Support unattended-upgrades specific APT configuration

[rbalint]

There are some cases, such as #286 where it would be desired if unattended-upgrades would use a different APT configuration, than APT's command line interface.
The proposed solution is reading config from /etc/apt/unattended-upgrades.conf and /etc/apt/unattended-upgrades.conf.d/ overriding values in /etc/apt/apt.conf{|.d}.

[julian-klode]

FWIW, APT uses Binary::<name>::<foo> options that it then moves into <foo> to set different options for different binaries, which might be applicable here too. Though I don't think the move subtree function is exposed yet.

[rbalint]

@julian-klode Interesting! In case of u-u would the <name> be unattended-upgrade or python3 ?

[rbalint]

@julian-klode Would you prefer u-u using and documenting the Binary::<name> interface or have the separate config (dir)?

[duven87]

Hi,
I have been looking for options on how to let update specific packages and I can't find anything.
In my case, I want my servers to only update updates with the security label with the exception of cloud-init, qemu-agent,etc. which is with label updates.
I have tried:

"origin=cloudinit";

but it keeps ignoring it.
Is there any idea in the future to add package update exceptions ignoring allow pattern/origin policies?