summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades74
1 files changed, 49 insertions, 25 deletions
diff --git a/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades b/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades
index 5a58095..c9adc5f 100644
--- a/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades
+++ b/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades
@@ -1,33 +1,53 @@
-// Automatically upgrade packages from these origin patterns
+// Unattended-Upgrade::Origins-Pattern controls which packages are
+// upgraded.
+//
+// Lines below have the format format is "keyword=value,...". A
+// package will be upgraded only if the values in its metadata match
+// all the supplied keywords in a line. (In other words, omitted
+// keywords are wild cards.) The keywords originate from the Release
+// file, but several aliases are accepted. The accepted keywords are:
+// a,archive,suite (eg, "stable")
+// c,component (eg, "main", "crontrib", "non-free")
+// l,label (eg, "Debian", "Debian-Security")
+// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
+// n,codename (eg, "jessie", "jessie-updates")
+// site (eg, "http.debian.net")
+// The available values on the system are printed by the command
+// "apt-cache policy", and can be debugged by running
+// "unattended-upgrades -d" and looking at the log file.
+//
+// Within lines unattended-upgrades allows 2 macros whose values are
+// derived from /etc/debian_version:
+// ${distro_id} Installed origin.
+// ${distro_codename} Installed codename (eg, "jessie")
Unattended-Upgrade::Origins-Pattern {
+ // Codename based matching:
+ // This will follow the migration of a release through different
+ // archives (e.g. from testing to stable and later oldstable).
+// "o=Debian,n=jessie";
+// "o=Debian,n=jessie-updates";
+// "o=Debian,n=jessie-proposed-updates";
+// "o=Debian,n=jessie,l=Debian-Security";
+
// Archive or Suite based matching:
// Note that this will silently match a different release after
// migration to the specified archive (e.g. testing becomes the
// new stable).
- // XXX: Sadly as of Wheezy, unattended-upgrades doesn't match
- // $distro_codename against (old)stable. Hence since packages
- // that are candidates for upgrade show up with a=(old)stable,
- // it is not enough to specifiy a=$distro_codename here.
- // Instead, we list both oldstable and stable; the useless one
- // is harmless and is being ignored anyway, as it is not in a
- // proper sources.list.
- "o=${distro_id},a=oldstable";
- "o=${distro_id},a=stable";
-// "o=${distro_id},a=stable-updates";
-// "o=${distro_id},a=proposed-updates";
- "o=${distro_id},a=oldstable,l=Debian-Security";
- "o=${distro_id},a=stable,l=Debian-Security";
+// "o=Debian,a=stable";
+// "o=Debian,a=stable-updates";
+// "o=Debian,a=proposed-updates";
+ "origin=Debian,codename=${distro_codename}";
+ "origin=Debian,codename=${distro_codename},label=Debian-Security";
};
-// List of packages to not update
+// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
-// "vim";
-// "libc6";
-// "libc6-dev";
-// "libc6-i686";
+// "vim";
+// "libc6";
+// "libc6-dev";
+// "libc6-i686";
};
-
// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
// dpkg --force-confold --configure -a
@@ -59,11 +79,15 @@ Unattended-Upgrade::Mail "admin@fripost.org";
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
-// Automatically reboot *WITHOUT CONFIRMATION* if a
-// the file /var/run/reboot-required is found after the upgrade
-Unattended-Upgrade::Automatic-Reboot "false";
+// Automatically reboot *WITHOUT CONFIRMATION* if
+// the file /var/run/reboot-required is found after the upgrade
+//Unattended-Upgrade::Automatic-Reboot "false";
+// If automatic reboot is enabled and needed, reboot at the specific
+// time instead of immediately
+// Default: "now"
+//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
// Use apt bandwidth limit feature, this example limits the download
-// speed to 128kb/sec
-Acquire::http::Dl-Limit "128";
+// speed to 256kb/sec
+Acquire::http::Dl-Limit "256";