Comments (2)
I can confirm this behavior through all of my systems, mainly debian 9 stretch, as well.
I quickly checked that this will work on stretch as expected, the suggested switch to package filtering by codename sounds like a good idea:
origin=Debian,codename=stretch,label=Debian-Security
If we don't do this, it will break again in the future.
What I can't check if this will work on all other supported systems though. We should get someone with other/older debian and ubuntu versions to also check if the codename filter works there as well.
After we have all confirmations, we can adjust the already existing structure in params.pp
to set codename where possible, and leave everything else in the old style.
Also if you want to find out about the naming of an apt source, information can be found in /var/lib/apt/lists
.
Example:
# head /var/lib/apt/lists/security.debian.org_dists_stretch_updates_InRelease
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Origin: Debian
Label: Debian-Security
Suite: oldstable
Version: 9
Codename: stretch
Date: Wed, 14 Aug 2019 06:21:29 UTC
Valid-Until: Sat, 24 Aug 2019 06:21:29 UTC
Edit:
Jessie seems to carry the codename too:
http://security-cdn.debian.org/dists/jessie/updates/Release
Origin: Debian
Label: Debian-Security
Suite: oldoldstable
Version: 8
Codename: jessie
Date: Wed, 14 Aug 2019 06:21:29 UTC
Valid-Until: Sat, 24 Aug 2019 06:21:29 UTC
Architectures: amd64 armel armhf i386
Components: updates/main updates/contrib updates/non-free
Description: Debian 8 Security Updates
Buster should also be safe:
http://security-cdn.debian.org/dists/buster/updates/Release
Origin: Debian
Label: Debian-Security
Suite: stable
Version: 10
Codename: buster
Date: Wed, 14 Aug 2019 06:21:29 UTC
Valid-Until: Wed, 21 Aug 2019 06:21:29 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
Components: updates/main updates/contrib updates/non-free
Description: Debian 10 - Security Updates
from puppet-unattended_upgrades.
The attached PR should fully cover this issue and also move to codename based filtering where possible (jessie, stretch, buster), tests have been adapted, and some validation for codename based filtering provided in my comment above.
Not sure if there is any process for me to follow now for the PR to get reviewed/merged?
from puppet-unattended_upgrades.
Related Issues (20)
- (Confirm) Ubuntu 18.04 support HOT 3
- Support puppetlabs-apt > 5 HOT 1
- Add support for Debian 10 HOT 2
- Typo in Readme HOT 5
- new release HOT 6
- new release HOT 1
- minimize changes with default unattended-upgrades configuration HOT 2
- Add syslog support
- No version of 'puppet-unattended_upgrades' can satisfy all dependencies HOT 2
- 1
- random_sleep is ignored on machines using systemd HOT 13
- Debian 11 changes name of security suite
- [Ubuntu 20.04.3] Traceback when running unattended-upgrades --debug --dry-run HOT 3
- Please allow setting allow-releaseinfo-change Debian/Ubuntu
- Relax valadation for newer Periodic interval options
- T HOT 2
- Title HOT 1
- buildin function merge got deprecated in puppet 8 HOT 3
- Error while evaluating a Resource Statement, Duplicate declaration: Package[unattended-upgrades] is already declared HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-unattended_upgrades.