Which Cron Script Line Is Best To Use?

Which line below is best to use in a script to be ran using cron?

sudo /usr/bin/apt-get update && sudo /usr/bin/apt-get upgrade
sudo /usr/bin/apt-get update && sudo /usr/bin/apt-get dist-upgrade

Or can it be ran like this…

sudo /usr/bin/apt-get update && sudo /usr/bin/apt-get upgrade && sudo /usr/bin/apt-get dist-upgrade

First, I should mention something, just so it’s super clear: && in this context more or less means “do the following if and only if the previous command completes successfully.” In other words, you can’t guarantee what follows will run. You may want to use ;.

Secondly, man apt-get can help you understand the difference between the two upgrades:

    upgrade
       upgrade is used to install the newest versions of all packages currently
       installed on the system from the sources enumerated in
       /etc/apt/sources.list. Packages currently installed with new versions
       available are retrieved and upgraded; under no circumstances are currently
       installed packages removed, or packages not already installed retrieved and
       installed. New versions of currently installed packages that cannot be
       upgraded without changing the install status of another package will be
       left at their current version. An update must be performed first so that
       apt-get knows that new versions of packages are available.

       When a package is supplied as an argument, the package will be installed
       prior to the upgrade action.

   dist-upgrade
       dist-upgrade in addition to performing the function of upgrade, also
       intelligently handles changing dependencies with new versions of packages;
       apt-get has a "smart" conflict resolution system, and it will attempt to
       upgrade the most important packages at the expense of less important ones
       if necessary. The dist-upgrade command may therefore remove some packages.
       The /etc/apt/sources.list file contains a list of locations from which to
       retrieve desired package files. See also apt_preferences(5) for a mechanism
       for overriding the general settings for individual packages.

       When a package is supplied as an argument, the package will be installed
       prior to the upgrade action.

tl;dr you might get some package removal with dist-upgrade that you don’t with upgrade.

Finally, since you seem to want to be automating your upgrades, why not just use unattended-upgrades and/or the mechanism in Software Sources? See more here:

https://askubuntu.com/questions/9/how-do-i-enable-automatic-updates

Oh, you must mean something like this…

    sudo /usr/bin/apt-get update ; sudo /usr/bin/apt-get dist-upgrade

No, not ‘too long;didn’t read’.
The manpages sometimes confuse me even more.
So the below is the better option.
Thanks for clearing that confusion away for me.

    sudo /usr/bin/apt-get update ; sudo /usr/bin/apt-get dist-upgrade

Uh oh, confused again…
Doesn’t the system automatically default to using unattended-upgrades?

Yes, that will guarantee that no matter what happens with update, dist-upgrade will run. That might not be what you want, but it’s important to know the difference.

Also: there’s probably no user on the system— root included— that doesn’t have /usr/bin in their path so the full pathname is probably redundant.

Security updates, yes. But not all updates. See the man unattended-upgrades as well as looking at the actual configuration file (/etc/apt/apt.conf.d/50unattended-upgrades).

Thank you, sir

This is most likely going into a script just as you noticed.
I’ve seen many people who have 20+ years experience with Linux say…
“Never allow the system to assume which program you mean, very rare but sometimes there are programs with the same name elsewhere in the system. It’s best to specify the /full/path/to/programs when used in scripts.”
So, redundant or not, I’m following the wisdom.

Seems reasonable. There certainly are cases where environments aren’t preserved.

In any case, since it looks your question is answered, I’m going to close this up.

how do i set it to solved…never done that here before

Click the little checkbox as shown on the left here:
image
That section is found at the bottom right of every post.

I already did this. I’m not sure why it didn’t close the thread. The system may do that on a schedule. I’ll close it myself if that doesn’t happen.

Thanks. Not to be a total pain, but you should probably pick the one thread that actually includes the solution. It will make it easier for the next person.

1 Like

You don’t need sudo in root’s crontab. Root has full access

I’d also use:

/usr/bin/apt-get -y dist-upgrade

To make this smoother. This whole idea has risks but if you arecomfortable with this then awesome :slight_smile:

1 Like

Many people don’t like using the “-y” factor, but for me it’s almost a must to use it.
Using it with cron or anacron seems to be mandatory.
Maybe they know more than I do about the risks.
Those risks are things I’m gonna need to deal with as they come up.

The risk is relative to this machines purpose. On your home desktop that one just messes around with, maybe gaming and such it’s fairly low risk. Downtime doesn’t destroy things other than irritation. However running this on a server that people rely on is asking for trouble. That isn’t an acceptable risk for me personally.

Just depends on the use case and how many people routinely rely on it. How much it affects ones bottom line in the event of an outage due to a bad update + the time to fix it is what one needs to figure for.

Mine is a home desktop for minor gaming and paying expenses, etc