First updates with unattended-upgrades

Running it for the first time, it seams to work well. It upgraded the packages and send me an e-mail. Here are the config files I used:

/etc/apt/apt.conf.d/02periodic:

1
2
3
4
5
6
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "3600";

/etc/apt/apt.conf.d/50unattended-upgrades:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
    "${distro_id} stable";
    "${distro_id} ${distro_codename}-security";
//  "${distro_id} ${distro_codename}-updates";
//  "${distro_id} ${distro_codename}-proposed-updates";
};
 
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//  "vim";
//  "libc6";
//  "libc6-dev";
//  "libc6-i686";
};
 
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "root@localhost";
 
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
 
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";
 
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

And here is the kind of report e-mail you get:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Unattended upgrade returned: True
 
Packages that are upgraded:
 bind9-host dnsutils isc-dhcp-client isc-dhcp-common libbind9-60 
 libdns69 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 
 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 libxml2 
 
Package installation log:
(Reading database ... 23943 files and directories currently installed.)
Preparing to replace isc-dhcp-client 4.1.1-P1-15+squeeze3 (using .../isc-dhcp-client_4.1.1-P1-15+squeeze6_amd64.deb) ...
Unpacking replacement isc-dhcp-client ...
Preparing to replace isc-dhcp-common 4.1.1-P1-15+squeeze3 (using .../isc-dhcp-common_4.1.1-P1-15+squeeze6_amd64.deb) ...
Unpacking replacement isc-dhcp-common ...
Preparing to replace libk5crypto3 1.8.3+dfsg-4squeeze5 (using .../libk5crypto3_1.8.3+dfsg-4squeeze6_amd64.deb) ...
Unpacking replacement libk5crypto3 ...
Preparing to replace libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 (using .../libgssapi-krb5-2_1.8.3+dfsg-4squeeze6_amd64.deb) ...
Unpacking replacement libgssapi-krb5-2 ...
Preparing to replace libkrb5-3 1.8.3+dfsg-4squeeze5 (using .../libkrb5-3_1.8.3+dfsg-4squeeze6_amd64.deb) ...
Unpacking replacement libkrb5-3 ...
Preparing to replace libkrb5support0 1.8.3+dfsg-4squeeze5 (using .../libkrb5support0_1.8.3+dfsg-4squeeze6_amd64.deb) ...
Unpacking replacement libkrb5support0 ...
Preparing to replace libxml2 2.7.8.dfsg-2+squeeze4 (using .../libxml2_2.7.8.dfsg-2+squeeze5_amd64.deb) ...
Unpacking replacement libxml2 ...
Preparing to replace bind9-host 1:9.7.3.dfsg-1~squeeze5 (using .../bind9-host_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement bind9-host ...
Preparing to replace dnsutils 1:9.7.3.dfsg-1~squeeze5 (using .../dnsutils_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement dnsutils ...
Preparing to replace libisc62 1:9.7.3.dfsg-1~squeeze5 (using .../libisc62_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement libisc62 ...
Preparing to replace libdns69 1:9.7.3.dfsg-1~squeeze5 (using .../libdns69_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement libdns69 ...
Preparing to replace libisccc60 1:9.7.3.dfsg-1~squeeze5 (using .../libisccc60_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement libisccc60 ...
Preparing to replace libisccfg62 1:9.7.3.dfsg-1~squeeze5 (using .../libisccfg62_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement libisccfg62 ...
Preparing to replace liblwres60 1:9.7.3.dfsg-1~squeeze5 (using .../liblwres60_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement liblwres60 ...
Preparing to replace libbind9-60 1:9.7.3.dfsg-1~squeeze5 (using .../libbind9-60_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ...
Unpacking replacement libbind9-60 ...
Processing triggers for man-db ...
Setting up isc-dhcp-common (4.1.1-P1-15+squeeze6) ...
Setting up isc-dhcp-client (4.1.1-P1-15+squeeze6) ...
Setting up libkrb5support0 (1.8.3+dfsg-4squeeze6) ...
Setting up libk5crypto3 (1.8.3+dfsg-4squeeze6) ...
Setting up libkrb5-3 (1.8.3+dfsg-4squeeze6) ...
Setting up libgssapi-krb5-2 (1.8.3+dfsg-4squeeze6) ...
Setting up libxml2 (2.7.8.dfsg-2+squeeze5) ...
Setting up libisc62 (1:9.7.3.dfsg-1~squeeze6) ...
Setting up libdns69 (1:9.7.3.dfsg-1~squeeze6) ...
Setting up libisccc60 (1:9.7.3.dfsg-1~squeeze6) ...
Setting up libisccfg62 (1:9.7.3.dfsg-1~squeeze6) ...
Setting up libbind9-60 (1:9.7.3.dfsg-1~squeeze6) ...
Setting up liblwres60 (1:9.7.3.dfsg-1~squeeze6) ...
Setting up bind9-host (1:9.7.3.dfsg-1~squeeze6) ...
Setting up dnsutils (1:9.7.3.dfsg-1~squeeze6) ...
 
 
Unattended-upgrades log:
Initial blacklisted packages: 
Starting unattended upgrades script
Allowed origins are: ["('Debian', 'stable')", "('Debian', 'squeeze-security')"]
Packages that are upgraded: bind9-host dnsutils isc-dhcp-client isc-dhcp-common libbind9-60 libdns69 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 libxml2
Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2012-08-05_06:33:13.547920.log'
All upgrades installed

If I could just shake off the feeling that one day a broken update will get pushed into the repositories and take down all the servers at once ;)