Unattended-Upgrade::Origins-Pattern from 50unattended-upgrades apparently can't be "overruled" #145
Comments
|
Thanks for your report! Could you please let us know which version of the role you are making use of? |
|
v2.0.1 pulled from Ansible Galaxy on May 02nd, 2023 Edit: Just noticed that there is an updated version available, upgraded and the issue now seems to be solved. The "#clear" statements in the 90-ansible-unattended-upgrades.conf did the trick. Issue may be closed |
|
as mentioned, issue seems to be resolved in 3.2.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that the way that apt and unattendedupgrades handle the config file parsing, Unattended-Upgrade::Origins-Pattern will be evaluated cumulatively and cannot be overwritten in a "higher-ranking" config file (neither on buster, bullseye or bookworm).
While this won't pose a problem for "additional" origins, it is currently impossible to limit the allowed origins to only those given in the playbook (or the role's defaults). I don't have an idea for a solution just yet, but I think this limitation is at least something that should be mentioned in the Readme until it's solved
How to test: note the allowed origins in /etc/apt/apt.conf.d/50unattended-upgrades and those in 90-ansible-unattended-upgrades, then run
unattended-upgrades --dry-run -vand note the list of allowed origins containing all entries of both filesThe text was updated successfully, but these errors were encountered: