#25. Kevin on 21 February 2010

Since Jaunty Ubuntu has out of the box solutions for this. You'll even get offered automatic security updates during installation nowadays. Please go and use that instead of this manual hack - Remember this article was written in 2007 :)

#24. Ed Weber on 04 February 2010

A number of people reported failed updates due to path issues and ldconfig and other programs not being found. Does this article need to be updated accordingly?

#23. Stephen on 17 January 2010

I have just tried running this manually with the addition to fire me an email once completed. This particular machine had NEVER been updated since I installed it (Due to laziness) so I figured the automatic approach would be good. However, I got a minor FAIL after updating Samba.

I copy/pasted the cron line (Excluding the times), executed, waited, and waited... Opened another shell the box and noticed that dpkg was still running with high (but varying) CPU use and new PIDs. Excellent. However, after all was done, load dropped, my prompt was not returning, so wondering WTH?

Pressed ENTER a few times in the shell running the script, waited a few seconds, then found in the email:
... [more]

Package configuration Samba Server

A new version of configuration file /etc/samba/smb.conf is available, but the version installed currently has been locally modified. What would you like to do about smb.conf?

install the package maintainer's version
keep the local version currently installed
show the differences between the versions
show a side-by-side difference between the versions
show a 3-way difference between available versions
do a 3-way merge between available versions (experimental)
start a new shell to examine the situation

So really, I don't know which option I selected. There was a bunch of extra ANSI cursor control characters in the email as well, so I can only assume that the option was a highlight bar, and I don't know what option I selected. ;)

This presents two problems.

First, this will never complete as something in the install script is asking for user input, and from watching TOP, I couldn't exactly tell what specifically.

Second, updates won't continue because the system will see that there is a lock file and won't continue to update.

#22. Han on 17 January 2010

How do you like this solution?
~% cat /etc/cron.daily/automaticUpdates
#!/bin/sh
exec >> /var/log/auto_update.log 2>&1
if /usr/bin/aptitude update; then
... [more] /usr/bin/aptitude -y safe-upgrade
fi

#21. Kevin on 13 December 2009

@ Johan Barelds: They didn't at the time, but do now for security updates: https://help.ubuntu.com/community/AutomaticSecurityUpdates

Which I think is great.

#20. Johan Barelds on 09 December 2009

Good article Kevin! I stil find it amazing that Ubuntu (who is aiming for enterprise users) don't deliver a decent out-of-the-box auto-update mechanisme.
But for that they have Kevin..:-)

#19. Kevin on 08 November 2009

@ Sid: sudo can't handle that syntax. leave out either sudo or those parenthesis

#18. Sid on 04 November 2009

on Ubuntu 9.04 (Jaunty) server, I executed

sudo (/usr/bin/aptitude -y update && /usr/bin/aptitude -y safe-upgrade) 2>&1 >> /var/log/auto_update.log

and getting the following error:
... [more]
-bash: syntax error near unexpected token `/usr/bin/aptitude'

Is it because it's not meant to be executed like that?

#17. Kevin on 17 September 2009

@ Enrico: Well I already setup my crontab as root, so for me there was no need, but yeah you could do it that way as well. The user is optional.

@ Ron: For untrusted packages something like this should work:

aptitude -o Aptitude::Cmdline::ignore-trust-violations=true -y update

#16. Ron on 10 September 2009

Great article and just what I need BUT a problem:
System = Ubuntu 9.04

Log shows following:
************* clip *************
... [more] Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

wine-gecko

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Abort.
********** end clip **************

Problem is that the -y does not answer yes to the last prompt and the update just sits.

I confirmed this by running the commands manually in terminal ... it needs a " yes " and does not respond to a " y "

#15. Enrico on 09 September 2009

Nice article, it helped me a lot. But shouldn't crontab require the user executing the scheduled command? maybe the line should be like this....

0 1 * * * root (/usr/bin/aptitude -y update && /usr/bin/aptitude -y safe-upgrade) 2>&1 >> /var/log/auto_update.log

In my ubuntu system i also had to " touch /var/log/auto_update.log"
... [more]
Am i on the light side of the Force or maybe too much tired? ;)

#14. Kevin on 25 February 2009

@ Mike: Yeah that's often true. Full paths to the binaries should work as well

#13. Mike on 22 February 2009

I think I need to amend this to run a script instead as I get the following in my auto_update.log:

dpkg: `ldconfig' not found on PATH.
dpkg: `start-stop-daemon' not found on PATH.
dpkg: `install-info' not found on PATH.
... [more] dpkg: `update-rc.d' not found on PATH.
dpkg: 4 expected program(s) not found on PATH.
NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin.

Looking around on the net it looks like my solution is a script that begins like this:

#!/bin/bash

PATH="$PATH:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"

At least (I am hoping that this will work) ...

#12. Tichy on 15 February 2009

Very helpful article for a n00b, thank you :)

#11. Kevin on 18 July 2008

@ Jonas: Thanks for letting me know. I've updated the article according to your notes.

#10. Jonas on 01 July 2008

Very useful article - thanks.

Note that the "upgrade" option has been deprecated in favor of "safe-upgrade" (which aptitude was kind enough to let me know when I ran your command).

#9. Kevin on 17 May 2008

@ gasull: You have to specify what language. text or bash would do the trick. But your point is clear, I'll update the article! Thanks

#8. gasull on 17 May 2008

[code]sudo crontab -e[/code]

#7. alex on 17 August 2007

P.S. I usually include "aptitude clean" as well as all the traffic goes through apt-cacher.

#6. alex on 17 August 2007

You may use "&>" to redirect both stdout and stderr.

#5. Kevin on 08 August 2007

Hi Tim, because aptitude has better dependency resolving capabilities.

#4. Tim on 08 August 2007

This maybe a stupid question, but why do you use aptitude and not apt-get?

#3. Ubuwu on 31 July 2007

If you only want security updates, it is easier to just install the unattended-upgrades package.

#2. Kevin on 30 July 2007

Hi Ross, no problem. I don't use wordpress, I wrote this blogging tool myself. Cheers!

#1. Ross on 30 July 2007

heya -

Sorry to abuse your comment form like this but I couldn't find an (obvious) 'contact me' link.. For your "Links" section (http://kevin.vanzonneveld.net/links/) do you use a wordpress plugin for that? If so, which one? Cheers!