Auto-Update for Ubuntu/Debian


Unattended-upgrades is installed by default most of the time. If not, run this:

sudo apt install unattended-upgrades

sudo systemctl enable --now unattended-upgrades


The default config is mostly good enough. There are some times you may want to tweak it.

The config file is located at /etc/apt/apt.conf.d/50unattended-upgrades

Minimum config:

Unattended-Upgrade::Allowed-Origins {

Block updating a critical service

For example, prevent updates to Mysql or Postgres to avoid unplanned service restarts:

Unattended-Upgrade::Package-Blacklist {

Report failed updates

This configuration will send a email report when an update has an error:

Unattended-Upgrade::Mail "root@localhost";
Unattended-Upgrade::MailReport "only-on-error";

Note that this requires a local mail relay such as postfix set up.