Upgrading packages automatically
Clash Royale CLAN TAG#URR8PPP
I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.
Is the following command safe to run when new upgrades are shown?
sudo apt-get dist-upgrade
Are there any checks I should do before upgrading?
I'm a little concerned that simply upgrading everything every time I get an email might cause failures.
debian apt cron upgrade
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
asked May 6 '15 at 8:22
dan983dan983
61127
add a comment |
I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.
Is the following command safe to run when new upgrades are shown?
sudo apt-get dist-upgrade
Are there any checks I should do before upgrading?
I'm a little concerned that simply upgrading everything every time I get an email might cause failures.
debian apt cron upgrade
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
asked May 6 '15 at 8:22
dan983dan983
61127
2
The first advice should be: do backup and check if you can restore from it
– Romeo Ninov
May 6 '15 at 8:29
2
IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.
– Benjamin B.
May 6 '15 at 9:06
3
Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to behttps://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.
– Erathiel
May 6 '15 at 16:34
add a comment |
I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.
Is the following command safe to run when new upgrades are shown?
sudo apt-get dist-upgrade
Are there any checks I should do before upgrading?
I'm a little concerned that simply upgrading everything every time I get an email might cause failures.
debian apt cron upgrade
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
asked May 6 '15 at 8:22
dan983dan983
61127
I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.
Is the following command safe to run when new upgrades are shown?
sudo apt-get dist-upgrade
Are there any checks I should do before upgrading?
I'm a little concerned that simply upgrading everything every time I get an email might cause failures.
debian apt cron upgrade
debian apt cron upgrade
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
asked May 6 '15 at 8:22
dan983dan983
61127
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
asked May 6 '15 at 8:22
dan983dan983
61127
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
edited Jan 6 at 21:41
Rui F Ribeiro
39.6k1479132
39.6k1479132
asked May 6 '15 at 8:22
dan983dan983
61127
asked May 6 '15 at 8:22
dan983dan983
61127
asked May 6 '15 at 8:22
dan983dan983
61127
61127
2
The first advice should be: do backup and check if you can restore from it
– Romeo Ninov
May 6 '15 at 8:29
2
IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.
– Benjamin B.
May 6 '15 at 9:06
3
Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to behttps://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.
– Erathiel
May 6 '15 at 16:34
add a comment |
2
The first advice should be: do backup and check if you can restore from it
– Romeo Ninov
May 6 '15 at 8:29
2
IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.
– Benjamin B.
May 6 '15 at 9:06
3
Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to behttps://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.
– Erathiel
May 6 '15 at 16:34
2
2
The first advice should be: do backup and check if you can restore from it
– Romeo Ninov
May 6 '15 at 8:29
The first advice should be: do backup and check if you can restore from it
– Romeo Ninov
May 6 '15 at 8:29
2
2
IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.
– Benjamin B.
May 6 '15 at 9:06
IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.
– Benjamin B.
May 6 '15 at 9:06
3
3
Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be
https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.– Erathiel
May 6 '15 at 16:34
Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be
https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.– Erathiel
May 6 '15 at 16:34
add a comment |
2 Answers
2
active
oldest
votes
sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that
If an undesirable situation, such as changing a held package, trying
to install a unauthenticated package or removing an essential package
occurs then apt-get will abort
but running dist-upgrade unattanded is always risky so you may want to avoid that.
You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.
There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:
Packages currently installed with new versions available are retrieved
and upgraded; under no circumstances are currently installed packages
removed, or packages not already installed retrieved and installed.
New versions of currently installed packages that cannot be upgraded
without changing the install status of another package will be left at
their current version.
In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:
It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.
Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
add a comment |
There's a package for that ;-).
As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.
Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f201720%2fupgrading-packages-automatically%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that
If an undesirable situation, such as changing a held package, trying
to install a unauthenticated package or removing an essential package
occurs then apt-get will abort
but running dist-upgrade unattanded is always risky so you may want to avoid that.
You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.
There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:
Packages currently installed with new versions available are retrieved
and upgraded; under no circumstances are currently installed packages
removed, or packages not already installed retrieved and installed.
New versions of currently installed packages that cannot be upgraded
without changing the install status of another package will be left at
their current version.
In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:
It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.
Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
add a comment |
sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that
If an undesirable situation, such as changing a held package, trying
to install a unauthenticated package or removing an essential package
occurs then apt-get will abort
but running dist-upgrade unattanded is always risky so you may want to avoid that.
You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.
There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:
Packages currently installed with new versions available are retrieved
and upgraded; under no circumstances are currently installed packages
removed, or packages not already installed retrieved and installed.
New versions of currently installed packages that cannot be upgraded
without changing the install status of another package will be left at
their current version.
In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:
It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.
Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
add a comment |
sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that
If an undesirable situation, such as changing a held package, trying
to install a unauthenticated package or removing an essential package
occurs then apt-get will abort
but running dist-upgrade unattanded is always risky so you may want to avoid that.
You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.
There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:
Packages currently installed with new versions available are retrieved
and upgraded; under no circumstances are currently installed packages
removed, or packages not already installed retrieved and installed.
New versions of currently installed packages that cannot be upgraded
without changing the install status of another package will be left at
their current version.
In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:
It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.
Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that
If an undesirable situation, such as changing a held package, trying
to install a unauthenticated package or removing an essential package
occurs then apt-get will abort
but running dist-upgrade unattanded is always risky so you may want to avoid that.
You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.
There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:
Packages currently installed with new versions available are retrieved
and upgraded; under no circumstances are currently installed packages
removed, or packages not already installed retrieved and installed.
New versions of currently installed packages that cannot be upgraded
without changing the install status of another package will be left at
their current version.
In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:
It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.
Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
edited May 6 '15 at 9:05
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
answered May 6 '15 at 8:35
ErathielErathiel
1,341520
1,341520
add a comment |
add a comment |
There's a package for that ;-).
As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.
Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
add a comment |
There's a package for that ;-).
As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.
Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
add a comment |
There's a package for that ;-).
As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.
Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
There's a package for that ;-).
As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.
Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
edited May 6 '15 at 13:24
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
answered May 6 '15 at 9:00
Stephen KittStephen Kitt
167k24376454
167k24376454
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f201720%2fupgrading-packages-automatically%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
The first advice should be: do backup and check if you can restore from it
– Romeo Ninov
May 6 '15 at 8:29
2
IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.
– Benjamin B.
May 6 '15 at 9:06
3
Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be
https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.– Erathiel
May 6 '15 at 16:34