How is unattended-upgrades started and how can I modify its schedule?
Where do I have to check/modify if I want to change my schedule?
The unattended-upgrades is configured to be applied automatically .
To verify it check the /etc/apt/apt.conf.d/20auto-upgrades file , you will get :
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
to modify it you should run the following command:
dpkg-reconfigure -plow unattended-upgrades
sample output:
Applying updates on a frequent basis is an important part of keeping
systems secure. By default, updates need to be applied manually using
package management tools.
Alternatively, you can choose to have this system automatically download
and install security updates.
Automatically download and install stable updates?
Choose NO to stop the auto update
Verify the /etc/apt/apt.conf.d/20auto-upgrades again, you should get :
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";
Edit
To run the unattended-upgrades weekly edit your /etc/apt/apt.conf.d/20auto-upgrades as follows :
APT::Periodic::Update-Package-Lists "7";
APT::Periodic::Unattended-Upgrade "1";
A detailed example can be found on Debian-Wiki : automatic call via /etc/apt/apt.conf.d/02periodic
APT::Periodic::Update-Package-Lists
This option allows you to specify the frequency (in days) at which the package lists are refreshed. apticron users can do without this variable, since apticron already does this task.
With Debian 9 (stretch) and Debian 10 (buster), the schedule of unattended-upgrades is determined in two steps:
- The system scheduler (e.g. systemd timers or cron/anacron), and
- APT::Periodic intervals.
A lower frequency in one of these will obstruct the higher frequency in the other, so be sure that settings are correct for both steps.
1. The system scheduler
The process is started by the following two systemd timers:
apt-daily.timerto update the package lists (apt-get update), andapt-daily-upgrade.timerto install the upgrades (unattended-upgrade).
(The anacron job /etc/cron.daily/apt-compat still exists, but exits if it detects systemd. See other answers or anacron documentation on changing the schedule if you don't use systemd.)
To modify your update schedule:
$ sudo systemctl edit apt-daily.timer
This creates /etc/systemd/system/apt-daily.timer.d/override.conf. Fill it as follows, for example:
[Timer]
OnCalendar=
OnCalendar=01:00
RandomizedDelaySec=15m
Same for the upgrade schedule:
$ sudo systemctl edit apt-daily-upgrade.timer
[Timer]
OnCalendar=
OnCalendar=01:30
RandomizedDelaySec=0
To check your work:
$ systemctl cat apt-daily{,-upgrade}.timer
$ systemctl --all list-timers apt-daily{,-upgrade}.timer
(Taken partly from Debian Wiki: UnattendedUpgrades.)
2. APT::Periodic intervals
No matter if you use the systemd timers or the anacron job as the system scheduler, both call the same script in the end. That script makes a new, second decision of whether it is time to run again, but now based on the intervals set in APT::Periodic. You should normally find those settings in /etc/apt/apt.conf.d/20auto-upgrades:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
I always thought the "1" value here simply meant True or On, but actually, it is the minimal interval between runs, expressed in days. If the script determines that less time has passed since the last time the requested action was performed, it will simply not perform the action, regardless of the fact that the system scheduler called for it.
With apt versions above 1.5 (Debian 10 buster) you can change the APT::Periodic values from "1" to "always". You do this once and from then on, you only need to interact with the system scheduler (systemd timer or anacron) to change the schedule.
For more details on the above, or if you want to schedule unattended-upgrades to run more than once per day, see my answer here: How to run unattended-upgrades not daily but every few hours.
/etc/crontab has a run-parts /etc/cron.daily line which references a folder that contains a /etc/cron.daily/apt-compat file which executes exec /usr/lib/apt/apt.systemd.daily