Automatic update of packages using cron-apt

cron-apt Contains a tool that is run by a cron job at regular intervals. By default it just updates the package list and download new packages without installing. You can instruct it to run anything that you can do with apt-get (or aptitude).

It can optionally sends mail to the system administrator on errors, log to syslog or a separate log file.

Observe that this tool may be a security risk, so you should not set it to do more than necessary. Automatic upgrade of all packages is NOT recommended unless you are in full control of the package repository.

Install cron-apt in debian

#apt-get install cron-apt

This will complete the installation and now you need to configure cron-apt by default configuration file is /etc/cron-apt/config. you can specify when it runs in the /etc/cron.d/cron-apt file here is the default cron-apt file

#
# Regular cron jobs for the cron-apt package
#
# Every night at 4 o’clock.
0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
# Every hour.
# 0 * * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
# Every five minutes.
# */5 * * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2

If you want to see the default cron-apt config file check here

You can leave all the default configurations one thing you need to enable is mailon option you can select when you want to receive emails.I prefer the following option

MAILON=”always”

and other available options are

# Value: error (send mail on error runs)
# upgrade (when packages is upgraded)
# changes (mail when change in output from an action)
# output (send mail when output is generated)
# always (always send mail)
# (else never send mail)

You need to enter the email address to receive mails.

# The email address to send mail to.
MAILTO=”[email protected]

One more thing is options in config file this is for General apt options that will be passed to all APTCOMMAND calls.

cron-apt will use the information available in /etc/apt/sources.list file to get the source package list.

example:-

# You can for example add an alternative sources.list file here.

OPTIONS=”-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list”

This is one way of keeping your packages uptodate and some people they will use shell scripts to keep their packages uptodate.

If you are looking for simple shell script you can use the following one this script source is from here

Apt Update Script

#!/bin/bash
#
# Cron Script – run from /etc/crontab or /etc/cron.daily
#
# Runs “apt-get update” and prints the output of a simulated
# dist-upgrade if new packages are found.

if [[ `apt-get update 2>&1 | grep Get` ]]; then
if [[ `apt-get –simulate dist-upgrade 2>&1 | grep Inst` ]]; then
apt-get –simulate dist-upgrade
fi
fi

Sponsored Link

7 thoughts on “Automatic update of packages using cron-apt

  1. cron-apt Contains a tool that is run by a cron job at regular intervals. By default it just updates the package list and download new packages without installing. You can instruct it to run anything that you can do with apt-get (or aptitude).

    So, how can i get it to go beyond the default and get it to do the install too? that’s far more useful to discuss here than the email options you bother explaining…

  2. Yes, I’m with Joe and his polite critic on this issue. Would have been better with small example for the script to actually download and upgrade the box. The mail issue is self explained in the config file, while the explanation of mode to install downloaded packages isn’t?

    Anyone out there who’s using this tool?

  3. Anyone who can help me getting this tool to do the install of the downloaded packages?

    Please see the email notification from yesterday – Apparently the tool is in download mode – how to set it to download and install mode?

    CRON-APT RUN [/etc/cron-apt/config]: Thu Jan 14 04:00:01 CET 2010
    CRON-APT SLEEP: 204, Thu Jan 14 04:03:25 CET 2010
    CRON-APT ACTION: 0-update
    CRON-APT LINE: /usr/bin/apt-get update -o quiet=2
    CRON-APT ACTION: 3-download
    CRON-APT LINE: /usr/bin/apt-get autoclean -y
    Reading package lists…
    Building dependency tree…
    Reading state information…
    Del libssl0.9.8 0.9.8g-15+lenny5 [2975kB]
    Del openssl 0.9.8g-15+lenny5 [1036kB]
    CRON-APT LINE: /usr/bin/apt-get dist-upgrade -d -y -o APT::Get::Show-Upgraded=true
    Reading package lists…
    Building dependency tree…
    Reading state information…
    The following packages will be upgraded:
    libkrb53 libssl0.9.8 openssl
    3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    Need to get 4012kB/4493kB of archives.
    After this operation, 0B of additional disk space will be used.
    WARNING: The following packages cannot be authenticated!
    libssl0.9.8 libkrb53 openssl
    Authentication warning overridden.
    Get:1 http://security.debian.org lenny/updates/main libssl0.9.8 0.9.8g-15+lenny6 [2975kB]
    Get:2 http://security.debian.org lenny/updates/main openssl 0.9.8g-15+lenny6 [1036kB]
    Fetched 4012kB in 8s (490kB/s)
    Download complete and in download only mode

  4. I’m reading a whole bunch of stuff about why it’s not a good idea to to do an unattended upgrade to your system. Gotta say I’m left in two minds on the subject – yeah a whole lot of hurt could be heading your way but is that any different than the pain experienced using M$ auto update. On the other hand, while I couldn’t give two hoots if a workstation gets trashed by auto update I set all my M$ servers to download only go figure.

    Anyway, if you want the script to auto install the updates then all you need to do is edit out the -d switch from the dist-upgrade line in;

    /etc/cron-apt/action/d3-download

    The -d switch performs a download only so without it the script is gonna upgrade and installed apps …I guess it might also be a good idea to rename the file to “3-install” or some such.

  5. Thanks!

    I’m managing (among other things) a Debian server in production. I have no scruples doing an auto-install, since my /etc/apt/sources.lst only lists Debian security updates. Those I trust to automatically update.

    /TS

  6. I have a new action (appropriately named 5-install)


    cat /etc/cron-apt/action.d/5-install
    dist-upgrade -y
    autoclean -y

Leave a comment

Your email address will not be published. Required fields are marked *