Patches for Debian Channels and Unattended Upgrades

[rhar78]

Question

Apologies if these questions have been asked previously. I've searched your Issues but found nothing quite covering these questions.

Currently we do not have any patches appearing in the Patches column of the UI for Debian Channels. See attached image.

This is after a full sync (via the Cron overnight).

Patches/errata appear for other OSs just not for Debian it seems. Is this broken or is there a way to fix it?

Furthermore, we have been using Unattended Upgrades in our environment. This does not appear to work against Ubuntu or Debian OSs with the following defaults values in /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

Is there a special option to point to the Uyuni repositories in this file? Perhaps a more accurate entry to provide to Origins-Pattern than the following:

Unattended-Upgrade::Origins-Pattern {
        #"origin=*";
};

which is far too general.

We realize that Uyuni provides a tick box, under Uyuni > Systems > Details > Properties > Auto Patch Update "Automatic application of relevant patches"

We would use this as an alternative option so long as the Patches appear in Channel and are linked to the systems we have.

A final question on this. If we want to enable this setting against multiple servers (>100) is there a CLI option for this?

The UI is not ideal if needing to traverse and set the flag against hundreds of servers.  

Version of Uyuni Server and Proxy (if used)

No proxy, VM (legacy Server build). Version 2024.07

zypper info Uyuni-Server-release and zypper info Uyuni-Proxy-release (if used)

[mcalmer]

Debian and Ubuntu do not know the concept of Patches. SUSE and RedHat style OSes have in there repositories metadata which define it (updateinfo.xml).
For Ubuntu we have developed something to parse the USN database and convert it to Patches. For Debian we do not have it (yet).

[rhar78]

Perhaps I need to rephrase. The questions were:

1. how do we get patches to appear in the UI for Debian?
2. how can I configure unattended-upgrades so Uyuni will work with it? and
3. how can we configure patching via UI (across multiple, or more that 100 hosts) via the CLI?

Your response certainly explains the first question. Thankyou. Are the other two questions answerable?

[mcalmer]

About 2 I cannot say much as I have not much knowledge about how apt works. This is something somebody needs to debug who has deeper insight into how apt is working.

About 3 For automated updates you can try https://www.uyuni-project.org/uyuni-docs/en/uyuni/common-workflows/workflow-clients-update-rec-actions.html
For CLI check spacecmd command:
help ssm - for how to add systems or groups into ssm
help system_upgradepackage - upgrade packages

[rhar78]

Thank you very much for your help.