search

sous-chefs / apt

Development repository for the apt cookbook
https://supermarket.chef.io/cookbooks/apt
Apache License 2.0
201 stars 266 forks source link

unattended-upgrades template and Debian #176

Closed rmoriz closed 8 years ago

rmoriz commented 8 years ago

Preface

unattended-upgrades has two ways to limit the scope of sources that will be considered for automatic upgrades

Unattended-Upgrade::Allowed-Origins

This is currently implemented in this cookbook, but allows only the specification of one or more "origin:archive" scopes.

Unattended-Upgrade::Origins-Pattern

This is currently not implemented but allows a much more flexible configuration, like:

Unattended-Upgrade::Origins-Pattern {
        "origin=Google\, Inc.,suite=contrib";
        "site=www.example.com,component=main";
 };

see: https://github.com/mvo5/unattended-upgrades https://github.com/mvo5/unattended-upgrades/blob/debian/jessie/data/50unattended-upgrades.Debian

Problem

We want to auto-upgrade only security upgrades. Debian, contrary to Ubuntu, does not use a specifc archive name. All security updates are part of the "stable" archive hence Unattended-Upgrade::Allowed-Origins has no way to limit the scope to security updates.

Possible Solution

Looks like support was added in Debian 7.

bjk-soundcloud commented 8 years ago

Added https://github.com/chef-cookbooks/apt/pull/197 to solve this.