2016-08-19 17:27:17 +02:00
|
|
|
// Automatically upgrade packages from these (origin:archive) pairs
|
2020-10-23 02:49:41 +02:00
|
|
|
//
|
|
|
|
// Note that in Ubuntu security updates may pull in new dependencies
|
|
|
|
// from non-security sources (e.g. chromium). By allowing the release
|
|
|
|
// pocket these get automatically pulled in.
|
2016-08-19 17:27:17 +02:00
|
|
|
Unattended-Upgrade::Allowed-Origins {
|
2020-10-23 02:49:41 +02:00
|
|
|
"${distro_id}:${distro_codename}";
|
|
|
|
"${distro_id}:${distro_codename}-security";
|
2020-11-13 06:36:07 +01:00
|
|
|
"${distro_id}:${distro_codename}-updates";
|
2020-10-23 02:49:41 +02:00
|
|
|
// Extended Security Maintenance; doesn't necessarily exist for
|
|
|
|
// every release and this system may not have it installed, but if
|
|
|
|
// available, the policy for updates is such that unattended-upgrades
|
|
|
|
// should also install from here by default.
|
|
|
|
"${distro_id}ESMApps:${distro_codename}-apps-security";
|
|
|
|
"${distro_id}ESM:${distro_codename}-infra-security";
|
2016-08-19 17:27:17 +02:00
|
|
|
};
|
|
|
|
|
2020-10-23 02:49:41 +02:00
|
|
|
// Python regular expressions, matching packages to exclude from upgrading
|
2016-08-19 17:27:17 +02:00
|
|
|
Unattended-Upgrade::Package-Blacklist {
|
2020-10-23 02:49:41 +02:00
|
|
|
"libc\d+";
|
|
|
|
"memcached$";
|
|
|
|
"nginx-full$";
|
|
|
|
"postgresql-\d+$";
|
|
|
|
"rabbitmq-server$";
|
2023-05-16 22:29:34 +02:00
|
|
|
"erlang-base$";
|
2020-10-23 02:49:41 +02:00
|
|
|
"redis-server$";
|
|
|
|
"supervisor$";
|
2016-08-19 17:27:17 +02:00
|
|
|
};
|
|
|
|
|
2020-10-23 02:49:41 +02:00
|
|
|
// This option controls whether the development release of Ubuntu will be
|
|
|
|
// upgraded automatically. Valid values are "true", "false", and "auto".
|
|
|
|
Unattended-Upgrade::DevRelease "false";
|
|
|
|
|
2016-08-19 17:27:17 +02:00
|
|
|
// This option allows you to control if on a unclean dpkg exit
|
2020-10-23 02:49:41 +02:00
|
|
|
// unattended-upgrades will automatically run
|
2016-08-19 17:27:17 +02:00
|
|
|
// dpkg --force-confold --configure -a
|
2020-10-23 02:49:41 +02:00
|
|
|
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
|
2016-08-19 17:27:17 +02:00
|
|
|
|
|
|
|
// Split the upgrade into the smallest possible chunks so that
|
2020-10-23 02:49:41 +02:00
|
|
|
// they can be interrupted with SIGTERM. This makes the upgrade
|
2016-08-19 17:27:17 +02:00
|
|
|
// a bit slower but it has the benefit that shutdown while a upgrade
|
|
|
|
// is running is possible (with a small delay)
|
2020-10-23 02:49:41 +02:00
|
|
|
Unattended-Upgrade::MinimalSteps "true";
|
2016-08-19 17:27:17 +02:00
|
|
|
|
2020-10-23 02:49:41 +02:00
|
|
|
// Remove unused automatically installed kernel-related packages
|
|
|
|
// (kernel images, kernel headers and kernel version locked tools).
|
|
|
|
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
|
2016-08-19 17:27:17 +02:00
|
|
|
|
2020-10-23 02:49:41 +02:00
|
|
|
// Do automatic removal of newly unused dependencies after the upgrade
|
|
|
|
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
|
2016-08-19 17:27:17 +02:00
|
|
|
|
2020-10-23 02:49:41 +02:00
|
|
|
// Do automatic removal of unused packages after the upgrade
|
2016-08-19 17:27:17 +02:00
|
|
|
// (equivalent to apt-get autoremove)
|
|
|
|
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
|
|
|
|
|
|
|
|
// Automatically reboot *WITHOUT CONFIRMATION*
|
|
|
|
// if the file /var/run/reboot-required is found after the upgrade
|
2020-10-23 02:49:41 +02:00
|
|
|
Unattended-Upgrade::Automatic-Reboot "false";
|