我想确定Ubuntu 12.04服务器是否启用了自动更新。
我应该如何准确地检查这一点?
如果启用了自动更新,我该如何禁用它?
我应该如何准确地检查这一点?
如果启用了自动更新,我该如何禁用它?
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
/etc/apt/apt.conf.d/10periodic
/etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
/etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
};
${distro_id}
和${distro_codename}
会自动展开。我会注释掉更新条目,只保留安全性。/etc/apt/apt.conf.d/20auto-upgrades
,因为在13.10版本中,默认情况下 APT::Periodic::Update-Package-Lists "1";
和 APT::Periodic::Unattended-Upgrade "1";
就保存在这里。 - steakunderscore50unattended-upgrades
文件已经仅设置了安全更新,因此默认设置似乎已经正确,不需要编辑该文件。 - Jeff Atwood/etc/apt/apt.conf.d/10periodic
目录并不存在。但是unattended-upgrades
软件包已经安装,并且/etc/apt/apt.conf.d/50unattended-upgrades
路径下的文件也存在。我的问题是,我手动添加了/etc/apt/apt.conf.d/10periodic
文件后,是否需要重新启动服务器以使配置生效? - foresightyj/etc/apt/apt.conf.d/20auto-upgrades
这个文件,它的设置会覆盖前一个文件中的设置,所以你不需要添加 /etc/apt/apt.conf.d/10periodic
。如果你安装了 update-notifier-common
包,那么前一个文件可能是由它生成的。 - jarno/var/log/unattended-upgrades/
,以确认您的无人值守升级是否已经应用。sudo dpkg-reconfigure -plow unattended-upgrades
/etc/apt/apt.conf.d/20auto-upgrades
,并且可能还会修改/etc/apt/apt.conf.d/10periodic
。software-properties-gtk
以图形界面的方式启用自动更新,通过更改"When there are security updates:"下的设置。这将修改文件/etc/apt/apt.conf.d/10periodic
和/etc/apt/apt.conf.d/20auto-upgrades
。APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
您可以通过apt-config dump APT::Periodic
检查当前设置。
您可以通过编辑文件/etc/apt/apt.conf.d/50unattended-upgrades
来更改无人值守升级的工作方式。该文件将让您选择通过选择apt可以搜索新的更新和升级的位置来进行哪些更新。实际上,最好创建一个新文件,将修改放入其中;将其命名为51unattended-upgrades-local
或其他大于目录中原始文件的名称,以使更改生效;这样原始文件保持不变有助于如果升级无人值守升级需要对文件进行更改。
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
${distro_id}
和${distro_codename}
会自动展开。上述只有安全更新是自动完成的。您可以将自动更新扩展到任何软件源,并在Unattended-Upgrade::Origins-Pattern
部分进行设置。请参见另一个问题。//Unattended-Upgrade::Remove-Unused-Dependencies "false";
至
Unattended-Upgrade::Remove-Unused-Dependencies "true";
// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
// Do automatic removal of newly unused dependencies after the upgrade
//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
在Ubuntu文档和unattended-upgrades github中有更多的信息。
sudo dpkg-reconfigure -plow unattended-upgrades
命令生成了 20auto-upgrades
文件。 - Ray Fossme@my-system:~$ systemctl status apt-daily-upgrade.timer
● apt-daily-upgrade.timer - Daily apt upgrade and clean activities
Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Sun 2021-12-05 05:41:07 CST; 39min ago
Trigger: Sun 2021-12-05 06:20:41 CST; 1s left
Triggers: ● apt-daily-upgrade.service
Dec 05 05:41:07 my-system systemd[1]: Started Daily apt upgrade and clean activities.
me@my-system:~$ ls -lh /var/lib/apt/periodic/
total 0
-rw-r--r-- 1 root root 0 Dec 2 17:42 download-upgradeable-stamp
-rw-r--r-- 1 root root 0 Dec 5 06:21 unattended-upgrades-stamp <----------
-rw-r--r-- 1 root root 0 Dec 2 17:42 update-stamp
-rw-r--r-- 1 root root 0 Dec 2 17:41 update-success-stamp
-rw-r--r-- 1 root root 0 Dec 5 06:21 upgrade-stamp
me@my-system:~$ tail /var/log/unattended-upgrades/unattended-upgrades.log
2021-12-03 08:30:20,578 INFO Initial whitelist (not strict):
2021-12-03 08:30:25,854 INFO No packages found that can be upgraded unattended and no pending auto-removals
2021-12-05 06:21:11,517 INFO Starting unattended upgrades script
2021-12-05 06:21:11,528 INFO Allowed origins are: o=Ubuntu,a=impish, o=Ubuntu,a=impish-security, o=UbuntuESM,a=impish, o=Ubuntu,a=impish-updates, o=Google LLC,a=stable, o=UbuntuESM,a=impish-security
2021-12-05 06:21:11,529 INFO Initial blacklist:
2021-12-05 06:21:11,530 INFO Initial whitelist (not strict):
2021-12-05 06:21:15,645 INFO No packages found that can be upgraded unattended and no pending auto-removals
APT::Periodic::Unattended-Upgrade
应该仍然是非零的。我认为现在最好的值是“always”,因为调用无人值守升级是由 Systemd 计时器处理,而不是由 Cron 处理。 - jarnosudo
不需要。 - jarnosudo apt-get install unattended-upgrades
/etc/apt/apt.conf.d/50unattended-upgrades
,并注释掉你不想自动升级的更新。这些编辑必须以root权限进行。/etc/apt/apt.conf.d/20auto-upgrades
中的内容才能启用自动更新。好好知道! - Ben Johnson
apt-get update
对"update"有不同的理解。我认为"这艘船已经开走了"。虽然有一个元帖。 - Eliah Kagan