mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/selfhosting-blogposts.git
synced 2025-05-16 04:07:01 +00:00
3.7 KiB
3.7 KiB
| search | ||
|---|---|---|
|
unattendedupgrades Setup
In this tutorial we're going to setup debian unattended upgrades so that packages are automatically updated on the system without needing any external help.
Initial Setup
[ 10.8.0.2/24 ] [ home ] [~]
→ apt install unattended-upgrades apt-listchanges -y
[ 10.8.0.2/24 ] [ home ] [~]
→ dpkg-reconfigure -plow unattended-upgrades
Then you can run the following command to run the unattended upgrade manually:
[ 10.8.0.2/24 ] [ home ] [~]
→ unattended-upgrade -d
Starting unattended upgrades script
Allowed origins are: origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security, origin=Debian,codename=bullseye-security,label=Debian-Security
Initial blacklist:
Initial whitelist (not strict):
Marking not allowed with -32768 pin
Marking not allowed with -32768 pin
Marking not allowed with -32768 pin
Applying pinning: PkgFilePin(id=6, priority=-32768)
Applying pin -32768 to package_file:
Applying pinning: PkgFilePin(id=5, priority=-32768)
Applying pin -32768 to package_file:
Applying pinning: PkgFilePin(id=4, priority=-32768)
Applying pin -32768 to package_file:
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-5\.10\.0\-20\-amd64$|^linux-.*-5\.10\.0\-20$|^kfreebsd-.*-5\.10\.0\-20\-amd64$|^kfreebsd-.*-5\.10\.0\-20$|^gnumach-.*-5\.10\.0\-20\-amd64$|^gnumach-.*-5\.10\.0\-20$|^.*-modules-5\.10\.0\-20\-amd64$|^.*-modules-5\.10\.0\-20$|^.*-kernel-5\.10\.0\-20\-amd64$|^.*-kernel-5\.10\.0\-20$|^linux-.*-5\.10\.0\-20\-amd64$|^linux-.*-5\.10\.0\-20$|^kfreebsd-.*-5\.10\.0\-20\-amd64$|^kfreebsd-.*-5\.10\.0\-20$|^gnumach-.*-5\.10\.0\-20\-amd64$|^gnumach-.*-5\.10\.0\-20$|^.*-modules-5\.10\.0\-20\-amd64$|^.*-modules-5\.10\.0\-20$|^.*-kernel-5\.10\.0\-20\-amd64$|^.*-kernel-5\.10\.0\-20$) regexp to find running kernel packages
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
No packages found that can be upgraded unattended and no pending auto-removals
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2023-02-15 21:00:54
Then you can check if it works with apt:
[ 10.8.0.2/24 ] [ home ] [~]
→ apt upgrade -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
no packages to be changed, which means the packages are up to date.
OPTIONAL: To make sure your server reboots every day to refresh the services (because the service stays the same even when packages are upgraded, until its restarted) do so with cron:
crontab -e
0 0 * * * reboot #restart the server everyday at midnight
#0 0 * * * systemctl isolate rescue; systemctl isolate default #forcefully restart all systemd services (careful it may break services)