Add support for Allowed-Origins (used by default in Ubuntu 18.04)

[RogerSik]

With Ubuntu 18.04 the variable in /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Origins-Pattern
changed to
Unattended-Upgrade:Allowed-Origins

Otherwise this error appears:
Traceback (most recent call last): File "/usr/bin/unattended-upgrade", line 1993, in <module> sys.exit(main(options)) File "/usr/bin/unattended-upgrade", line 1649, in main cache, options, allowed_origins, blacklisted_pkgs, whitelisted_pkgs) File "/usr/bin/unattended-upgrade", line 1340, in calculate_upgradable_pkgs ver_in_allowed_origin(pkg, allowed_origins) File "/usr/bin/unattended-upgrade", line 685, in ver_in_allowed_origin if is_allowed_origin(ver, allowed_origins): File "/usr/bin/unattended-upgrade", line 669, in is_allowed_origin if match_whitelist_string(allowed, origin): File "/usr/bin/unattended-upgrade", line 490, in match_whitelist_string for s in token.split("=")] ValueError: not enough values to unpack (expected 2, got 1)

[jnv]

Thanks for the report. According to the package's readme, both Origins-Pattern and Allowed-Origins should be still supported, but Allowed-Origins is used only in Ubuntu configuration file.

I'll check if I can reproduce that in CI.

[jnv]

@RogerSik I couldn't reproduce this issue on CI, could you please show me the role configuration and the contents of your /etc/apt/apt.conf.d/50unattended-upgrades file?

[RogerSik]

@jnv strange.

root@X:/etc/apt/apt.conf.d# cat /etc/apt/apt.conf.d/50unattended-upgrades
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
Unattended-Upgrade::Origins-Pattern {
      "${distro_id}:${distro_codename}";
      "${distro_id}:${distro_codename}-security";
      "${distro_id}ESM:${distro_codename}";
      "${distro_id}:${distro_codename}-updates";
      "${distro_id}:${distro_codename}-proposed";
      "${distro_id}:${distro_codename}-backports";
      "ubuntu icinga-${distro_codename}:icinga-${distro_codename}";
      "Docker:${distro_codename}";
  };

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "05:00";

unattended-upgrade runs in issue.

root@X:/etc/apt/apt.conf.d# unattended-upgrade -v --dry-run
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: Ubuntu:bionic, Ubuntu:bionic-security, UbuntuESM:bionic, Ubuntu:bionic-updates, Ubuntu:bionic-proposed, Ubuntu:bionic-backports, ubuntu icinga-bionic:icinga-bionic, Docker:bionic
Traceback (most recent call last):
  File "/usr/bin/unattended-upgrade", line 1993, in <module>
    sys.exit(main(options))
  File "/usr/bin/unattended-upgrade", line 1649, in main
    cache, options, allowed_origins, blacklisted_pkgs, whitelisted_pkgs)
  File "/usr/bin/unattended-upgrade", line 1340, in calculate_upgradable_pkgs
    ver_in_allowed_origin(pkg, allowed_origins)
  File "/usr/bin/unattended-upgrade", line 685, in ver_in_allowed_origin
    if is_allowed_origin(ver, allowed_origins):
  File "/usr/bin/unattended-upgrade", line 669, in is_allowed_origin
    if match_whitelist_string(allowed, origin):
  File "/usr/bin/unattended-upgrade", line 490, in match_whitelist_string
    for s in token.split("=")]
ValueError: not enough values to unpack (expected 2, got 1)
root@X:/etc/apt/apt.conf.d#

After changing Unattended-Upgrade::Origins-Pattern to Unattended-Upgrade::Allowed-Origins

root@X:/etc/apt/apt.conf.d# cat /etc/apt/apt.conf.d/50unattended-upgrades
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
Unattended-Upgrade::Allowed-Origins {
      "${distro_id}:${distro_codename}";
      "${distro_id}:${distro_codename}-security";
      "${distro_id}ESM:${distro_codename}";
      "${distro_id}:${distro_codename}-updates";
      "${distro_id}:${distro_codename}-proposed";
      "${distro_id}:${distro_codename}-backports";
      "ubuntu icinga-${distro_codename}:icinga-${distro_codename}";
      "Docker:${distro_codename}";
  };

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "05:00";

unattended-upgrade is then working.

unattended-upgrade -v --dry-run
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic, o=Ubuntu,a=bionic-updates, o=Ubuntu,a=bionic-proposed, o=Ubuntu,a=bionic-backports, o=ubuntu icinga-bionic,a=icinga-bionic, o=Docker,a=bionic
Option --dry-run given, *not* performing real actions
Packages that will be upgraded: base-files console-setup console-setup-linux grub-common grub-pc grub-pc-bin grub2-common icinga2 icinga2-bin icinga2-common icinga2-doc keyboard-configuration libicinga2 liblxc-common liblxc1 libnss-systemd libpam-systemd libperl5.26 libsystemd0 libudev1 linux-aws linux-headers-aws linux-image-aws lshw mdadm perl perl-base perl-modules-5.26 python3-software-properties python3-update-manager screen snapd software-properties-common systemd systemd-sysv udev unattended-upgrades update-manager-core x11-common
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log

[RogerSik]

If its helping the used playbook of this host.

---
- hosts: X
  become: yes

  tasks:
    - import_role:
        name: jnv-unattended-upgrades
      vars:
          unattended_origins_patterns:
            - "${distro_id}:${distro_codename}"
            - "${distro_id}:${distro_codename}-security"
            - "${distro_id}ESM:${distro_codename}"
            - "${distro_id}:${distro_codename}-updates"
            - "${distro_id}:${distro_codename}-proposed"
            - "${distro_id}:${distro_codename}-backports"
            - "ubuntu icinga-${distro_codename}:icinga-${distro_codename}"
            - "Docker:${distro_codename}"
          unattended_remove_unused_dependencies: true
          unattended_automatic_reboot: true
          unattended_automatic_reboot_time: 05:00

[jnv]

@RogerSik Thanks, I see that you use Allowed-Origins syntax in Origins-Pattern, which is unfortunately not compatible. However, Allowed-Origins can be easily rewritten to origin patterns, since it just a compact way to write origin:archive. For example the equivalent of ${distro_id}:${distro_codename} should be o=${distro_id},a=${distro_codename}.

I'm happy to add Allowed-Origins support as long it is backwards compatible (i.e. it won't be used with older versions of unattended-upgrades).

[behid]

Think this pull request solves this: #59

[jnv]

Okay, I will take a look at it during Holiday.

[dnrce]

Reproducing my comment from #59:

Origins-Pattern is the "new" option: mvo5/unattended-upgrades@f29c8f9

I'm not saying I disagree with having this option; I'm merely pointing out that this would be an enhancement to add further backwards compatibility rather than to future-proof. The already implemented option is viable for any version of unattended-upgrades since 2011.

[dnrce]

A README update might solve the confusion just as well.

[jnv]

I am closing this issue since this role has been deprecated. Feel free to suggest alternatives in #98.