Installing Upgrades Automatically

It is always a good idea to make sure that the packages on your Brightbox is bang up to date. Normally you'd do this manually so that you can check the packages that are being upgraded are the ones you want upgrading.

However when you're in production and you've removed all the testing repositories from your machine, you might want to automate this chore and ensure you're bang up to date with security updates.

Install the 'unattended-upgrades' package

First install the unattended-upgrades package using apt.

apt-get install unattended-upgrades

This package does the heavy lifting and logs what it does in /var/log/unattended-upgrades. the package is controlled by the file /etc/apt/apt.conf.d/50unattended-upgrades, which you can use to limit the source repositories the automated system can use and stop certain packages being upgraded at all.

Install a periodic apt update configuration

Unfortunately the 'unattended-upgrades' package doesn't actually hook into the apt updating system on the server. So there is a little bit of manual configuration to do first. Edit the file /etc/apt/apt.conf.d/10periodic as root and add the following:

APT::Periodic::Unattended-Upgrade "1";
#  - Run the "unattended-upgrade" security upgrade script 
#    every n-days (0=disabled)
#    Requires the package "unattended-upgrades" and will write
#    a log in /var/log/unattended-upgrades
docs/howtosetupunattendedupgrades.txt · Last modified: 2009/05/08 17:04 (external edit)