Configure Unattended Upgrades on Raspberry Pi

-
If we were to run Raspberry Pi headless (without attached monitor), it would be nice if we can perform unattended system upgrades. In Debain/Ubuntu class of software, we can perform unattended upgrades using the software package unattended-upgrades. 

To install the software, use the command below: 

sudo apt-get install unattended-upgrades
# Following are additional software required
# we only need mailutils or bsd-mailx, choose 1
sudo apt-get install mailutils
sudo apt-get install bsd-mailx
sudo apt-get install update-notifier-common

Next, we need to edit the configuration files:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

The configuration should be similar as below:

Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
//      "o=Debian,n=jessie";
//      "o=Debian,n=jessie-updates";
//      "o=Debian,n=jessie-proposed-updates";
//      "o=Debian,n=jessie,l=Debian-Security";
        "o=${distro_id},n=${distro_codename}";
        "o=${distro_id},n=${distro_codename}-updates";
        "o=${distro_id},n=${distro_codename}-proposed-updates";
        "o=${distro_id},n=${distro_codename},l=Debian-Security";
// Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
};

Unattended-Upgrade::Mail "username@example.com";
Unattended-Upgrade::Automatic-Reboot "true";
Basically, we commented out those type of upgrade we want to apply. The second last line allows the system to email us the status. We must install mailutils or mailx first in Raspbian for the email notification to be effective. The last line allow the system to reboot automatically. Please also make sure that update-notifier-common has been installed.

There are more option that we can set such as reboot time and log file in the configuration file. Uncomment any option when necessary.

Next, we need to amend another auto upgrade configuration file.


sudo nano /etc/apt/apt.conf.d/20auto-upgrades

The configuration files should have the following:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
APT::Periodic::AutocleanInterval "7";

Finally, we perform a test to see if the upgrade process works:

sudo unattended-upgrade -d -v --dry-run

To enable unattended-upgrade use the following command:

sudo dpkg-reconfigure --priority=low unattended-upgrades


Reference

For further reference, please check out the following post:
Debian Wiki UnattendedUpgrades
Ubuntu Community Help: AutomaticSecurityUpdates
Ubuntu Official Documentation: Automatic Updates

***

Comments

Post a Comment

Popular posts from this blog

Revive Old Mac Mini (2009) with Linux

-
Image
We have an old Mac Mini (late 2009 version) lying around. The latest Mac OS X it could support was Mac OS X El Capitan. The machine is still good although the DVD drive does not worked anymore.  Apple will drop security update for El Capitan very soon. Running OS X El Capitan without any security update is not an option.  Instead of disposing a good piece of hardware, we can install Linux. However, before we start playing around with the Linux installation, we need to take stock of the hardware capability. We might need to upgrade some hardware so that we can run Linux smoothly. Mac Mini 2009 Specification This Mac has Core 2 Duo CPU (P8700) running at 2.53GHz. It support PC3-8500 DDR3 RAM running at 1066MHz. This Mac Mini has a Nvidia Geforce 9400M video card. It support 2 display output. Wifi specification is 802.11a/b/g/n. This is pretty high end at the time.  However, this WiFi uses Broadcom chipset (BCM4321), which is not very well supported in Linux since it
Read more

Install and Configure RealVNC in Linux Ubuntu 18.04 LTS

-
Image
RealVNC is a commercial company that sell VNC license for the enterprise market. However, the company allow home user to setup VNC server for personal use. The limitation is that you are only allow 5 connection. User must register an ID with the company. The configuration of your VNC will be stored on the company's server. Since RealVNC is professionally produce, it is much better compare to the open source product in Linux. The main advantage is easy configuration although there are steps to install and start the server especially on Linux platform. We do not need to worry about ip address and port number. What the server and client required is our RealVNC ID which we have created. Unlike the default Vino server that comes with Ubuntu, RealVNC will start without user login. The system is created with security in mind. Encryption is done transparently without any intervention from user. We will be showing a simple guide on how to install and Configure RealVNC Connect (serv
Read more