Automate Updates and Upgrade?

A stock Ubuntu system already automatically updates/upgrades. These features are already included with a normal Ubuntu install.

• Snapd checks for snap packages updates four times each day, and silently downloads and installs any that are discovered. This is a key feature of Snaps, and is how the all-Snap Ubuntu Core stays up completely up to date automaticlly. See https://snapcraft.io/docs/keeping-snaps-up-to-date for how to edit the frequency and other settings.

• The system runs apt update daily on a timer. The timer runs at a random time each day to avoid hammering the mirrors. Example of how to see it:

  $ systemctl list-timers apt-daily
  NEXT                        LEFT    LAST                        PASSED  UNIT            ACTIVATES
  Thu 2021-04-15 13:49:38 CDT 6h left Wed 2021-04-14 20:50:52 CDT 10h ago apt-daily.timer apt-daily.service
  

• The system runs apt upgrade for security upgrades only daily on a timer (Unattended Upgrades). Example of how to see it:

  $ systemctl list-timers apt-daily-upgrade
  NEXT                        LEFT     LAST                        PASSED    UNIT                    ACTIVATES                
  Fri 2021-04-16 06:41:09 CDT 22h left Thu 2021-04-15 07:24:53 CDT 24min ago apt-daily-upgrade.timer apt-daily-upgrade.service
  

  You can easily add the -updates pocket of the Ubuntu repositories (bugfixes and non-security upgrades) by editing the config file /etc/apt/apt.conf.d/50unattended-upgrades. Simply uncomment the appropriate line of the file. Other pockets of the Ubuntu repositories (-proposed, -backports) are not recommended due to the risk of automatically installing a package that breaks your system.

  It's possible to add non-Ubuntu deb sources (like Chrome) to the same automatic upgrade config (here's how), but it's not recommended. Many third-party sources do not update in sync with Ubuntu, causing unexpected apt conflicts.

Please consult the excellent resource: https://help.ubuntu.com/community/AutomaticSecurityUpdates and feel free to choose any of the suggested methods to automate the updates:

• Use the GNOME Update Manager
• Use the unattended-upgrades package
• Use cron-apt
• Write your own cron script that calls aptitude

My favorite way to update the Ubuntu machines is by using the "unattended-upgrades" package: sudo dpkg-reconfigure --priority=low unattended-upgrades, it has a quick interactive dialog which will create the file: /etc/apt/apt.conf.d/20auto-upgrades with these two lines:

APT::Periodic::Update-Package-Lists "1";

APT::Periodic::Unattended-Upgrade "1";

Please consult the file /etc/apt/apt.conf.d/50unattended-upgrades, it has a lot of goodies, like list of packages denied upgrade, automatic removal of unused packages, automatic reboot after upgrade (even at specific time) and you can decide what other options you may want use for the updates. Happy updating!!

Edit the configuration file (here with nano – replace with any other text editor):

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

The beginning of the configuration file should look like this: follow image code

Anything after a double slash “//” is a comment and has no effect. To “enable” a line, remove the double slash at the beginning of the line (replace with nothing or with spaces to keep alignment).

The most important: uncomment the “updates” line by deleting the two slashes at the beginning of it:

${distro_id}:${distro_codename}-updates

Recommended: remove unused kernel packages and dependencies and make sure the system automatically reboots if needed by uncommenting and adapting the following lines: Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

↑ Ubuntu Server 18.04: You may have to add a semicolon at the end of this line. Fixed in 20.04. ↑

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Unattended-Upgrade::Automatic-Reboot "true";

Unattended-Upgrade::Automatic-Reboot-Time "02:38";

To save your changes in nano, use Ctrl + O followed by Enter. To quit, use Ctrl + X.