Linux Updates: Command Line Guide

sudo apt update && sudo apt upgrade && sudo apt-get dist-upgrade && sudo apt autoremove && sudo apt clean all

Updating your Linux system is one of the most important things you can do to keep it secure, stable and running well. With updates, you can patch vulnerabilities, fix bugs and access new features.

This article covers updating via the command line, automating updates for different distros, troubleshooting common issues and kernel updates to keep your system secure and stable.

TL;DR

– Updates are essential for security and performance of your Linux system.

– Common commands are apt update, apt upgrade, dnf update, pacman -Syu depending on your distro.

– Automating with unattended-upgrades and scheduling with Cron jobs minimizes manual intervention.

What does the Linux update command do?

When you run the update command, it synchronizes the package index files from the sources defined in /etc/apt/sources.list or /etc/apt/sources.list.d/ for Debian/Ubuntu, /etc/yum.repos.d/ for Red Hat/Fedora, and /etc/pacman.conf for Arch Linux.

This ensures your system has the most recent information about available packages and their versions.

In Arch Linux, use sudo pacman -Syy to force a full database sync, which can be necessary if there are discrepancies.

In Red Hat/Fedora, the equivalent command is sudo dnf makecache, which updates the metadata cache from enabled repositories. However, the dnf package manager automatically refreshes the metadata when you run commands like sudo dnf update or sudo dnf upgrade. So there’s usually no need to run dnf makecache manually unless you want to pre-download the metadata for offline or faster subsequent operations. By default, DNF also checks for updated metadata every 90 minutes. This interval is configured in /etc/dnf/dnf.conf with the metadata_timer_sync option.

Note that these commands (sudo apt update, sudo dnf makecache, and sudo pacman -Syy) do not install or upgrade any packages.

For Debian, Ubuntu, Arch Linux, and their derivatives, this is important to do before any upgrades, as it ensures you are working with the latest package information, even if you’re dealing with the so-called “black sheep” of Linux distributions, Arch Linux. Ha!

What does the Linux upgrade command do?

The upgrade command installs newer versions of the packages currently installed on your system based on the updated package index.

On Debian/Ubuntu, running sudo apt upgrade fetches the latest package versions without removing any existing packages.

For Red Hat/Fedora, the equivalent is sudo dnf upgrade, which updates all installed packages to the latest versions available from enabled repositories.

In Arch Linux, sudo pacman -Syu performs a full system upgrade, synchronizing the package databases and updating all installed packages.

Why Installing Linux Updates is important?

Keeping software up to date is crucial for any Linux system. Updates patch vulnerabilities, fix bugs and improve system performance.

Not updating your system leaves it open to security risks, compatibility issues and system instability. By including update checks in your routine, you’ll protect your system and keep it running at its best.

Guide to Linux Command Line Updates

The command line is the most precise and efficient way to manage updates. Here are the common commands for different Linux distributions:

Debian/Ubuntu:

sudo apt update && sudo apt upgrade

This will update the package list and apply any available upgrades. The sudo apt full-upgrade command on Debian-based systems can handle complex dependencies during upgrades, it’s a powerful tool for full upgrades.

Note: apt is a new command introduced in Ubuntu 16.04, it’s more user-friendly than apt-get.

Red Hat/Fedora:

sudo dnf update

This will update the package list and install the latest versions of installed packages.

Arch Linux:

sudo pacman -Syu

This will synchronize the package databases and upgrade the system.

Automating Linux Updates

Automation is a great way to go to keep your Linux systems up to date without manual intervention.

Using unattended-upgrades for Automatic Updates on Debian/Ubuntu

The unattended-upgrades package will automatically install critical updates:

sudo apt install unattended-upgrades

You can configure it by editing the /etc/apt/apt.conf.d/50unattended-upgrades file to specify what updates should be installed automatically. This is very useful for servers that need to be up 24/7 as it minimizes the chance of missing security patches.

Also read: How to Enable Unattended Upgrades on Ubuntu/Debian

Automating Updates on Fedora and Arch Linux

For Fedora and Arch Linux users, there are equivalent tools and methods to achieve automatic updates, similar to unattended-upgrades on Debian-based systems.

Red Hat/Fedora: Using DNF Automatic

Fedora uses dnf as its package manager, and DNF Automatic handles unattended updates.

  1. Install DNF Automatic:
    sudo dnf install dnf-automatic
    
  2. Configure DNF Automatic:
    Edit the configuration file at /etc/dnf/automatic.conf:
    – Enable automatic updates by setting:

    [commands]
    upgrade_type = default
    apply_updates = yes
    

    – Optionally, configure email notifications in the [emitters] section.

  3. Enable the Service:
    Start the systemd service to schedule updates automatically:

    sudo systemctl enable --now dnf-automatic.timer
    

This setup ensures that your Fedora system checks for updates and applies them regularly.

Arch Linux: Using Pacman with a Systemd Timer

Arch Linux does not have a direct equivalent like unattended-upgrades, but you can automate updates with a custom systemd service and timer.

  1. Create an Update Script:
    sudo nano /usr/local/bin/auto-pacman-update.sh
    

    Add the following lines:

    #!/bin/bash
    sudo pacman -Syu --noconfirm
    

    Make the script executable:

    sudo chmod +x /usr/local/bin/auto-pacman-update.sh
    
  2. Create a Systemd Service:
    sudo nano /etc/systemd/system/auto-pacman-update.service
    

    Configure the service:

    [Unit]
    Description=Automatic Pacman Updates
    
    [Service]
    Type=oneshot
    ExecStart=/usr/local/bin/auto-pacman-update.sh
    
  3. Create a Systemd Timer:
    sudo nano /etc/systemd/system/auto-pacman-update.timer
    

    Set it to run daily:

    [Unit]
    Description=Run automatic Pacman updates daily
    
    [Timer]
    OnCalendar=daily
    Persistent=true
    
    [Install]
    WantedBy=timers.target
    
  4. Enable the Timer:
    sudo systemctl enable --now auto-pacman-update.timer
    

This setup will keep your Arch Linux system updated daily without manual input.

Scheduling Linux Updates with Cron jobs

Cron jobs allow you to automate updates by setting a specific time for them to run. Here’s how:

  1. Create a script for updates:
#!/bin/bash

sudo apt update && sudo apt upgrade -y
  1. Arch Linux: Using Pacman with a Systemd Timer
0 2  * /path/to/update-script.sh

This will run the update script daily at 2 AM, so you won’t have to check manually.

Troubleshooting Common Linux Update Issues

Even with regular updates, problems can occur. Here are solutions to common issues across Debian/Ubuntu, Red Hat/Fedora, and Arch Linux systems:

1. Broken Package Error

– Debian/Ubuntu:

sudo apt --fix-broken install

Or:

sudo dpkg --configure -a

– Red Hat/Fedora:

sudo dnf check
sudo dnf clean all
sudo dnf upgrade --refresh

These commands will check for broken packages, clean the cache, and attempt to fix any issues during the upgrade.

– Arch Linux:

sudo pacman -Syu --overwrite '*'

If the error persists, use:

sudo pacman -Syyu

This forces a database refresh and attempts to resolve any broken packages.

2. GPG Key Error

When encountering GPG key errors:

– Ubuntu:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEYID>

– Debian:

sudo apt-key adv --keyserver keyring.debian.org --recv-keys <KEYID>

These commands retrieve the missing GPG key needed for package authentication using the correct keyserver for each distribution.

– Red Hat/Fedora:

sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-<version>

Or manually add the key from the package source:

sudo dnf install fedora-gpg-keys

– Arch Linux:

sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman -Syu

This reinitializes and populates the keyring, then updates the system.

3. Update Process Hangs or Fails

– Debian/Ubuntu:

sudo killall apt-get
sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lock
sudo apt update

– Red Hat/Fedora:

sudo rm -f /var/run/dnf.lock
sudo dnf clean all
sudo dnf makecache

– Arch Linux:

sudo rm -f /var/lib/pacman/db.lck
sudo pacman -Syu

This removes the lock file and allows you to retry the update process.

Linux Kernel Updates

Keeping your Linux kernel updated is vital for system security and performance across all distributions.

Checking the Current Kernel Version

Use the following command on any Linux distribution to check your current kernel version:

uname -r

Installing New Kernel Versions

Updating the kernel manually is straightforward and varies slightly by distribution:

– Debian/Ubuntu:

sudo apt install linux-generic

This installs the latest generic kernel available in the repository.

– Red Hat/Fedora:

sudo dnf upgrade kernel

For Fedora, this updates the kernel to the latest version in the system’s repository.

– Arch Linux:

sudo pacman -S linux

This command installs the latest stable kernel available in the Arch repository.

Advanced Kernel Management

For Ubuntu users, advanced kernel management can be done using tools like Mainline, which allows selecting specific kernels beyond what’s available in the default repository:

sudo add-apt-repository ppa:cappelikan/ppa
sudo apt update
sudo apt install mainline

For Debian, it’s recommended to avoid using PPAs, as they can introduce instability. Instead, use the default repositories and the linux-image-amd64 metapackage for kernel updates:

sudo apt install linux-image-amd64

This approach provides a stable way to update the kernel without relying on external sources.

– Red Hat/Fedora:
Use the ELRepo repository for custom kernels:

sudo dnf install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
sudo dnf --enablerepo=elrepo-kernel install kernel-ml

This installs the latest mainline kernel from the ELRepo repository.

– Arch Linux:
Install a specific kernel using the AUR or a custom package:

sudo pacman -S linux-lts

This installs the Long-Term Support (LTS) kernel, providing a stable alternative.

Also read: Quick Tips for a more stable Arch Linux experience

Tip: Always test new kernel versions in a staging environment before deploying them to production systems to avoid potential issues.

Downgrading to a Previous Kernel

If a new kernel causes stability problems, you can revert to an older kernel:

  • Debian/Ubuntu:
    Reboot and hold the Shift key during startup to access the GRUB menu, then select a previous kernel version.
  • Red Hat/Fedora:
    Reboot and press Esc during startup to enter the GRUB menu, then choose an older kernel version from the list.
  • Arch Linux:
    Reboot and press Esc or Shift to access the GRUB menu, allowing you to select a different kernel.

This method lets you resolve stability issues without performing a full rollback of your system.

Graphical Tools for Managing Linux Updates

While command-line tools offer control and flexibility, graphical update managers simplify the process:

– Ubuntu Software Updater: Launch from the application menu to check for updates automatically and install them easily.

– Fedora PackageKit: Provides a visual interface for handling updates and dependencies, reducing the need for command-line input.

– Arch Linux Pamac: Offers a GUI for managing updates and packages, making it user-friendly for those preferring a graphical approach.

These tools are ideal for users who prefer a GUI experience.

Reviewing Linux Update Logs

Monitoring update logs helps track changes and diagnose issues after updates:

– Debian/Ubuntu:

less /var/log/apt/history.log

– Red Hat/Fedora:

less /var/log/dnf.rpm.log

– Arch Linux:

less /var/log/pacman.log

Regularly reviewing these logs ensures you stay informed about system changes and helps troubleshoot problems effectively.

Backup Before Major Linux Updates

Creating backups before major updates is essential to protect your data. Focus on backing up important directories like /home and /etc:

  1. Use rsync for efficient backups:
    rsync -av --progress /home /backup/location/
    
  2. Store backups in a separate, secure location to simplify recovery if needed. I use Rclone to sync to Google Drive on Kali + i3 on my laptop (free) and OverGrive on my Kali + Gnome desktop (paid).

Backing up your system before updates is a smart precaution that can save time and prevent data loss.

Conclusion

With the aforementioned in mind, here’s how I keep my Debian system updated manually, as it’s a rolling release. Using updbash file containing this: (you can also just set up as an alias)

sudo apt update && sudo apt upgrade && sudo apt full-upgrade && sudo apt autoremove && sudo apt clean all

Linux package updates are the base of a stable, secure, and performant Linux system. By mastering command-line tools, automating updates and knowing how to troubleshoot common issues, you can minimize downtime and have your system running well.

Kernel updates and proper backup strategies add to stability and give you a safety net against problems. Whether you do manual updates, automation or use graphical tools, the key is consistency. Make updating part of your regular maintenance, and you’ll have a resilient and up-to-date Linux system!

Tags: , , , , , , , , , ,

Discussion

  1. I notice that the manual for apt says full-upgrade will uninstall packages if necessary to upgrade the system as a whole, but is it necessary to do upgrade before full-upgrade in your routine?

  2. Good question! No, it’s not necessary to run apt upgrade before apt full-upgrade. full-upgrade already handles all updates, including resolving dependencies that might require package removals. However, some prefer to run upgrade first to see a preview of what will be updated without package removals.



Top ↑