Automatic update of packages using cron-apt

 Package-Mgmt  Add comments
Oct 062006
 

    cron-apt Contains a tool that is run by a cron job at regular intervals. By default it just updates the package list and download new packages without installing. You can instruct it to run anything that you can do with apt-get (or aptitude).

    It can optionally sends mail to the system administrator on errors, log to syslog or a separate log file.

    Observe that this tool may be a security risk, so you should not set it to do more than necessary. Automatic upgrade of all packages is NOT recommended unless you are in full control of the package repository.

    Install cron-apt in debian

    #apt-get install cron-apt

    This will complete the installation and now you need to configure cron-apt by default configuration file is /etc/cron-apt/config. you can specify when it runs in the /etc/cron.d/cron-apt file here is the default cron-apt file

    #
    # Regular cron jobs for the cron-apt package
    #
    # Every night at 4 o'clock.
    0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
    # Every hour.
    # 0 * * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
    # Every five minutes.
    # */5 * * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2

    If you want to see the default cron-apt config file check here

    You can leave all the default configurations one thing you need to enable is mailon option you can select when you want to receive emails.I prefer the following option

    MAILON="always"

    and other available options are

    # Value: error (send mail on error runs)
    # upgrade (when packages is upgraded)
    # changes (mail when change in output from an action)
    # output (send mail when output is generated)
    # always (always send mail)
    # (else never send mail)

    You need to enter the email address to receive mails.

    # The email address to send mail to.
    MAILTO="updates@domain.com"

    One more thing is options in config file this is for General apt options that will be passed to all APTCOMMAND calls.

    cron-apt will use the information available in /etc/apt/sources.list file to get the source package list.

    example:-

    # You can for example add an alternative sources.list file here.

    OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list"

    This is one way of keeping your packages uptodate and some people they will use shell scripts to keep their packages uptodate.

    If you are looking for simple shell script you can use the following one this script source is from here

    Apt Update Script

    #!/bin/bash
    #
    # Cron Script -- run from /etc/crontab or /etc/cron.daily
    #
    # Runs "apt-get update" and prints the output of a simulated
    # dist-upgrade if new packages are found.

    if [[ `apt-get update 2>&1 | grep Get` ]]; then
    if [[ `apt-get --simulate dist-upgrade 2>&1 | grep Inst` ]]; then
    apt-get --simulate dist-upgrade
    fi
    fi

    Related content:

    1. Mysql Database backup using AutoMySQLBackup
    2. Debian apt Source mirror using apt-mirror
    3. MRTG Installation and Configuration in Debian based Distributions
    4. Desktop Search Engine with Doodle
    5. Monitor Servers and Clients using Munin in Ubuntu

    Incoming search terms:

       Posted by at 8:57 am
      • joe

        cron-apt Contains a tool that is run by a cron job at regular intervals. By default it just updates the package list and download new packages without installing. You can instruct it to run anything that you can do with apt-get (or aptitude).

        So, how can i get it to go beyond the default and get it to do the install too? that’s far more useful to discuss here than the email options you bother explaining…

      • http://hegnstoften.net Dennis Johansen

        Yes, I’m with Joe and his polite critic on this issue. Would have been better with small example for the script to actually download and upgrade the box. The mail issue is self explained in the config file, while the explanation of mode to install downloaded packages isn’t?

        Anyone out there who’s using this tool?

      • http://hegnstoften.net Dennis Johansen

        Anyone who can help me getting this tool to do the install of the downloaded packages?

        Please see the email notification from yesterday – Apparently the tool is in download mode – how to set it to download and install mode?

        CRON-APT RUN [/etc/cron-apt/config]: Thu Jan 14 04:00:01 CET 2010
        CRON-APT SLEEP: 204, Thu Jan 14 04:03:25 CET 2010
        CRON-APT ACTION: 0-update
        CRON-APT LINE: /usr/bin/apt-get update -o quiet=2
        CRON-APT ACTION: 3-download
        CRON-APT LINE: /usr/bin/apt-get autoclean -y
        Reading package lists…
        Building dependency tree…
        Reading state information…
        Del libssl0.9.8 0.9.8g-15+lenny5 [2975kB]
        Del openssl 0.9.8g-15+lenny5 [1036kB]
        CRON-APT LINE: /usr/bin/apt-get dist-upgrade -d -y -o APT::Get::Show-Upgraded=true
        Reading package lists…
        Building dependency tree…
        Reading state information…
        The following packages will be upgraded:
        libkrb53 libssl0.9.8 openssl
        3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
        Need to get 4012kB/4493kB of archives.
        After this operation, 0B of additional disk space will be used.
        WARNING: The following packages cannot be authenticated!
        libssl0.9.8 libkrb53 openssl
        Authentication warning overridden.
        Get:1 http://security.debian.org lenny/updates/main libssl0.9.8 0.9.8g-15+lenny6 [2975kB]
        Get:2 http://security.debian.org lenny/updates/main openssl 0.9.8g-15+lenny6 [1036kB]
        Fetched 4012kB in 8s (490kB/s)
        Download complete and in download only mode

      • http://www.kma.com Case

        I’m reading a whole bunch of stuff about why it’s not a good idea to to do an unattended upgrade to your system. Gotta say I’m left in two minds on the subject – yeah a whole lot of hurt could be heading your way but is that any different than the pain experienced using M$ auto update. On the other hand, while I couldn’t give two hoots if a workstation gets trashed by auto update I set all my M$ servers to download only go figure.

        Anyway, if you want the script to auto install the updates then all you need to do is edit out the -d switch from the dist-upgrade line in;

        /etc/cron-apt/action/d3-download

        The -d switch performs a download only so without it the script is gonna upgrade and installed apps …I guess it might also be a good idea to rename the file to “3-install” or some such.

      • Torsten Skjødt

        Thanks!

        I’m managing (among other things) a Debian server in production. I have no scruples doing an auto-install, since my /etc/apt/sources.lst only lists Debian security updates. Those I trust to automatically update.

        /TS

      • Terry

        I have a new action (appropriately named 5-install)


        cat /etc/cron-apt/action.d/5-install
        dist-upgrade -y
        autoclean -y

      • raoul

        You should probably use apt::periodic provided by apt instead of relying on an additional package to do the job.

        check /etc/cron.daily/apt for options and this page: https://saz.sh/2009/07/10/run-apt-get-update-automatically-under-debian/

        alternatively you can put apt::periodic statements in /etc/apt/apt.conf.d/10periodic

      QR Code Business Card