search

mvo5 / unattended-upgrades

Automatic installation of security upgrades on apt based systems
GNU General Public License v2.0
278 stars 78 forks source link

It is not possible to override/unset/replace "Unattended-Upgrade::Origins-Pattern" #366

Open votdev opened 2 months ago

votdev commented 2 months ago

To override the configuration it is recommended to create an other APT configuration file fragment which overrides the shipped default value because updates to to shipped configuration file may conflict with the local changes blocking updating unattended-upgrades itself.

This does not work if you want to replace/unset the default shipped Origins-Pattern. The Unattended-Upgrade::Origins-Pattern in a different config file are always appended to the entries from /etc/apt/apt.conf.d/50unattended-upgrades. It is not possible to unset them partly for example. Is this by intention?

Example

The intention here is to remove/unset the entry "origin=Debian,codename=${distro_codename},label=Debian"; without the need to modify or delete the /etc/apt/apt.conf.d/50unattended-upgrades file (which should be prevented as mentioned in the README).

/etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

/etc/apt/apt.conf.d/52unattended-upgrades-local

Unattended-Upgrade::Origins-Pattern {
  "origin=Debian,codename=${distro_codename},label=Debian-Security";
  "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
};

Result

Allowed origins are: 
origin=Debian,codename=bookworm,label=Debian,
origin=Debian,codename=bookworm,label=Debian-Security,
origin=Debian,codename=bookworm-security,label=Debian-Security, 
origin=Debian,codename=bookworm,label=Debian-Security,
origin=Debian,codename=bookworm-security,label=Debian-Security