oxeo0/selfhosting-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/selfhosting-blogposts.git synced 2025-05-16 20:27:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
selfhosting-blogposts/unattendedupgrades/index.md
oxeo0 cc3824e6a2 add selfhosting tutorials
2025-05-06 19:51:39 +02:00

3.6 KiB
Raw Blame History

unattendedupgrades Setup

In this tutorial we're going to setup debian unattended upgrades so that packages are automatically updated on the system without needing any external help.

Initial Setup

[ 10.8.0.2/24 ] [ home ] [~]
→ apt install unattended-upgrades apt-listchanges -y

[ 10.8.0.2/24 ] [ home ] [~]
→ dpkg-reconfigure -plow unattended-upgrades

Then you can run the following command to run the unattended upgrade manually:

[ 10.8.0.2/24 ] [ home ] [~]
→ unattended-upgrade -d
Starting unattended upgrades script
Allowed origins are: origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security, origin=Debian,codename=bullseye-security,label=Debian-Security
Initial blacklist:
Initial whitelist (not strict):
Marking not allowed  with -32768 pin
Marking not allowed  with -32768 pin
Marking not allowed  with -32768 pin
Applying pinning: PkgFilePin(id=6, priority=-32768)
Applying pin -32768 to package_file: 
Applying pinning: PkgFilePin(id=5, priority=-32768)
Applying pin -32768 to package_file: 
Applying pinning: PkgFilePin(id=4, priority=-32768)
Applying pin -32768 to package_file: 
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-5\.10\.0\-20\-amd64$|^linux-.*-5\.10\.0\-20$|^kfreebsd-.*-5\.10\.0\-20\-amd64$|^kfreebsd-.*-5\.10\.0\-20$|^gnumach-.*-5\.10\.0\-20\-amd64$|^gnumach-.*-5\.10\.0\-20$|^.*-modules-5\.10\.0\-20\-amd64$|^.*-modules-5\.10\.0\-20$|^.*-kernel-5\.10\.0\-20\-amd64$|^.*-kernel-5\.10\.0\-20$|^linux-.*-5\.10\.0\-20\-amd64$|^linux-.*-5\.10\.0\-20$|^kfreebsd-.*-5\.10\.0\-20\-amd64$|^kfreebsd-.*-5\.10\.0\-20$|^gnumach-.*-5\.10\.0\-20\-amd64$|^gnumach-.*-5\.10\.0\-20$|^.*-modules-5\.10\.0\-20\-amd64$|^.*-modules-5\.10\.0\-20$|^.*-kernel-5\.10\.0\-20\-amd64$|^.*-kernel-5\.10\.0\-20$) regexp to find running kernel packages
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
No packages found that can be upgraded unattended and no pending auto-removals
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2023-02-15 21:00:54

Then you can check if it works with apt:

[ 10.8.0.2/24 ] [ home ] [~]
→ apt upgrade -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

no packages to be changed, which means the packages are up to date.

OPTIONAL: To make sure your server reboots every day to refresh the services (because the service stays the same even when packages are upgraded, until its restarted) do so with cron:

crontab -e

0 0 * * * reboot												#restart the server everyday at midnight
#0 0 * * * systemctl isolate rescue; systemctl isolate default	#forcefully restart all systemd services (careful it may break services)