Unattended upgrades ------------------- This script can install security upgrades automatically and unattended. However, it is not enabled by default. Most users enable it via the Software Sources programm (available in System/Administration), which has a simple radiobutton in the UI for enabling unattended upgrades. If you would prefer to enable it from the command line, run "sudo dpkg-reconfigure -plow unattended-upgrades". It will not install packages that require dependencies that can't be fetched from security and it will check for conffile prompts before the install and holds back the package that creates them. == Setup == The unattended-upgrades package will *not* act unless it is enabled explicitly. To activate this script you need to ensure that the apt configuration contains the following lines (this can be done via the graphical "Software Source" program or via dpkg-reconfigure): APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; This means that it will check for upates every day and install them (if that is possible). If you have update-notifier installed, it will setup /etc/apt/apt.conf.d/10periodic. Just edit this file then to fit your needs. If you do not have this file, just create it or create/edit /etc/apt/apt.conf - you can check your configuration by running "apt-config dump". == Options == By default it will only install from the the (Ubuntu, jaunty-security) repository. This can be changed with the "Unattended-Upgrade::Allowed-Origins" apt configuration list. It can be configured to allow any (origin, archive) combination. Those values are taken from the "Release" file on the archive server, e.g. http://security.ubuntu.com/ubuntu/dists/hardy/Release The value of "origin" is taken from the "Origin:" header in the file, the value of "archive" is taken from the "Suite:" header. It is recommended to use the default (only security updates from Ubuntu). All operations will be logged in /var/log/unattended-upgrades/. This includes the dpkg output as well. See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature. The following configuration options are supported via the standard apt configuration: "APT::UnattendedUpgrades::LogDir" "APT::UnattendedUpgrades::LogFile" "Unattended-Upgrade::Allowed-Origins" "Unattended-Upgrade::Package-Blacklist" "Unattended-Upgrade::Mail" If you use the mail feature, make sure that /usr/bin/mail is available and working (usually the mailx package is required). == Debugging == If something goes wrong or if you want to report a bug about the way the script works its a good idea to run: $ sudo unattended-upgrade --debug --dry-run and look at the resulting logfile in: /var/log/unattended-upgrades/unattended-upgrades.log then. It will contain additional debug information. == Config example == A example configuration that will install from the jaunty-security and jaunty-updates repositories daily: ------------------------------8<-------------------------------------- // Automaticall upgrade packages from these (origin, archive) pairs Unattended-Upgrade::Allowed-Origins { "Ubuntu jaunty-security"; "Ubuntu jaunty-updates"; }; // List of packages to not update Unattended-Upgrade::Package-Blacklist { // "vim"; "libc6"; "libc6-dev"; "libc6-i686"; }; // Send email to this address for problems or packages upgrades // If empty or unset then no email is sent //Unattended-Upgrade::Mail "root@localhost"; // These APT::Periodic settings mean that each day the /etc/cron.daily/apt // cron job will the update package list, download packages and then run // unattended-grade to install them. // Lock/Stamp files are in /var/lib/apt/periodic/ APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; ------------------------------8<--------------------------------------