Ubuntu 16.04 - Apply ESM security patches only using unattended-upgrade

Question

We have purchased ESM for a number Ubuntu 16.04 servers, installed Ubuntu Advantage Tools and enabled UA. How can I install only security patches including ESM using unattended-upgrade command? We don't want to run 'apt-get upgrade'

It's a question for ESM support. Here is off-topic. – ChanganAuto Nov 18 '21 at 16:59 — ChanganAuto, Nov 18 '21 at 16:59

score 4 · Answer 1 · answered Nov 18 '21 at 17:16

The setting for Unattended-Upgrade::Allowed-Origins affects what repositories are used by unattended-upgrade. These are defined by default in /etc/apt/apt.conf.d/50unattended-upgrades.

You could add a separate configuration file (e.g. /etc/apt/apt.conf.d/90custom) with the content

#clear Unattended-Upgrade::Allowed-Origins;
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}ESM:${distro_codename}";
        "${distro_id}ESM:${distro_codename}-updates";
        "${distro_id}ESM:${distro_codename}-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}ESMApps:${distro_codename}-apps-security";
};

These entries match all ESM repo formats for all distros that I have worked with, but you can tailor for your needs.

I like to use a separate configuration file to avoid conflicts with system packages that update the default configuration file.

Ubuntu 16.04 - Apply ESM security patches only using unattended-upgrade

1 Answers1