Version 12 (modified by cypherpunks, 2 years ago) (diff)

lets go with the file content instead of command way since it is more reliable about what is in the file


  1. Install the required packages
    apt-get install unattended-upgrades apt-listchanges
  2. Put the lines below into the configuration file /etc/apt/apt.conf.d/50unattended-upgrades, everything that was originally inside the generated file can be removed before you add the lines below. Optional, replace "root" with your email address to get reports on unattended upgrade logs (emailing must be configured already in that case).
    Unattended-Upgrade::Origins-Pattern {
    Unattended-Upgrade::Package-Blacklist {
    Unattended-Upgrade::Mail "root";
  3. If you want to automatically reboot add the following at the the end of the file /etc/apt/apt.conf.d/50unattended-upgrades:
    Unattended-Upgrade::Automatic-Reboot "true";
  4. Create the file /etc/apt/apt.conf.d/20auto-upgrades with the following content
    APT::Periodic::Update-Package-Lists "1"; 	 	
    APT::Periodic::AutocleanInterval "5"; 	 	
    APT::Periodic::Unattended-Upgrade "1"; 	 	
    APT::Periodic::Verbose "1"; 	 	

Test your unattended-upgrades setup with the following command.

sudo unattended-upgrade -d

The results from the above command should at a minimum contain the following allowed origins.

Allowed origins are: ['origin=Debian,codename=xenial,label=Debian-Security', 'origin=TorProject']