50unattended-upgrades.Debian.buster 3.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. //
  2. // Unattended Upgrades Configuration (Salt managed)
  3. //
  4. // Unattended-Upgrade::Origins-Pattern controls which packages are
  5. // upgraded.
  6. //
  7. // Lines below have the format format is "keyword=value,...". A
  8. // package will be upgraded only if the values in its metadata match
  9. // all the supplied keywords in a line. (In other words, omitted
  10. // keywords are wild cards.) The keywords originate from the Release
  11. // file, but several aliases are accepted. The accepted keywords are:
  12. // a,archive,suite (eg, "stable")
  13. // c,component (eg, "main", "contrib", "non-free")
  14. // l,label (eg, "Debian", "Debian-Security")
  15. // o,origin (eg, "Debian", "Unofficial Multimedia Packages")
  16. // n,codename (eg, "jessie", "jessie-updates")
  17. // site (eg, "http.debian.net")
  18. // The available values on the system are printed by the command
  19. // "apt-cache policy", and can be debugged by running
  20. // "unattended-upgrades -d" and looking at the log file.
  21. //
  22. // Within lines unattended-upgrades allows 2 macros whose values are
  23. // derived from /etc/debian_version:
  24. // ${distro_id} Installed origin.
  25. // ${distro_codename} Installed codename (eg, "buster")
  26. Unattended-Upgrade::Origins-Pattern {
  27. // Archive or Suite based matching:
  28. // Note that this will silently match a different release after
  29. // migration to the specified archive (e.g. testing becomes the
  30. // new stable).
  31. "o=Debian,n=buster";
  32. "o=Debian,n=buster,a=stable-updates";
  33. "o=Debian,n=buster,a=proposed-updates";
  34. "o=Debian,n=buster,l=Debian-Security";
  35. "o=Debian Backports,n=buster-backports,l=Debian Backports";
  36. "origin=Debian,archive=stable,label=Debian-Security";
  37. "origin=Debian,archive=oldstable,label=Debian-Security";
  38. // Icigna2
  39. "o=debian icinga-buster,a=icinga-buster";
  40. // SaltStack
  41. "o=SaltStack,a=stable,n=buster,l=salt_debian10";
  42. };
  43. // List of packages to not update
  44. Unattended-Upgrade::Package-Blacklist {
  45. "bird";
  46. "ifupdown2";
  47. };
  48. // Send email to this address for problems or packages upgrades
  49. // If empty or unset then no email is sent, make sure that you
  50. // have a working mail setup on your system. A package that provides
  51. // 'mailx' must be installed. E.g. "user@example.com"
  52. Unattended-Upgrade::Mail "root";
  53. // Set this value to "true" to get emails only on errors. Default
  54. // is to always send a mail if Unattended-Upgrade::Mail is set
  55. Unattended-Upgrade::MailOnlyOnError "true";
  56. // Remove unused automatically installed kernel-related packages
  57. // (kernel images, kernel headers and kernel version locked tools).
  58. Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
  59. // Do automatic removal of unused packages after the upgrade
  60. // (equivalent to apt-get autoremove)
  61. Unattended-Upgrade::Remove-Unused-Dependencies "true";
  62. // Do automatic removal of newly unused dependencies after the upgrade
  63. Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
  64. // Automatically reboot *WITHOUT CONFIRMATION* if
  65. // the file /var/run/reboot-required is found after the upgrade
  66. Unattended-Upgrade::Automatic-Reboot "false";
  67. // Enable logging to syslog. Default is False
  68. Unattended-Upgrade::SyslogEnable "true";
  69. // Specify syslog facility. Default is daemon
  70. Unattended-Upgrade::SyslogFacility "daemon";
  71. // Force dpkg to keep any existing configuration file regardless of
  72. // what the package might bring
  73. DPkg::Options:: "--force-confold";