Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Auto install security updates only?
14 views
Skip to first unread message
Dick Visser
Jun 22, 2021, 4:10:04 AM6/22/21
to
Hi
I'm looking for a way to auto install security updates only.
To this end have configured unattended-upgrades like this:
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
Unattended-Upgrade::Package-Blacklist {
};
While this works *most* of the time, it does not work *all* of the time.
A common issue is when a security update depends on another, new
package that is not labeled as Debian-Security.
Since a few days, this is the case again:
WARNING package linux-image-cloud-amd64 upgradable but fails to be
marked for upgrade ()
It appears that linux-image-cloud-amd64 is the security update, but it
depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
update. If I add:
"origin=Debian,codename=${distro_codename},label=Debian";
to the Unattended-Upgrade::Origins-Pattern list (basically the
default), it works but then all packages get updated - which I don't
want.
On https://github.com/mvo5/unattended-upgrades#supported-options-reference
I noticed there is the Unattended-Upgrade::Package-Whitelist option.
But that means I have to know in advance which packages will be
upgraded - which I don't.
Any ideas on how one would auto install security updates including any
dependencies that are not labeled as Debian-Security?
thx!
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
I'm looking for a way to auto install security updates only.
To this end have configured unattended-upgrades like this:
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
Unattended-Upgrade::Package-Blacklist {
};
While this works *most* of the time, it does not work *all* of the time.
A common issue is when a security update depends on another, new
package that is not labeled as Debian-Security.
Since a few days, this is the case again:
WARNING package linux-image-cloud-amd64 upgradable but fails to be
marked for upgrade ()
It appears that linux-image-cloud-amd64 is the security update, but it
depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
update. If I add:
"origin=Debian,codename=${distro_codename},label=Debian";
to the Unattended-Upgrade::Origins-Pattern list (basically the
default), it works but then all packages get updated - which I don't
want.
On https://github.com/mvo5/unattended-upgrades#supported-options-reference
I noticed there is the Unattended-Upgrade::Package-Whitelist option.
But that means I have to know in advance which packages will be
upgraded - which I don't.
Any ideas on how one would auto install security updates including any
dependencies that are not labeled as Debian-Security?
thx!
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Andrei POPESCU
Jun 22, 2021, 6:30:05 AM6/22/21
to
On Ma, 22 iun 21, 10:05:32, Dick Visser wrote:
>
> It appears that linux-image-cloud-amd64 is the security update, but it
> depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
> update.
The output of 'apt policy' for both package will show what's happening.
>
> It appears that linux-image-cloud-amd64 is the security update, but it
> depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
> update.
My guess is they are both regular stable updates, not security updates.
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
0 new messages