0

Debian 11.

I have 2 repos:

My local :

950 https://repo.local.com/debian11-security-test bullseye-security/main amd64 Packages      release o=Debian,a=bullseye-security,n=bullseye-security,l=repo.local.com-test,c=main,b=amd64      origin repo.local.com

Debian-security:

500 http://security.debian.org bullseye-security/main amd64 Packages release v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=main,b=amd64 origin security.debian.org

I want Unattended-upgrade to install updates only from my repo:

Unattended-Upgrade::Origins-Pattern {  
     "origin=Debian,codename=${distro_codename}-security,label=repo.local.com*";  
}

Trying it in debug mode and see it's downloading from security.debian.org:

unattended-upgrade --dry-run -d

Get:29 http://security.debian.org bullseye-security/main amd64 linux-image-5.10.0-21-amd64 amd64 5.10.162-1 [55.5 MB]                                                                                    
Get:45 http://security.debian.org bullseye-security/main amd64 linux-image-amd64 amd64 5.10.162-1 [1484 B]
Checking: linux-image-amd64 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'bullseye-security' origin:'Debian' label:'repo.local.com-test' site:'repo.local.com' isTrusted:True>])
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 55519352 DestFile:'/var/cache/apt/archives/linux-image-5.10.0-21-amd64_5.10.162-1_amd64.deb' DescURI: 'http://security.debian.org/pool/...

If I comment out security.debian.org in source.list unattendet-upgrade starts using my repo:

Get:39 https://repo.local.com/debian11-security-test bullseye-security/main amd64 linux-image-5.10.0-21-amd64 amd64 5.10.162-1 [55.5 MB]                                                                  
Get:45 https://repo.local.com/debian11-security-test bullseye-security/main amd64 linux-image-amd64 amd64 5.10.162-1 [1484 B]                                                                             
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 55519352 DestFile:'/var/cache/apt/archives/linux-image-5.10.0-21-amd64_5.10.162-1_amd64.deb' DescURI: 'https://repo.local.com/debian11-security-test/pool/main/l/linux-signed-amd64/linux-image-5.10.0-21-amd64_5.10.162-1_amd64.deb' ID:39 ErrorText: ''>

But I don't want to comment it so I could manual update from official repo.

Version of packeges the same in both repos:

apt-cache policy linux-image-amd64  
linux-image-amd64:  
     Installed: 5.10.84-1  
     Candidate: 5.10.162-1  
     Version table:  
      5.10.162-1 950  
         500 http://security.debian.org bullseye-security/main amd64 Packages  
         950 https://repo.local.com/debian11-security-test bullseye-security/main amd64 Packages

Tried several Origins-Patterns:

Unattended-Upgrade::Origins-Pattern {  
     "origin=Debian,codename=${distro_codename}-security,label=repo.local.com*";  
}  
Unattended-Upgrade::Origins-Pattern {  
     "label=repo.local.com-test";  
}  
Unattended-Upgrade::Origins-Pattern {  
     "site=repo.local.com";  
}

And Unattended-upgrade still downloading from http://security.debian.org

How can I make Unattended-upgrade use only my local repo for update without disabling official repo?

Danethz
  • 1
  • 2

0 Answers0