Automatic updates matter most on Fedora systems that run unattended, sit in a closet, or go days without a login. You can install DNF Automatic on Fedora to let DNF5 check for updates on a systemd timer, then either notify you, download packages for review, or install updates during a maintenance window.
On current Fedora releases, including Fedora 44 and Fedora 43, Fedora already includes DNF itself. The package you add here is the optional DNF5 Automatic plugin that provides the dnf automatic command, the dnf5-automatic.timer unit, and the configuration file used for scheduled update behavior.
Install DNF Automatic on Fedora
Confirm Fedora and DNF5 Before Installing DNF Automatic
Check the release and DNF version first so you know the system is using Fedora’s current DNF5 command set:
cat /etc/fedora-release
dnf --versionRelevant output on a current Fedora system looks similar to this:
Fedora release 44 (Forty Four) dnf5 version 5.4.2.0 dnf5 plugin API version 2.0
If your goal is to install DNF itself on Fedora, the base package manager is already present on normal Fedora installations. DNF Automatic is a plugin for scheduled updates, not a replacement for normal package installs, transaction previews, or the standard DNF5 install workflow on Fedora.
Install the DNF5 Automatic Plugin on Fedora
Check whether the plugin is already installed:
rpm -q dnf5-plugin-automaticIf the package is missing, install it from Fedora’s repositories:
sudo dnf install dnf5-plugin-automaticThe older package-style name dnf-automatic currently resolves to the same plugin package on Fedora, but Fedora’s package metadata lists dnf5-plugin-automatic as the explicit DNF5 package name. The install command intentionally leaves out -y so you can review the transaction before accepting it; -y only auto-confirms one DNF transaction and is not the same thing as scheduled automatic updates.
Verify DNF Automatic on Fedora
Confirm the package and command are available:
rpm -q dnf5-plugin-automatic
dnf automatic --helpRelevant output includes the installed plugin package and the DNF Automatic options:
dnf5-plugin-automatic-5.4.2.0-1.fc44.x86_64 Usage: dnf5 [GLOBAL OPTIONS] automatic [OPTIONS] Options: --timer Apply random delay before execution. --downloadupdates Automatically download updated packages --no-downloadupdates Do not automatically download updated packages --installupdates Automatically install downloaded updates --no-installupdates Do not automatically install downloaded updates
The exact package version can differ by Fedora release and update state. The important checks are that rpm -q finds dnf5-plugin-automatic and that dnf automatic --help shows the Automatic command instead of the generic DNF help screen.
Configure DNF Automatic on Fedora
DNF Automatic loads defaults from /usr/share/dnf5/dnf5-plugins/automatic.conf. Host-specific changes belong in /etc/dnf/automatic.conf, which overrides the packaged defaults without editing package-managed files.
Create the DNF Automatic Configuration File
Copy Fedora’s packaged template to the host override path:
sudo cp /usr/share/dnf5/dnf5-plugins/automatic.conf /etc/dnf/automatic.confOpen the copied file for editing:
sudo nano /etc/dnf/automatic.confFedora’s template uses yes and no for boolean settings. DNF5 also documents the same settings as booleans, but matching the packaged file keeps your edits easy to compare during future audits.
Choose DNF Automatic Update Behavior
The [commands] section controls how far DNF Automatic goes during each run:
| Setting | Default | What It Controls |
|---|---|---|
upgrade_type | default | Use default for all updates or security for security advisories only. |
download_updates | yes | Downloads available updates into the DNF cache. |
apply_updates | no | Installs downloaded updates automatically when set to yes. |
reboot | never | Controls automatic reboot behavior after updates are installed. |
random_sleep | 0 | Adds an extra random delay when dnf automatic --timer runs. |
network_online_timeout | 60 | Waits for network connectivity before checking repositories. |
The conservative default is download-only: updates are fetched, but installation stays manual. That is a good first mode for workstations and any server where unexpected package changes could interrupt active work.
Use a Conservative DNF Automatic Configuration
For a low-risk starting point, notify through the message of the day, download security updates, and leave installation manual:
[commands]
upgrade_type = security
download_updates = yes
apply_updates = no
reboot = never
[emitters]
emit_via = motd
emit_no_updates = no
[base]
debuglevel = 1The motd emitter writes update messages under /etc/motd.d/dnf5-automatic, so SSH and console logins can show the result without requiring email. Keep apply_updates = no until you have watched a few runs and know how your system behaves after routine updates.
Enable Automatic Security Patching on Fedora
For systems where unattended security patching is acceptable, install security updates automatically and reboot only when Fedora marks a reboot as necessary:
Use automatic installation only where a surprise service restart or reboot will not break active work. For remote servers, keep a tested SSH path open and schedule the timer inside a maintenance window.
[commands]
upgrade_type = security
download_updates = yes
apply_updates = yes
reboot = when-needed
reboot_command = "shutdown -r +5 'Rebooting after applying package updates'"
[emitters]
emit_via = motd
[base]
debuglevel = 1reboot = when-needed is more selective than when-changed. It reboots only when packages such as the kernel, systemd, glibc, or dbus need a restart before the update fully takes effect.
Configure DNF Automatic Email Notifications
DNF5 has two email paths. The email emitter sends SMTP mail through libcurl, while command_email sends mail through a local command such as mail or sendmail. For direct SMTP delivery, add a configuration like this and adjust the host, sender, and recipient values:
[emitters]
emit_via = email
system_name = fedora-server-01
[email]
email_from = dnf-automatic@example.com
email_to = admin@example.com
email_host = smtp.example.com
email_port = 587
email_tls = starttlsSMTP credentials are read from the root account’s .netrc file when your relay requires authentication. If DNF Automatic logs that libcurl lacks SMTP protocol support, the DNF5 Automatic documentation notes that replacing libcurl-minimal with libcurl resolves that specific limitation:
sudo dnf swap libcurl-minimal libcurlFor a local MTA setup instead, use command_email and test the mail command directly before relying on update alerts.
Manage the DNF Automatic Timer on Fedora
Enable the DNF5 Automatic Timer
Enable and start the DNF5 Automatic timer after your configuration file matches the behavior you want:
sudo systemctl enable --now dnf5-automatic.timerConfirm the timer is enabled and active:
systemctl is-enabled dnf5-automatic.timer
systemctl is-active dnf5-automatic.timerExpected output:
enabled active
Fedora also provides dnf-automatic.timer as an alias, but dnf5-automatic.timer is the canonical DNF5 unit name. That distinction matters when older instructions mention removed DNF4-era units such as dnf-automatic-install.timer, dnf-automatic-download.timer, or dnf-automatic-notifyonly.timer.
Check the DNF Automatic Timer Schedule
Use systemctl cat to inspect the packaged timer file. The grep command keeps the timer properties focused:
systemctl cat dnf5-automatic.timer --no-pager | grep -E '^(OnCalendar|RandomizedDelaySec|Persistent)='Relevant output includes the calendar time, the built-in randomized delay, and whether missed runs are caught after boot:
OnCalendar=*-*-* 6:00 RandomizedDelaySec=60m Persistent=true
Fedora’s packaged timer runs daily at 06:00 with up to one hour of random delay. The Persistent=true setting lets systemd catch a missed timer after the machine boots again.
Change the DNF Automatic Timer Schedule
Create a systemd drop-in instead of editing files in /usr/lib/systemd/system/, because package updates own that directory:
sudo install -d -m 0755 /etc/systemd/system/dnf5-automatic.timer.d
sudo nano /etc/systemd/system/dnf5-automatic.timer.d/override.confFor example, this override runs DNF Automatic every Monday at 03:00:
[Timer]
OnCalendar=
OnCalendar=Mon *-*-* 03:00:00The empty OnCalendar= line clears Fedora’s packaged schedule before your new calendar expression is added. The expression format follows the systemd calendar event syntax.
Reload systemd and restart the timer after saving the file:
sudo systemctl daemon-reload
sudo systemctl restart dnf5-automatic.timerRecheck the timer to confirm systemd accepted the override:
systemctl cat dnf5-automatic.timer --no-pager | grep -E '^(OnCalendar|RandomizedDelaySec|Persistent)='Relevant output for the weekly example includes the packaged timer values followed by your override:
OnCalendar=*-*-* 6:00 RandomizedDelaySec=60m Persistent=true OnCalendar= OnCalendar=Mon *-*-* 03:00:00
The final OnCalendar=Mon *-*-* 03:00:00 line is the active schedule added by your drop-in. The empty OnCalendar= line clears the packaged daily schedule before that weekly value is applied.
Test DNF Automatic Safely on Fedora
Run a Notification-Only DNF Automatic Test
For a safe manual test, override both package downloads and package installation for that one run:
sudo dnf automatic --no-downloadupdates --no-installupdatesThis command can finish quietly when no updates are available and emit_no_updates = no. Check the journal if you want to confirm the service ran or investigate a failure:
sudo journalctl -u dnf5-automatic.service --since "1 hour ago" --no-pagerUse DNF Automatic Overrides Carefully
Command-line overrides are useful for testing or one-off runs because they override /etc/dnf/automatic.conf for that execution only:
| Override | Use Case | Risk Level |
|---|---|---|
--no-downloadupdates | Skip package downloads during a one-off run. | Low when paired with --no-installupdates for safe checks. |
--downloadupdates | Download available updates into the cache. | Moderate, package cache changes but installed packages do not. |
--no-installupdates | Prevent installation even when the config says to apply updates. | Low, useful for dry checks against an aggressive config. |
--installupdates | Install available updates immediately. | High, use only in a maintenance window. |
--timer | Apply random_sleep, normally used by the systemd timer. | Low by itself, but it combines with the configured update behavior. |
Do not use sudo dnf automatic --installupdates as a casual test. It can install real package updates immediately, which may restart services or leave a kernel update waiting for a reboot.
Troubleshoot DNF Automatic on Fedora
DNF Automatic Timer Unit Is Missing
If systemd cannot find the DNF Automatic timer, the plugin is usually not installed or the command uses an old timer name. A missing unit error looks like this:
Unit dnf-automatic-install.timer could not be found.
Install the plugin and use the DNF5 timer name:
sudo dnf install dnf5-plugin-automatic
sudo systemctl enable --now dnf5-automatic.timerOnly one DNF5 Automatic timer is shipped. Use configuration settings or command-line overrides instead of the removed dnf-automatic-install.timer, dnf-automatic-download.timer, and dnf-automatic-notifyonly.timer units. Confirm the repair with systemctl is-active dnf5-automatic.timer; the expected result is active.
DNF Automatic Downloads Updates But Does Not Install Them
When updates download but remain unapplied, check the active installation setting:
grep -E '^(download_updates|apply_updates|upgrade_type|reboot) =' /etc/dnf/automatic.confA download-only configuration looks like this:
upgrade_type = security download_updates = yes apply_updates = no reboot = never
Set apply_updates = yes only if you want unattended installation. Keep apply_updates = no when you want DNF Automatic to prepare updates for later manual review. Recheck the same grep command after saving the file so the active values match the behavior you expect.
DNF Automatic Email Notifications Do Not Arrive
Start by checking which emitter is active and whether the service logged an email error:
grep '^emit_via =' /etc/dnf/automatic.conf
sudo journalctl -u dnf5-automatic.service --since "24 hours ago" --no-pagerIf emit_via = email, verify the SMTP host, port, TLS mode, sender address, recipient address, and root account credentials. If emit_via = command_email, verify that the configured mail command exists and can send a test message outside DNF Automatic. After fixing the emitter, rerun the safe DNF Automatic test and recheck the journal for the next report attempt.
DNF Automatic Waits on a Package Lock
DNF can only run one system transaction at a time. If another package command is active, DNF Automatic may wait for the system repository lock or fail after a timeout. Check for active DNF processes:
pgrep -a dnfWait for the other transaction to finish instead of removing lock files or forcing another install. If the timer repeatedly collides with another maintenance job, move one of the schedules so they do not overlap, then rerun a notification-only test to confirm DNF Automatic can start cleanly.
Best Practices for DNF Automatic on Fedora
- Start with download-only mode: Watch a few scheduled runs before allowing unattended installation.
- Use security-only updates on servers:
upgrade_type = securitylimits automatic changes while still handling urgent advisories. - Keep reboot policy conservative: Use
reboot = neveron workstations andreboot = when-neededonly where downtime is acceptable. - Check logs after the first scheduled run: Use
journalctl -u dnf5-automatic.serviceto confirm the timer actually reached DNF. - Protect remote access first: For servers, pair automatic patching with a verified SSH setup on Fedora and an appropriate Fedora firewalld configuration.
Update or Remove DNF Automatic on Fedora
Update DNF Automatic on Fedora
DNF Automatic updates with the rest of Fedora’s DNF5 packages. To update only this plugin, target its package name:
sudo dnf upgrade dnf5-plugin-automaticFor broader system maintenance, review normal Fedora package updates with sudo dnf upgrade. Major Fedora release upgrades are a separate workflow; do not use DNF Automatic as a release-upgrade tool.
Disable DNF Automatic on Fedora
Disable the timer when you want to keep the package installed but stop scheduled runs:
sudo systemctl disable --now dnf5-automatic.timerThe dnf automatic command remains available for manual checks after the timer is disabled.
Remove DNF Automatic from Fedora
Stop the timer, remove the package, and delete only the DNF Automatic files you created for this setup:
The cleanup command removes
/etc/dnf/automatic.confand/etc/systemd/system/dnf5-automatic.timer.d/. Keep those files if they contain local policy you want to archive before uninstalling the plugin.
sudo systemctl disable --now dnf5-automatic.timer
sudo rm -f /etc/dnf/automatic.conf
sudo rm -rf /etc/systemd/system/dnf5-automatic.timer.d
sudo dnf remove dnf5-plugin-automatic
sudo systemctl daemon-reloadVerify the package is gone:
rpm -q --quiet dnf5-plugin-automatic || echo "dnf5-plugin-automatic not installed"Expected output after removal:
dnf5-plugin-automatic not installed
Conclusion
DNF Automatic is installed and ready to run Fedora updates on a controlled systemd schedule. Start with download-only or MOTD notifications, then move to automatic security patching only after the timer, logs, and reboot policy fit your system. The DNF5 Automatic documentation is the best reference for option details when you fine-tune the setup later.
Formatting tips for your comment
You can use basic HTML to format your comment. Useful tags currently allowed in published comments:
<code>command</code>command<strong>bold</strong><em>italic</em><blockquote>quote</blockquote>