Raspbian

Unattended upgrades doesn't work

Bug #1973239 reported by RoyK on 2022-05-12

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Raspbian	New	Undecided	Unassigned

Bug Description

Hi all

Seems that on Raspbian Buster, the default config for unattended-upgrades in /etc/apt/apt.conf.d/50unattended-upgrades, is faulty. The default is

Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
}

(after removing whitespace and comments)

This does not work, since there's no such thing as Debian in the repos. This, however, works

Unattended-Upgrade::Origins-Pattern {
"origin=Raspbian,codename=${distro_codename},label=Raspbian";
"origin=Raspbian,codename=${distro_codename},label=Raspbian-Security";
}

I don't have a pi with Bullseye here atm, so I don't know the status for that yet.

Revision history for this message

RoyK (roysk) wrote on 2022-05-16:

Apparently, the change above removed some error messages, but it still doesn't fix the issue, meaning unttended upgrades still do not work. As this is quite important security wise, can someone please look into this? I've tried with a varity of changes in the pattern above without any luck.

information type:

Private Security → Public Security

Revision history for this message

RoyK (roysk) wrote on 2022-05-16:

Please note that the above 'fix' doesn't fix the issue either. However, this seems to work

Unattended-Upgrade::Origins-Pattern {
"origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation";
};

I tried to add -security and -updates too, as in

Unattended-Upgrade::Origins-Pattern {
      "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation";
      "origin=Raspberry Pi Foundation,codename=${distro_codename}-security,label=Raspberry Pi Foundation";
      "origin=Raspberry Pi Foundation,codename=${distro_codename}-updates,label=Raspberry Pi Foundation";
};

but found no change on updated packages.

As mentioned, I don't know if this is relevant in regards to Bullseye, but I'll get back on that as soon as I can get my hands dirty on that.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.