Linux Updates: Command Line Guide
Updating your Linux system is one of the most important things you can do to keep it secure, stable and running well. With updates, you can patch vulnerabilities, fix bugs and access new features.
This article covers updating via the command line, automating updates for different distros, troubleshooting common issues and kernel updates to keep your system secure and stable.
Table of Contents
TL;DR
– Updates are essential for security and performance of your Linux system.
– Common commands are apt update, apt upgrade, dnf update, pacman -Syu depending on your distro.
– Automating with unattended-upgrades and scheduling with Cron jobs minimizes manual intervention.
What does the Linux update command do?
When you run the update command, it synchronizes the package index files from the sources defined in /etc/apt/sources.list
or /etc/apt/sources.list.d/
for Debian/Ubuntu, /etc/yum.repos.d/
for Red Hat/Fedora, and /etc/pacman.conf
for Arch Linux.
This ensures your system has the most recent information about available packages and their versions.
In Arch Linux, use sudo pacman -Syy
to force a full database sync, which can be necessary if there are discrepancies.
In Red Hat/Fedora, the equivalent command is sudo dnf makecache
, which updates the metadata cache from enabled repositories. However, the dnf package manager automatically refreshes the metadata when you run commands like sudo dnf update
or sudo dnf upgrade
. So there’s usually no need to run dnf makecache
manually unless you want to pre-download the metadata for offline or faster subsequent operations. By default, DNF also checks for updated metadata every 90 minutes. This interval is configured in /etc/dnf/dnf.conf
with the metadata_timer_sync option.
Note that these commands (sudo apt update
, sudo dnf makecache
, and sudo pacman -Syy
) do not install or upgrade any packages.
For Debian, Ubuntu, Arch Linux, and their derivatives, this is important to do before any upgrades, as it ensures you are working with the latest package information, even if you’re dealing with the so-called “black sheep” of Linux distributions, Arch Linux. Ha!
What does the Linux upgrade command do?
The upgrade command installs newer versions of the packages currently installed on your system based on the updated package index.
On Debian/Ubuntu, running sudo apt upgrade
fetches the latest package versions without removing any existing packages.
For Red Hat/Fedora, the equivalent is sudo dnf upgrade
, which updates all installed packages to the latest versions available from enabled repositories.
In Arch Linux, sudo pacman -Syu
performs a full system upgrade, synchronizing the package databases and updating all installed packages.
Why Installing Linux Updates is important?
Keeping software up to date is crucial for any Linux system. Updates patch vulnerabilities, fix bugs and improve system performance.
Not updating your system leaves it open to security risks, compatibility issues and system instability. By including update checks in your routine, you’ll protect your system and keep it running at its best.
Guide to Linux Command Line Updates
The command line is the most precise and efficient way to manage updates. Here are the common commands for different Linux distributions:
– Debian/Ubuntu:
sudo apt update && sudo apt upgrade
This will update the package list and apply any available upgrades. The sudo apt full-upgrade
command on Debian-based systems can handle complex dependencies during upgrades, it’s a powerful tool for full upgrades.
Note: apt is a new command introduced in Ubuntu 16.04, it’s more user-friendly than apt-get.
– Red Hat/Fedora:
sudo dnf update
This will update the package list and install the latest versions of installed packages.
– Arch Linux:
sudo pacman -Syu
This will synchronize the package databases and upgrade the system.
Automating Linux Updates
Automation is a great way to go to keep your Linux systems up to date without manual intervention.
Using unattended-upgrades for Automatic Updates on Debian/Ubuntu
The unattended-upgrades package will automatically install critical updates:
sudo apt install unattended-upgrades
You can configure it by editing the /etc/apt/apt.conf.d/50unattended-upgrades file to specify what updates should be installed automatically. This is very useful for servers that need to be up 24/7 as it minimizes the chance of missing security patches.
Also read: How to Enable Unattended Upgrades on Ubuntu/Debian
Automating Updates on Fedora and Arch Linux
For Fedora and Arch Linux users, there are equivalent tools and methods to achieve automatic updates, similar to unattended-upgrades
on Debian-based systems.
Red Hat/Fedora: Using DNF Automatic
Fedora uses dnf
as its package manager, and DNF Automatic handles unattended updates.
- Install DNF Automatic:
sudo dnf install dnf-automatic
- Configure DNF Automatic:
Edit the configuration file at/etc/dnf/automatic.conf
:
– Enable automatic updates by setting:[commands] upgrade_type = default apply_updates = yes
– Optionally, configure email notifications in the
[emitters]
section. - Enable the Service:
Start the systemd service to schedule updates automatically:sudo systemctl enable --now dnf-automatic.timer
This setup ensures that your Fedora system checks for updates and applies them regularly.
Arch Linux: Using Pacman with a Systemd Timer
Arch Linux does not have a direct equivalent like unattended-upgrades
, but you can automate updates with a custom systemd service and timer.
- Create an Update Script:
sudo nano /usr/local/bin/auto-pacman-update.sh
Add the following lines:
#!/bin/bash sudo pacman -Syu --noconfirm
Make the script executable:
sudo chmod +x /usr/local/bin/auto-pacman-update.sh
- Create a Systemd Service:
sudo nano /etc/systemd/system/auto-pacman-update.service
Configure the service:
[Unit] Description=Automatic Pacman Updates [Service] Type=oneshot ExecStart=/usr/local/bin/auto-pacman-update.sh
- Create a Systemd Timer:
sudo nano /etc/systemd/system/auto-pacman-update.timer
Set it to run daily:
[Unit] Description=Run automatic Pacman updates daily [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=timers.target
- Enable the Timer:
sudo systemctl enable --now auto-pacman-update.timer
This setup will keep your Arch Linux system updated daily without manual input.
Scheduling Linux Updates with Cron jobs
Cron jobs allow you to automate updates by setting a specific time for them to run. Here’s how:
- Create a script for updates:
#!/bin/bash
sudo apt update && sudo apt upgrade -y
- Arch Linux: Using Pacman with a Systemd Timer
0 2 * /path/to/update-script.sh
This will run the update script daily at 2 AM, so you won’t have to check manually.
Troubleshooting Common Linux Update Issues
Even with regular updates, problems can occur. Here are solutions to common issues across Debian/Ubuntu, Red Hat/Fedora, and Arch Linux systems:
1. Broken Package Error
– Debian/Ubuntu:
sudo apt --fix-broken install
Or:
sudo dpkg --configure -a
– Red Hat/Fedora:
sudo dnf check sudo dnf clean all sudo dnf upgrade --refresh
These commands will check for broken packages, clean the cache, and attempt to fix any issues during the upgrade.
– Arch Linux:
sudo pacman -Syu --overwrite '*'
If the error persists, use:
sudo pacman -Syyu
This forces a database refresh and attempts to resolve any broken packages.
2. GPG Key Error
When encountering GPG key errors:
– Ubuntu:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEYID>
– Debian:
sudo apt-key adv --keyserver keyring.debian.org --recv-keys <KEYID>
These commands retrieve the missing GPG key needed for package authentication using the correct keyserver for each distribution.
– Red Hat/Fedora:
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-<version>
Or manually add the key from the package source:
sudo dnf install fedora-gpg-keys
– Arch Linux:
sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman -Syu
This reinitializes and populates the keyring, then updates the system.
3. Update Process Hangs or Fails
– Debian/Ubuntu:
sudo killall apt-get sudo rm /var/lib/apt/lists/lock sudo rm /var/cache/apt/archives/lock sudo apt update
– Red Hat/Fedora:
sudo rm -f /var/run/dnf.lock sudo dnf clean all sudo dnf makecache
– Arch Linux:
sudo rm -f /var/lib/pacman/db.lck sudo pacman -Syu
This removes the lock file and allows you to retry the update process.
Linux Kernel Updates
Keeping your Linux kernel updated is vital for system security and performance across all distributions.
Checking the Current Kernel Version
Use the following command on any Linux distribution to check your current kernel version:
uname -r
Installing New Kernel Versions
Updating the kernel manually is straightforward and varies slightly by distribution:
– Debian/Ubuntu:
sudo apt install linux-generic
This installs the latest generic kernel available in the repository.
– Red Hat/Fedora:
sudo dnf upgrade kernel
For Fedora, this updates the kernel to the latest version in the system’s repository.
– Arch Linux:
sudo pacman -S linux
This command installs the latest stable kernel available in the Arch repository.
Advanced Kernel Management
For Ubuntu users, advanced kernel management can be done using tools like Mainline, which allows selecting specific kernels beyond what’s available in the default repository:
sudo add-apt-repository ppa:cappelikan/ppa sudo apt update sudo apt install mainline
For Debian, it’s recommended to avoid using PPAs, as they can introduce instability. Instead, use the default repositories and the linux-image-amd64
metapackage for kernel updates:
sudo apt install linux-image-amd64
This approach provides a stable way to update the kernel without relying on external sources.
– Red Hat/Fedora:
Use the ELRepo repository for custom kernels:
sudo dnf install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm sudo dnf --enablerepo=elrepo-kernel install kernel-ml
This installs the latest mainline kernel from the ELRepo repository.
– Arch Linux:
Install a specific kernel using the AUR or a custom package:
sudo pacman -S linux-lts
This installs the Long-Term Support (LTS) kernel, providing a stable alternative.
Also read: Quick Tips for a more stable Arch Linux experience
Tip: Always test new kernel versions in a staging environment before deploying them to production systems to avoid potential issues.
Downgrading to a Previous Kernel
If a new kernel causes stability problems, you can revert to an older kernel:
- Debian/Ubuntu:
Reboot and hold the Shift key during startup to access the GRUB menu, then select a previous kernel version. - Red Hat/Fedora:
Reboot and press Esc during startup to enter the GRUB menu, then choose an older kernel version from the list. - Arch Linux:
Reboot and press Esc or Shift to access the GRUB menu, allowing you to select a different kernel.
This method lets you resolve stability issues without performing a full rollback of your system.
Graphical Tools for Managing Linux Updates
While command-line tools offer control and flexibility, graphical update managers simplify the process:
– Ubuntu Software Updater: Launch from the application menu to check for updates automatically and install them easily.
– Fedora PackageKit: Provides a visual interface for handling updates and dependencies, reducing the need for command-line input.
– Arch Linux Pamac: Offers a GUI for managing updates and packages, making it user-friendly for those preferring a graphical approach.
These tools are ideal for users who prefer a GUI experience.
Reviewing Linux Update Logs
Monitoring update logs helps track changes and diagnose issues after updates:
– Debian/Ubuntu:
less /var/log/apt/history.log
– Red Hat/Fedora:
less /var/log/dnf.rpm.log
– Arch Linux:
less /var/log/pacman.log
Regularly reviewing these logs ensures you stay informed about system changes and helps troubleshoot problems effectively.
Backup Before Major Linux Updates
Creating backups before major updates is essential to protect your data. Focus on backing up important directories like /home
and /etc
:
Backing up your system before updates is a smart precaution that can save time and prevent data loss.
Conclusion
With the aforementioned in mind, here’s how I keep my Debian system updated manually, as it’s a rolling release. Using upd
bash file containing this: (you can also just set up as an alias)
Linux package updates are the base of a stable, secure, and performant Linux system. By mastering command-line tools, automating updates and knowing how to troubleshoot common issues, you can minimize downtime and have your system running well.
Kernel updates and proper backup strategies add to stability and give you a safety net against problems. Whether you do manual updates, automation or use graphical tools, the key is consistency. Make updating part of your regular maintenance, and you’ll have a resilient and up-to-date Linux system!
I notice that the manual for
apt
saysfull-upgrade
will uninstall packages if necessary to upgrade the system as a whole, but is it necessary to doupgrade
beforefull-upgrade
in your routine?Good question! No, it’s not necessary to run
apt upgrade
beforeapt full-upgrade
. full-upgrade already handles all updates, including resolving dependencies that might require package removals. However, some prefer to run upgrade first to see a preview of what will be updated without package removals.