I'm running a server under Ubuntu 16.04 and am trying to find a way to manually launch all the available security upgrades when I want to. I found numerous posts about unattended-upgrades, however it doesn't seem to give me any upgrades available..
When I try to get the upgrades, I get:
ubuntu@server:~$ sudo unattended-upgrades --download-only -v -d
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Yet, if do seem to have pending security upgrades :
ubuntu@server:~$ apt-show-versions | grep upgradeable | grep security
isc-dhcp-client:amd64/xenial-security 4.3.3-5ubuntu12.9 upgradeable to 4.3.3-5ubuntu12.10
isc-dhcp-common:amd64/xenial-security 4.3.3-5ubuntu12.9 upgradeable to 4.3.3-5ubuntu12.10
libgcrypt20:amd64/xenial-security 1.6.5-2ubuntu0.3 upgradeable to 1.6.5-2ubuntu0.4
libgd3:amd64/xenial-security 2.1.1-4ubuntu0.16.04.8 upgradeable to 2.2.5-4+ubuntu16.04.1+deb.sury.org+2
etc...
The allowed origins include "xenial-security" so I don't understand why U-U finds nothing..
If you have a clue I'd be grateful...
I was unable to reproduce this in dev environment using the following AutomaticSecurityUpdates documentation.
REPO STEPS:
Under the interactive dialog you will see a message similar to this:
Configuring unattended-upgrades
Select Yes and "enter" then you will see another page with the following content.
Choose "OK" and that will create /etc/apt/apt.conf.d/20auto-upgrades with the following contents:
Details about what these values mean may be found in the header of the /etc/cron.daily/apt file. See the Ubuntu Community doc for more details on this.
--download-only -v -d output
You can then use cron-apt to handle automatic updating