Web lists-archives.com

Re: Unattended upgrades.




Le 24/03/2017 à 09:41, Lisi Reisz a écrit :
[...]
> Let's start with the file you mention: /etc/apt/apt.conf.d/20auto-upgrades   
> It isn't there.

the Debian wiki indicates that it has to be created, either by typing a
content in an editor or you can symply type as root:
# dpkg-reconfigure -plow unattended-upgrades

> lisi@Eros:~$ su
> Password:
> root@Eros:/home/lisi# unattended-upgrades
> root@Eros:/home/lisi#
>
> What has that done?  I can verify nothing because I can't see what it has or 
> has not done.  It took a long while doing it, but appears to have dome 
> nothing.

unattended-upgrades is not intended to be interactive (all benefit would
be lost), so it does not display anything.
if you want to observe how unattended-upgrades has run, you may examine
the content of:
/var/log/unattended-upgrades/unattended-upgrades.log
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log

> If I have to run it myself, then it isn't working.  The whole point, from my 
> point of view, is for it to work unattended.

you do not have to run unattended-upgrades yourself: I was suggesting to
run unattended-upgrades yourself just un order to verify it runs when
called.

to work unattended, unattended-upgaded has:
- to be installed
- to be told what and how to upgrade (that is the role of
/etc/apt/apt.conf.d/50unattended-upgrades)
- to be told when to upgrade (that is the role of
/etc/apt/apt.conf.d/20auto-upgrades), else it never runs.

> I have clearly completely misunderstood what unattended-upgrades is intended 
> to do.  If it won't work automatically but requires me to run it, in what 
> sense is it unattended?  It said that it runs by default.  I have obviously 
> misunderstood what "run" means in this context.
> 
> As I said above, /etc/apt/apt.conf.d/20auto-upgrades doesn't exist.
> 
> That is what I have been trying unsuccessfully to achieve.  If the defaults 
> work fine, then what are they doing?  If I need to run it, in what way is it 
> any different from or preferable to any other method of running upgrades?
> 
> So, to summarise, it is my expectations that are at fault.  
> Unattended-upgrades does not by default run unattended.  One has to set up a 
> cron job or something.
> 
> Having been reading the file /etc/apt/apt.conf.d/50unattended-upgrades, which 
> does exist, I have come to the conclusion that sadly this is all well above 
> my pay-grade anyway.

I would summarize it differently: installing unattended-upgrades is not
sufficient, it has to be set-up and its default setup is valid for a
reasonable goal.

For basic needs (automatic upgrades of security fixes for the stable
channel of Debian):
# apt-get install unattended-upgrades
# dpkg-reconfigure -plow unattended-upgrades
is sufficient.
If you have different or mode elaborate needs, you have to fiddle with
the set-up.

There are other ways of getting automatic upgrades, the only one I have
tested is cron-apt and I reckon unattended-upgrades is probably simpler.

NOTE: It appears that upgrade-system is a package that could interest
you: having looked quickly at it (but having never tested it), it seems
to require no set-up, just to be installed, to automatically upgrade all
packages to their newest version available (do not forget to do an
apt-get purge unattended-upgrades, it would be cleaner that way).