Articles‎ > ‎

Automating Windows Subsystem for Linux Updates

posted Dec 30, 2020, 12:43 PM by Christopher Byrd
This article is an update for "Automating Updates For Bash On Ubuntu On Windows 10," which I wrote over four years ago. I still cannot find any "official" way to keep WSL distributions upgraded with the latest security patches. Recently a visitor reached out to ask about the article, and this is a good opportunity to update it. Also, these steps and XML file are available on GitHub.

Since I wrote the original article, the awkwardly named "Bash On Ubuntu On Windows 10" has been (wisely) renamed as "Windows Subsystem for Linux" (WSL) and WSL version 2 (WSL2) has been released. This brings a few changes:
  • You can now have multiple Linux distributions on the same system
  • A new "wsl.exe" command line tool is the preferred way to interact
Background daemons on Linux are still not well supported, as this (and GUI apps) are not what WSL is designed for. So we'll still use Windows native Task Scheduler.

Each Linux distribution will have their own method for updating; refer to your distribution's documentation. This article will use the Apt system which works with Ubuntu, Debian, and Pengwin, among others.

Below are the updated steps. Note that these should work from both PowerShell or command prompt.

First, list the available Linux distributions on your computer:
PS > wsl --list
Windows Subsystem for Linux Distributions:
docker-desktop-data (Default)
Ubuntu
docker-desktop
WLinux

For the following steps I will be specifying the distribution Ubuntu. These commands work as well for WLinux (Pengwin) just by changing the name. Other distributions may need the commands modified.

To start, enable the default user to run commands as root without entering a password.
PS > wsl -d Ubuntu /bin/sh -c "echo '%sudo ALL=NOPASSWD:/usr/bin/apt-get' | sudo EDITOR='tee -a' visudo"

Following that, I will run an update manually to make sure it is working:
PS > wsl -d Ubuntu /bin/sh -c "sudo apt-get update && sudo apt-get dist-upgrade -y"

Once that was confirmed to work, I added a scheduled task. You can do this either through the Task Scheduler GUI, or the command line. I used the following command line and XML configuration so that I can reproduce it reliably in the future as needed.

Task-LinuxUpgrade.xml:
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
   <Description>Automatically update Linux subsystem</Description>
    <URI>\UpdateLinux</URI>
  </RegistrationInfo>
 <Settings>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <ExecutionTimeLimit>PT4H</ExecutionTimeLimit>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
  </Settings>
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>2016-08-14T19:00:00</StartBoundary>
      <ExecutionTimeLimit>PT4H</ExecutionTimeLimit>
      <ScheduleByWeek>
        <WeeksInterval>1</WeeksInterval>
        <DaysOfWeek>
          <Tuesday />
       </DaysOfWeek>
      </ScheduleByWeek>
    </CalendarTrigger>
  </Triggers>
  <Actions Context="Author">
    <Exec>
      <Command>%windir%\System32\wsl.exe</Command>
      <Arguments>-d Ubuntu sudo apt-get update &amp;&amp; sudo apt-get dist-upgrade -y</Arguments>
    </Exec>
  </Actions>
</Task>

To schedule the task, run the following:
PS > schtasks /create /xml Task-LinuxUpgrade.xml /tn UpdateLinux

Finally, I tested this scheduled task by running it manually:

PS > schtasks /run /i /tn "UpdateLinux"

As I mentioned in the original article, Windows Subsystem for Linux is an excellent feature of Windows 10, and hopefully this will help others who want to keep it up to date with security patches.
Comments