Unattended upgrades on Debian


There's a simple way of having unattended upgrades, having the possiblity to backlist packages or limit upgrades for example to security patches etc.

apt-get install unattended-upgrades apt-listchanges
dpkg-reconfigure -plow unattended-upgrades

Edit /etc/apt/apt.conf.d/50unattended-upgrades with this content:

	// Automatically upgrade packages from these origin patterns
	// In this case we install only security updates
	Unattended-Upgrade::Origins-Pattern {
	//      "o=Debian,a=stable";
	//      "o=Debian,a=stable-updates";
	//      "o=Debian,a=proposed-updates";
	        "origin=Debian,archive=stable,label=Debian-Security";
	};
	
        // Example list of packages to not update
	Unattended-Upgrade::Package-Blacklist {
	        "apache2";
	        "mysql-server";
	        "nginx";
	        "libc6";
	        "openssh-server";
	};

	// This option allows you to control if on a unclean dpkg exit
	Unattended-Upgrade::AutoFixInterruptedDpkg "true";

	// Split the upgrade into the smallest possible chunks so that
	// they can be interrupted with SIGUSR1.
	Unattended-Upgrade::MinimalSteps "true";

	// Send email to this address for problems or packages upgrades
	Unattended-Upgrade::Mail "root";

	// Set this value to "true" to get emails only on errors.
	Unattended-Upgrade::MailOnlyOnError "false";

	// Do automatic removal of new unused dependencies after the upgrade
	Unattended-Upgrade::Remove-Unused-Dependencies "false";

	// Automatically reboot after upgrade
	Unattended-Upgrade::Automatic-Reboot "false";

The unattended upgrades are launched automatically via cron.