From e47b47cd8797dc45a03d0e4f5079cb69fce16b8b Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Tue, 5 Nov 2024 11:23:31 +0100 Subject: apt: add a helpful comment to 50unattended-upgrades --- roles/apt/templates/50unattended-upgrades.j2 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/roles/apt/templates/50unattended-upgrades.j2 b/roles/apt/templates/50unattended-upgrades.j2 index 389bb2b..57c8d20 100644 --- a/roles/apt/templates/50unattended-upgrades.j2 +++ b/roles/apt/templates/50unattended-upgrades.j2 @@ -1,5 +1,25 @@ {{ ansible_managed | comment }} +// Lines below have the format format is "keyword=value,...". A +// package will be upgraded only if the values in its metadata match +// all the supplied keywords in a line. (In other words, omitted +// keywords are wild cards.) The keywords originate from the Release +// file, but several aliases are accepted. The accepted keywords are: +// a,archive,suite (eg, "stable") +// c,component (eg, "main", "contrib", "non-free") +// l,label (eg, "Debian", "Debian-Security") +// o,origin (eg, "Debian", "Unofficial Multimedia Packages") +// n,codename (eg, "jessie", "jessie-updates") +// site (eg, "http.debian.net") +// The available values on the system are printed by the command +// "apt-cache policy", and can be debugged by running +// "unattended-upgrades -d" and looking at the log file. +// +// Within lines unattended-upgrades allows 2 macros whose values are +// derived from /etc/debian_version: +// ${distro_id} Installed origin. +// ${distro_codename} Installed codename (eg, "buster") + Unattended-Upgrade::Origins-Pattern { "origin=${distro_id},codename=${distro_codename}"; "origin=${distro_id},codename=${distro_codename}-security"; -- cgit v1.2.3