A Linux OS is a collection of multiple packages interlinked in a very complex network. These packages offer all the necessary files and binaries that make up the operating system. These packages need regular updates. It may be security patches, bug fixes, or feature improvements. As such, it is critical to keep all the packages up-to-date.
The Debian system uses an apt package manager to manage packages. These package updates are made available from the official Debian packages repo. Additionally, apt can also work perfectly with third-party repos. Nevertheless, it entirely depends on you to determine whether the third-party repo is trustworthy and updating their packages.
How to keep your Debian system up-to-date
One of the critical and most probably the first rules in computer security is to keep your servers updated to the latest security patches at all times. Debian system offers a delightful and pretty easy mechanism to carry this out. It presents both the automatic and manual ways to execute the update process. However, there have been concerns on whether it is best to update the Debian system automatically or manually. In case you have been in this dilemma for a while, here are our recommendations:
Manual vs. automatic Debian updates
For users who are using the test version of Debian on live servers, try this out:
- If you are running a single server, you are in the best position to run the automatic update. Why? You may ask. This is because even if there occurs an issue with an update, you will not have the opportunity to see this on another running server, and fixing an error you don’t see is something nearly impossible. As such, it is advised to automate the updates.
- We suggest updating this manually if you are running more servers (comparable ones). Why? Suppose there is an issue with some update. In that case, you can save yourself some precious time not to solve the problem introduced by the update on many servers by manually updating the test version, which will auto-update the other servers.
In instances where you are utilizing the stable version of Debian, try this out:
- In this event, we recommend automatic updates. This is because the stable branch is super reliable, and you should not see any arising issues caused by the updates.
Interestingly, you need not worry about carrying out automatic or manual updates since this article will have them covered exhaustively.
Ways to keep your Debian system up-to-date
There are four approaches to keeping your Debian system up-to-date. Ride along with us as we cover each of them in detail:
- Aptitude
- Apt-get
- Mirror
- Automatic updates
Note that updating packages require root permission. To perform the following actions, you need access to the root user. To login as the root user, type in the following command:
su
After that, you will be asked to input your password. Here key in your PC’s password, and you should access the root terminal as shown below:
root user
Method 1: Aptitude
One is aptitude, a recommended package manager for Debian GNU/Linux systems. But before using aptitude, you first need to install it as it does not come installed by default.
First things first, before installing this package manager on your Debian system, you need to update your server.
Step 1: Update server
It is always advocated to update your system whenever you install a new package. This is because the daily update of your server syncs the version of the installed package with the latest stable release on the configured Debian Repo.
Run this command to update the packages:
apt update
apt update
Step 2: Install aptitude package
Next step, we will install the aptitude package using either of the following commands:
apt install aptitude -y
or
apt-get install aptitude -y
install aptitude
Step 3: Using the aptitude command
Now, it is time to test the aptitude package manager we installed. For instance, let us use the package to update our Debian system. To do this, run the following command:
aptitude update
aptitude update
As you can see, the command runs without encountering any issue, which is excellent.
We can also run a system upgrade using aptitude as shown below:
aptitude full-upgrade
aptitude full-upgrade
If you are asked to affirm your decision to proceed, we suggest you answer by typing “Y” or “y,” and your system will be updated and upgraded sequentially.
After updating your Debian machine, the key point is that you don’t have to keep all those .deb archive files on your disk. As such, you can eliminate them from your system by running the following command:
aptitude clean
aptitude clean
Note: In case you encounter an issue updating your system using aptitude, we suggest switching to apt-get instead since aptitude is not a recommended tool to carry out upgrades from one Debian GNU/Linux release to another. You can take a tour through the Release Notes for better comprehension. These release notes explain in detail the recommended steps for upgrades from previous releases and known issues you should note before upgrading.
Method 2: Using APT to update your Debian system
An alternative to aptitude is apt-get which is an APT-based command-line tool. This package is meant for handling packages by providing a simple way to install and upgrade packages.
Checking updates
To run a check for updates using apt, open up the terminal and run the following command:
sudo apt update
update system
This apt package manager will spontaneously download any available updates and check for dependencies. If it notices that any configuration files have changed, it will request an action to either keep your old modified version or install the package default one. If you have not altered or modified the configuration file, this will be carried out automatically.
To check the list of available packages to be updated, you can run the following command:
apt list --upgradable
listing
Note: You can notice that there are no packages to be upgraded, which may not be the case in your instance. If you find packages that need an upgrade on your system, proceed to the next step.
Upgrading packages
To proceed to this step, you should have seen the packages that need to be upgraded after running the apt list –upgradable command. As such, the apt-cache is updated with the current version of the package catalog. With that said, let us now install them.
In case you want to upgrade a specific package, you can run your command in line with this syntax:
sudo apt --only-upgrade install <package_name>
Here, APT will only upgrade the specified package and leave the rest.
But if you want to upgrade all the packages at a go, then run the following command instead:
sudo apt upgrade
upgrade the system
This command directs the apt package manager to download and upgrade all the available package updates
Note: Before downloading and upgrading any packages, apt will ask you to affirm the continuation of the action by typing in “y” or “Y.” In case you don’t want to be asked for confirmation each time, you can append the flag “-y” to your command as displayed below:
sudo apt upgrade -y
upgrade command
Updating APT cache and upgrading its packages simultaneously
Rather than carrying out these procedures one at a time, we can merge them in a single command. If you run the bash shell, the subsequent command will cross-check for package updates and upgrade packages simultaneously.
sudo apt update && sudo apt upgrade -y
simultaneous update and upgrade
In the above command, the symbol && merges the update and upgrade commands together. So to say, it is typically a logical AND operator.
Please take note that when you finally install the packages your system requires, they will remain in your /var directory hierarchy. As such, you need to delete them to prevent your partition from overflowing. To attain this, run the following command:
sudo apt-get clean
get clean
After that, run the auto-clean command:
sudo apt-get autoclean
auto-clean
If you cannot delete the files, you can move them elsewhere.
Method 3: Using mirrors
This is the third method of keeping your Debian system up to date. In addition, this Perl script and its optional mirror-master program can be utilized in fetching user-specified parts of a directory tree from a particular host through anonymous FTP.
A mirror is specifically helpful for downloading vast volumes of software. This software does that after the first time files have been downloaded from a site, a file called .mirrorinfo is stored on the localhost. After that, changes to the remote file system are tracked automatically by a mirror, which compares this file to a look-alike file on the remote system and then downloads only the changed files.
This program is essential for updating local copies of remote directories trees. The files don’t necessarily need to be Debian-based since the mirror is a Perl script. It can also run on non-Unix systems. Even though the mirror program gives mechanisms for excluding files with names corresponding to user-specified strings, this program is super significant when the aim is to download whole directory trees instead of selected packages.
You can look at this link to study more on Debian’s archive mirror.
Method 4: Automatic Debian update
So far, we have only updated our Debian system manually. Nevertheless, manual updating may be inconvenient in one way or another, not to mention a professional environment where you might need to manage multiple remote servers simultaneously. Hence making the manual update a tedious process to keep up with.
You might use Ansible to carry out the manual update of the Debian system once but running it manually at regular intervals is practically challenging. And this is where unattended-upgrades come to play. This package will automatically run a background check, and download package updates whenever available. However, it will not just fire up and run without a few tweaks and configurations.
First, we will install the package. So, open up your terminal, update the apt-cache, and install the package using the following command:
sudo apt update && sudo apt install unattended-upgrades
unattended-upgrades
Next up, we need to modify the apt config file for unattended-upgrades. To do this, open the text editor using the following command:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrade
nano editor command
After that, uncomment the following lines on the config file. This will tell the tool to automate the update process.
$ "origin=Debian,codename=${distro_codename}-updates";
$ "origin=Debian,codename=${distro_codename}-proposed-updates";
$ "origin=Debian,codename=${distro_codename},label=Debian";
$ "origin=Debian,codename=${distro_codename},label=Debian-Security";
comment lines
Then press “Ctrl+X” then “y” to save and exit the nano editor.
At this point now, the configuration file is updated. So, run the following dpkg configuration command to fire it up:
sudo dpkg-reconfigure --priority=low unattended-upgrades
after successful configuration
A dialog box should appear on the command line after a successful execution.
select yes
Here, select “Yes.” This will, in turn, activate the downloads and updates on Debian. Nevertheless, we need to ensure that it is functioning as intended. To check whether it is operative or not, we will cross-check the service status using the following command:
sudo systemctl status unattended-upgrades.service
active running
To confirm if it is working perfectly, you should see an Active (running) green writing to mean it is in progress.
How to disable automatic updates on Debian
To disable automatic updates on your Debian system, you will have to disable the unattended-upgrades by executing the following command:
sudo dpkg-reconfigure --priority=low unattended-upgrades
The following window requesting whether you want to download and install updates automatically should pop up. After that, use the tab key to select “NO” and press the “Enter” button.
select No
After pressing enter, the nano editor will replace the config file /etc/apt/apt.conf.d/20auto-upgrades with a new version as shown in the snapshot below:
replacing file
Conclusion
Updating Debian is a pretty straightforward task. Debian is a well-maintained project with updated packages directly available from its package servers. All needed is to tell apt/aptitude to do the task. Alternatively, you can use the mirror and automatic methods to carry out the task.
It’s a great practice always to keep your server secure and stable, and due to that, this article has covered the four different ways to keep your Debian system updated. In the end, we also looked at disabling the auto-update functionality. We hope everything went smoothly.