50unattended-upgrades.Debian.buster 3.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. //
  2. // Unattended Upgrades Configuration (Salt managed)
  3. //
  4. // Unattended-Upgrade::Origins-Pattern controls which packages are
  5. // upgraded.
  6. //
  7. // Lines below have the format format is "keyword=value,...". A
  8. // package will be upgraded only if the values in its metadata match
  9. // all the supplied keywords in a line. (In other words, omitted
  10. // keywords are wild cards.) The keywords originate from the Release
  11. // file, but several aliases are accepted. The accepted keywords are:
  12. // a,archive,suite (eg, "stable")
  13. // c,component (eg, "main", "contrib", "non-free")
  14. // l,label (eg, "Debian", "Debian-Security")
  15. // o,origin (eg, "Debian", "Unofficial Multimedia Packages")
  16. // n,codename (eg, "jessie", "jessie-updates")
  17. // site (eg, "http.debian.net")
  18. // The available values on the system are printed by the command
  19. // "apt-cache policy", and can be debugged by running
  20. // "unattended-upgrades -d" and looking at the log file.
  21. //
  22. // Within lines unattended-upgrades allows 2 macros whose values are
  23. // derived from /etc/debian_version:
  24. // ${distro_id} Installed origin.
  25. // ${distro_codename} Installed codename (eg, "buster")
  26. Unattended-Upgrade::Origins-Pattern {
  27. // Archive or Suite based matching:
  28. // Note that this will silently match a different release after
  29. // migration to the specified archive (e.g. testing becomes the
  30. // new stable).
  31. "o=Debian,n=buster";
  32. "o=Debian,n=buster,a=stable-updates";
  33. "o=Debian,n=buster,a=proposed-updates";
  34. "o=Debian,n=buster,l=Debian-Security";
  35. "o=Debian Backports,n=buster-backports,l=Debian Backports";
  36. "origin=Debian,archive=stable,label=Debian-Security";
  37. "origin=Debian,archive=oldstable,label=Debian-Security";
  38. // Icigna2
  39. "o=debian icinga-buster,a=icinga-buster";
  40. // SaltStack
  41. "o=SaltStack,a=stable,n=buster,l=salt_debian10";
  42. };
  43. // List of packages to not update
  44. Unattended-Upgrade::Package-Blacklist {
  45. "libc6";
  46. "libc6-dev";
  47. "libc6-i686";
  48. "bird";
  49. "fastd";
  50. "batman-adv-dkms";
  51. "ifupdown2";
  52. };
  53. // Send email to this address for problems or packages upgrades
  54. // If empty or unset then no email is sent, make sure that you
  55. // have a working mail setup on your system. A package that provides
  56. // 'mailx' must be installed. E.g. "user@example.com"
  57. Unattended-Upgrade::Mail "root";
  58. // Set this value to "true" to get emails only on errors. Default
  59. // is to always send a mail if Unattended-Upgrade::Mail is set
  60. Unattended-Upgrade::MailOnlyOnError "true";
  61. // Remove unused automatically installed kernel-related packages
  62. // (kernel images, kernel headers and kernel version locked tools).
  63. Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
  64. // Do automatic removal of unused packages after the upgrade
  65. // (equivalent to apt-get autoremove)
  66. Unattended-Upgrade::Remove-Unused-Dependencies "true";
  67. // Do automatic removal of newly unused dependencies after the upgrade
  68. Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
  69. // Automatically reboot *WITHOUT CONFIRMATION* if
  70. // the file /var/run/reboot-required is found after the upgrade
  71. Unattended-Upgrade::Automatic-Reboot "false";
  72. // Enable logging to syslog. Default is False
  73. Unattended-Upgrade::SyslogEnable "true";
  74. // Specify syslog facility. Default is daemon
  75. Unattended-Upgrade::SyslogFacility "daemon";
  76. // Force dpkg to keep any existing configuration file regardless of
  77. // what the package might bring
  78. DPkg::Options:: "--force-confold";