Product SiteDocumentation Site

6.7. 保持系统在最新状态

Debian 发行版永远处于动态、持续变化中。大部分的变化在 测试版不稳定版 中,即使是 稳定版 也随时在更新中,主要是安全相关的修订。不论运行那个版本,都需保持在最新的版本,才能用到最新的状态及修订错误。
第一个工具是 apticron,位于同名软件包中。主要作用是每日运行一个脚本 (经由 cron)。这个脚本更新可用软件包清单,若已安装的软件包不在此清单内,则发送电子邮件列出该等软件包清单,并指出在新版中可用的软件包。明显地,此软件包的对象是 Debian 稳定版 的用户,对其他版本的用户而言,此清单太长了。取得可更新清单后,apticron 自动下载它们。不会安装它们 — 那是管理者的权限与工作 — 但已下载的软件包可以本地 (于 APT 缓存内) 安装,速度快多了。
Administrators in charge of several computers will no doubt appreciate being informed of pending upgrades, but the upgrades themselves are still as tedious as they used to be. Periodic upgrades can be enabled: it uses a systemd timer unit or cron. If systemd is not installed the /etc/cron.daily/apt-compat script (in the apt package) comes in handy. This script is run daily (and non-interactively) by cron. To control the behavior, use APT configuration variables (which are therefore stored in a file /etc/apt/apt.conf.d/10periodic). The main variables are:
此选项允许您指定重新加载的频率。apticron 也可以在无变量的前提下运行,因为 apticron 本来就已在运行中。
再次地,此选项指定频率 (以日计),此时实际地下载软件包。同样地,用户不需指定运行 apticron
此选项包括 apticron 没有的功能。指定过时软件包 (未被任何发行版参照) 移出 APT 缓存的时机。如此一来,APT 缓存的容量就保持在合理的范围,不必再担心其工作负担。
启用此选项后,逐日启用的脚本将运行 unattended-upgrade (从 unattended-upgrades 软件包中取用) — 如其名称所示 — 可自动化升级同软件包 (缺省只运行安全性升级,但可在 /etc/apt/apt.conf.d/50unattended-upgrades 内客制化它)。运行 dpkg-reconfigure -plow unattended-upgrades 时可以设置此选项。
Other options can allow you to control the cache cleaning behavior with more precision. They are not listed here, but they are described in the /usr/lib/apt/apt.systemd.daily script.
These tools work very well for servers, but desktop users generally prefer a more interactive system. The package gnome-packagekit provides an icon in the notification area of desktop environments when updates are available; clicking on this icon then runs gpk-update-viewer, a simplified interface to perform updates. You can browse through available updates, read the short description of the relevant packages and the corresponding changelog entries, and select whether to apply the update or not on a case-by-case basis.
使用 gpk-update-viewer 升级

图 6.3. 使用 gpk-update-viewer 升级

This tool is no longer installed in the default GNOME desktop. The new philosophy is that security updates should be automatically installed, either in the background or, preferably, when you shutdown your computer so as to not confuse any running application.