How to Configure Automatic Updates in Debian 12 Bookworm

This article will guide you through the process of setting up automatic updates in Debian 12 Bookworm.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Introduction

Keeping your Debian 12 Bookworm system up to date is crucial for maintaining security, stability, and overall system performance. Manually updating your system regularly can be time-consuming, so configuring automatic updates ensures that your system remains secure and up to date without requiring constant manual intervention.

In this guide, we will walk you through the process of setting up automatic updates on Debian 12 using the unattended-upgrades package. This method allows you to automate the installation of security updates, bug fixes, and other important updates while giving you the flexibility to control which updates are applied.

Step 1: Install the Unattended-Upgrades Package

Debian provides a dedicated package called unattended-upgrades that facilitates automatic updates. To install it, open a terminal and run:

sudo apt update && sudo apt install unattended-upgrades apt-listchanges -y

The apt-listchanges package is optional but recommended as it provides summaries of package changes when updates are applied.

Step 2: Enable Unattended-Upgrades

Once the package is installed, it needs to be enabled. Run the following command to enable automatic updates:

sudo dpkg-reconfigure unattended-upgrades

A dialog box will appear asking whether you want to enable unattended-upgrades. Select Yes and press Enter.

This will create a systemd timer that periodically checks for and installs updates.

Step 3: Configure Automatic Updates

Editing the Unattended-Upgrades Configuration File

The main configuration file for unattended-upgrades is located at:

/etc/apt/apt.conf.d/50unattended-upgrades

To edit the file, use a text editor such as nano:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Inside this file, you will see a section defining which types of updates should be installed. By default, Debian security updates are enabled:

Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,codename=${distro_codename},label=Debian-Security";
};

If you want to include updates from other sources, such as Debian backports or proposed updates, modify the file accordingly. For example:

Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,codename=${distro_codename},label=Debian-Security";
    "origin=Debian,codename=${distro_codename},label=Debian";
    "origin=Debian,codename=${distro_codename}-updates,label=Debian";
};

This configuration enables updates from Debian Security, Debian Stable, and official package updates.

Configuring Automatic Reboots (Optional)

Some updates require a system reboot to take effect. To enable automatic reboots after updates, find the following lines in the configuration file and update them:

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "03:00";

This setting ensures that if a reboot is required, the system will reboot automatically at 3 AM.

Save the changes and exit the editor (for nano, press CTRL+X, then Y, and Enter).

Step 4: Schedule Automatic Updates

The unattended-upgrades package is managed by a systemd timer called apt-daily.timer and apt-daily-upgrade.timer.

To check if these timers are enabled and running, use:

systemctl status apt-daily.timer
systemctl status apt-daily-upgrade.timer

If they are inactive, enable them with:

sudo systemctl enable --now apt-daily.timer
sudo systemctl enable --now apt-daily-upgrade.timer

These timers automatically check for updates and apply them periodically.

Step 5: Manually Trigger and Test Automatic Updates

To test if the configuration is working correctly, you can manually trigger an unattended upgrade by running:

sudo unattended-upgrade -d

This command forces an immediate upgrade and provides debug output to verify that the updates are being applied correctly.

To simulate an upgrade without actually installing updates, use:

sudo unattended-upgrade --dry-run

This allows you to check which updates would be installed without making any changes to your system.

Step 6: Enable Email Notifications (Optional)

If you want to receive email notifications whenever updates are applied, edit the configuration file:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Find and modify the following line to include your email address:

Unattended-Upgrade::Mail "your-email@example.com";

Make sure your system has an email-sending service like postfix or ssmtp installed and configured to send outgoing emails.

Step 7: Review Logs for Automatic Updates

To verify that automatic updates are running successfully, check the logs:

cat /var/log/unattended-upgrades/unattended-upgrades.log

Additionally, you can check the system journal for APT-related logs:

journalctl -u unattended-upgrades --since "1 day ago"

This helps diagnose any issues related to the automatic update process.

Conclusion

Setting up automatic updates on Debian 12 Bookworm is a simple yet effective way to keep your system secure and up to date. By using the unattended-upgrades package, you can automate security updates, regular package updates, and even configure automatic reboots if necessary.

By following the steps outlined in this guide, you can ensure that your Debian system stays up to date without manual intervention, providing peace of mind and improved security.


< How to Enable and Disable Services in Debian 12 BookwormHow to Set Up a Firewall Using UFW on Debian 12 Bookworm >