Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to update Mattermost-Omnibus with unattended-upgrade? #58

Open
caugner opened this issue Jan 31, 2022 · 4 comments · May be fixed by #59
Open

How to update Mattermost-Omnibus with unattended-upgrade? #58

caugner opened this issue Jan 31, 2022 · 4 comments · May be fixed by #59

Comments

@caugner
Copy link

caugner commented Jan 31, 2022

I tried the following origin, but it doesn't seem to work:

# /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
        "deb.packages.mattermost.com:${distro_codename}";
};
@caugner
Copy link
Author

caugner commented Feb 3, 2022
edited
Loading

Unfortunately, the mattermost apt list seems to have an invalid origin: 🤔

$ grep -P "Origin|Suite" /var/lib/apt/lists/deb.packages.mattermost.com_dists_focal_InRelease                                                                          1 ↵
Origin: . focal
Suite: focal

$ grep -P "Origin|Suite" /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_focal-security_InRelease
Origin: Ubuntu
Suite: focal-security

Therefore, the only workaround for now seems to use Origins-Pattern instead of Allowed-Origins and allow unattended-upgrade to update every package:

Unattended-Upgrade::Origins-Pattern {
    "origin=*";
};

(Source: https://unix.stackexchange.com/a/427190)

edit: Another workaround is to add the current Origin:

# /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        ". focal:${distro_codename}";
}

@caugner
Copy link
Author

caugner commented Feb 3, 2022

Maybe this could be fixed by telling Aptly to set the Origin field to "mattermost" or similar here:

mattermost-omnibus/scripts/sync-and-publish

Lines 36 to 37 in 7ec7fe2

cp scripts/aptly.conf $HOME/.aptly.conf
aptly publish snapshot -batch -force-overwrite -gpg-key="${GPG_KEY_ID}" ${release}-snapshot "s3:remote:"

@caugner
Copy link
Author

caugner commented Feb 3, 2022
edited
Loading

Here are the origins that other repos use:

$ grep -hR Origin: /var/lib/apt/lists/ | sort -u                                                                                                                     130 ↵
Origin: apt.postgresql.org
Origin: . focal
Origin: nginx
Origin: Ubuntu

edit: And GitLab uses the following:

Origin: packages.gitlab.com/gitlab/gitlab-ee

@caugner
Copy link
Author

caugner commented Feb 3, 2022

FWIW If Mattermost's Origin field were set to "Mattermost" (to be consistent with "Ubuntu"), unattended upgrades could be configured as follows:

Unattended-Upgrade::Allowed-Origins {
        "Mattermost:${distro_codename}";
};

@caugner caugner linked a pull request Feb 3, 2022 that will close this issue
Open
@caugner caugner mentioned this issue Feb 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(publish): set aptly Origin + Label caugner/mattermost-omnibus
1 participant
@caugner