Auto installing security updates?
Hi
I'm aiming to auto install security updates, and have configured
unattended-upgrades like this:
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
Unattended-Upgrade::Package-Blacklist {
};
While this works _most_ of the time, it does not work _all_ of the time.
A common issue is when a security update depends on another, new
package that is not in Debian-Security.
Since a few days, this is the case again:
WARNING package linux-image-cloud-amd64 upgradable but fails to be
marked for upgrade ()
It appears that linux-image-cloud-amd64 is the security update, but it
depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
update.
If I add "origin=Debian,codename=${distro_codename},label=Debian"; to
the Unattended-Upgrade::Origins-Pattern list (basically the default),
it works but then all packages get updated - which I don't want.
I saw there is a Unattended-Upgrade::Package-Blacklist option, which
has the granularity I need (package name regex), but that is to
*restrict* what can be auto installed. I think I'm looking for the
opposite.
Any ideas on how one would auto install security updates including any
dependencies that are not in Debian-Security?
If this is the wrong forum, apologies, and what would be a more
suitable place to ask.
thx!
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Reply to: