Merge pull request #126 from hkcomori/addlist

Additional list for Unattended-Upgrade::Allowed-Origins
geerlingguy · Jun 21, 2024 · 6897a35 · 6897a35
2 parents 5c60c8d + 3dce65c
commit 6897a35
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -78,6 +78,12 @@ Whether to install/enable `yum-cron` (RedHat-based systems) or `unattended-upgra
 
 (Debian/Ubuntu only) A listing of packages that should not be automatically updated.
 
+    security_autoupdate_additional_origins: []
+    # - "${distro_id}ESM:${distro_codename}-infra-security"
+    # - "Docker:${distro_codename}"
+
+(Debian/Ubuntu only) A listing of origins to reference.
+
     security_autoupdate_reboot: false
 
 (Debian/Ubuntu only) Whether to reboot when needed during unattended upgrades.

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -17,6 +17,7 @@ security_sudoers_passworded: []
 
 security_autoupdate_enabled: true
 security_autoupdate_blacklist: []
+security_autoupdate_additional_origins: []
 
 # Autoupdate mail settings used on Debian/Ubuntu only.
 security_autoupdate_reboot: "false"

diff --git a/templates/50unattended-upgrades.j2 b/templates/50unattended-upgrades.j2
@@ -11,6 +11,9 @@ Unattended-Upgrade::MailOnlyOnError "true";
 Unattended-Upgrade::Allowed-Origins {
         "${distro_id} ${distro_codename}-security";
 //      "${distro_id} ${distro_codename}-updates";
+{% for origin in security_autoupdate_additional_origins %}
+        "{{ origin }}";
+{% endfor %}
 };
 
 Unattended-Upgrade::Package-Blacklist{