upgrade-all-packages

Ensures that the package manager data is updated and all upgradeable packages are upgraded.

Maintainer

Craig Comstock

Module stats

Total Downloads: 328
Updated: Dec 29, 2022

Installation version

Version
Released on Dec 29, 2022

Tags

Installation

                    
cfbs add upgrade-all-packages
Description
Dependencies
Comments

Linux distributions have package management systems which provide software updates. Often these updates are important security patches which mitigate exploitation of known vulnerabilities. Upgrading all packages on a regular basis is an excellent way to keep your systems safe and secure.

This module makes sure that all software from the default repository is updated on a daily basis.

The module also handles removing CFEngine cached data about installed packages and updateable packages as this is only refreshed once a day by default.

Example

# cf-agent -KI
info: Executing 'no timeout' ... 'apt upgrade --yes && apt autoremove --yes'
notice: Q: "...apt upgrade --y": WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Q: "...apt upgrade --y": Reading package lists...
Q: "...apt upgrade --y": Building dependency tree...
Q: "...apt upgrade --y": Reading state information...
Q: "...apt upgrade --y": Calculating upgrade...
Q: "...apt upgrade --y": The following packages will be upgraded:
Q: "...apt upgrade --y":   tzdata
Q: "...apt upgrade --y": 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Q: "...apt upgrade --y": Need to get 284 kB of archives.
Q: "...apt upgrade --y": After this operation, 0 B of additional disk space will be used.
Q: "...apt upgrade --y": Get:1 http://deb.debian.org/debian bullseye-updates/main amd64 tzdata all 2021a-1+deb11u2 [284 kB]
Q: "...apt upgrade --y": apt-listchanges: Reading changelogs...
Q: "...apt upgrade --y": Preconfiguring packages ...
Q: "...apt upgrade --y": Fetched 284 kB in 0s (1378 kB/s)
(Reading database ... 25621 files and directories currently installed.)
Q: "...apt upgrade --y": Preparing to unpack .../tzdata_2021a-1+deb11u2_all.deb ...
Q: "...apt upgrade --y": Unpacking tzdata (2021a-1+deb11u2) over (2021a-1+deb11u1) ...
Q: "...apt upgrade --y": Setting up tzdata (2021a-1+deb11u2) ...
Q: "...apt upgrade --y": Current default time zone: 'Etc/UTC'
Q: "...apt upgrade --y": Local time is now:      Wed Dec 15 19:46:01 UTC 2021.
Q: "...apt upgrade --y": Universal Time is now:  Wed Dec 15 19:46:01 UTC 2021.
Q: "...apt upgrade --y": Run 'dpkg-reconfigure tzdata' if you wish to change it.
Q: "...apt upgrade --y": WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Q: "...apt upgrade --y": Reading package lists...
Q: "...apt upgrade --y": Building dependency tree...
Q: "...apt upgrade --y": Reading state information...
Q: "...apt upgrade --y": 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
info: Last 27 quoted lines were generated by promiser 'apt upgrade --yes && apt autoremove --yes'
info: Completed execution of 'apt upgrade --yes && apt autoremove --yes'
info: Deleted file '/var/cfengine/state/packages_updates_apt_get.lmdb'
info: Deleted file '/var/cfengine/state/packages_installed_apt_get.lmdb'

Adding exceptions

If a server must not receive updates, they can be marked as such by defining the hardening_packages_upgrade_skip class in either augments or CMDB.

Dependencies

comments powered by Disqus