LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

How to Update Debian Automatically: No Muss, No Fuss, Not At All Sus

Recently there was a thread on LowEndTalk asking about automatic updates using something like Ansible.

Ansible is a fine tool and can certainly be used for fine-grained control of upgrades.  But you can also setup Debian to upgrade itself automatically.

In fact, you’re probably already probably doing it to an extent.

Here we’re using Debian 12 “bookworm”.  I bet if you run this command, you’ll find you have the unattended-upgrades package installed:

# dpkg -l | grep -i unatten
ii  unattended-upgrades             2.9.1+nmu3                           all          automatic installation of security upgrades

If not:

apt update
apt -y install unattended-upgrades

If unattended-upgrades was installed and you haven’t touched the config, or you just installed it, it’s setup to apply security updates only.  You can easily change it to perform all updates.

You want to edit the file


By default, it looks like this (among other lines):

Unattended-Upgrade::Origins-Pattern {
  // Codename based matching:
  // This will follow the migration of a release through different
  // archives (e.g. from testing to stable and later oldstable).
  // Software will be the latest available for the named release,
  // but the Debian release itself will not be automatically upgraded.
  // "origin=Debian,codename=${distro_codename}-updates";
  // "origin=Debian,codename=${distro_codename}-proposed-updates";

If you uncomment (by removing the leading //) the two lines in bold, you’ll get all upgrades and not just security updates.

The upgrade cycle will fire daily due to these services:


Need more info?

man unattended-upgrade



No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *