Running automated package updates with Cron

LinuxLove.org's recent post about automatically running apt-get upgrades daily with cron using a simple bash script can be easily done using Cron-Apt package itself.

Please do note that such automated package upgrades in apt based distro's is a very bad idea. Joe had rewritten a detailed account about the problems and security issues involved in Debian-Administration.org few years back.

By default, cron-apt will only download updates -- it will not install them. I know other packages for other distributions like up2date will automatically install the updates for you, but I've learned to like this and that in the long run, automatically installing updates is a Bad Thing. Why? Well when I was experimenting with auto-installs, I ran into problems:

• Even though I told apt to say Yes to everything, it still prompted me for input on config file conflicts (was I doing something wrong?). This caused the script to hang indefinitely in the background until it was killed.
• Auto-accepting configuration changes can ruin your day. With Debian, it's fairly easy to back out of a change and hopefully you have a backup copy of the config file, but that's not the point. Good System Administration means you should never be in that position in the first place. "OK, what if I just deny all configuration changes and leave my copy?", you ask. Well, what if the upgraded program uses new syntax in its config file. Your program is now broke and you're in the exact opposite position as you were with auto-accepting.
• Just as you should always review configuration file changes, always review what packages are being installed. If you know that installing that new version of Samba will mean some extra work in other places, don't install it yet.

Bottom line: Yes, it can be very tedious to manually review each update batch -- especially if you have several servers -- but that is part of your job when you are running a server. Deal with it!