====== パッケージシステムによるソフトウェアの更新 ======

Ubuntu Linuxを採用していますので、apt-get コマンドによりパッケージを最新の状態に保つことが可能です。

\\

===== 手作業でのパッケージの更新 =====

"apt-get update" により、パッケージデータベースを最新に更新します。

<code>
user1@plum:~$ sudo apt-get update
[sudo] password for user1: 
Ign http://ports.ubuntu.com saucy InRelease
Ign http://ports.ubuntu.com saucy-updates InRelease
Ign http://ports.ubuntu.com saucy-security InRelease
Hit http://ports.ubuntu.com saucy Release.gpg
Get:1 http://ports.ubuntu.com saucy-updates Release.gpg [933 B]
Get:2 http://ports.ubuntu.com saucy-security Release.gpg [933 B]
Hit http://ports.ubuntu.com saucy Release
Get:3 http://ports.ubuntu.com saucy-updates Release [49.6 kB]
Get:4 http://ports.ubuntu.com saucy-security Release [49.6 kB]
Hit http://ports.ubuntu.com saucy/main armhf Packages
Hit http://ports.ubuntu.com saucy/restricted armhf Packages
Hit http://ports.ubuntu.com saucy/universe armhf Packages
Hit http://ports.ubuntu.com saucy/main Translation-en
Hit http://ports.ubuntu.com saucy/restricted Translation-en
Hit http://ports.ubuntu.com saucy/universe Translation-en
Get:5 http://ports.ubuntu.com saucy-updates/main armhf Packages [217 kB]
Get:6 http://ports.ubuntu.com saucy-updates/restricted armhf Packages [14 B]                                 
Get:7 http://ports.ubuntu.com saucy-updates/universe armhf Packages [148 kB]                                 
Hit http://ports.ubuntu.com saucy-updates/main Translation-en                                                
Hit http://ports.ubuntu.com saucy-updates/restricted Translation-en                                          
Hit http://ports.ubuntu.com saucy-updates/universe Translation-en                                            
Get:8 http://ports.ubuntu.com saucy-security/main armhf Packages [107 kB]                                    
Get:9 http://ports.ubuntu.com saucy-security/restricted armhf Packages [14 B]                                
Get:10 http://ports.ubuntu.com saucy-security/universe armhf Packages [33.4 kB]                              
Hit http://ports.ubuntu.com saucy-security/main Translation-en                                               
Hit http://ports.ubuntu.com saucy-security/restricted Translation-en                                         
Hit http://ports.ubuntu.com saucy-security/universe Translation-en                                           
Fetched 607 kB in 11s (54.5 kB/s)                                                                            
Reading package lists... Done
user1@plum:~$ 
</code>

\\

"apt-get upgrade" により、更新されたパッケージがある場合、最新状態に更新します。

<code>
user1@plum:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be upgraded:
  nginx-common nginx-light
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 250 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? 
Get:1 http://ports.ubuntu.com/ubuntu-ports/ saucy-updates/universe nginx-common all 1.4.1-3ubuntu1.3 [16.9 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports/ saucy-updates/universe nginx-light armhf 1.4.1-3ubuntu1.3 [233 kB]
Fetched 250 kB in 2s (93.5 kB/s)      
(Reading database ... 19200 files and directories currently installed.)
Preparing to replace nginx-common 1.4.1-3ubuntu1.2 (using .../nginx-common_1.4.1-3ubuntu1.3_all.deb) ...
Unpacking replacement nginx-common ...
Preparing to replace nginx-light 1.4.1-3ubuntu1.2 (using .../nginx-light_1.4.1-3ubuntu1.3_armhf.deb) ...
Unpacking replacement nginx-light ...
Processing triggers for ufw ...
Processing triggers for ureadahead ...
Setting up nginx-common (1.4.1-3ubuntu1.3) ...
Setting up nginx-light (1.4.1-3ubuntu1.3) ...
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB

Total disk space freed by localepurge: 0 KiB

user1@plum:~$ 
</code>

\\

===== 自動アップデートの設定 =====

装置が手元にある場合や、運用している台数が少ない場合には、上記の手作業でのアップデートでも問題はないのですが、\\
  * 装置が遠隔地に設置されている
  * 運用している台数が多く、手作業でいちいち作業をしていられない
といった場合、自動でアップデートする設定ができると便利です。\\
自動でアップデートを行うための設定方法を紹介します。


\\

==== 自動アップデートツールの設定 ====

"unattended-upgrades" パッケージがインストールされています。

<code>
user1@plum:~$ sudo dpkg -l unattended-upgrades
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                  Version         Architecture    Description
+++-=====================-===============-===============-================================================
ii  unattended-upgrades   0.79.3ubuntu8   all             automatic installation of security upgrades
user1@plum:~$ 
</code>

設定はデフォルトのまま、セキュリティアップデートのみ自動で適用される設定になっています。

<code>
user1@plum:~$ cat /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
	"${distro_id}:${distro_codename}-security";
//	"${distro_id}:${distro_codename}-updates";
//	"${distro_id}:${distro_codename}-proposed";
//	"${distro_id}:${distro_codename}-backports";
};

// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//	"vim";
//	"libc6";
//	"libc6-dev";
//	"libc6-i686";
};

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run 
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "false";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
//Unattended-Upgrade::InstallOnShutdown "true";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
//Unattended-Upgrade::Mail "root";

// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";

// Automatically reboot *WITHOUT CONFIRMATION* if a 
// the file /var/run/reboot-required is found after the upgrade 
//Unattended-Upgrade::Automatic-Reboot "false";


// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
user1@plum:~$
</code>

\\

このパッケージを入れただけでは、自動アップデートは有効にはなりません。\\
下記コマンドの実行により、有効化することができます。

<code>
user1@plum:~$ sudo dpkg-reconfigure -plow unattended-upgrades
</code>

{{:mae3xx_ope:package_update:auto-update_00.png?640|}}

<Yes> を選択します。

{{:mae3xx_ope:package_update:auto-update_01.png?640|}}

<code>
user1@plum:~$ sudo dpkg-reconfigure -plow unattended-upgrades

Creating config file /etc/apt/apt.conf.d/20auto-upgrades with new version
user1@plum:~$ cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
user1@plum:~$ 
</code>

これで設定が有効になりました。

詳細については、[[https://help.ubuntu.com/13.10/serverguide/automatic-updates.html|Automatic Updates]] を参照してください。