Web lists-archives.com

Re: Unattended upgrades.




On Friday 24 March 2017 09:56:23 didier gaumet wrote:
> Le 24/03/2017 à 09:41, Lisi Reisz a écrit :
> [...]
>
> > Let's start with the file you mention:
> > /etc/apt/apt.conf.d/20auto-upgrades It isn't there.
>
> the Debian wiki indicates that it has to be created, either by typing a
> content in an editor or you can symply type as root:
> # dpkg-reconfigure -plow unattended-upgrades

This is what I had missed!  I have now run it.

> > lisi@Eros:~$ su
> > Password:
> > root@Eros:/home/lisi# unattended-upgrades
> > root@Eros:/home/lisi#
> >
> > What has that done?  I can verify nothing because I can't see what it has
> > or has not done.  It took a long while doing it, but appears to have dome
> > nothing.
>
> unattended-upgrades is not intended to be interactive (all benefit would
> be lost), so it does not display anything.
> if you want to observe how unattended-upgrades has run, you may examine
> the content of:
> /var/log/unattended-upgrades/unattended-upgrades.log
> /var/log/unattended-upgrades/unattended-upgrades-dpkg.log

This I had seen, but not "got" anywhere with them before.  Having run 
# dpkg-reconfigure -plow unattended-upgrades
unattended-upgrades.log exists and is not empty.
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
still does not exist, but it has clearly not yet been called for.  Hopefully 
it will tell me when unattended-upgrades has run.

> > If I have to run it myself, then it isn't working.  The whole point, from
> > my point of view, is for it to work unattended.
>
> you do not have to run unattended-upgrades yourself: I was suggesting to
> run unattended-upgrades yourself just un order to verify it runs when
> called.
>
> to work unattended, unattended-upgaded has:
> - to be installed
> - to be told what and how to upgrade (that is the role of
> /etc/apt/apt.conf.d/50unattended-upgrades)
> - to be told when to upgrade (that is the role of
> /etc/apt/apt.conf.d/20auto-upgrades), else it never runs.
>
> > I have clearly completely misunderstood what unattended-upgrades is
> > intended to do.  If it won't work automatically but requires me to run
> > it, in what sense is it unattended?  It said that it runs by default.  I
> > have obviously misunderstood what "run" means in this context.
> >
> > As I said above, /etc/apt/apt.conf.d/20auto-upgrades doesn't exist.
> >
> > That is what I have been trying unsuccessfully to achieve.  If the
> > defaults work fine, then what are they doing?  If I need to run it, in
> > what way is it any different from or preferable to any other method of
> > running upgrades?
> >
> > So, to summarise, it is my expectations that are at fault.
> > Unattended-upgrades does not by default run unattended.  One has to set
> > up a cron job or something.
> >
> > Having been reading the file /etc/apt/apt.conf.d/50unattended-upgrades,
> > which does exist, I have come to the conclusion that sadly this is all
> > well above my pay-grade anyway.
>
> I would summarize it differently: installing unattended-upgrades is not
> sufficient, it has to be set-up and its default setup is valid for a
> reasonable goal.

Yes.  Thank you.  I had not succeeded in setting it up.  let us hope that I 
have now.

> For basic needs (automatic upgrades of security fixes for the stable
> channel of Debian):
> # apt-get install unattended-upgrades
> # dpkg-reconfigure -plow unattended-upgrades
> is sufficient.

Fingers crossed, all is now well.  Thank you.

> If you have different or mode elaborate needs, you have to fiddle with
> the set-up.
>
> There are other ways of getting automatic upgrades, the only one I have
> tested is cron-apt and I reckon unattended-upgrades is probably simpler.

Thank you for your help.  Let us hope that all is now well!  I shall have to 
leave my desktop un-upgraded for a bit in order to see - I normally check for 
upgrades frequently.
>
> NOTE: It appears that upgrade-system is a package that could interest
> you: having looked quickly at it (but having never tested it), it seems
> to require no set-up, just to be installed, to automatically upgrade all
> packages to their newest version available (do not forget to do an
> apt-get purge unattended-upgrades, it would be cleaner that way).

No, this is the "Ubuntu way" that I specifically wanted to avoid.  When all 
updating is set up up to run automatically in this way.

I dislike any and all automatic upgrades.  I have no doubt that I could use 
them to get myself, or anyone else, in an infernal mess.  I have however got 
a particular problem at the moment, and after the discussion on the list 
about the fact that unattended-upgrades are now installed by default I felt 
that I should consider going that way.  I am putting it on my machine with 
trepidation and worry, but I must test it on myself first.

I want it because I have two clients 11 miles away and am partially sighted: 
i.e. 11 miles is a long way.  My husband has been seriously ill and I have 
been unable to go out far or for long. Teamviewer has taken a dive.  Getting 
at least security upgrades done has become urgent.  The clients cannot be 
persuaded to regard it as so!  (They could bring their computers to me.)  I 
would like, next time I get access, to set up both their computers to at 
least install important security upgrades automatically, for next time I 
can't get out, anyhow until I manage to set up remote access.  They have 
dynamic IP and a somewhat tricky ISP supplied router.  Again, I need access, 
and for more than a few minutes.

Lisi