Upgrading packages automatically

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












5















I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.



Is the following command safe to run when new upgrades are shown?



sudo apt-get dist-upgrade


Are there any checks I should do before upgrading?



I'm a little concerned that simply upgrading everything every time I get an email might cause failures.










share|improve this question



















  • 2





    The first advice should be: do backup and check if you can restore from it

    – Romeo Ninov
    May 6 '15 at 8:29






  • 2





    IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.

    – Benjamin B.
    May 6 '15 at 9:06






  • 3





    Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.

    – Erathiel
    May 6 '15 at 16:34















5















I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.



Is the following command safe to run when new upgrades are shown?



sudo apt-get dist-upgrade


Are there any checks I should do before upgrading?



I'm a little concerned that simply upgrading everything every time I get an email might cause failures.










share|improve this question



















  • 2





    The first advice should be: do backup and check if you can restore from it

    – Romeo Ninov
    May 6 '15 at 8:29






  • 2





    IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.

    – Benjamin B.
    May 6 '15 at 9:06






  • 3





    Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.

    – Erathiel
    May 6 '15 at 16:34













5












5








5








I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.



Is the following command safe to run when new upgrades are shown?



sudo apt-get dist-upgrade


Are there any checks I should do before upgrading?



I'm a little concerned that simply upgrading everything every time I get an email might cause failures.










share|improve this question
















I'm am using servers (debian 7) and I'm currently running cron-apt to e-mail me when there are new upgrades available.



Is the following command safe to run when new upgrades are shown?



sudo apt-get dist-upgrade


Are there any checks I should do before upgrading?



I'm a little concerned that simply upgrading everything every time I get an email might cause failures.







debian apt cron upgrade






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 6 at 21:41









Rui F Ribeiro

39.6k1479132




39.6k1479132










asked May 6 '15 at 8:22









dan983dan983

61127




61127







  • 2





    The first advice should be: do backup and check if you can restore from it

    – Romeo Ninov
    May 6 '15 at 8:29






  • 2





    IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.

    – Benjamin B.
    May 6 '15 at 9:06






  • 3





    Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.

    – Erathiel
    May 6 '15 at 16:34












  • 2





    The first advice should be: do backup and check if you can restore from it

    – Romeo Ninov
    May 6 '15 at 8:29






  • 2





    IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.

    – Benjamin B.
    May 6 '15 at 9:06






  • 3





    Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.

    – Erathiel
    May 6 '15 at 16:34







2




2





The first advice should be: do backup and check if you can restore from it

– Romeo Ninov
May 6 '15 at 8:29





The first advice should be: do backup and check if you can restore from it

– Romeo Ninov
May 6 '15 at 8:29




2




2





IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.

– Benjamin B.
May 6 '15 at 9:06





IMHO, it really depends on the role of the server and the cost of possible downtime. I'm running a computational server here, which I can afford to be down for some time as long as not too many colleagues want to use it. For a web server this is completely different. In my case I run regular updates (because I can), while in the case of a web server I would only run security updates and perhaps regular package upgrades whenever I need their new features.

– Benjamin B.
May 6 '15 at 9:06




3




3





Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.

– Erathiel
May 6 '15 at 16:34





Seconding @BenjaminB. on this. I also mainly run security updates on application/database servers, only applying all the rest periodically. You can subscribe to security RSS channels for your distribution, for Debian that's going to be https://www.debian.org/security/dsa. That way you're likely to notice when some important security hole (and fix) pops up.

– Erathiel
May 6 '15 at 16:34










2 Answers
2






active

oldest

votes


















7














sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that




If an undesirable situation, such as changing a held package, trying
to install a unauthenticated package or removing an essential package
occurs then apt-get will abort




but running dist-upgrade unattanded is always risky so you may want to avoid that.



You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.



There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:




Packages currently installed with new versions available are retrieved
and upgraded; under no circumstances are currently installed packages
removed, or packages not already installed retrieved and installed.
New versions of currently installed packages that cannot be upgraded
without changing the install status of another package will be left at
their current version.




In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:



It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.



Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.






share|improve this answer
































    8














    There's a package for that ;-).



    As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.



    Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".






    share|improve this answer
























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f201720%2fupgrading-packages-automatically%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      7














      sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that




      If an undesirable situation, such as changing a held package, trying
      to install a unauthenticated package or removing an essential package
      occurs then apt-get will abort




      but running dist-upgrade unattanded is always risky so you may want to avoid that.



      You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.



      There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:




      Packages currently installed with new versions available are retrieved
      and upgraded; under no circumstances are currently installed packages
      removed, or packages not already installed retrieved and installed.
      New versions of currently installed packages that cannot be upgraded
      without changing the install status of another package will be left at
      their current version.




      In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:



      It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.



      Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.






      share|improve this answer





























        7














        sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that




        If an undesirable situation, such as changing a held package, trying
        to install a unauthenticated package or removing an essential package
        occurs then apt-get will abort




        but running dist-upgrade unattanded is always risky so you may want to avoid that.



        You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.



        There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:




        Packages currently installed with new versions available are retrieved
        and upgraded; under no circumstances are currently installed packages
        removed, or packages not already installed retrieved and installed.
        New versions of currently installed packages that cannot be upgraded
        without changing the install status of another package will be left at
        their current version.




        In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:



        It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.



        Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.






        share|improve this answer



























          7












          7








          7







          sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that




          If an undesirable situation, such as changing a held package, trying
          to install a unauthenticated package or removing an essential package
          occurs then apt-get will abort




          but running dist-upgrade unattanded is always risky so you may want to avoid that.



          You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.



          There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:




          Packages currently installed with new versions available are retrieved
          and upgraded; under no circumstances are currently installed packages
          removed, or packages not already installed retrieved and installed.
          New versions of currently installed packages that cannot be upgraded
          without changing the install status of another package will be left at
          their current version.




          In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:



          It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.



          Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.






          share|improve this answer















          sudo apt-get dist-upgrade is very safe to run as it won't do anything to the system, instead stopping to ask for your confirmation ;) You would have to add a -y switch, which is intended for unattended upgrades and makes apt assume that you always answer 'yes' to questions: sudo apt-get -y dist-upgrade. The man page states that




          If an undesirable situation, such as changing a held package, trying
          to install a unauthenticated package or removing an essential package
          occurs then apt-get will abort




          but running dist-upgrade unattanded is always risky so you may want to avoid that.



          You can always check what apt would do by adding a -s switch, like so: sudo apt-get -s dist-upgrade. This switches apt into simulation mode, in which no changes are made and you can safely review all the changes apt would make to the system.



          There is also a more conservative mode of running apt, namely apt-get upgrade. The man page for apt-get is very clear on what it does:




          Packages currently installed with new versions available are retrieved
          and upgraded; under no circumstances are currently installed packages
          removed, or packages not already installed retrieved and installed.
          New versions of currently installed packages that cannot be upgraded
          without changing the install status of another package will be left at
          their current version.




          In my original answer I somehow assumed you're going to run dist-upgrade via cron, which, after reading more carefully, does not seem to be the case. However I'm leaving the relevant paragraph as a general comment:



          It not advisable to run sudo apt-get -y dist-upgrade via cron, especially if your apt sources happen to point to a testing branch (which generally should not happen on servers, especially in production) as you may end up with an unusable system. You're relatively safe if you're using Debian's stable branch but I'd still recommend to attend upgrades.



          Anyway, if you're doing a dist-upgrade that is going to perform serious changes you should always have a backup. Just in case.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited May 6 '15 at 9:05

























          answered May 6 '15 at 8:35









          ErathielErathiel

          1,341520




          1,341520























              8














              There's a package for that ;-).



              As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.



              Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".






              share|improve this answer





























                8














                There's a package for that ;-).



                As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.



                Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".






                share|improve this answer



























                  8












                  8








                  8







                  There's a package for that ;-).



                  As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.



                  Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".






                  share|improve this answer















                  There's a package for that ;-).



                  As well as cron-apt, which can be configured to perform certain upgrades automatically, another useful package is unattended-upgrades which is designed to safely apply security updates automatically.



                  Beyond that, as Erathiel says it's not safe to run dist-upgrade automatically, but it's safe enough to run it manually every time there's something to upgrade, as long as you don't blindly answer "Yes".







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited May 6 '15 at 13:24

























                  answered May 6 '15 at 9:00









                  Stephen KittStephen Kitt

                  167k24376454




                  167k24376454



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f201720%2fupgrading-packages-automatically%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?