Translation(s): English - Français

Automatically install and update new versions of packages with unattended-upgrades.

Contents

  1. Install unattended-upgrades
  2. Configure unattended-upgrades
    1. Get more information about changes
    2. Manual run (for debugging)
    3. Modify the schedule via systemd
  3. Alternatives
  4. See Also

Install unattended-upgrades

Debian software is stored in packages, which get new versions from time to time. Most Debian users prefer that to be automated at least some of the time (e.g. major security updates) and manual at least some of the time (e.g. whole new versions of Debian).

Most versions of Debian install unattended-upgrades with fairly conservative settings, but your system might not have installed the package at all, or might have installed it but disabled it altogether.

To ensure unattended-upgrades is installed, just try to install it again (see HowToInstallPackages). The process will either succeed or complain it's already been done.

To check unattended-upgrades is enabled, run this in a terminal: 

sudo dpkg-reconfigure unattended-upgrades

That should ask whether you want to automatically download and install stable updates (the answer is yes).

Configure unattended-upgrades

  1. copy /etc/apt/apt.conf.d/50unattended-upgrades to /etc/apt/apt.conf.d/52unattended-upgrades-local

    • for an explanation, see /usr/share/doc/unattended-upgrades/README.md.gz

  2. open your favourite text editor as root

  3. edit /etc/apt/apt.conf.d/52unattended-upgrades-local

  4. find the Unattended-Upgrade::Origins-Pattern section

  5. optionally uncomment (remove the leading // from) any lines you want to auto-update

    • the default configuration auto-installs security updates, but not new features

  6. optionally uncomment and set the Unattended-Upgrade::Mail line

    • may require you to configure a local MTA

For advanced configuration options, see the comments at the top of /usr/lib/apt/apt.systemd.daily.

Get more information about changes

If you plan to use unattended-upgrades, you'll want a way to be notified when something goes wrong. Consider installing apt-listchanges and configuring it to send you emails about updates. Or if you suspect something's already happened, check /var/log/dpkg.log and the files in /var/log/unattended-upgrades/.

To configure apt-listchanges, edit /etc/apt/listchanges.conf in your favourite text editor as root. Here's an example file: 

[apt]
frontend=pager
email_address=root
confirm=0
save_seen=/var/lib/apt/listchanges.db
which=both

Manual run (for debugging)

To debug unattended-upgrades, run it manually: 

sudo unattended-upgrade -d

Modify the schedule via systemd

Debian uses the following systemd timers to run periodic APT maintenance tasks:

If you want to more detailed configuration than unattended-upgrades provides, you can use systemctl edit: 

# Edit the download timer:
sudo systemctl edit apt-daily.timer

# check the next download trigger time (optional):
sudo systemctl status apt-daily.timer

# restart the download timer immediately (optional):
sudo systemctl restart apt-daily.timer

# Edit the upgrade timer:
sudo systemctl edit apt-daily-upgrade.timer

# check the next upgrade trigger time (optional):
sudo systemctl status apt-daily-upgrade.timer

# restart the upgrade timer immediately (optional):
sudo systemctl restart apt-daily-upgrade.timer

For example, to set the download time to 1AM, edit apt-daily.timer to say: 

[Timer]
# Clear the previous OnCalendar setting:
OnCalendar=
# Add a new setting:
OnCalendar=01:00
# Run at exactly 1AM (disabled by default to smooth out demand on Debian's servers):
#RandomizedDelaySec=0

{i} Before tools like RandomizedDelaySec were introduced, servers would get massive traffic spikes for a few seconds a day, then relative silence the rest of the time. One or two people disabling it won't make much difference, but please consider setting the delay to at least 1h.

Alternatives

There are alternative ways to achieve periodic or automatic updates besides unattended-upgrades. The following methods should not be used at the same time.

cron-apt can be used to do this job.

GNOME users can configure automatic updates in the "GNOME Software" application. Navigate to Activities > search for and select Software; within the app select "Preferences" to enable and schedule automatic updates.

older Debian versions

Prior to DebianTrixie, software-properties-gtk can be used. Once installed, Go to Applications menu > Settings > Software and updates > Updates to configure your update schedule.

See Also

CategoryPackageManagement CategorySystemAdministration