Unattended upgrades

Debian-derived

Debian uses the following:

• Timers manager: systemd
• Package manager: APT

The apt package installs timers which kick off a service which runs a script which runs unattended-upgrade if it is installed:

# `apt`
apt-daily{,-upgrade}.timer
apt-daily{,-upgrade}.service
/usr/lib/apt/apt.systemd.daily {update,install}
# `unattended-upgrades`
unattended-upgrade {--download-only,}

Timers

systemctl cat 'apt-daily*.timer'

The timers are Persistent, which means if the timer missed its OnCalendar (e.g. because the system was powered down) it will be triggered immediately (e.g. on next boot). Note that any RandomizedDelaySec delay still applies.

Note that the OnCalendar and RandomizedDelaySec of apt-daily.timer combine to make the downloading of packages occur randomly throughout the entire day, presumably to spread the load on package repositories. Installing packages, apt-daily-update.timer, is done at the start of every day with a smaller one hour delay to not kick off installation immediately after boot.

See Calendar Events for the syntax of OnCalendar.

Packages

/var/lib/dpkg/info/unattended-upgrades.postinst creates

/etc/apt/apt.conf.d/20auto-upgrades
/etc/apt/apt.conf.d/50unattended-upgrades

as copies of files of the same names from /usr/share/unattended-upgrades/.

The variables configure therein

# `20auto-upgrades`
apt-config dump APT::Periodic
# `50unattended-upgrades`
apt-config dump Unattended-Upgrade

is picked up by /usr/bin/unattended-upgrade.

History

To see when the timer was last triggered, and when the service was last started/exited, run:

systemctl show apt-daily-upgrade.timer   --property LastTriggerUSec
systemctl show apt-daily-upgrade.service --property ExecMainStartTimestamp
systemctl show apt-daily-upgrade.service --property ExecMainExitTimestamp

Systemd stores timer timestamps in /var/lib/systemd/timers/.

Logs can be found in /var/log/unattended-upgrades/.

openSUSE

TODO: This is a dump from another document, clean it up.

• os-update
• rebootmgr

sudo zypper install os-update rebootmgr
config()
{
    file="$1"; shift
    sudo mkdir -p "$(dirname "$file")"
    printf '%s\n' "$@" | sudo tee "$file"
}
# Persist time of last run and "catch up" if any run was missed.
config '/etc/systemd/system/os-update.timer/override.conf' \
    '[Timer]' \
    'Persistent=true'
# Automatic reboots are too disruptive on desktop systems.
config '/etc/rebootmgr/rebootmgr.conf' \
    '[rebootmgr]' \
    'strategy=off'

• (transactional-update is not recommended for mutable filesystems. There is also the third-party atomic-update, but we don’t use it.)