In order to install updates automatically, the unattended-upgrades package needs to be installed and configured. It can install only security updates or updates from any branch or repository that's desired. It can reboot automatically or not at all and it can exclude specific packages.
apt-get install unattended-upgrades
vi /etc/apt/apt.conf.d/50unattended-upgrades
#uncomment the desired origin. For only security updates, comment out everything else
Unattended-Upgrade::Origins-Pattern {
"o=Debian,n=bullseye";
"o=Debian,n=bullseye-updates";
"o=Debian,n=bullseye-proposed-updates";
"o=Debian,n=bullseye-security";
"o=Debian,n=bullseye,l=Debian-Security";
//To enable ALL updates, use this:
// "site=*";
};
#blacklist packages as required (mysql-server,mysql-client,apache,php etc)
Unattended-Upgrade::Package-Blacklist {
"mysql-server*";
"mysql-common*";
"default-mysql-server";
"php7.0-*";
"apache2*";
"blink";
"python-sipsimple";
};
#Don't force updates
Unattended-Upgrade::AutoFixInterruptedDpkg "false";
#set mail to whoever should receive it and make sure bsd-mailx or sendmail
#is installed and able to send mails
Unattended-Upgrade::Mail "root";
#configure reboot if desired.
Unattended-Upgrade::Automatic-Reboot "false";
to enable the automatic updates:
vi /etc/apt/apt.conf.d/20auto-upgrades APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "3"; APT::Periodic::Unattended-Upgrade "1";
To increase the frequency from daily to every 4 hours, this can be entered into cron.d. This will override the time period configured in /etc/apt/apt.conf.d (note, in Ubuntu systems the timer daily cron timer is triggered via the systemd apt-daily.timer:
vi /etc/cron.d/unattended-upgrade 0 */4 * * * root sleep $(( 1$(date +\%N) \% 14400 ));PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin unattended-upgrade
Test the configuration using:
sudo unattended-upgrades --dry-run tail /var/log/unattended-upgrades/unattended-upgrades.log
To include additional repositories, the origin and suite (archive) names need to be identified first:
grep "Origin:" /var/lib/apt/lists/*Release /var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease:Origin: Ubuntu /var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic_InRelease:Origin: Ubuntu /var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease:Origin: Ubuntu /var/lib/apt/lists/ppa.launchpad.net_team-xbmc_xbmc-nightly_ubuntu_dists_bionic_InRelease:Origin: LP-PPA-team-xbmc-xbmc-nightly /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease:Origin: Ubuntu grep "Suite:" /var/lib/apt/lists/*Release /var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease:Suite: bionic-backports /var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic_InRelease:Suite: bionic /var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease:Suite: bionic-updates /var/lib/apt/lists/ppa.launchpad.net_team-xbmc_xbmc-nightly_ubuntu_dists_bionic_InRelease:Suite: bionic /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease:Suite: bionic-security
These details are needed to edit the 50unattended-upgrades file and add the lines using this format “<origin>:<archive>”; of for this examples sake “Google\, Inc.:stable”;.
Example for Kodi on ubuntu:
//Kodi Nightly
"LP-PPA-team-xbmc-xbmc-nightly:${distro_codename}";
vi /root/.profile
add after the .bashrc call, but before the mesg line:
[ -f /var/run/reboot-required ] && echo -e "\n*** System restart required ***\n"
For unattended-upgrades to skip upgrades when the system is running on battery, the following package needs to be installed:
apt-get install powermgmt-base