new_page

docs/debian/apt/unattended-upgrade.md

@@ -0,0 +1,218 @@
+# unattended-upgrade
+
+
+<https://wiki.debian.org/UnattendedUpgrades>
+
+
+le programme est **unattended-upgrade**, l'orthographe est un s final est parfois utilisée, mais ce n'est 
+qu'un lien sur /usr/bin/unattended-upgrade  
+le man est unattended-upgrade  
+le paquet comporte un S final :(  
+le fichier de config comporte un S final  
+
+```shell
+apt install unattended-upgrades
+```
+
+## configuration 
+
+`/etc/apt/apt.conf.d/50unattended-upgrades`  
+extrait config, exemple:  
+
+```text
+Unattended-Upgrade::Origins-Pattern {
+
+	// Suivi du codename (stretch,buster,sid):
+		//\\ complété pour info(tous les champs ne sont pas requis à partir du moment 
+		//\\ ou un dépôt est identifiables sans confusion
+
+	"o=Debian,n=stretch,l=Debian,c=main contrib non-free";
+	"o=Debian,n=stretch-updates,l=Debian,c=main contrib non-free";
+	"o=Debian,n=stretch,l=Debian-Security,c=main contrib non-free";
+
+	// Suivi d'une archive (suite) (stable,testing,unstable):
+	// Attention cela fera une migration silencieuse lors d'une nouvelle version Debian
+
+//	"o=Debian,a=stable";
+//	"o=Debian,a=stable-updates";
+//	"o=Debian,a=proposed-updates";
+
+	//\\exemples autres syntaxes possibles
+
+//	"origin=Debian,codename=${distro_codename},label=Debian-Security";
+//	"origin=Debian,archive=stable,label=Debian-Security,component=main contrib non-free,site=deb.debian.org";
+//	"origin=Debian,codename=stretch,label=Debian,component=main contrib non-free,site=deb.debian.org";
+
+
+	//\\ TESTING
+//	"o=Debian,a=testing,l=Debian,c=main contrib non-free";
+
+};
+```
+
+configuration personnalisée:
+
+```text
+Unattended-Upgrade::MinimalSteps "true";
+Unattended-Upgrade::Mail "root";
+Unattended-Upgrade::MailOnlyOnError "true";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::Automatic-Reboot "false";
+Unattended-Upgrade::Automatic-Reboot-WithUsers "false";
+Unattended-Upgrade::SyslogEnable "true"; 
+```
+
+## test
+
+simuler pour test, visualisation des erreurs, pas d'ugrade réel
+
+```shell
+unattended-upgrade -d
+```
+
+## activation 
+
+
+```shell
+dpkg-reconfigure -plow unattended-upgrades
+```
+
+cela crée et configure le fichier `/etc/apt/apt.conf.d/20auto-upgrades` avec les lignes permettant la mise 
+à jour automatique:
+
+```text
+	//  apt ugrade
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+```
+les options APT::Periodic configurent les actions périodiques du script 
+/usr/lib/apt/apt.systemd.daily
+
+pour les anciennes config(?), ces options peuvent être mises dans /etc/apt/apt.conf.d/02periodic
+
+
+	## ///\\\ FIN INSTALLATION ///\\\ ###
+
+
+## options configs APT
+
+```text
+APT::Periodic::Enable "1";
+	// Enable the update/upgrade script (0=disable)
+
+APT::Periodic::BackupArchiveInterval "0";
+	// Backup after n-days if archive contents changed.(0=disable)
+
+APT::Periodic::BackupLevel "3";
+	// Backup level.(0=disable), 1 is invalid.
+
+Dir::Cache::Backup "backup/";
+	// Set periodic package backup directory
+
+APT::Archives::MaxAge "0"; (old, deprecated)
+APT::Periodic::MaxAge "0"; (new)
+	// Set maximum allowed age of a cache package file. If a cache 
+	// package file is older it is deleted (0=disable)
+
+APT::Archives::MinAge "2"; (old, deprecated)
+APT::Periodic::MinAge "2"; (new)
+	// Set minimum age of a package file. If a file is younger it
+	// will not be deleted (0=disable). Useful to prevent races
+	// and to keep backups of the packages for emergency.
+
+APT::Archives::MaxSize "0"; (old, deprecated)
+APT::Periodic::MaxSize "0"; (new)
+	// Set maximum size of the cache in MB (0=disable). If the cache
+	// is bigger, cached package files are deleted until the size
+	// requirement is met (the oldest packages will be deleted first).
+
+APT::Periodic::Update-Package-Lists "0";
+	// Do "apt-get update" automatically every n-days (0=disable)
+
+APT::Periodic::Download-Upgradeable-Packages "0";
+	// Do "apt-get upgrade --download-only" every n-days (0=disable)
+
+APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";
+	// Use debdelta-upgrade to download updates if available (0=disable)
+
+APT::Periodic::Unattended-Upgrade "0";
+	// Run the "unattended-upgrade" upgrade script every n-days (0=disabled)
+	//	Requires the package "unattended-upgrades" and will write
+	//	a log in /var/log/unattended-upgrades
+
+APT::Periodic::AutocleanInterval "0";
+	// Do "apt-get autoclean" every n-days (0=disable)
+
+APT::Periodic::CleanInterval "0";
+	// Do "apt-get clean" every n-days (0=disable)
+
+APT::Periodic::Verbose "0";
+	// Send report mail to root
+	//	0:  no report             (or null string)
+	//	1:  progress report       (actually any string)
+	//	2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
+	//	3:  + trace on            
+```
+
+       
+## config apt du système
+
+```shell
+apt-config dump | less
+```
+
+
+PB stretch 9.2?? (à confirmer)
+
+* pas de fichier /etc/apt/apt.conf.d/02periodic
+* donc pas de APT::Periodic::Enable "1";
+
+```shell
+apt-config dump | grep 'APT::Periodic' 
+```
+* PAS de valeur APT::Periodic::Enable "1";
+
+mais:
+```shell
+AutoAptEnable=1
+eval $(apt-config shell AutoAptEnable APT::Periodic::Enable)
+[ $? ] && echo ok || echo KO
+	>ok
+```
+Testing
+
+* unattended-upgrades est installé avec gnome
+* /etc/apt/apt.conf.d/20auto-upgrades existant
+* /etc/apt/apt.conf.d/50unattended-upgrades existant
+* pas de APT::Periodic::Enable "1";
+
+
+## suivi
+
+fichier logs:
+```text
+ /var/log/unattended-upgrades/unattended-upgrades.log
+ /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
+ /var/log/dpkg.log
+```
+
+## système
+
+```shell
+status apt-daily
+systemctl status apt-daily.timer
+```
+script, actions périodiques:
+/usr/lib/apt/apt.systemd.daily
+
+Remarque, le timer de systemd? ou du script apt.systemd.daily est crade, l'intervalle
+entre deux lancements de apt-daily varie entre 3h et 10h
+
+A Faire:
+basculer le script en cron.daily bien clair et précis
+
+A voir:
+/etc/cron.daily/apt-compat
+
+
+Aucun paquet à mettre à niveau automatiquement ni à supprimer automatiquement

mkdocs.yml

@@ -13,6 +13,8 @@ copyright: LPRAB/WTFPL
 pages:
   - home: "index.md"
   - debian:
+    - apt:
+      - unattended-upgrade: debian/apt/unattended-upgrade.md
     - grub:
       - grub-azerty: debian/grub/azerty-grub.md
       - grub-rescue boot: debian/grub/boot-grub-rescue.md