Ubuntu enable or disable automatic update

 This article passed the test on Ubuntu Server 20.04.

Generally, Ubuntu Server will not perform system updates outside of security in order to be stable. However, even if you only update security-related packages, it may cause Server problems. To be on the safe side, many people will choose to completely turn off the automatic update of Ubuntu Server and perform manual updates and maintenance. Whether or not to update automatically, there is actually no certain answer, it depends on the application of Server. It is generally believed that turning on automatic updates can enjoy relatively real-time security updates, thereby enhancing the security of the system; and turning off all updates can avoid incompatibility problems of programs running on the server due to changes in the system package version , And then improve the stability of the system.

This article will introduce the way to turn on and off the automatic update of Ubuntu Server, as well as the way to manually use the instruction update.

Auto update

The automatic update of Ubuntu Server relies on the APT package management tool it uses. By setting the APT configuration file, the automatic update of Ubuntu can be realized. The directory of the APT configuration file is "/etc/apt/apt.conf.d/". The name of the configuration file must start with a two-digit decimal value, indicating the order in which the configuration file is loaded. Therefore, the settings read later File, it may overwrite the settings of the previously read configuration file.

There are four main setting items related to automatic update:

APT::Periodic::Update-Package-Lists

The period of automatic update of the package library list (apt update), in days. Set to 0, it means that this function is not automatically enabled.

APT::Periodic::Download-Upgradeable-Packages

The cycle of automatically downloading updateable packages (apt upgrade -d), in days. Set to 0, it means that this function is not automatically enabled.

APT::Periodic::AutocleanInterval

Specify the period of apt autoclean to automatically clean up packages that are currently unavailable for download, but have been downloaded previously, in days. Set to 0, it means that this function is not automatically enabled.

APT::Periodic::Unattended-Upgrade

Use with the package "unattended-upgrades". Specify the period for automatically downloading and installing packages (similar to apt upgrade), in days.

Ubuntu Server usually has a built-in "unattended-upgrades" package, if not, you can use the following command to install:

sudo apt install unattended-upgrades

Once you have the "unattended-upgrades" package and enable "APT::Periodic::Unattended-Upgrade", you can set the "Unattended-Upgrade::Allowed-Origins" block in the APT configuration file to specify the automatic update What types of kits are installed.

The default settings are as follows:

Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}"; // The default software source of the release (usually unchanged)
"${distro_id}:${distro_codename}-security" ; // Security update
"${distro_id}ESMApps:${distro_codename}-apps-security"; // Paid extension app update for the expired LTS version
"${distro_id}ESM:${distro_codename}"; / / Paid extended security updates for the expired LTS version
// "${distro_id}:${distro_codename}-updates"; // Officially recommended software updates (function updates, bug fixes, etc.)
// "${distro_id }:${distro_codename}-proposed"; // Software update not yet officially recommended
// "${distro_id}:${distro_codename}-backports"; // New software update for older versions of Ubuntu
};

After installing the "unattended-upgrades" package, there will be an additional "50unattended-upgrades" configuration file in the "/etc/apt/apt.conf.d" directory, which contains the "Unattended-Upgrade::Allowed-Origins" block Settings. The "default software source of the release" and "security update" (including ESM) are enabled by default. Usually, you can use the default values, which is the most balanced choice.

Use the "unattended-upgrades" package to turn automatic updates on or off

After installing the "unattended-upgrades" package, you can execute the following command to set the automatic update on or off:

sudo dpkg-reconfigure -plow unattended-upgrades

Select "Yes" to enable automatic update, including the function of enabling automatic update of the package library list. Select "No" to turn off the automatic update, including the function of turning off the automatic update package library list.

ubuntu-server-auto-upgrade

This action will generate a "20auto-upgrades" file in the "/etc/apt/apt.conf.d" directory, and add "APT::Periodic::Update-Package-Lists" and "APT::Periodic:: "Unattended-Upgrade" is preset to "1" (day). To customize the automatic update cycle, you can edit this file.

ubuntu-server-auto-upgrade

After manually editing this file, if you use the following command again to set the automatic update on or off:

sudo dpkg-reconfigure -plow unattended-upgrades

The following screen may appear, asking the user to choose whether to keep the original settings. If it was originally set to enable, but then manually changed the number of days in the configuration file to 0, and then set it to enable again with a command, nothing would happen and the number of days would remain 0.

There may be a default Ubuntu (not from the "unattended-upgrades" package) "10periodic" configuration file in the "/etc/apt/apt.conf.d" directory. In this configuration file, there will be "APT: :Periodic::Update-Package-Lists", "Download-Upgradeable-Packages" and "APT::Periodic::AutocleanInterval" these three setting items. Since the "20auto-upgrades" file of the "unattended-upgrades" package does not overwrite the two setting items "Download-Upgradeable-Packages" and "APT::Periodic::AutocleanInterval", it is necessary to modify these two settings For items, you still have to edit the "10periodic" profile.

Manual update of Ubuntu Server

You can use apt or apt-get.

Update the package library list:
sudo apt update

Update all packages:
sudo apt upgrade

Update all packages according to dependencies:
sudo apt dist-upgrade

The update includes all packages related to the system (not recommended to be used on servers that are already online):
sudo apt full-upgrade

List all currently available packages:
sudo apt upgrade --just-print

To list all currently available security packages:
sudo apt upgrade –just-print | awk'tolower($4) ~ /. security. / || tolower($5) ~ /. security. / {print $2}' | sort | uniq

Combining the above command and "apt install", the following command can only update the security package:
sudo apt install –only-upgrade $(sudo apt upgrade –just-print | awk'tolower($4) ~ /. security. / || tolower($5) ~ /. security. / {print $2}' | sort | uniq)

Add the "–only-upgrade" parameter to "apt install" to avoid installing directly to the new package.

Most of the time, the online server can be updated by using directly update, upgrade, and dist-upgrade three instructions in a row. The risk is extremely low.

Comments

Post a Comment

Popular posts from this blog

Getting started with Gradle-Grovvy language foundation

Image
  Why learn Grovvy The official recommended language of Gradle is Groovy, which is a jvm language. If you want to perform plug-in modules, hot repairs, complex construction systems, etc., you need a little understanding of Groovy. You don't need to learn the details of Groovvy. Generally, the benefits are too great. Low, like bloggers only use Gradle to build SpringBoot, and the main project language is not Groovy. There are quite a few Gradle users who have no basic concepts at all. Whenever they encounter a need or problem, they need to find it online. This is a misunderstanding. Gradle is not just a configuration script, I personally think that behind it is a combination of two languages: Groovy Language + Gradle DSL The DSL part can also be expanded. If you are using the Android ecosystem, there will also be Android DSL, a total of three. The full name of DSL is Domain Specific Language, that is, "domain specific language", which means that this language is not univer...
Read more

Gradle configuration Spring multi-project test

  For projects with multiple Gradle projects, if the main project is executing unit test, other sub-projects will be executed together, and some advanced settings are required. First refer to another article, use eclipse to configure two SpringBoot projects: lab-springboot, library1. Gradle references the level project First, modify the build.gradle of library1 and add these codes at the bottom of the file: configurations { // Gradle DSL // The names of the configurations which this configuration extends from. testOutput.extendsFrom (testImplementation) } task jarTest (type: Jar, dependsOn: testClasses) { from sourceSets.test.output classifier = 'test' // The classifier distinguishes different artifacts build from the same project. } artifacts { testOutput jarTest } Then modify the build.gradle of lab-springboot and add these codes at the bottom of the file. Note that there may be other codes in the dependencies: dependencies { im...
Read more