Automatische Updates einrichten/installieren mit unattended-upgrades
Mit folgendem Befehl installieren wir unattended-upgrades aus den Paketquellen.
tux@earth:~$ sudo apt-get install unattended-upgrades
Nun passen wir die Konfiguration von unattended-upgrades an. Die Konfiguration ist durch die Kommentare eigentlich selbsterklärend.
tux@earth:~$ sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
"Ubuntu lucid-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "postmaster@example.com";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id} stable";
"${distro_id} ${distro_codename}-security";
"${distro_id} ${distro_codename}-updates";
// "${distro_id} ${distro_codename}-proposed-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "postmaster@example.com";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Wenn Debian Squeeze verwendet wird, muss oben in der /etc/apt/apt.conf.d/50unattended-upgrades
Config statt stable, oldstable rein!
Um automatische Updates zu aktivieren, müssen wir noch folgendes in der Datei /etc/apt/apt.conf.d/02periodic
einstellen.
tux@earth:~$ sudo vi /etc/apt/apt.conf.d/02periodic
// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";
// Set maximum size of the cache in MB (0=disable)
APT::Periodic::MaxSize "512";
// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";
// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";
// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";
// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";
// Send report mail to root
// 0: no report (or null string)
// 1: progress report (actually any string)
// 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
// 3: + trace on
APT::Periodic::Verbose "1";
Nun testen wir unattended-upgrades ob alles funktioniert.
tux@earth:~$ sudo unattended-upgrades --dry-run
In der Log-Datei /var/log/unattended-upgrades/unattended-upgrades.log
schauen wir ob Fehler aufgetaucht sind.
tux@earth:~$ less /var/log/unattended-upgrades/unattended-upgrades.log
Leider lässt sich das Subject der Benachrichtigung nicht ändern, da dies im Skript /usr/bin/unattended-upgrades
Hard Coded ist. In meinem Fall möchte ich, dass der Hostname des Subject am Anfang in Eckigen Klammern steht. Dazu geht man zur Zeile 238 (und 239) und editiert den Eintrag entsprechend.
Hier das Diff der Änderung am Subject der Benachrichtigung.
238,239c238
< "-s", _("unattended-upgrades result "
< "for '%s'") % host(),
---
> "-s", _("[%s] unattended-upgrades") % host(),