From 16d7fe871ccfb52f4b5bddc8b8ca3f25a7755b65 Mon Sep 17 00:00:00 2001
From: Jared Hampson <jhampson.dbre@gmail.com>
Date: Mon, 28 Mar 2022 22:40:02 -0500
Subject: [PATCH] fix(harden_os): Fix unattended-upgrades with Debian 11

In Debian 11, the security archive layout was changed, requiring `-security` to be added to the origins pattern.

Fixes #38
---
 roles/harden_os/templates/50unattended-upgrades.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/harden_os/templates/50unattended-upgrades.j2 b/roles/harden_os/templates/50unattended-upgrades.j2
index 2636caa..a54d19c 100644
--- a/roles/harden_os/templates/50unattended-upgrades.j2
+++ b/roles/harden_os/templates/50unattended-upgrades.j2
@@ -20,6 +20,7 @@ Unattended-Upgrade::Allowed-Origins {
 Unattended-Upgrade::Origins-Pattern {
         "origin=${distro_id},codename=${distro_codename},label=${distro_id}";
         "origin=${distro_id},codename=${distro_codename},label=${distro_id}-Security";
+        "origin=${distro_id},codename=${distro_codename}-security,label=${distro_id}-Security";
 };
 
 // Python regular expressions, matching packages to exclude from upgrading