The usual advice regarding enabling unattended upgrades for some repository is to edit /etc/apt/apt.conf.d/50unattended-upgrades and manually add the appropriate Origin values. I wonder whether one can add to this list by specifying multiple Unattended-Upgrade::Allowed-Origins blocks, or does any subsequent block override previous ones?
The use case is a local repository, which is added to the system by installing a package. I would like to enable unattended upgrades by adding a 99local_repo_conf file to the package, with an Unattended-Upgrade::Allowed-Origins block containing that repository's Origin data. Will such a block override previous entries and prevent unattended upgrades of Ubuntu repositories?
Apparently, even though I can't find any documentation of it, this is indeed the behaviour.
$ cat /etc/apt/apt.conf.d/*upgrades*
Unattended-Upgrade::Allowed-Origins {
"CSE:trusty";
};
Unattended-Upgrade::Automatic-Reboot-Time "05:00";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
};
...
$ sudo unattended-upgrade --dry-run --debug
Initial blacklisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=CSE,a=trusty', 'o=Ubuntu,a=trusty-security']
pkgs that look like they should be upgraded:
...
Of course, the fact that entries are concatenated maybe a property of APT's configuration syntax, and documentation related to unattended-upgrade needn't mention it.
Can anyone provide documentation corroborating this?
