Hi
I'm looking for a way to auto install security updates only.
To this end have configured unattended-upgrades like this:
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
Unattended-Upgrade::Package-Blacklist {
};
While this works *most* of the time, it does not work *all* of the time.
A common issue is when a security update depends on another, new
package that is not labeled as Debian-Security.
Since a few days, this is the case again:
WARNING package linux-image-cloud-amd64 upgradable but fails to be
marked for upgrade ()
It appears that linux-image-cloud-amd64 is the security update, but it
depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
update. If I add:
"origin=Debian,codename=${distro_codename},label=Debian";
to the Unattended-Upgrade::Origins-Pattern list (basically the
default), it works but then all packages get updated - which I don't
want.
On https://github.com/mvo5/unattended-upgrades#supported-options-reference
I noticed there is the Unattended-Upgrade::Package-Whitelist option.
But that means I have to know in advance which packages will be
upgraded - which I don't.
Any ideas on how one would auto install security updates including any
dependencies that are not labeled as Debian-Security?
thx!
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
