« previous next »
Pages: [1]   Go Down

Author Topic: automatic software updates  (Read 383 times)

Offline jakevoelcker

  • Jr. Member
  • **
  • Posts: 27
automatic software updates
« on: October 12, 2012, 05:02:50 PM »
I've messed up a couple of PCLOS installs in the past by forgetting to update for a while, and then when I did update something broke. I wanted to find a foolproof way of making sure my computers at home and work were always updated, even if I wasn't able to do it for a while. There are a few other threads about this subject, but none fully answered my needs, so I thought I'd post my solution and hear any feedback. I hope it may be useful to other people too.

First, as root do:
Code: [Select]
chkconfig --level 35 apt onThis will set the apt-get update system to run nightly as a cron job.

Unless your machine is on overnight, you'll need to run anacron to make sure that the cron job runs at least once a day (or whenever the machine is turned on). So (as root) open an editor and add the following line to your /etc/rc.local/rc.d file:
Code: [Select]
anacron
However, I wasn't happy for apt-get to just run silently - I want a log of what it's done. So (again, as root) make a folder called upgrades inside /var/log and then create a blank text file called upgrade.log inside it. Then, in /etc/cron.daily/apt.cron change the line:
Code: [Select]
/usr/bin/apt-get -q -y $OPTS dist-upgradeto
Code: [Select]
echo $'\r\n'"apt-get dist-upgrade run as a cron job on " $(date +%c) >> /var/log/upgrades/upgrade.log
/usr/bin/apt-get -q -y $OPTS dist-upgrade >> /var/log/upgrades/upgrade.log

Finally, because my colleagues and girlfriend use some of these machines, I don't want them to be able to shutdown in the middle of an update. So as a primitive kind of lock, I changed the name of /sbin/shutdown temporarily each time an update is in progress. So the whole section in /etc/cron.daily/apt.cron becomes:
Code: [Select]
if /usr/bin/apt-get -qq update; then
    /usr/bin/apt-get dist-upgrade -qq --check-only
    if [ $? -eq 100 ]; then
        mv /sbin/shutdown /sbin/shutdown_locked
        mv /usr/sbin/pm-suspend /usr/sbin/pm-suspend_locked
        echo $'\r\n'"apt-get dist-upgrade run as a cron job on " $(date +%c) >> /var/log/upgrades/upgrade.log
        /usr/bin/apt-get -q -y $OPTS dist-upgrade >> /var/log/upgrades/upgrade.log
        mv /sbin/shutdown_locked /sbin/shutdown
        mv /usr/sbin/pm-suspend_locked /usr/sbin/pm-suspend
    fi
fi

I've been using this system for a couple of months now and it seems to work fine. I still have update-notifier running just so I can keep an eye on things, but all my PCLOS machines are now updating themselves successfully.

The minor problems are:
1. The -q option for apt-get doesn't actually make output very quiet, so you get a logfile full of hashes for each update. Not sure what to do about this, but it's not a huge problem.
2. The temporary renaming of /sbin/shutdown is a bit of a hack. It doesn't notify users of an update being in progress. The computer simply won't shut down and the user won't understand why.
3. Is it 'safer' to use apt-get dist-upgrade with -y or --trivial-only for automatic, unattended updates?
« Last Edit: October 13, 2012, 07:17:55 AM by jakevoelcker »
Logged

Offline jimwilk

  • Hero Member
  • *****
  • Posts: 1111
Re: automatic software updates
« Reply #1 on: October 12, 2012, 05:34:10 PM »
jakevoelcker,

Thank you for posting that. There look to be some useful tricks there.
I think it is the first time we have met. In that case, a warm welcome to you, from New Zealand.

Jim
Logged
PCLinuxOS 2013.01 KDE (2 desktop computers)
PCLinuxOS  2013.04 KDE on Asus  laptop


Windows free since 2005
Our house has windows: our computers have no Windoze!
Registered Linux User #409991

Offline Bald Brick

  • PCLinuxOS Tester
  • Hero Member
  • *******
  • Posts: 6371
  • I'm going South
Re: automatic software updates
« Reply #2 on: October 12, 2012, 05:49:33 PM »
Quote from: jakevoelcker on October 12, 2012, 05:02:50 PM
3. Is it 'safer' to use apt-get dist-upgrade with -y or --trivial-only for automatic, unattended updates?

To me running it with the -y option doesn't seem safe at all. If you get an error message and are asked whether you want to continue, you would normally answer "no". Answering "yes" (or actually "y") is dangerous.

To quote myself in another thread:
Quote
If you want to automate running apt-get you should at least run it with the '--trivial-only' option so that it answers 'no' to all questions. (If you just try to update and dist-upgrade it won't ask any questions unless it encounters an error, and in that case you don't want it to continue.)

Of course the result of using --trivial-only may be that an upgrade is occasionally aborted, but isn't that better than possibly breaking your installation?
« Last Edit: October 12, 2012, 05:57:54 PM by Bald Brick »
Logged
Feed the trolls!
They need it!

AMD Athlon 7450 Dual-Core Processor, 7.80 GiB RAM, Nvidia GeForce GT 120/PCIe/SSE2, OpenGL/ES-version: 3.3 0 NVIDIA 295.40, SBx00 Azalia (Intel HDA) soundcard, ‎Logitech B500 webcam, SAA7146 DVB card, HDDs: Seagate 250824AS, Western Digital WD10EAVS-00D

Offline cyrwyn

  • Hero Member
  • *****
  • Posts: 832
Re: automatic software updates
« Reply #3 on: October 13, 2012, 09:16:06 AM »
Use update-notifier and set it to automatically update everytime after a reboot.
Logged
Using Linux for over 18 years and still counting.

Offline jakevoelcker

  • Jr. Member
  • **
  • Posts: 27
Re: automatic software updates
« Reply #4 on: October 14, 2012, 03:23:24 AM »
Quote from: cyrwyn on October 13, 2012, 09:16:06 AM
Use update-notifier and set it to automatically update everytime after a reboot.

Is it possible to set update-notifier to do a fully automated update (i.e. the equivalent of apt-get update and then apt-get dist-upgrade -y) without any user intervention?
Logged
Pages: [1]   Go Up
« previous next »