unattended-upgrades template and Debian

Question

unattended-upgrades template and Debian

rmoriz opened this issue 9 years ago · 1 comments

Preface

unattended-upgrades has two ways to limit the scope of sources that will be considered for automatic upgrades

`Unattended-Upgrade::Allowed-Origins`

This is currently implemented in this cookbook, but allows only the specification of one or more "origin:archive" scopes.

`Unattended-Upgrade::Origins-Pattern`

This is currently not implemented but allows a much more flexible configuration, like:

Unattended-Upgrade::Origins-Pattern {
        "origin=Google\, Inc.,suite=contrib";
        "site=www.example.com,component=main";
 };

see:
https://github.com/mvo5/unattended-upgrades
https://github.com/mvo5/unattended-upgrades/blob/debian/jessie/data/50unattended-upgrades.Debian

Problem

We want to auto-upgrade only security upgrades. Debian, contrary to Ubuntu, does not use a specifc archive name. All security updates are part of the "stable" archive hence Unattended-Upgrade::Allowed-Origins has no way to limit the scope to security updates.

Possible Solution

update the template + support Unattended-Upgrade::Origins-Pattern

Looks like support was added in Debian 7.

Answer 1 · 2016-03-16T08:58:55.000Z

Added #197 to solve this.