I attach a patch against current sid unattended-upgrades to rewrite
the README file (it is way out of date; I reorganised it and cut out
material that is best referred to elsewhere, mainly in the
50unattended-upgrades file) and improve the 50unattended-upgrades
files (Debian and Ubuntu flavors) as suggested.
--
http://rrt.sc3d.org
diff -Nur unattended-upgrades-0.72.3/data/50unattended-upgrades.Debian unattended-upgrades-0.72.3-rrt/data/50unattended-upgrades.Debian
--- unattended-upgrades-0.72.3/data/50unattended-upgrades.Debian 2011-04-29 10:04:04.000000000 +0100
+++ unattended-upgrades-0.72.3-rrt/data/50unattended-upgrades.Debian 2011-07-01 21:11:17.000000000 +0100
@@ -28,8 +28,8 @@
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
-// have a working mail setup on your system. The package 'mailx'
-// must be installed or anything that provides /usr/bin/mail.
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed.
//Unattended-Upgrade::Mail "root@localhost";
// Set this value to "true" to get emails only on errors. Default
diff -Nur unattended-upgrades-0.72.3/data/50unattended-upgrades.Ubuntu unattended-upgrades-0.72.3-rrt/data/50unattended-upgrades.Ubuntu
--- unattended-upgrades-0.72.3/data/50unattended-upgrades.Ubuntu 2011-04-29 10:04:04.000000000 +0100
+++ unattended-upgrades-0.72.3-rrt/data/50unattended-upgrades.Ubuntu 2011-07-01 21:16:42.000000000 +0100
@@ -1,9 +1,9 @@
-// Automatically upgrade packages from these (origin, archive) pairs
+// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
- "${distro_id} ${distro_codename}-security";
-// "${distro_id} ${distro_codename}-updates";
-// "${distro_id} ${distro_codename}-proposed";
-// "${distro_id} ${distro_codename}-backports";
+ "${distro_id}:${distro_codename}-security";
+// "${distro_id}:${distro_codename}-updates";
+// "${distro_id}:${distro_codename}-proposed";
+// "${distro_id}:${distro_codename}-backports";
};
// List of packages to not update
@@ -28,8 +28,8 @@
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
-// have a working mail setup on your system. The package 'mailx'
-// must be installed or anything that provides /usr/bin/mail.
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed.
//Unattended-Upgrade::Mail "root@localhost";
// Set this value to "true" to get emails only on errors. Default
diff -Nur unattended-upgrades-0.72.3/README unattended-upgrades-0.72.3-rrt/README
--- unattended-upgrades-0.72.3/README 2011-03-04 12:15:27.000000000 +0000
+++ unattended-upgrades-0.72.3-rrt/README 2011-07-01 21:10:02.000000000 +0100
@@ -1,124 +1,64 @@
Unattended upgrades
-------------------
-This script can install security upgrades automatically and
-unattended. However, it is not enabled by default. Most users
-enable it via the Software Sources programm (available in
-System/Administration), which has a simple radiobutton in the UI
-for enabling unattended upgrades.
+This script can upgrade packages automatically and unattended.
+However, it is not enabled by default. Most users enable it via the
+Software Sources program (available in System/Administration).
If you would prefer to enable it from the command line, run
"sudo dpkg-reconfigure -plow unattended-upgrades".
-It will not install packages that require dependencies
-that can't be fetched from security and it will check for conffile
-prompts before the install and holds back the package that creates
-them.
+It will not install packages that require dependencies that can't be
+fetched from allowed origins and it will check for conffile prompts
+before the install and holds back any package that requires them.
== Setup ==
-The unattended-upgrades package will *not* act unless it is enabled
-explicitly. To activate this script you need to ensure that the apt
-configuration contains the following lines (this can be done via the
-graphical "Software Source" program or via dpkg-reconfigure):
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-This means that it will check for upates every day and install them
-(if that is possible). If you have update-notifier installed, it will
-setup /etc/apt/apt.conf.d/10periodic. Just edit this file then to fit
-your needs. If you do not have this file, just create it or
-create/edit /etc/apt/apt.conf - you can check your configuration by
-running "apt-config dump".
+The unattended-upgrades package is normally activated by
+update-notifier. By default this runs an update every day.
-== Options ==
-
-By default it will only install from the the stable and security
-repository.
+The main way to specify which packages will be auto-upgraded is by
+means of their "origin" and "archive". These are taken respectively
+from the Origin and Suite fields of the respository's Release file,
+or can be found in the output of "apt-cache policy" in the "o" and
+"a" fields for the given repository.
+
+The default setup auto-updates packages in the main and security
+archives, which means that only stable and security updates are
+applied.
This can be changed either with the
-"Unattended-Upgrade::Origins-Pattern" or the
-"Unattended-Upgrade::Allowed-Origins" apt configuration lists.
+"Unattended-Upgrade::Allowed-Origins" or the
+"Unattended-Upgrade::Origins-Pattern" apt configuration lists, which
+can be configured in /etc/apt/apt.conf.d/50unattended-upgrades.
+Also in this file are a range of other options that can be configured.
+
+Allowed-Origins is a simple list of patterns of the form
+"origin:archive".
-The Unattended-Upgrade::Origins-Pattern is a flexible matting
-mechanism. The entries in a single line need to be all matched (its a
-logical AND). If you have multiple patterns one match for the complete
-pattern is enough (logical OR). E.g.:
+Origins-Pattern allows you to give a list of
+patterns to match against. For example:
Unattended-Upgrade::Origins-Pattern {
- "origin=Google\, Inc.,suite=aArchive";
+ "origin=Google\, Inc.,suite=contrib";
"site=www.example.com,component=main";
};
-will upgrade a package if either "origin matches google and
-suite=aArchive" or if the package comes from www.example.com and is in
-the component "main". The apt-cache policy short identifiers
-(o=Debian) are also supported.
-
-For Origins-Pattern its always (origin, archive) The value of "origin"
-is taken from the "Origin:" header in the file, the value of "archive"
-is taken from the "Suite:" header. This is also available via the
-"apt-cache policy" command (without further argument). E.g. security
-is listed there as "o=Debian" and "a=stable".
+will upgrade a package if either the origin is "Google, Inc." and
+suite is "contrib" or if it comes from www.example.com and is in
+component "main". The apt-cache policy short identifiers
+(e.g. "o" for "origin") are also supported.
-All operations will be logged in /var/log/unattended-upgrades/. This
+All operations are be logged in /var/log/unattended-upgrades/. This
includes the dpkg output as well.
-See https://wiki.ubuntu.com/AutomaticUpdates for more details about
-this feature.
-
-The following configuration options are supported via the standard
-apt configuration:
-"APT::UnattendedUpgrades::LogDir"
-"APT::UnattendedUpgrades::LogFile"
-"Unattended-Upgrade::Allowed-Origins"
-"Unattended-Upgrade::Package-Blacklist"
-"Unattended-Upgrade::Mail"
-
-If you use the mail feature, make sure that /usr/bin/mail is available
-and working (usually the mailx package is required).
-
== Debugging ==
If something goes wrong or if you want to report a bug about the way
the script works its a good idea to run:
+
$ sudo unattended-upgrade --debug --dry-run
and look at the resulting logfile in:
/var/log/unattended-upgrades/unattended-upgrades.log
then. It will contain additional debug information.
-
-== Config example ==
-
-A example configuration that will install from the
-jaunty-security and jaunty-updates repositories daily:
-
-------------------------------8<--------------------------------------
-// Automaticall upgrade packages from these origin patterns
-Unattended-Upgrade::Allowed-Origins {
- "o=Debian,l=Debian-Security,a=stable";
-};
-
-// List of packages to not update
-Unattended-Upgrade::Package-Blacklist {
-// "vim";
- "libc6";
- "libc6-dev";
- "libc6-i686";
-};
-
-// Send email to this address for problems or packages upgrades
-// If empty or unset then no email is sent
-//Unattended-Upgrade::Mail "root@localhost";
-
-// These APT::Periodic settings mean that each day the /etc/cron.daily/apt
-// cron job will the update package list, download packages and then run
-// unattended-grade to install them.
-// Lock/Stamp files are in /var/lib/apt/periodic/
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-------------------------------8<--------------------------------------
-
