Eduardo G's picture

I want to ask if its recommended to update/upgrade a Tunkey virtual machine ( Wordpress). Or should i avoid these upgrades and in Advanced Menu go to Security Updates, and then only update/upgrade security packagees and be more stable.

Im afraid if i upgrade i can upgrade some root packages like mysql, php or so on...
The main reason to make security updates, is stability and not upgrading new versions of software.


Jeremy Davis's picture

So as TurnKey Linux is based on Debian (v16.x is based on Debian 10/Buster) in a perfect world you should be able to safely install all upgrades (i.e. run 'apt upgrade'). And as a general rule, doing that will be fine and everything will continue to work as it was.

When you do that, you will upgrade to the latest release of the relevant Debian packages. Note that for most Debian packages (with a few exceptions - which you are unlikely to hit on a server). So generally that will NOT update the versions of MySQL or PHP, etc. It will simply install a tweaked copy of the same version. Both security updates and bugfix releases are generally backported to the same version. So updating to a non-security release of a package may well resolve some edge case bugs (which you may or may not have hit). Having said that, updated packages always have a risk of unintended regressions. This applies to security updates too, but generally they have to undergo a more intensive testing regime before they are released.

So in summary, the choice is yours. If everything is working as it should be, then just installing security updates should be enough and there is no need to install all updates. Alternatively, if you hit an issue with something, there is a chance, that it has been fixed in an (non-security) update. Generally running all updates should be fine, but in a production environment, I would recommend always ensuring that you have a full "snapshot" prior, just in case you need to roll back.

Also, in case you weren't aware, security updates should auto install nightly regardless.

As a final note, it's also important to realise that some appliances use third party apt repositories to install software. E.g. Jenkins in our Jenkins appliance, GitLab in our GitLab appliance and Yarn in any of the appliances that include it (e.g. Canvas and most NodeJS based apps). As they don't differentiate between security updates and other updates, software from these repos will never be auto installed. Running a system upgrade (e.g. 'apt upgrade') will update software from these third party repositories which may or may not be what you want!

Eduardo G's picture

Thanks for your help.

In class we have problems upgrading with latest Turnkey Wordpress VM, as we got stuck on MariaDb stopped upgrading at half of the process. Luckily we could restart the VM, and apt update and upgrade after some tweks ) dpkg --configure -a, apt autoclean.

So would be nice to add in terminal also something like update-securtiy, a script that would only update security packages as in confconsole.Thanks again for your help

Add new comment