First, I should mention something, just so it’s super clear: && in this context more or less means “do the following if and only if the previous command completes successfully.” In other words, you can’t guarantee what follows will run. You may want to use ;.
Secondly, man apt-get can help you understand the difference between the two upgrades:
upgrade
upgrade is used to install the newest versions of all packages currently
installed on the system from the sources enumerated in
/etc/apt/sources.list. Packages currently installed with new versions
available are retrieved and upgraded; under no circumstances are currently
installed packages removed, or packages not already installed retrieved and
installed. New versions of currently installed packages that cannot be
upgraded without changing the install status of another package will be
left at their current version. An update must be performed first so that
apt-get knows that new versions of packages are available.
When a package is supplied as an argument, the package will be installed
prior to the upgrade action.
dist-upgrade
dist-upgrade in addition to performing the function of upgrade, also
intelligently handles changing dependencies with new versions of packages;
apt-get has a "smart" conflict resolution system, and it will attempt to
upgrade the most important packages at the expense of less important ones
if necessary. The dist-upgrade command may therefore remove some packages.
The /etc/apt/sources.list file contains a list of locations from which to
retrieve desired package files. See also apt_preferences(5) for a mechanism
for overriding the general settings for individual packages.
When a package is supplied as an argument, the package will be installed
prior to the upgrade action.
tl;dr you might get some package removal with dist-upgrade that you don’t with upgrade.
Finally, since you seem to want to be automating your upgrades, why not just use unattended-upgrades and/or the mechanism in Software Sources? See more here:
No, not ‘too long;didn’t read’.
The manpages sometimes confuse me even more.
So the below is the better option.
Thanks for clearing that confusion away for me.
Yes, that will guarantee that no matter what happens with update, dist-upgrade will run. That might not be what you want, but it’s important to know the difference.
Also: there’s probably no user on the system— root included— that doesn’t have /usr/bin in their path so the full pathname is probably redundant.
Security updates, yes. But not all updates. See the man unattended-upgrades as well as looking at the actual configuration file (/etc/apt/apt.conf.d/50unattended-upgrades).
This is most likely going into a script just as you noticed.
I’ve seen many people who have 20+ years experience with Linux say…
“Never allow the system to assume which program you mean, very rare but sometimes there are programs with the same name elsewhere in the system. It’s best to specify the /full/path/to/programs when used in scripts.”
So, redundant or not, I’m following the wisdom.
Thanks. Not to be a total pain, but you should probably pick the one thread that actually includes the solution. It will make it easier for the next person.
Many people don’t like using the “-y” factor, but for me it’s almost a must to use it.
Using it with cron or anacron seems to be mandatory.
Maybe they know more than I do about the risks.
Those risks are things I’m gonna need to deal with as they come up.
The risk is relative to this machines purpose. On your home desktop that one just messes around with, maybe gaming and such it’s fairly low risk. Downtime doesn’t destroy things other than irritation. However running this on a server that people rely on is asking for trouble. That isn’t an acceptable risk for me personally.
Just depends on the use case and how many people routinely rely on it. How much it affects ones bottom line in the event of an outage due to a bad update + the time to fix it is what one needs to figure for.