How to Set It Up
- Install unattended-upgrades
It’s often pre-installed, but ensure it’s there:
sudo apt update
sudo apt install unattended-upgrades -y
- This also installs apt-config-auto-update for background checks.
- Enable Automatic Updates
Run the configuration tool:
sudo dpkg-reconfigure --priority=low unattended-upgrades
- You’ll see a prompt: “Automatically download and install stable updates?”
- Select Yes and press Enter.
- This creates or updates /etc/apt/apt.conf.d/20auto-upgrades.
- Verify Configuration
Check the generated file:
cat /etc/apt/apt.conf.d/20auto-upgrades
It should look like:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
- Update-Package-Lists “1”: Updates the package list daily.
- Unattended-Upgrade “1”: Runs upgrades daily.
- Customize (Optional)
Edit the main config file to control what gets updated:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Key sections:
- Security Updates (Enabled by Default):
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
};
This ensures security updates for your Debian release (e.g., “bookworm-security”) are applied.
- Optional: Stable Updates: Uncomment or add:
"${distro_id}:${distro_codename}-updates";
-
This includes non-security updates from the stable repo.
-
Blacklist Packages (if needed):
Unattended-Upgrade::Package-Blacklist {
"package-name";
};
Save and exit (Ctrl+O, Enter, Ctrl+X in nano).
- Test It
Simulate what it would do:
sudo unattended-upgrades --dry-run --debug
- Logs
Check what it’s done:
cat /var/log/unattended-upgrades/unattended-upgrades.log
- Logs show when updates were fetched and installed.
评论区