Make sure you have the package unattended-upgrades
installed, then configure the following options in /etc/apt/apt.conf.d/50unattended-upgrades
:
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
"${distro_id}:${distro_codename}-backports";
"Canonical:${distro_codename}";
};
// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
// dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
Unattended-Upgrade::MinimalSteps "true";
// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
Unattended-Upgrade::InstallOnShutdown "true";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";
According to the docs it says to update the settings in /etc/apt/apt.conf.d/20auto-upgrades
. So I would update these settings to "0"
as well:
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";
But to be super sure you could still edit /etc/apt/apt.conf.d/10periodic
and update the following settings to "0"
:
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
Once you have made the updates above none of the packages managed by APT will be automatically updated including MySQL, Apache and PHP.
It's fine to also set APT::Periodic::Update-Package-Lists
to "0"
as you can still manually update the package lists when you like with sudo apt update
and manually update your packages with sudo apt upgrade
.
You shouldn't need to make any updates to /etc/apt/apt.conf.d/50unattended-upgrades
.
You may also want to disable snap packages from auto-updating however MySQL, Apache and PHP are usually managed by APT so this shouldn't be necessary if you are only really concerned with those packages not being automatically updated.
Important: Disabling automatic updates also means you won't be receiving important security updates for your system so unless you are in the habit of regularly updating your software packages it's probably best to leave automatic updates enabled.
Best Answer
You can do this easily for security updates.
From System Settings open Update Manager. Click the 'Settings...' button, then on the 'Updates' tab, select the radio button 'Install security updates without confirmation.'
To automatically install all updates, see the answer below.