I’m wondering who starts unattended-upgrades in my debian-jessie:
-
my man page
DESCRIPTION This program can download and install security upgrades automatically and unattended, taking care to only install packages from the config‐ ured APT source, and checking for dpkg prompts about configuration file changes. All output is logged to /var/log/unattended-upgrades.log. This script is the backend for the APT::Periodic::Unattended-Upgrade option and designed to be run from cron (e.g. via /etc/cron.daily/apt).
-
But my crontab doesn’t show anything by crontab command:
@stefano:/etc/cron.daily$ crontab -l no crontab for stefano # crontab -l no crontab for root
-
But my unattended-upgrade work fine!(my unattended-upgrades log file) :
2017-02-05 12:42:42,835 INFO Initial blacklisted packages: 2017-02-05 12:42:42,866 INFO Initial whitelisted packages: 2017-02-05 12:42:42,868 INFO Starting unattended upgrades script 2017-02-05 12:42:42,870 INFO Allowed origins are: ['o=Debian,n=jessie', 'o=Debian,n=jessie-updates', 'o=Debian,n=jessie-backports', 'origin=Debian,codename=jessie,label=Debian-Security'] 2017-02-05 12:43:15,848 INFO No packages found that can be upgraded unattended
Where do I have to check/modify if I want to change my schedule?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
With Debian 9 (stretch) and Debian 10 (buster), the schedule of unattended-upgrades is determined in two steps:
- The system scheduler (e.g. systemd timers or cron/anacron), and
- APT::Periodic intervals.
A lower frequency in one of these will obstruct the higher frequency in the other, so be sure that settings are correct for both steps.
1. The system scheduler
The process is started by the following two systemd timers:
apt-daily.timerto update the package lists (apt-get update), andapt-daily-upgrade.timerto install the upgrades (unattended-upgrade).
(The anacron job /etc/cron.daily/apt-compat still exists, but exits if it detects systemd. See other answers or anacron documentation on changing the schedule if you don’t use systemd.)
To modify your update schedule:
$ sudo systemctl edit apt-daily.timer
This creates /etc/systemd/system/apt-daily.timer.d/override.conf. Fill it as follows, for example:
[Timer] OnCalendar= OnCalendar=01:00 RandomizedDelaySec=15m
Same for the upgrade schedule:
$ sudo systemctl edit apt-daily-upgrade.timer [Timer] OnCalendar= OnCalendar=01:30 RandomizedDelaySec=0
To check your work:
$ systemctl cat apt-daily{,-upgrade}.timer
$ systemctl --all list-timers apt-daily{,-upgrade}.timer
(Taken partly from Debian Wiki: UnattendedUpgrades.)
2. APT::Periodic intervals
No matter if you use the systemd timers or the anacron job as the system scheduler, both call the same script in the end. That script makes a new, second decision of whether it is time to run again, but now based on the intervals set in APT::Periodic. You should normally find those settings in /etc/apt/apt.conf.d/20auto-upgrades:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
I always thought the "1" value here simply meant True or On, but actually, it is the minimal interval between runs, expressed in days. If the script determines that less time has passed since the last time the requested action was performed, it will simply not perform the action, regardless of the fact that the system scheduler called for it.
With apt versions above 1.5 (Debian 10 buster) you can change the APT::Periodic values from "1" to "always". You do this once and from then on, you only need to interact with the system scheduler (systemd timer or anacron) to change the schedule.
For more details on the above, or if you want to schedule unattended-upgrades to run more than once per day, see my answer here: How to run unattended-upgrades not daily but every few hours.
Method 2
Where do I have to check/modify if I want to change my schedule?
The unattended-upgrades is configured to be applied automatically .
To verify it check the /etc/apt/apt.conf.d/20auto-upgrades file , you will get :
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
to modify it you should run the following command:
dpkg-reconfigure -plow unattended-upgrades
sample output:
Applying updates on a frequent basis is an important part of keeping
systems secure. By default, updates need to be applied manually using
package management tools.
Alternatively, you can choose to have this system automatically download
and install security updates.
Automatically download and install stable updates?
Choose NO to stop the auto update
Verify the /etc/apt/apt.conf.d/20auto-upgrades again, you should get :
APT::Periodic::Update-Package-Lists "0"; APT::Periodic::Unattended-Upgrade "0";
Edit
To run the unattended-upgrades weekly edit your /etc/apt/apt.conf.d/20auto-upgrades as follows :
APT::Periodic::Update-Package-Lists "7"; APT::Periodic::Unattended-Upgrade "1";
A detailed example can be found on Debian-Wiki : automatic call via /etc/apt/apt.conf.d/02periodic
APT::Periodic::Update-Package-Lists
This option allows you to specify the frequency (in days) at which the package lists are refreshed. apticron users can do without this variable, since apticron already does this task.
Method 3
/etc/crontab has a run-parts /etc/cron.daily line which references a folder that contains a /etc/cron.daily/apt-compat file which executes exec /usr/lib/apt/apt.systemd.daily
Method 4
anacron starts unattended-upgrades and other System-cron-jobs.
cat /etc/anacrontab # /etc/anacrontab: configuration file for anacron # See anacron(8) and anacrontab(5) for details. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin HOME=/root LOGNAME=root # These replace cron's entries 1 5 cron.daily run-parts --report /etc/cron.daily 7 10 cron.weekly run-parts --report /etc/cron.weekly @monthly 15 cron.monthly run-parts --report /etc/cron.monthly
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0