5

I'm creating a BASH script that will, among other things, enable automatic updates, important security updates, and the "Check daily" option in the software updates menu. But no matter where i search, i cant find an answer. From what i can tell, the only way to do it is through the GUI. Is there anyway to do this that im missing?

EDIT 1: Through some more research, I have figured out how to enable important securty updates and reccomended updates with this bit of code: 

find /etc/apt -type f -name '*.list' -exec sed -i 's/^#\(deb.*-backports.*\)/\1/; s/^#\(deb.*-updates.*\)/\1/; s/^#\(deb.*-proposed.*\)/\1/; s/^#\(deb.*-security.*\)/\1/' {} +

From How to enable or disable -updates, -security, -backports, -proposed repositories from commandline?

wjandrea
  • 14,236
  • 4
  • 48
  • 98
Tech_Person
  • 111
  • So to clarify, you're still looking for how to enable automatic updates and enable the "Check daily" option, right? What version of Ubuntu are you asking about? – wjandrea Jan 11 '19 at 03:22
  • Instead of sed-ing files, you can simply place your own config file in /etc/apt/apt.conf.d. Give it a high number like "99-my-config-changes" so it takes precedence over earlier-loaded config settings. Custom configs are rarely neccessary - unattended-upgrades has sane default settings. – user535733 Jan 11 '19 at 03:30
  • I am currently using ubuntu 18.04.1 LTS, and yes i am still looking for the Check daily option – Tech_Person Jan 11 '19 at 03:33
  • Editing sources.list files isn't directly related to updating automatically... the sources choose where to update from, but not when. And which program do you want to use/edit, unattended-upgrades, gnome update manager, cron & aptitude, cron-apt? – Xen2050 Jan 11 '19 at 04:43
  • @Xen2050 I want to edit whatever file the GUI uses when you change it manually, i want the exact same result. – Tech_Person Jan 12 '19 at 05:36

3 Answers3

8

Unattended upgrades are enabled by default in all Ubuntu releases 16.04 and newer.

There are three easy ways to tell if the unattended-upgrades package is installed and working.

  1. See if the package is installed. Look for "[installed]" at the end of the bottom line of output.

     $ apt list unattended-upgrades
 Listing... Done
 unattended-upgrades/cosmic-updates,cosmic-updates,now 1.5ubuntu3.18.10.1 all [installed]

  2. Check the apt timestamps for unattended-upgrades activity. Look for a timestamp by unattended-upgrades within the past day or two:

     $ ls -la /var/lib/apt/periodic/
 total 8
 drwxr-xr-x 2 root root 4096 Sep 15  2017 .
 drwxr-xr-x 5 root root 4096 Jan  1 08:24 ..
 -rw-r--r-- 1 root root    0 Jan 10 07:54 download-upgradeable-stamp
 -rw-r--r-- 1 root root    0 Jan 10 07:51 unattended-upgrades-stamp
 -rw-r--r-- 1 root root    0 Jan 10 07:52 update-stamp
 -rw-r--r-- 1 root root    0 Jan 10 07:53 update-success-stamp
 -rw-r--r-- 1 root root    0 Jan 10 07:55 upgrade-stamp

  3. Check the apt settings to see if Unattended Upgrades is turned on ("1") or off ("0"):

     $ grep Unattended-Upgrade /etc/apt/apt.conf.d/20auto-upgrades 
 APT::Periodic::Unattended-Upgrade "1";

The repositories that unattended-upgrades uses are listed in /etc/apt/apt.conf.d/50unattended-upgrade.

  • The -security repository is enabled by default in all releases of Ubuntu.
  • Adding other Ubuntu repositories is trivial: Simply uncomment the appropriate line.
  • Enabling -backports is discouraged, those packages are not fully tested.
  • Enabling -proposed is STRONGLY DISCOURAGED, as those packages can be very risky.

If unattended-upgrades is installed and turned on, it will run daily whether you want it to or not. Only the GUI provides the option to change the period.

After you make changes you do not need to restart your system. Apt runs once daily at a random time, and reloads the configs and sources anew each time.

User
  • 293
user535733
  • 62,253
  • most of this doesnt really help me, i checked to confirm that "Unattenended-upgrades" is installed and working, but i want this script to set automatic updates to daily, regardless of what machine i run it on. The machines that this script will be run on will most likely have it set to "Never" – Tech_Person Jan 11 '19 at 03:43
  • It's long because you were heading down a more difficult road than you need to. – user535733 Jan 11 '19 at 04:19
  • so, i didnt really get a clear answer though. How exactly do i enable automatic checking for updates daily? – Tech_Person Jan 11 '19 at 04:26
  • u-u ignores the GUI setting, and runs daily when enabled. The GUI control is older; from before the days when u-u was enabled by default. If you want standardization, there are several easy ways. – user535733 Jan 11 '19 at 13:36
  • This is a great answer for the question https://askubuntu.com/questions/172524/how-can-i-check-if-automatic-updates-are-enabled – Christopher Oezbek Dec 05 '21 at 10:53
4

If you're using the unattended-upgrades package and it's already installed, then according to Ubuntu's Community Help Wiki on AutomaticSecurityUpdates (FYI it also has info on using GNOME Update Manager, cron and aptitude, and cron-apt):

Determining the current configuration

The current configuration can be queried by running:

apt-config dump APT::Periodic::Unattended-Upgrade

Which will produce output like:

APT::Periodic::Unattended-Upgrade "1";

In this example, Unattended Upgrade will run every 1 day. If the number is "0" then unattended upgrades are disabled.

The files in /etc/apt/apt.conf.d/ are evaluated in lexicographical order with each file capable of overriding values set in earlier files. This makes it insufficient to view the setting in /etc/apt/apt.conf.d/20auto-upgrades and why it is recommended to use apt-config.

To enable it, do:

sudo dpkg-reconfigure --priority=low unattended-upgrades

(it's an interactive dialog) which will create /etc/apt/apt.conf.d/50unattended-upgrades. And /etc/apt/apt.conf.d/20auto-upgrades with the following contents:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Details about what these values mean may be found in the header of the /etc/cron.daily/apt file.

If you're absolutely sure you wouldn't miss out on anything else dpkg-reconfigure does (I'm not sure the above is an exhaustive list), you could just create/edit the above files.

Or instead of the above, according to the Debian wiki on UnattendedUpgrades:

Automatic call via /etc/apt/apt.conf.d/02periodic

Alternatively, you can also create the apt configuration file /etc/apt/apt.conf.d/02periodic to activate unattended-upgrades:

Below is an example /etc/apt/apt.conf.d/02periodic:

// Control parameters for cron jobs by /etc/cron.daily/apt-compat //

// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "21";


// Send report mail to root
//  0: no report         (or null string)
//  1: progress report   (actually any string)
//  2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
//  3: + trace on
APT::Periodic::Verbose "2";

Manual run (for debugging)

To aid debugging you may need to run unattended-upgrades manually thus:

sudo unattended-upgrade -d

See Also

  • /usr/share/doc/unattended-upgrades/README.md.gz
  • /usr/share/doc/apt/examples/configure-index.gz
  • /etc/cron.daily/apt
  • apt.conf(5)

Also, some more info you might be interested in:

Related systemd files

Because Debian is using the systemd system, it has timers defined for APT use, these files are provided by the apt package.
The relevant files are:

  • Used for downloads: /lib/systemd/system/apt-daily.timer
    • override with /etc/systemd/system/apt-daily.timer.d/override.conf
  • Used for upgrading: /lib/systemd/system/apt-daily-upgrade.timer
    • override with /etc/systemd/system/apt-daily-upgrade.d/override.conf

You can override these settings using local override files as shown above, creating the missing parts if non-existent yet.

Here is an example of how to override the download time to 1AM using /etc/systemd/system/apt-daily.timer.d/override.conf :

[Timer]
OnCalendar=
OnCalendar=01:00

Line #2 above is needed to reset (empty) the default value shown below in line #5.

The default in /lib/systemd/system/apt-daily.timer is (at moment of this writing):

[Unit]
Description=Daily apt download activities

[Timer]
OnCalendar=*-*-* 6,18:00
RandomizedDelaySec=12h
Persistent=true

[Install]
WantedBy=timers.target
Xen2050
  • 8,705
0

echo -e 'APT::Periodic::Update-Package-Lists "7";\nAPT::Periodic::Download-Upgradeable-Packages "7";\nAPT::Periodic::Unattended-Upgrade "7";\nAPT::Periodic::AutocleanInterval "7";' >> /etc/apt/apt.conf.d/20auto-upgrades

only security auto updates.. sed -i 's/"${distro_id}:${distro_codename}";/\/\/"${distro_id}:${distro_codename}";/' /etc/apt/apt.conf.d/50unattended-upgrades

notifs: apt install apticron && echo -e 'EMAIL=$EMAIL' >> /etc/apticron/apticron.conf

echo -e "[Timer]\nPersistent=delay" > /etc/systemd/system/apt-daily-upgrade.timer.d/override.conf this is to prevent uu on boot, though default set to random (systemctl list-timers)

unattended-upgrades --dry-run --debug && cat /var/log/unattended-upgrades/unattended-upgrades.log

alchemy
  • 762