output for debugging

       -v, --verbose
              show verbose output

       --dry-run
              Just simulate installing updates, do not actually do it

       --minimal-upgrade-steps
              perform upgrade in minimal steps (cancel with SIGINT). This is the default now.

       --no-minimal-upgrade-steps
              do not perform upgrade in minimal steps

CONFIGURATION
       The configuration is done via the apt configuration mechanism. The default configuration file can be found at /etc/apt/apt.conf.d/50unattended-upgrades

AUTHORS
       unattended-upgrade is written by Michael Vogt <mvo@ubuntu.com>

       This manual page was originally written by Michael Vogt <mvo@ubuntu.com>

COPYRIGHT
       Copyright  (C)  2005-2009 Canonical

       There is NO warranty.  You may redistribute this software under the terms of  the  GNU General  Public License.  For more information about these  matters,  see  the
       files named COPYING.

                                                                                March 1, 2019                                                          unattended-upgrade(8)

有効にする

$ sudo dpkg-reconfigure unattended-upgrades
Replacing config file /etc/apt/apt.conf.d/20auto-upgrades with new version

「<Yes>」を選択

Package configuration



 ┌────────────────────────┤ Configuring unattended-upgrades ├────────────────────────┐
 │                                                                                   │
 │ Applying updates on a frequent basis is an important part of keeping systems      │
 │ secure. By default, updates need to be applied manually using package management  │
 │ tools. Alternatively, you can choose to have this system automatically download   │
 │ and install important updates.                                                    │
 │                                                                                   │
 │ Automatically download and install stable updates?                                │
 │                                                                                   │
 │                       <Yes>                          <No>                         │
 │                                                                                   │
 └───────────────────────────────────────────────────────────────────────────────────┘

/etc/apt/apt.conf.d/20auto-upgrades が作られる

$ cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

設定を修正

• Unattended-Upgrade::Mail → 結果をメールで
• Unattended-Upgrade::Remove-Unused-Dependencies → autoremoveを有効に

メールを送信昨日を使う場合は前もってメールが送信できる状態にしておく必要がある．

• デーモンの起動しないSMTPクライアントの msmtp を試す\(sSMTP乗り換え\) – matoken's meme

$ sudoedit /etc/apt/apt.conf.d/50unattended-upgrades
$ sudo git -C /etc diff /etc/apt/apt.conf.d/50unattended-upgrades
diff --git a/apt/apt.conf.d/50unattended-upgrades b/apt/apt.conf.d/50unattended-upgrades
index 4e5ff8b..7a6deac 100644
--- a/apt/apt.conf.d/50unattended-upgrades
+++ b/apt/apt.conf.d/50unattended-upgrades
@@ -70,7 +70,7 @@ Unattended-Upgrade::DevRelease "auto";
 // If empty or unset then no email is sent, make sure that you
 // have a working mail setup on your system. A package that provides
 // 'mailx' must be installed. E.g. "user@example.com"
-//Unattended-Upgrade::Mail "";
+Unattended-Upgrade::Mail "user@example.com";

 // Set this value to one of:
 //    "always", "only-on-error" or "on-change"
@@ -87,7 +87,7 @@ Unattended-Upgrade::DevRelease "auto";

 // Do automatic removal of unused packages after the upgrade
 // (equivalent to apt-get autoremove)
-//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";

 // Automatically reboot *WITHOUT CONFIRMATION* if
 //  the file /var/run/reboot-required is found after the upgrade

autocleanの設定

• APT::Periodic::AutocleanInterval “7” → 7日ごとにautoclean

$ sudoedit /etc/apt/apt.conf.d/20auto-upgrades
ubuntu@instance-20220328-0620:~/lool/collabora-online$ sudo git -C /etc diff /etc/apt/apt.conf.d/20auto-upgrades
20auto-upgrades
ubuntu@instance-20220328-0620:~/lool/collabora-online$ sudo git -C /etc diff /etc/apt/apt.conf.d/20auto-upgrades
diff --git a/apt/apt.conf.d/20auto-upgrades b/apt/apt.conf.d/20auto-upgrades
index 8d6d7c8..5bf85d3 100644
--- a/apt/apt.conf.d/20auto-upgrades
+++ b/apt/apt.conf.d/20auto-upgrades
@@ -1,2 +1,3 @@
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::AutocleanInterval "7";

dry-run

$ sudo unattended-upgrade --verbose --dry-run
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
Initial blacklist:
Initial whitelist (not strict):
No packages found that can be upgraded unattended and no pending auto-removals
The list of kept packages can't be calculated in dry-run mode.

  __  __   __  ___   ____ __  __   __ 
 / / / /  /  |/  /  / __/ \ \/ /  / / 
/ /_/ /  / /|_/ /  / _/    \  /  / /__
\____/  /_/  /_/  /___/    /_/  /____/