Hi

I'm looking for a way to auto install security updates only.
To this end have configured unattended-upgrades like this:

Unattended-Upgrade::Origins-Pattern {
     "origin=Debian,codename=${distro_codename},label=Debian-Security";
  };
Unattended-Upgrade::Package-Blacklist {
};

While this works *most* of the time, it does not work *all* of the time.
A common issue is when a security update depends on another, new
package that is not labeled as Debian-Security.
Since a few days, this is the case again:

WARNING package linux-image-cloud-amd64 upgradable but fails to be
marked for upgrade ()

It appears that linux-image-cloud-amd64 is the security update, but it
depends on linux-image-4.19.0-17-cloud-amd64 which is not a security
update. If I add:
"origin=Debian,codename=${distro_codename},label=Debian";
to the Unattended-Upgrade::Origins-Pattern list (basically the
default), it works but then all packages get updated - which I don't
want.

On https://github.com/mvo5/unattended-upgrades#supported-options-reference
I noticed there is the Unattended-Upgrade::Package-Whitelist option.
But that means I have to know in advance which packages will be
upgraded - which I don't.

Any ideas on how one would auto install security updates including any
dependencies that are not labeled as Debian-Security?

thx!


-- 
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

Reply via email to