automatic-security-updates

Automatic security updates

Installing security updates should just happen. It should not require me to initiate anything, or bother me with questions. Just do it.

For that to happen, I had to change the default configuration of dpkg (I should file a whishlist bug on dpkg for this).

  1. Configure apt-get to run dpkg so it does not bother me with a question if I want to keep your customized conffiles. This is done by putting a file in /etc/apt/apt.conf.d/ with the following content:
////// Contents of file /etc/apt/apt.conf.d/50automatic-security-installs
// Do default handling of changed conffiles (should be keep user changes)
// If default is set to do nothing, then keep user changes
Dpkg::Options {"--force-confold";};
//////////////// end of /etc/apt/apt.conf.d/50automatic-security-installs
  1. Add two cron jobs with the following (modify the time so that the servers are not flooded with requests at any particular moment). I prefer to use my normal user account and sudo, in order to ease the editing of the crontab (I can then use my emacs-server to edit the crontab).
# update the packages register at 16:00 every day.
0       16 * * */2              LANG=C sudo apt-get update
# automatically install any new security updates at 16:30 every day.
30      16 * * */2              LANG=C sudo apt-get -y dist-upgrade

comments powered by Disqus


Back to the index

Blog roll

R-bloggers, Debian Weekly
Valid XHTML 1.0 Strict [Valid RSS] Valid CSS! Emacs Muse Last modified: oktober 17, 2019