52

I have about 7 Debian servers I manage, and I would like to set them to automatically update themselves. So, I created a script as such:

#!/bin/sh
apt-get update
apt-get upgrade

and placed it on the root's crontab list. Unfortunately, it always hangs on the Upgrade section, asking if I'm sure I want to upgrade. Because it's a cron job, I don't see the output until it emails me saying it's failed. Is there a way to have it skip that prompt, and just do the upgrade automatically?

Braiam
  • 35,991
Canadian Luke
  • 1,066

5 Answers5

70

Use the -y option to apt-get to have it not ask. From man apt-get:

   -y, --yes, --assume-yes
       Automatic yes to prompts; assume "yes" as answer to all prompts and
       run non-interactively. If an undesirable situation, such as
       changing a held package, trying to install a unauthenticated
       package or removing an essential package occurs then apt-get will
       abort. Configuration Item: APT::Get::Assume-Yes.

You can also set the DEBIAN_FRONTEND env variable 

DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
terdon
  • 242,166
Arthur Ulfeldt
  • 1,492
  • 2
    What does DEBIAN_FRONTEND do? Is it used for other processes as well? – Canadian Luke Dec 30 '13 at 19:58
  • I'm trying this on my home server, and will choose the best answer as soon as it runs – Canadian Luke Dec 30 '13 at 20:04
  • 1
    @CanadianLuke see here for DEBIAN_FRONTEND. It's not mentioned in my Debian's man debconf though, so it may be an Ubuntu thing. – terdon Dec 30 '13 at 20:31
  • 1
    @terdon you don't have the -doc package for debconf. It's in the 7 section of the man man 7 debconf ;) – Braiam Dec 30 '13 at 20:48
  • @Braiam ah, OK, I saw that and tried man 7 debconf but got nothing. Now I know why :) – terdon Dec 30 '13 at 20:51
  • @terdon thanks for the edit, you really improved the answer :-D – Arthur Ulfeldt Dec 30 '13 at 21:10
  • I tend to run a apt-get dist-upgrade -dy first. (I actually do not run a upgrade / dist-upgrade itself automatically, it seems risky...) That would pre-download all the packages which at least make installing them faster... – Gert van den Berg Dec 31 '13 at 10:05
  • @CanadianLuke I could no longer find the reference for DEBIAN_FRONTEND on the link above, but it's quoted in another answer. – Nagev Jan 18 '23 at 17:59
  • Running Ubuntu, and without DEBIAN_FRONTEND I was still getting prompted, even with -y, so it seems to be required. – Nagev Jan 18 '23 at 18:05
  • Even with DEBIAN_FRONTEND=noninteractive and -y I got prompted about which services to restart; the same prompt that got me searching for an unattended solution. Upvoted this answer, but the search continues... – Nagev Jan 29 '23 at 14:57
39

Well, maybe you are using the wrong tool. unattended-upgrades package installs security upgrades in daily basis (can be configured), you can configure what packages to upgrade or not upgrade, etc. Can be installed using:

sudo apt-get install unattended-upgrades

From man unattended-upgrades:

The configuration is done via the apt configuration mechanism. The default configuration file can be found at /etc/apt/apt.conf.d/50unattended-upgrades

Braiam
  • 35,991
  • @CanadianLuke it reads all the configurations in /etc/apt/apt.conf.d/ but only those starting with Unattended-Upgrade:: get parsed. – Braiam Dec 30 '13 at 20:04
  • I am trying this on one of the servers at work, and will choose the best answer as soon as it runs – Canadian Luke Dec 30 '13 at 20:05
  • 3
    Since this was not selected as the best answer, I assume the update is still running seven years later. ;) – dannysauer Sep 29 '20 at 19:01
20

while the previous answers are informative they don't circumvent the issue of input required by human means during upgrade. therefore, i am using the following:

export DEBIAN_FRONTEND=noninteractive
export DEBIAN_PRIORITY=critical
sudo -E apt-get -qy update
sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade
sudo -E apt-get -qy autoclean

to include 'distribution' upgrades like kernels use the dist-upgrade command.

please see the manpgage of dpkg for in-depth information on these parameters.

important note: calling sudo including the -E parameter is required:

Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment.

otherwise, the EXPORT statements will not affect the calls of apt-get!

credit goes to Remy van Elst! thanks!

jitter
  • 478
  • 1
    Could you explain why you added the other options to apt-get upgrade? – FarO Dec 23 '17 at 11:25
  • 1
    Also, is "sudo -E" required if the script is run from rott's crontab? – FarO Dec 23 '17 at 11:26
  • 1
    @FarO that depends on what environment/in which context you would like the cronjob to run. generally, these are run by root - so you do not need to use sudo at all. the 'other options' are set to run unattended in any case. please see the referenced manpage. – jitter Jul 04 '18 at 08:09
  • This is the only one that worked for me, using Dpkg::Options alone didn't work. (My script is already run with sudo so I didn't include sudo -E.) – ke4ukz Jul 11 '22 at 18:32
4

A generic tool for this kind of thing is yes:

DESCRIPTION
       Repeatedly output a line with all specified STRING(s), or 'y'.

So, for example, you could do

yes | sudo apt-get upgrade

Please note that in the specific case of apt-get upgrade using the options suggested by @Braiam or @ArthurUlfeldt is better.

Community
  • 1
terdon
  • 242,166
  • The line I paste when I want to do it manually is apt-get update && yes | apt-get upgrade (our servers aren't supposed to use sudo... Don't ask...) – Canadian Luke Aug 14 '14 at 18:54
  • 2
    Why using a trick instead of an option already provided?? "-y" is in apt-get already. – FarO Dec 21 '17 at 10:42
  • 3
    Because, as I said in the answer, this is a generic tool for this sort of operation, so this answer is for other cases, not for apt. Did you not read the last paragraph? Or the first sentence? – terdon Dec 21 '17 at 11:45
  • @CanadianLuke Does this also work as a cron-job? I made a cronjob which should run every day at 00:00. I want both the update and upgrade to always be "yes" if permission is needed. – I try so hard but I cry harder Dec 24 '21 at 18:45
  • @ItrysohardbutIcryharder I haven't gone through that path for quite a long time. I am now automating with Ansible. – Canadian Luke Dec 24 '21 at 20:42
  • @CanadianLuke Understandable. Thanks for the response (and happy christmas) – I try so hard but I cry harder Dec 24 '21 at 22:57
1

Thanks to a post by @diegocn in a GitHub issue, I found this command to disable interactiveness:

echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections

debconf-set-selections can be used to pre-seed the debconf database with answers, or to change answers in the database. Each question will be marked as seen to prevent debconf from asking the question interactively.

WARNING

Only use this command to seed debconf values for packages that will be or are installed. Otherwise you can end up with values in the database for uninstalled packages that will not go away, or with worse problems involving shared values. It is recommended that this only be used to seed the database if the originating machine has an identical install.

Debian manpage for debconf-set-selections.

cdoublev
  • 103
  • 3
Jonathan Jacobson
  • 111