Enable automatic updates from command line

Solution 1:

Unattended upgrades are enabled by default in all Ubuntu releases 16.04 and newer.

There are three easy ways to tell if the unattended-upgrades package is installed and working.

  1. See if the package is installed. Look for "[installed]" at the end of the bottom line of output.

    $ apt list unattended-upgrades Listing... Done unattended-upgrades/cosmic-updates,cosmic-updates,now 1.5ubuntu3.18.10.1 all [installed]

  2. Check the apt timestamps for unattended-upgrades activity. Look for a timestamp by unattended-upgrades within the past day or two:

    $ ls -la /var/lib/apt/periodic/ total 8 drwxr-xr-x 2 root root 4096 Sep 15 2017 . drwxr-xr-x 5 root root 4096 Jan 1 08:24 .. -rw-r--r-- 1 root root 0 Jan 10 07:54 download-upgradeable-stamp -rw-r--r-- 1 root root 0 Jan 10 07:51 unattended-upgrades-stamp -rw-r--r-- 1 root root 0 Jan 10 07:52 update-stamp -rw-r--r-- 1 root root 0 Jan 10 07:53 update-success-stamp -rw-r--r-- 1 root root 0 Jan 10 07:55 upgrade-stamp

  3. Check the apt settings to see if Unattended Upgrades is turned on ("1") or off ("0"):

    $ grep Unattended-Upgrade /etc/apt/apt.conf.d/20auto-upgrades APT::Periodic::Unattended-Upgrade "1";

The repositories that unattended-upgrades uses are listed in /etc/apt/apt.conf.d/50unattended-upgrade.

  • The -security repository is enabled by default in all releases of Ubuntu.
  • Adding other Ubuntu repositories is trivial: Simply uncomment the appropriate line.
  • Enabling -backports is discouraged, those packages are not fully tested.
  • Enabling -proposed is STRONGLY DISCOURAGED, as those packages can be very risky.

If unattended-upgrades is installed and turned on, it will run daily whether you want it to or not. Only the GUI provides the option to change the period.

After you make changes you do not need to restart your system. Apt runs once daily at a random time, and reloads the configs and sources anew each time.

Solution 2:

If you're using the unattended-upgrades package and it's already installed, then according to Ubuntu's Community Help Wiki on AutomaticSecurityUpdates (FYI it also has info on using GNOME Update Manager, cron and aptitude, and cron-apt):

Determining the current configuration

The current configuration can be queried by running:

apt-config dump APT::Periodic::Unattended-Upgrade

Which will produce output like:

APT::Periodic::Unattended-Upgrade "1";

In this example, Unattended Upgrade will run every 1 day. If the number is "0" then unattended upgrades are disabled.

The files in /etc/apt/apt.conf.d/ are evaluated in lexicographical order with each file capable of overriding values set in earlier files. This makes it insufficient to view the setting in /etc/apt/apt.conf.d/20auto-upgrades and why it is recommended to use apt-config.


To enable it, do:

sudo dpkg-reconfigure --priority=low unattended-upgrades

(it's an interactive dialog) which will create /etc/apt/apt.conf.d/50unattended-upgrades. And /etc/apt/apt.conf.d/20auto-upgrades with the following contents:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Details about what these values mean may be found in the header of the /etc/cron.daily/apt file.

If you're absolutely sure you wouldn't miss out on anything else dpkg-reconfigure does (I'm not sure the above is an exhaustive list), you could just create/edit the above files.

Or instead of the above, according to the Debian wiki on UnattendedUpgrades:

Automatic call via /etc/apt/apt.conf.d/02periodic

Alternatively, you can also create the apt configuration file /etc/apt/apt.conf.d/02periodic to activate unattended-upgrades:

Below is an example /etc/apt/apt.conf.d/02periodic:

// Control parameters for cron jobs by /etc/cron.daily/apt-compat //

// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "21";


// Send report mail to root
//  0: no report         (or null string)
//  1: progress report   (actually any string)
//  2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
//  3: + trace on
APT::Periodic::Verbose "2";

Manual run (for debugging)

To aid debugging you may need to run unattended-upgrades manually thus:

sudo unattended-upgrade -d

See Also

  • /usr/share/doc/unattended-upgrades/README.md.gz
  • /usr/share/doc/apt/examples/configure-index.gz
  • /etc/cron.daily/apt
  • apt.conf(5)

Also, some more info you might be interested in:

Related systemd files

Because Debian is using the systemd system, it has timers defined for APT use, these files are provided by the apt package.
The relevant files are:

  • Used for downloads: /lib/systemd/system/apt-daily.timer
    • override with /etc/systemd/system/apt-daily.timer.d/override.conf
  • Used for upgrading: /lib/systemd/system/apt-daily-upgrade.timer
    • override with /etc/systemd/system/apt-daily-upgrade.d/override.conf

You can override these settings using local override files as shown above, creating the missing parts if non-existent yet.

Here is an example of how to override the download time to 1AM using /etc/systemd/system/apt-daily.timer.d/override.conf :

[Timer]
OnCalendar=
OnCalendar=01:00

Line #2 above is needed to reset (empty) the default value shown below in line #5.

The default in /lib/systemd/system/apt-daily.timer is (at moment of this writing):

[Unit]
Description=Daily apt download activities

[Timer]
OnCalendar=*-*-* 6,18:00
RandomizedDelaySec=12h
Persistent=true

[Install]
WantedBy=timers.target