How do you make all updates fully automated? (17.04)



Preferably in a pseudo-safe way.

An autoremove beforehand is necessary due to this multi-year bug.

I currently have set “check and install” the “security updates” – but the update manager will still popup for other updates. Old kernels still pile up in /boot unless a manual autoremove is run. Again, I’d like no interaction with the update manager and autocleaning the old kernels to prevent /boot from overflowing.

I took a look at this guide…is it really just a matter of uncommenting “updates” and “backports”?

Unattended Upgrades - Runs twice daily at different times instead of once daily at a specific time?

Well I just followed the instructions in the linked guide and hope that’s that. Uncommented “updates” and “backports” -> saved. Then modified /etc/apt/apt.conf.d/20auto-upgrades to include those 4 lines. I didn’t understand this since the following location doesn’t point to anything:

Didn’t install or issue the dpkg-reconfigure command as suggested in other places 1. because it’s already installed and 2. the file /etc/apt/apt.conf.d/20auto-upgrades already exists. There’s some other curious files in the folder /etc/apt/apt.conf.d/ – one is an autoremove config file that I believe still preserves firmware images in /boot (versus straight linux kernel or linux-header images) which may yet require modifying to get everything cleaned.


You know, I had a funny feeling this package would eventually break and choke off further updates…

~$ sudo apt update && sudo apt upgrade
E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem.
~$ sudo dpkg --configure -a
dpkg: error processing package unattended-upgrades (--configure):
 package is in a very bad inconsistent state; you should
 reinstall it before attempting configuration
~$ sudo apt install unattended-upgrades
~$ I totally forgot the "--reinstall" option above but it seemed to install to the latest version anyway?

Could an update to the package unattended-upgrades…break the update process itself?


Tinkering with this process again, it’s interesting to see that:
sudo apt install --reinstall unattended-upgrades
…doesn’t actually remove config files in /ect.

Also, mfw I realize that autoclean != autoremove: 🤦

edit (27-Oct): the below section of this post has been cleaned up by @brian-murray – thanks. Read on if you want, but just know (it’s my understanding) that the package (in versions 16.04+) will clean up the kernels by default if “things get too large” – that’s pretty much of the gist of it. You can stop reading here. :relaxed:

I found a “RemoveOldKernels” guide that is in need of better editing, especially in the “Automatic Maintenance” section: – take a look at the latest 9/14 edit:

> Option for Ubuntu 16.04 and Later

> Unattended-upgrades version 0.90 supports new configuration variable that makes it possible to automatically remove only packages that become excessive during unattended upgrade. It is enabled i.e. “true” by default, so make sure there is NO line

> Unattended-Upgrade::Remove-New-Unused-Dependencies "false"

> and NO line

> Unattended-Upgrade::Remove-Unused-Dependencies "true";

> in /etc/apt/apt.conf.d/50unattended-upgrades, if you want to remove only new unused dependencies automatically after unattended upgrades.

…um, yeah. Can anyone make sense of this? What exactly is the “new configuration variable” referenced? “Remove-New-Unused-Dependencies” isn’t listed in the config file by default so what is the editor trying to say?:


Looks like I was wrong about this assertion and manual cleaning of /boot is still required. Apparently it’s “fixed in bionic” so let’s hope this nearly 4 year-old bug is finally resolved.