Running it for the first time, it seams to work well. It upgraded the packages and send me an e-mail. Here are the config files I used:
/etc/apt/apt.conf.d/02periodic:
1 2 3 4 5 6 | APT::Periodic::Enable "1"; APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "5"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::RandomSleep "3600"; |
/etc/apt/apt.conf.d/50unattended-upgrades:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | // Automatically upgrade packages from these (origin, archive) pairs Unattended-Upgrade::Allowed-Origins { "${distro_id} stable"; "${distro_id} ${distro_codename}-security"; // "${distro_id} ${distro_codename}-updates"; // "${distro_id} ${distro_codename}-proposed-updates"; }; // List of packages to not update Unattended-Upgrade::Package-Blacklist { // "vim"; // "libc6"; // "libc6-dev"; // "libc6-i686"; }; // Send email to this address for problems or packages upgrades // If empty or unset then no email is sent, make sure that you // have a working mail setup on your system. The package 'mailx' // must be installed or anything that provides /usr/bin/mail. Unattended-Upgrade::Mail "root@localhost"; // Do automatic removal of new unused dependencies after the upgrade // (equivalent to apt-get autoremove) //Unattended-Upgrade::Remove-Unused-Dependencies "false"; // Automatically reboot *WITHOUT CONFIRMATION* if a // the file /var/run/reboot-required is found after the upgrade Unattended-Upgrade::Automatic-Reboot "false"; // Use apt bandwidth limit feature, this example limits the download // speed to 70kb/sec //Acquire::http::Dl-Limit "70"; |
And here is the kind of report e-mail you get:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | Unattended upgrade returned: True Packages that are upgraded: bind9-host dnsutils isc-dhcp-client isc-dhcp-common libbind9-60 libdns69 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 libxml2 Package installation log: (Reading database ... 23943 files and directories currently installed.) Preparing to replace isc-dhcp-client 4.1.1-P1-15+squeeze3 (using .../isc-dhcp-client_4.1.1-P1-15+squeeze6_amd64.deb) ... Unpacking replacement isc-dhcp-client ... Preparing to replace isc-dhcp-common 4.1.1-P1-15+squeeze3 (using .../isc-dhcp-common_4.1.1-P1-15+squeeze6_amd64.deb) ... Unpacking replacement isc-dhcp-common ... Preparing to replace libk5crypto3 1.8.3+dfsg-4squeeze5 (using .../libk5crypto3_1.8.3+dfsg-4squeeze6_amd64.deb) ... Unpacking replacement libk5crypto3 ... Preparing to replace libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 (using .../libgssapi-krb5-2_1.8.3+dfsg-4squeeze6_amd64.deb) ... Unpacking replacement libgssapi-krb5-2 ... Preparing to replace libkrb5-3 1.8.3+dfsg-4squeeze5 (using .../libkrb5-3_1.8.3+dfsg-4squeeze6_amd64.deb) ... Unpacking replacement libkrb5-3 ... Preparing to replace libkrb5support0 1.8.3+dfsg-4squeeze5 (using .../libkrb5support0_1.8.3+dfsg-4squeeze6_amd64.deb) ... Unpacking replacement libkrb5support0 ... Preparing to replace libxml2 2.7.8.dfsg-2+squeeze4 (using .../libxml2_2.7.8.dfsg-2+squeeze5_amd64.deb) ... Unpacking replacement libxml2 ... Preparing to replace bind9-host 1:9.7.3.dfsg-1~squeeze5 (using .../bind9-host_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement bind9-host ... Preparing to replace dnsutils 1:9.7.3.dfsg-1~squeeze5 (using .../dnsutils_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement dnsutils ... Preparing to replace libisc62 1:9.7.3.dfsg-1~squeeze5 (using .../libisc62_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement libisc62 ... Preparing to replace libdns69 1:9.7.3.dfsg-1~squeeze5 (using .../libdns69_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement libdns69 ... Preparing to replace libisccc60 1:9.7.3.dfsg-1~squeeze5 (using .../libisccc60_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement libisccc60 ... Preparing to replace libisccfg62 1:9.7.3.dfsg-1~squeeze5 (using .../libisccfg62_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement libisccfg62 ... Preparing to replace liblwres60 1:9.7.3.dfsg-1~squeeze5 (using .../liblwres60_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement liblwres60 ... Preparing to replace libbind9-60 1:9.7.3.dfsg-1~squeeze5 (using .../libbind9-60_1%3a9.7.3.dfsg-1~squeeze6_amd64.deb) ... Unpacking replacement libbind9-60 ... Processing triggers for man-db ... Setting up isc-dhcp-common (4.1.1-P1-15+squeeze6) ... Setting up isc-dhcp-client (4.1.1-P1-15+squeeze6) ... Setting up libkrb5support0 (1.8.3+dfsg-4squeeze6) ... Setting up libk5crypto3 (1.8.3+dfsg-4squeeze6) ... Setting up libkrb5-3 (1.8.3+dfsg-4squeeze6) ... Setting up libgssapi-krb5-2 (1.8.3+dfsg-4squeeze6) ... Setting up libxml2 (2.7.8.dfsg-2+squeeze5) ... Setting up libisc62 (1:9.7.3.dfsg-1~squeeze6) ... Setting up libdns69 (1:9.7.3.dfsg-1~squeeze6) ... Setting up libisccc60 (1:9.7.3.dfsg-1~squeeze6) ... Setting up libisccfg62 (1:9.7.3.dfsg-1~squeeze6) ... Setting up libbind9-60 (1:9.7.3.dfsg-1~squeeze6) ... Setting up liblwres60 (1:9.7.3.dfsg-1~squeeze6) ... Setting up bind9-host (1:9.7.3.dfsg-1~squeeze6) ... Setting up dnsutils (1:9.7.3.dfsg-1~squeeze6) ... Unattended-upgrades log: Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ["('Debian', 'stable')", "('Debian', 'squeeze-security')"] Packages that are upgraded: bind9-host dnsutils isc-dhcp-client isc-dhcp-common libbind9-60 libdns69 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 libxml2 Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2012-08-05_06:33:13.547920.log' All upgrades installed |
If I could just shake off the feeling that one day a broken update will get pushed into the repositories and take down all the servers at once ;)