Unattended upgrades in Debian/Ubuntu

0 minute read

If you want to automatically install package upgrades on a Debian/Ubuntu server system - there’s an app for that. First, install the package:

apt-get install unattended-upgrades apt-listchanges

Then configure the package by editing (Ubuntu) /etc/apt/apt.conf.d/50unattended-upgrades:

// /etc/apt/apt.conf.d/50unattended-upgrades without comments
// my version
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
	"${distro_id}:${distro_codename}-security";
	"${distro_id}ESMApps:${distro_codename}-apps-security";
	"${distro_id}ESM:${distro_codename}-infra-security";
	"${distro_id}:${distro_codename}-updates";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::DevRelease "false";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Apparently in Debian there are a couple more ways to achieve the same goal, this one works pretty well for me.