Unattended apt-get dist-upgrade
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Unattended apt-get dist-upgrade
Hi,
I am new here, I wanted a more minimalistic / snappy version of Ubuntu so I tried Mint and I am SOLD!
I am trying to deploy a unattended upgrade so I run apt-get dist-upgrade -y, but that still gives me the question about configuration files "Package distributor has shipped an updated version...." which I need to answer.
Any ideas on how to make this fully automatic? As a note I am gonna deploy this on a test unit before sending it out, to make sure nothing breaks. Just need it fully automatic.
Thanks for reading
I am new here, I wanted a more minimalistic / snappy version of Ubuntu so I tried Mint and I am SOLD!
I am trying to deploy a unattended upgrade so I run apt-get dist-upgrade -y, but that still gives me the question about configuration files "Package distributor has shipped an updated version...." which I need to answer.
Any ideas on how to make this fully automatic? As a note I am gonna deploy this on a test unit before sending it out, to make sure nothing breaks. Just need it fully automatic.
Thanks for reading
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Unattended apt-get dist-upgrade
Hi,
witch version of Mint are you using? Debian or ubuntu?
witch version of Mint are you using? Debian or ubuntu?
Re: Unattended apt-get dist-upgrade
Hope this is really just a test, because it is a very bad idea.deploy a unattended upgrade so I run apt-get dist-upgrade -y
"unattended-upgrades" may be only used safely for security updates and "dist-upgrade" should be avoided since Mint uses a mix of repos and the notion of "upgrade stability levels". MintUpdate is the right way of updating.
Re: Unattended apt-get dist-upgrade
I am using the Ubuntu version.
Yeah I know I could potentially break something, but as I said I am gonna run it on a test system first. All systems are exactly the same. Care to elaborate on a safer way to manage updating remotely? Without user interaction? Keep track of the updates available and make scripts installing the safe and tested ones only?
Another question I came to think of regarding security updates, if I set up unattended-upgrades for security updates. Will it ever restart after installing updates like Windows, prompt the user or anything like that?
Still interested in an answer to the initial question thou, however I would probably rather do upgrade then dist-upgrade.
Yeah I know I could potentially break something, but as I said I am gonna run it on a test system first. All systems are exactly the same. Care to elaborate on a safer way to manage updating remotely? Without user interaction? Keep track of the updates available and make scripts installing the safe and tested ones only?
Another question I came to think of regarding security updates, if I set up unattended-upgrades for security updates. Will it ever restart after installing updates like Windows, prompt the user or anything like that?
Still interested in an answer to the initial question thou, however I would probably rather do upgrade then dist-upgrade.
Re: Unattended apt-get dist-upgrade
never really tried it on Mint but on standard Ubuntu I used some of the tips given here
http://askubuntu.com/questions/250733/c ... se-upgrade
depending on the type of the packages being upgraded I had some times to do a dpkg-reconfigure (minor issues)
http://askubuntu.com/questions/250733/c ... se-upgrade
depending on the type of the packages being upgraded I had some times to do a dpkg-reconfigure (minor issues)
Re: Unattended apt-get dist-upgrade
The safest way IMO is to centralize all updates on a local server with these guidelines:
1/ create a local update repo using whichever method is best for you => https://wiki.debian.org/HowToSetupADebianRepository
("my" method is dpkg-scanpackages with a daily cron)
2/ use a test computer connected to the actual Internet repos to download, validate and approve updates/upgrades
3/ copy/move downloaded packages that are approved for updates/upgrades to the local repo
4/ modify the apt sources lists to force all other computers to use this unique offline local (LAN) repository which is only fed with approved updates and install/setup unattended-upgrade on these computers in order to automatically update/ugrade them on schedule (weekly, for example)
5/ this implies that no computer can install software from the Internet, including from official repos, and then that no user is granted admin rights on the computers => only the local sysadmin can temporarily change sources in order to install new software
1/ create a local update repo using whichever method is best for you => https://wiki.debian.org/HowToSetupADebianRepository
("my" method is dpkg-scanpackages with a daily cron)
2/ use a test computer connected to the actual Internet repos to download, validate and approve updates/upgrades
3/ copy/move downloaded packages that are approved for updates/upgrades to the local repo
4/ modify the apt sources lists to force all other computers to use this unique offline local (LAN) repository which is only fed with approved updates and install/setup unattended-upgrade on these computers in order to automatically update/ugrade them on schedule (weekly, for example)
5/ this implies that no computer can install software from the Internet, including from official repos, and then that no user is granted admin rights on the computers => only the local sysadmin can temporarily change sources in order to install new software
No. The default is "no message + no reboot". Basically a reboot may be only useful if you updated/upgraded the kernel, in order to load the new one.Another question I came to think of regarding security updates, if I set up unattended-upgrades for security updates. Will it ever restart after installing updates like Windows, prompt the user or anything like that?
Re: Unattended apt-get dist-upgrade
On an unmanaged machine, the safest alternate way to update/upgrade whether you use MintUpdate or not is:
1/ "unattended-upgrades" configured for security updates only
2/ "apt-get upgrade" (or "aptitude upgrade") if you prefer to perform manual updates for mundane software instead of using MintUpdate
1/ "unattended-upgrades" configured for security updates only
2/ "apt-get upgrade" (or "aptitude upgrade") if you prefer to perform manual updates for mundane software instead of using MintUpdate
Re: Unattended apt-get dist-upgrade
Thanks for all the info guys, really appreciated!
So if I set up a local repo and configure unattended-upgrades to install everything, removing the online sources and using only the local repo. Would all the updates be truly unattended without any user interaction? Would the updated packages replace any configs automatically or would they end up somewhere else and have to be moved manually?
So if I set up a local repo and configure unattended-upgrades to install everything, removing the online sources and using only the local repo. Would all the updates be truly unattended without any user interaction? Would the updated packages replace any configs automatically or would they end up somewhere else and have to be moved manually?
Re: Unattended apt-get dist-upgrade
The default Debian behaviour is to not overwrite existing config files (then avoiding to thwart some configs that may have taken much time to set). The new config files will have a ".dpkg-new" suffix, giving you chances to compare the differences in default settings brought with the update/upgrade of the package.
However an automated and scheduled "unattended-upgrade" will not be able to do more than what a manual "apt-get upgrade" would do: it won't install new packages or do nothing if packages conflicts arise. In the context of a local repo for approved updates, overall risks of regressions with other packages than those updated for security fixes should be minimized.
Also, the test machine used for packages approval should have the package apt-listchanges installed. This will automatically fetch the changelog information provided by the devs and the packagers about the major changes that may have been made with a new version of an updated package (aside from which bugs have been fixed).
However an automated and scheduled "unattended-upgrade" will not be able to do more than what a manual "apt-get upgrade" would do: it won't install new packages or do nothing if packages conflicts arise. In the context of a local repo for approved updates, overall risks of regressions with other packages than those updated for security fixes should be minimized.
Also, the test machine used for packages approval should have the package apt-listchanges installed. This will automatically fetch the changelog information provided by the devs and the packagers about the major changes that may have been made with a new version of an updated package (aside from which bugs have been fixed).
Re: Unattended apt-get dist-upgrade
I see, thanks again for that info.
I think I am gonna set up a local repo, but meanwhile I was planning to configure unattended-upgrades to install security updates.
In 50unattended-upgrades file is "${distro_id} ${distro_codename}-security"; enough or should I add for example "Ubuntu:trusty-security", is this how you would normally do it? Is it somewhat safe to install those security updates or should i fetch some other packages?
I guessed that since "${distro_id} ${distro_codename}-security" didn't return anything on a fresh install there are none released and I should use Ubuntu trusty for security updates?
I think I am gonna set up a local repo, but meanwhile I was planning to configure unattended-upgrades to install security updates.
In 50unattended-upgrades file is "${distro_id} ${distro_codename}-security"; enough or should I add for example "Ubuntu:trusty-security", is this how you would normally do it? Is it somewhat safe to install those security updates or should i fetch some other packages?
I guessed that since "${distro_id} ${distro_codename}-security" didn't return anything on a fresh install there are none released and I should use Ubuntu trusty for security updates?
Re: Unattended apt-get dist-upgrade
Since there is no "Linuxmint: qiana-security" you must indeed use "Ubuntu: trusty-security" as you already guessed.
It is.Is it somewhat safe to install those security updates ?