Update: per sparks' comment, I should note that 'aptitude' can be used in place of 'apt-get' in my answer below, with one exception: 'apt-get upgrade' would be replaced by 'aptitude safe-upgrade'. The aptitude front-end to APT has some nice features compared to apt-get, as outlined in this blog post. However, if you've already got a system that you've been managing with apt-get, you can certainly continue using apt-get, and probably should. We don't do a lot of software installation / uninstallation on a server, so I don't find the use of aptitude to be of critical importance, but if I was to fire up a brand new server today I would probably use it.
The latest Ubuntu Server documentation still details using apt-get, and only discusses aptitude as a graphical front end to APT. While this is certainly an oversight, it certainly does imply that there's nothing wrong with using apt-get.
I use Ubuntu's unattended-upgrades package to automatically apply security updates. Here are my notes on setting it up (on an Ubuntu 8.04 LTS server):
$apt-get install unattended-upgrades update-notifier-common
Edit /etc/apt/apt.conf/50unattended-upgrades. Select only security upgrades, and set mail address
Unattended-Upgrade::Allowed-Origins {
"Ubuntu hardy-security";
// "Ubuntu hardy-updates";
};
Unattended-Upgrade::Mail "youremail@yourdomain.com";
Install mailx (required for unattended-upgrades mail to work)
$apt-get install mailx
Edit /etc/apt/apt.conf.d/10periodic :
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::Unattended-Upgrade "1";
Using this configuration, security updates will be automatically applied, and the list of updates will be emailed to you. While it may be considered dangerous to automatically apply any update, I believe that keeping up with security updates is a task worthy of the risk... and franky, "keeping up" requires automation.
As far as keeping packages up to date, I asked a question to clarify the meaning of dist-upgrade that you might find applicable. Basically, when you do an apt-get upgrade, installed packages will be upgraded only if the upgrade doesn't require new packages or the removal of a package (e.g. the dependencies don't change). If an upgraded package has new dependencies, then you need to use apt-get dist-upgrade instead. Since apt-get dist-upgrade also does everything that apt-get upgrade does, I typically use it by default. It's important to keep an eye on which packages are going to be modified and take any precautions you may find necessary.
In short:
apt-get update
apt-get dist-upgrade
If I'm nervous about what dist-upgrade wants to do, I'll do:
apt-get update
apt-get upgrade
To at least upgrade packages that don't have new dependencies until I do a little research. There's always a chance that something will break no matter what you do, however, so you just gotta have some faith :)
As a final note, as long as you're applying security updates, and you trust that Canonical is doing a good job keeping things patched, you may find it's not terribly necessary to keep packages up to date. If the server is working without fault, well... it's working.
Yeah, it messed up my server last night. I am running Debian Lenny though.
I had to add debian-volatile repository to be able to upgrade to 0.95.3.
You need to add deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu hardy main to your /etc/apt/sources.list and run apt-get update After that apt-get upgrade clamav
If apt-get upgrade does not work, do
apt-get install clamav clamav-base clamav-daemon clamav-freshclam
Best Answer
Technically, you could compile your own kernel and slip it in. As long as you keep the old one installed and listed in Grub, you could boot back to the working 8.04 kernel if it fails.
Another option is to download the kernel and modules packages and install them next to your existing kernel, not an upgrade.
What has changed between Ubuntu 8.04 and 10.04 is Grub. It went from V1 to V2 and V2 is quite a bit different, so you may have boot loader issues to straighten out.
The best way to figure this out is to test. You can do this quick and easy under VMWare or VirtualBox.
Even if this does work, it's a hack at best and may break the dependency chain and make it a pain in the rear to install updates from then on. I would really only do this as a short term fix. Your best bet is to upgrade to 10.04.