Apt
Debian/Ubuntu package manager
Documentation
Phased Packages
Unattended upgrades
Links
- https://help.ubuntu.com/community/AutomaticSecurityUpdates
- Using Unattended-Upgrades on Debian and Ubuntu
- https://wiki.debian.org/UnattendedUpgrades
- https://linuxblog.io/how-to-enable-unattended-upgrades-on-ubuntu-debian/
- the apt manpage you were looking for
Enabling/disabling unattended upgrades
Maybe install it first
apt install unattended-upgrades
that will most likely also enable unattended upgrades then
dpkg-reconfigure unattended-upgrades
The dialog will show which option is selected now.
The relevant systemd service
apt-daily-upgrade.service
Disable unattended upgrades
In /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Unattended-Upgrade "0";
The logs
/var/log/unattended-upgrades/*.log
FAQ
Unattended-upgrade is not upgrading all packages
That's normal, it defaults to upgrading only security updates.
Unattended-Upgrade::DevRelease "auto";
Only works on "dev releases", which is any not .04
What is this Allowed-Origins about?
Check output of
apt -s upgrade
you might see something like
Conf cloud-init (25.1.2-0ubuntu0~22.04.2 Ubuntu:22.04/jammy-updates
which will match
${distro_id}:${distro_codename}-updates
No packages found that can be upgraded unattended
By default "${distro_id}:${distro_codename}-updates"; is commented out in /etc/apt/apt.conf.d/50unattended-upgrades, so to get those updated as well, uncomment that line.
HOWTO
Extract files from .deb
dpkg-deb
or just
dpkg -e foo.deb
note: this extracts to .
Pin a version
List installed packages
apt list --installed
Upgrade just one package
apt-get install --only-upgrade <packagename>
exclude package from upgrade
apt-mark hold somepackage
and to undo
apt-mark unhold somepackage
Disable source in deb822 source file
add
Enabled: no
FAQ
What is new style sources files called?
deb822
What version of a package is going to be installed?
apt-cache policy <package>
What package does a file belong to?
dpkg -S /path/to/file
Error messages
E: Could not get lock /var/lib/apt/lists/lock. It is held by process 1538337 (apt-get)
Try
systemctl restart packagekit
and check
fuser /var/lib/apt/lists/lock
again
Repository changed its 'Version' value
Try
apt-get --allow-releaseinfo-change update
The repository 'http://security.debian.org buster/updates Release' no longer has a Release file
time to upgrade entire system
Unable to correct problems, you have held broken packages.
Try
dpkg --get-selections | grep hold
What packages depend on package
apt-cache rdepends --installed libc6-dev
Clear cache
apt-get clean
Could not handshake: The TLS connection was non-properly terminated.
try http instead of https
Depends: but it is not going to be installed
First try
apt-get update && apt-get upgrade
E: Unable to correct problems, you have held broken packages.
Which services should be restarted?
That's from needrestart
Prevent restarting all services when installing a package
NEEDRESTART_MODE=i apt install somepackage
What repository provides package
apt policy <packagename>
Error messages
Key is stored in legacy trusted.gpg keyring
Check apt-key is deprecated
Certificate verification failed: The certificate is NOT trusted.
try
deb [trusted=yes] ...
in sources.list, but things might be worse than that, in case of launchpad change to
https://ppa.launchpadcontent.net/
apt-key is deprecated. Manage keyring files in trusted.gpg.d instead
The following upgrades have been deferred due to phasing
apt install <whatever package it lists>
needrestart
Show which services need restarting
needrestart -rl
Service restarts being deferred
Probably services like networkd-dispatcher.service. Check /etc/needrestart/needrestart.conf for $nrconf{override_rc}
