Ubuntu upgrades / unattended upgrades
Apologies if this is a bit off topic for this channel - if anyone knows a good linux discord server I'll happily ask there! š
If not though: - I've started serving sites from ubuntu on digital ocean droplets. I'm using
unattended-upgrades, and it seems to be running:
and it has upgraded something today (I think): -rw-r--r-- 1 root root 0 Mar 21 06:14 unattended-upgrades-stamp
but logging into the server today shows:
I'm really new to linux, especially from the cli, but from reading, shouldn't those security updates be handled? The lines in /etc/apt/apt.conf.d/50unattended-upgrades under Unattended-Upgrade::Allowed-Origins with -security in them are uncommented š¤·āāļø
I feel a bit overwhelmed/worried about messing this up, given that I too frequently mess up my development environment with upgrades š
As for the other non-security updates, should I just cross my fingers and run sudo apt upgrade?
Sorry if this is a bit rambling, sums up my knowledge on this!12 Replies
Only the lines with "security"? Do you have
"${distro_id}:${distro_codename}"; commented out?
It may be that some of those packages require non-security dependencies and is not allowing them to install.
Also, you can just run sudo apt upgrade and read the list of updates without accepting them. More often than not you'd still want to install them, but take a note to see if any of those should've been installed in the first place. It may not be obvious right now but it's good to get used to seeing these names, and perhaps useful in case you need to report a bug or somethingSorry @joao6246, I don't know how I missed this! Thanks for the reply though š
Anyway, nah, that line is uncommented:
Just logged in again:
At least this time that's just for additional paid-for security updates.
Is my best bet just to have a duplicate/dev server running and just apply updates there to see if they break the server? I'd like to start replicating this for different websites, but it seems pretty brittle :/
You know, I'm not entirely sure either. I have to run the upgrade command manually from time to time as well (which personally I prefer since it gives me the chance to review what's being installed/updated). It may very well be that something being installed has dependencies that need manual intervention?
But, I rarely I skip any updates regardless of this and never had any issues in terms of stability. Unless you know or suspect that something like this will pose a stability issue to your sites, having secondary staging server may be overkill. You may have other reasons why having that setup may be a good idea though, for example as staging ground for upcoming updates to some of the sites you have, etc., but that's up to you.
If you run
apt list --upgradable do you see anything that stands out as not security related?Well that's good to know about the chances of updates breaking my sites. I guess because I'm new to linux I'm confusing OS updates with updates to npm packages (that frequently break my builds) š
Anyway, another 5 'standard security updates' just popped up. Here's the list showing that it's mainly vim this time:
The whole point of distributions like Debian and Ubuntu is that they are very stable. You will not get the latest packages out of the default repositories precisely because of this, which is both good and bad depending on how you look at it (good for stability, bad for latest and greatest features of packages). In production servers, I prefer stability but on my local machine I have what's known as a "rolling distribution" which is the opposite: frequent updates with latest patches that from time to time do break things.
nice one, thanks š
I actually got the same, the only ones that show for me are
vim and xdd as manual updates (I'm running Ubuntu 20.04 still so that may explain the difference). vim is just a text editor and xxd if I'm not mistaken it's used for debugging? I'm not sure never really used it. So there's not security involved there (unless nothing that I would consider critical).
The other dependencies looks more "critical" in the sense that are much more involved and used by other programs in the background, but again they may be minor updates not directly related to security.
In short, I would not worry too much about it š
I guess because I'm new to linux I'm confusing OS updates with updates to npm packages (that frequently break my builds) šI missed this part actually. When it comes to updating your app, that may be a good reason to have a separate environment where you test these updates. One thing that may pose an issue here is if you are running Node.js version 16.x but you just updated some package that uses a feature only available on Node 18.x, for example. So yeah, it's important to keep track of these things to understand what causes compatibility and security issues. If you are using Docker this can be handled much better because you can use containers with very specific package versions running, as needed. But that's a whole other topic and you'd still have to watch out for OS-level updates anyway.
Yeah, but I'm skilled at breaking my node apps XD
Not so much with Linux (which is why it worries me more)
But god, yeah I'm going to have to look into a Docker/k8, because there's no way I'm manually updating each site I make, especially given that i'll probably be dealing with older dev environments. There has to be a better way!
Unknown Userā¢15mo ago
Message Not Public
Sign In & Join Server To View
@zoetsullivan nah I didn't i'm afraid. when i do i'll try to remember to pop it in here
@zoetsullivan @NickW I missed the first line where you asked for linux discord servers š But you can try these ones:
https://discord.gg/machine-701530051140780102
https://discord.gg/engineerman
Ah nice, thanks @joao6246