Articles‎ > ‎

Automating Updates For Bash On Ubuntu On Windows 10

posted Aug 14, 2016, 2:45 PM by Christopher Byrd
I have been using the "Bash on Ubuntu on Windows 10" feature since it was released with the Windows 10 Anniversary Update. This is a fantastic addition that allows the user to run Linux programs natively in Windows, using the "Windows Subsystem For Linux" aka WSL. Beyond just enabling Linux binaries to run, Microsoft partnered with Ubuntu to bring the full package ecosystem of Ubuntu, meaning new Linux programs can be installed by using Ubuntu apt-get package manager. However it appears that unlike the rest of Windows it is not currently automatically keeping these packages up to date by default with security patches.

I'm using some customizations and an alternative shell (more on that in a future post), and today when I logged in I noticed that there were a number of new security updates available. While Ubuntu has an included unattended-upgrades package that is installed on WSL, it does not automatically run. This post documents one method for installing these updates: by creating a Windows scheduled task.

First I updated the sudoers configuration to allow apt-get to run as root without prompting for a manually entered password.

From bash:

sudo visudo

Add the following lines:

# Allow members of the group sudo to execute apt-get without a password
%sudo ALL=NOPASSWD:/usr/bin/apt-get

Next, I tested this by running the following command from the Windows Run box (Windows+R):

%windir%\system32\bash.exe -c "sudo apt-get update && sudo apt-get -y upgrade"

Once that was confirmed to work, I added a scheduled task. You can do this either through the Task Scheduler GUI, or the command line. I used the following command line and XML configuration so that I can reproduce it reliably in the future as needed.

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="">
   <Description>Automatically update Linux subsystem</Description>
          <Tuesday />
  <Actions Context="Author">
      <Arguments>-c "sudo apt-get update &amp;&amp; sudo apt-get -y upgrade"</Arguments>

From a Windows command shell:
schtasks /create /xml Task-LinuxUpgrade.xml /tn UpdateLinux

Finally, I tested this scheduled task by running it manually: 

schtasks /run /i /tn "UpdateLinux"

Bash on Ubuntu on Windows is an excellent new feature of Windows 10, and hopefully this will help others who want to keep it up to date with security patches.