Ubuntu
apt package

Bug #1615482
Comment #5

Comment 5 for bug 1615482

Revision history for this message

Florian Jerusalem (florian.jerusalem) wrote on 2016-11-11:

I came to the conclusion that to manually control unattended upgrades it currently the "easiest" (sarcasm tag on) way to only let the timer update your package list and manually run unattended-upgrades via cron at your desired time.

To do so:

# apt-get install unattended-upgrades update-notifier-common

# rm /etc/apt/apt.conf.d/20auto-upgrades /etc/apt/apt.conf.d/10periodic
# rm /var/log/unattended-upgrades/*

# vi /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "0";

# vi /etc/apt/apt.conf.d/local

Dpkg::Options {
"--force-confdef";
"--force-confold";
}

# vi /etc/apt/apt.conf.d/50unattended-upgrades

(Thanks to ansible-role at https://github.com/jnv/ansible-role-unattended-upgrades)

Ubuntu:
#######
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
Unattended-Upgrade::Origins-Pattern {
      "origin=Ubuntu,archive=${distro_codename}-security";
      //"o=Ubuntu,a=${distro_codename}";
      //"o=Ubuntu,a=${distro_codename}-updates";
      //"o=Ubuntu,a=${distro_codename}-proposed-updates";
  };

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "true";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "350";

Debian:
#######

// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
Unattended-Upgrade::Origins-Pattern {
      "origin=Debian,codename=${distro_codename},label=Debian-Security";
      //"o=Debian,codename=${distro_codename},label=Debian";
      //"o=Debian,codename=${distro_codename},a=proposed-updates";
  };

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "true";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "350";

# vi /opt/unattended-upgrade-manual.sh

#!/bin/bash
sleep $((RANDOM \% 1800))
apt-get update
unattended-upgrade -d
apt-get -y clean

# chmod +x /opt/unattended-upgrade-manual.sh

# vi /etc/cron.d/unattended-upgrade

SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
30 03 * * * root /opt/unattended-upgrade-manual.sh

Fuck the systemd-timers, fuck cron.daily - I'm in charge... :P

Improvements are welcome.

Best regards
Florian

To do so:

# apt-get install unattended-upgrades update-notifier-common

# rm /etc/apt/apt.conf.d/20auto-upgrades /etc/apt/apt.conf.d/10periodic
# rm /var/log/unattended-upgrades/*

# vi /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "0";

# vi /etc/apt/apt.conf.d/local

Dpkg::Options {
   "--force-confdef";
   "--force-confold";
}

# vi /etc/apt/apt.conf.d/50unattended-upgrades

(Thanks to ansible-role at https://github.com/jnv/ansible-role-unattended-upgrades)

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "true";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "350";

Debian:
#######

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "true";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "350";

# vi /opt/unattended-upgrade-manual.sh

#!/bin/bash
sleep $((RANDOM \% 1800))
apt-get update
unattended-upgrade -d
apt-get -y clean

# chmod +x /opt/unattended-upgrade-manual.sh

# vi /etc/cron.d/unattended-upgrade

SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
30 03 * * * root /opt/unattended-upgrade-manual.sh

Fuck the systemd-timers, fuck cron.daily - I'm in charge... :P

Improvements are welcome.

Best regards
Florian

Ubuntuapt package

Comment 5 for bug 1615482

Ubuntu
apt package