Автоматическая установка SECURITY-обновлений в Debian

Автоматическая установка SECURITY-обновлений в Debian

Готовая конфигурация для автоматической установки SECURITY-обновлений в #Debian.

Установка

  • Установить пакеты unattended-upgrades, apt-listchanges и python3-gi:
1

apt install --yes unattended-upgrades apt-listchanges python3-gi

Настройка

  • Открыть файл /etc/apt/apt.conf.d/50unattended-upgrades и закомментировать строки:
50unattended-upgrades
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
//      "origin=Debian,codename=${distro_codename},label=Debian";
//      "origin=Debian,codename=${distro_codename},label=Debian-Security";
//      "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};
  • Создать файл /etc/apt/apt.conf.d/52unattended-upgrades-local со следующим содержимым:
52unattended-upgrades-local
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

Unattended-Upgrade::Origins-Pattern {
  "origin=Debian,codename=${distro_codename},label=Debian-Security";
  "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
};
Unattended-Upgrade::AutoFixInterruptedDpkg "false";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::Automatic-Reboot-WithUsers "false";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";
  • Создать файл /etc/apt/apt.conf.d/20auto-upgrades со следующим содержимым:
20auto-upgrades
1
2
3

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";
  • Запустить автоматическое обновление вручную для отладки:
1

unattended-upgrade -d