Unattended-Upgrade::Allowed-Origins variables don't work

[ephemeros]

Noticed that the Allowed-Origins variables are passing through with {} characters around them, which breaks the unattended-upgrades package because those characters shouldn't be there in the actual config file. Upon examination of /manifests/params.pp, I saw that there were lint errors warning about single quoted strings containing variables which were ignored, see here for documentation:

http://puppet-lint.com/checks/single_quote_string_with_variables/

These variables in params.pp should be double quoted, which I am going to change and test on my own PE server. I will advise if that works.

[nibalizer]

I think this is a dup of #14 ?

[ephemeros]

Looks like it is; I didn't look at the pull requests before submitting this. My apologies. Notably, however, changing those variables to double quoted does not seem to have fixed the problem for me; in my unattended-upgrades.log I'm still seeing {Ubuntu} and {trusty} on an Ubuntu 14.04 machine.

[cpick]

This is a dupe of #14 it doesn't have to do single vs double quotes (single quotes are correct in this instance as it is apt/unattended-upgrades that should be doing the variable substitution, not puppet).

The braces are ending up in unattended upgrade's logs because apt is substituting just the "$distro_id" portion within the braces and not the full "${distro_id}" section as it would if the dollar sign and brace aren't transposed.

[ephemeros]

Fixing the transposition of the $ and { did not resolve the issue. After further testing, however, I determined what the problem was.

The /etc/apt/apt.conf.d/50unattended-upgrades file expects its origins section to be formatted as such:

Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; "${distro_id}:${distro_codename}-updates"; };

Note that the origins are key/value pairs with a colon separating them. After changing the following in params.pp (beginning at line 42)

$origins = ['{$distro_id} {$distro_codename}-security', #lint:ignore:single_quote_string_with_variables '{$distro_id} {$distro_codename}-updates',] #lint:ignore:single_quote_string_with_variables

To:

$origins = ['{$distro_id}:{$distro_codename}-security', #lint:ignore:single_quote_string_with_variables '{$distro_id}:{$distro_codename}-updates',] #lint:ignore:single_quote_string_with_variables

...the 50unattended-upgrades file is correctly populated, and the unattended-upgrades package works correctly.

[GhostLyrics]

@ephemeros you only need the : if your repository name contains a space character as in:

Google\, Inc.:stable

[ephemeros]

The standard Ubuntu repositories do not contain spaces. Thus, when I tested after making the above change, I received the following output:

sudo unattended-upgrades --verbose --dry-run Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=trusty-security', 'o=Ubuntu,a=trusty-updates'] Packages that are auto removed: '' Option --dry-run given, *not* performing real actions (package operations omitted for the sake of brevity; but they worked as they should)

You may not need a colon if you're writing the file yourself, with static origins instead of variables, but the file clearly states "Automatically upgrade packages from these (origin:archive) pairs which is what led me to try inserting those colons.

[igalic]

i just use *:* :P

[daenney]

Closing as a dupe of #14 for now. Will look at it further if it pops up again.