|
@@ -1,91 +0,0 @@
|
|
|
-//
|
|
|
-// Unattended Upgrades Configuration (Salt managed)
|
|
|
-//
|
|
|
-
|
|
|
-// Unattended-Upgrade::Origins-Pattern controls which packages are
|
|
|
-// upgraded.
|
|
|
-//
|
|
|
-// Lines below have the format format is "keyword=value,...". A
|
|
|
-// package will be upgraded only if the values in its metadata match
|
|
|
-// all the supplied keywords in a line. (In other words, omitted
|
|
|
-// keywords are wild cards.) The keywords originate from the Release
|
|
|
-// file, but several aliases are accepted. The accepted keywords are:
|
|
|
-// a,archive,suite (eg, "stable")
|
|
|
-// c,component (eg, "main", "contrib", "non-free")
|
|
|
-// l,label (eg, "Debian", "Debian-Security")
|
|
|
-// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
|
|
|
-// n,codename (eg, "jessie", "jessie-updates")
|
|
|
-// site (eg, "http.debian.net")
|
|
|
-// The available values on the system are printed by the command
|
|
|
-// "apt-cache policy", and can be debugged by running
|
|
|
-// "unattended-upgrades -d" and looking at the log file.
|
|
|
-//
|
|
|
-// Within lines unattended-upgrades allows 2 macros whose values are
|
|
|
-// derived from /etc/debian_version:
|
|
|
-// ${distro_id} Installed origin.
|
|
|
-// ${distro_codename} Installed codename (eg, "buster")
|
|
|
-Unattended-Upgrade::Origins-Pattern {
|
|
|
- // Archive or Suite based matching:
|
|
|
- // Note that this will silently match a different release after
|
|
|
- // migration to the specified archive (e.g. testing becomes the
|
|
|
- // new stable).
|
|
|
- "o=Debian,n=stretch";
|
|
|
- "o=Debian,n=stretch,a=stable-updates";
|
|
|
- "o=Debian,n=stretch,a=proposed-updates";
|
|
|
- "o=Debian,n=stretch,l=Debian-Security";
|
|
|
- "o=Debian Backports,n=stretch-backports,l=Debian Backports";
|
|
|
- "origin=Debian,archive=stable,label=Debian-Security";
|
|
|
- "origin=Debian,archive=oldstable,label=Debian-Security";
|
|
|
-
|
|
|
- // Icigna2
|
|
|
- "o=debian icinga-stretch,a=icinga-stretch";
|
|
|
-
|
|
|
- // SaltStack
|
|
|
- "o=SaltStack,a=oldstable,n=stretch,l=salt_debian9";
|
|
|
-};
|
|
|
-
|
|
|
-// List of packages to not update
|
|
|
-Unattended-Upgrade::Package-Blacklist {
|
|
|
- "libc6";
|
|
|
- "libc6-dev";
|
|
|
- "libc6-i686";
|
|
|
- "bird";
|
|
|
- "fastd";
|
|
|
- "batman-adv-dkms";
|
|
|
- "ifupdown2";
|
|
|
-};
|
|
|
-
|
|
|
-// Send email to this address for problems or packages upgrades
|
|
|
-// If empty or unset then no email is sent, make sure that you
|
|
|
-// have a working mail setup on your system. A package that provides
|
|
|
-// 'mailx' must be installed. E.g. "user@example.com"
|
|
|
-Unattended-Upgrade::Mail "root";
|
|
|
-
|
|
|
-// Set this value to "true" to get emails only on errors. Default
|
|
|
-// is to always send a mail if Unattended-Upgrade::Mail is set
|
|
|
-//Unattended-Upgrade::MailOnlyOnError "true";
|
|
|
-
|
|
|
-// Remove unused automatically installed kernel-related packages
|
|
|
-// (kernel images, kernel headers and kernel version locked tools).
|
|
|
-Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
|
|
|
-
|
|
|
-// Do automatic removal of unused packages after the upgrade
|
|
|
-// (equivalent to apt-get autoremove)
|
|
|
-Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
|
|
-
|
|
|
-// Do automatic removal of newly unused dependencies after the upgrade
|
|
|
-Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
|
|
|
-
|
|
|
-// Automatically reboot *WITHOUT CONFIRMATION* if
|
|
|
-// the file /var/run/reboot-required is found after the upgrade
|
|
|
-Unattended-Upgrade::Automatic-Reboot "false";
|
|
|
-
|
|
|
-// Enable logging to syslog. Default is False
|
|
|
-Unattended-Upgrade::SyslogEnable "true";
|
|
|
-
|
|
|
-// Specify syslog facility. Default is daemon
|
|
|
-Unattended-Upgrade::SyslogFacility "daemon";
|
|
|
-
|
|
|
-// Force dpkg to keep any existing configuration file regardless of
|
|
|
-// what the package might bring
|
|
|
-DPkg::Options:: "--force-confold";
|