cron-apt installation and configuration for a Debian 11 Bullseye server. It automatically updates the list of available packages, downloads the available upgrades for the installed packages, sends a notification email to the admin, and can also automatically upgrade the system.
- cron-apt vs unattended-upgrades
- Activate notifications
- Configure notifications
- Materials and links
cron-apt vs unattended-upgrades
In Debian based systems, there are two candidates :
unattended-upgrades. The first one is the older, the second one is younger, but already more than 10 years old.
Both are reliable. Both can update the package lists, download the upgrades, notify and install the upgrades. The differences, if any, are more in the last step,
unattended-upgrades tries to guess if a package upgrade will trigger a question, if yes it does not install it, if no, it does.
To make it short,
cron-apt might be server-oriented and
unattended-upgrades workstation oriented. In my case, I’m only interested in the update-download-notify features, not in the automatic installations. I want to manually check the upgrades. Both are good choices, and I chose to use
This article only depends on the Generic machine preparation.
The installation does not ask any question.
apt-get install -y cron-apt
cron-apt does the update and download steps, but nothing else. I activate the email notification plugin to send emails when package upgrades are available. It is possible to activate the unattended-upgrades, but this could break the system if there is a bug in the package. It is better to be notified, and then to read the changelogs and apply the upgrades manually.
cp /usr/share/doc/cron-apt/examples/9-notify /etc/cron-apt/action.d/
cron-apt can send email notifications by himself. It also write a lot in its standard output, which is captured by
cron, logged in logfiles and sent to the administrator. Finally, I’ll install loganalyzers that will analyze logs and send summaries.
All these options can be leveraged to achieve different goals, such as notifying different people through different channels. In my case, the log analyzers will filter out the normal activity and this one is a normal activity, it will not be sent to the administrator. I keep
cron notifications anyway and I configure
cron-apt to send notification only if there are available upgrades.
Thus, in normal activity, I might receive a
cron email only, if something happened, and I’ll be notified by
cron-apt if there are available upgrades.
cat << EOF > /etc/cron-apt/config # Configuration for cron-apt. For further information # about the possible configuration settings see # /usr/share/doc/cron-apt/README.gz. OPTIONS="-o quiet=2" MAILON="output" SYSLOGON="output" MAILTO="root" MINTMPDIRSIZE=10 NOLOCKWARN="" EOF
Let’s run a test. It should be empty, we just installed our server, it is supposed to be up-to-date.
Materials and links