Automatische Updates

Aus Gargi.org
Version vom 30. Juni 2018, 10:58 Uhr von Gargi (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Um den Raspberry automatisch zu aktualisieren, was aus sicherheitstechnischen Gründen ratsam ist, müsst Ihr das Paket '''unattended-upgrades''' installieren.…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Um den Raspberry automatisch zu aktualisieren, was aus sicherheitstechnischen Gründen ratsam ist, müsst Ihr das Paket unattended-upgrades installieren. Dieses installiert Ihr über

apt-get install unattended-upgrades

Danach passt Ihr unter /etc/apt/apt.conf.d/ die Datei 50unattended-upgrades Euren Bedürfnissen an. In der Regel sollte es nur die Ziel E-Mail Adresse sein, ich habe die Archive einwenig erweitert, da ich nicht nur die Securityupdates ziehen wollte. Der Rest ist schön in der Datei kommentiert:

// Automatically upgrade packages from these origin patterns
Unattended-Upgrade::Origins-Pattern {
        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Raspbian,a=stable";
//      "o=Raspbian,a=stable-updates";
//      "o=Raspbian,a=proposed-updates";
//      "origin=Raspbian,archive=stable,label=Raspbian-Security";
       "origin=Raspbian,archive=stable";
       "origin=Raspbian,archive=oldstable";
};

// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "false";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
//Unattended-Upgrade::InstallOnShutdown "true";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
Unattended-Upgrade::Mail "meine@e.mail";

// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "false";


// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

Danach legt eine neue Datei im gleichen Verzeichnis an:

nano 02periodic

Die füllt Ihr mit folgendem Inhalt um die Zeitsteuerung festzulegen:

// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";

Ab dann wird automatisch auf Updates geprüft und installiert, sollten welche vorhanden sein.