Support unattended-upgrades specific APT configuration

mvo5 / unattended-upgrades

Automatic installation of security upgrades on apt based systems

GNU General Public License v2.0

278 stars 78 forks source link

Support unattended-upgrades specific APT configuration #287

Open rbalint opened 3 years ago

rbalint commented 3 years ago

There are some cases, such as #286 where it would be desired if unattended-upgrades would use a different APT configuration, than APT's command line interface. The proposed solution is reading config from /etc/apt/unattended-upgrades.conf and /etc/apt/unattended-upgrades.conf.d/ overriding values in /etc/apt/apt.conf{|.d}.

julian-klode commented 3 years ago

FWIW, APT uses Binary::<name>::<foo> options that it then moves into <foo> to set different options for different binaries, which might be applicable here too. Though I don't think the move subtree function is exposed yet.

rbalint commented 3 years ago

@julian-klode Interesting! In case of u-u would the <name> be unattended-upgrade or python3 ?

rbalint commented 3 years ago

@julian-klode Would you prefer u-u using and documenting the Binary::<name> interface or have the separate config (dir)?

duven87 commented 7 months ago

Hi, I have been looking for options on how to let update specific packages and I can't find anything. In my case, I want my servers to only update updates with the security label with the exception of cloud-init, qemu-agent,etc. which is with label updates. I have tried:

"origin=cloudinit";

but it keeps ignoring it. Is there any idea in the future to add package update exceptions ignoring allow pattern/origin policies?