I want to have automatic upgrades enabled, but not have my machines automatically reboot. I'd rather install those packages as part of a maintenance regiment that would also reboot the machines.
Right now we run automatic upgrades, but the machines keep reporting a need to be rebooted.
Any guide would be appreciated.
The problem with pinning packages to prevent them from upgrading is that to upgrade them you need to unpin them again.
The file /var/run/reboot-required.pkgs contains a list of packages that trigger the request for a reboot after unattended-upgrade has run.
Inside the configuration file for unattended-upgrades in /etc/apt/apt.conf.d/50unattended-upgrades there is a section dedicated to preventing some packages from being upgraded automatically that looks like this
Unattended-Upgrade::Package-Blacklist{
foo_package1;
foo_package2;
foo_package3;
}
Edit the list to prevent those packages from being upgraded automatically.
I would start by blacklisting the usual suspects: kernel, libc, gcc, etc and every time you see the computer is asking for a reboot check /var/run/reboot-required.pkgs and add those packages to the unattended upgrades blacklist.
I've only seen this happen when I update the kernel. If you can identify which packages cause a need to reboot, you can put these packages on hold. This will prevent them from being updated automatically or by a regular update command.
There is information about holding packages in the Ubuntu Documentation. Look at this page: https://help.ubuntu.com/community/PinningHowto#Introduction_to_Holding_Packages
