This is only recommended for development machines. If you are happy to apply security patches from the central repos as they are released.
dnf install -y dnf-automatic
sed -i -e 's/upgrade_type = default/upgrade_type = security/' \
-e 's/^email_to.*/email_to = you@example.com/' \
-e 's/^email_from.*/email_from = me@example.com/' \
-e 's/email_host = localhost/email_host = smtp.example.com/' /etc/dnf/automatic.conf
systemctl enable --now dnf-automatic-install.timer
systemctl list-timers *dnf-*So that magic is from the https://dnf.readthedocs.io/en/latest/automatic.html
So its a systemd timer (think cron job). And using the configuration file /etc/dnf/automatic.conf it will download and install security patches.
apply_updates = yesI think its default to apply_updates but you can just download them.
Now what about a scheduled reboot of the machine – when a restart is required.
0 8 * * * dnf needs-restarting -r >/dev/null || /sbin/shutdown -r now needs-restarting
So you can test it out e.g. “dnf-automatic –installupdates” and you should compare to “dnf –security check-update” as that hasn’t always matched. Actually right now I can see it isn’t matching on Alma.
And to see what it does in the log:
journalctl -u dnf-automatic-install.service You won’t see pre-boot information unless you configure /etc/systemd/journal.conf
Storage=persistent
SystemMaxUse=500MAnd restart the journalling service:
systemctl restart systemd-journald