1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 |
- //
- // Unattended Upgrades Configuration (Salt managed)
- //
- // Unattended-Upgrade::Origins-Pattern controls which packages are
- // upgraded.
- //
- // Lines below have the format format is "keyword=value,...". A
- // package will be upgraded only if the values in its metadata match
- // all the supplied keywords in a line. (In other words, omitted
- // keywords are wild cards.) The keywords originate from the Release
- // file, but several aliases are accepted. The accepted keywords are:
- // a,archive,suite (eg, "stable")
- // c,component (eg, "main", "contrib", "non-free")
- // l,label (eg, "Debian", "Debian-Security")
- // o,origin (eg, "Debian", "Unofficial Multimedia Packages")
- // n,codename (eg, "jessie", "jessie-updates")
- // site (eg, "http.debian.net")
- // The available values on the system are printed by the command
- // "apt-cache policy", and can be debugged by running
- // "unattended-upgrades -d" and looking at the log file.
- //
- // Within lines unattended-upgrades allows 2 macros whose values are
- // derived from /etc/debian_version:
- // ${distro_id} Installed origin.
- // ${distro_codename} Installed codename (eg, "buster")
- Unattended-Upgrade::Origins-Pattern {
- // Archive or Suite based matching:
- // Note that this will silently match a different release after
- // migration to the specified archive (e.g. testing becomes the
- // new stable).
- "o=Debian,n=buster";
- "o=Debian,n=buster,a=stable-updates";
- "o=Debian,n=buster,a=proposed-updates";
- "o=Debian,n=buster,l=Debian-Security";
- "o=Debian Backports,n=buster-backports,l=Debian Backports";
- "origin=Debian,archive=stable,label=Debian-Security";
- "origin=Debian,archive=oldstable,label=Debian-Security";
- // Icigna2
- "o=debian icinga-buster,a=icinga-buster";
- // SaltStack
- "o=SaltStack,a=stable,n=buster,l=salt_debian10";
- };
- // List of packages to not update
- Unattended-Upgrade::Package-Blacklist {
- "bird";
- "ifupdown2";
- };
- // Send email to this address for problems or packages upgrades
- // If empty or unset then no email is sent, make sure that you
- // have a working mail setup on your system. A package that provides
- // 'mailx' must be installed. E.g. "user@example.com"
- Unattended-Upgrade::Mail "root";
- // Set this value to "true" to get emails only on errors. Default
- // is to always send a mail if Unattended-Upgrade::Mail is set
- Unattended-Upgrade::MailOnlyOnError "true";
- // Remove unused automatically installed kernel-related packages
- // (kernel images, kernel headers and kernel version locked tools).
- Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
- // Do automatic removal of unused packages after the upgrade
- // (equivalent to apt-get autoremove)
- Unattended-Upgrade::Remove-Unused-Dependencies "true";
- // Do automatic removal of newly unused dependencies after the upgrade
- Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
- // Automatically reboot *WITHOUT CONFIRMATION* if
- // the file /var/run/reboot-required is found after the upgrade
- Unattended-Upgrade::Automatic-Reboot "false";
- // Enable logging to syslog. Default is False
- Unattended-Upgrade::SyslogEnable "true";
- // Specify syslog facility. Default is daemon
- Unattended-Upgrade::SyslogFacility "daemon";
- // Force dpkg to keep any existing configuration file regardless of
- // what the package might bring
- DPkg::Options:: "--force-confold";
|