Debian 无人值守升级不安装软件包

Debian unattended upgrade doesn't install a package

我正在检查 Debian Buster 的无人值守升级。 默认情况下,“Label=Debian”和“Label=Debian-Security”都是允许的。 有一个软件包 ca-certificates 有更新但由于某种原因不会被安装。

apt-get upgrade 允许我安装 ca 证书。

Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  ca-certificates
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 158 kB of archives.
After this operation, 3,072 B disk space will be freed.
Do you want to continue? [Y/n] n

但是当我 运行 无人值守升级时它不会安装它。

Initial whitelist:
Starting unattended upgrades script
Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^linux-image-unsigned-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*|^linux-buildinfo-[0-9]+\.[0-9\.]+-.*|^linux-source-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.19\.0\-8\-amd64$|^linux-headers-4\.19\.0\-8\-amd64$|^linux-image-extra-4\.19\.0\-8\-amd64$|^linux-modules-4\.19\.0\-8\-amd64$|^linux-modules-extra-4\.19\.0\-8\-amd64$|^linux-signed-image-4\.19\.0\-8\-amd64$|^linux-image-unsigned-4\.19\.0\-8\-amd64$|^kfreebsd-image-4\.19\.0\-8\-amd64$|^kfreebsd-headers-4\.19\.0\-8\-amd64$|^gnumach-image-4\.19\.0\-8\-amd64$|^.*-modules-4\.19\.0\-8\-amd64$|^.*-kernel-4\.19\.0\-8\-amd64$|^linux-backports-modules-.*-4\.19\.0\-8\-amd64$|^linux-modules-.*-4\.19\.0\-8\-amd64$|^linux-tools-4\.19\.0\-8\-amd64$|^linux-cloud-tools-4\.19\.0\-8\-amd64$|^linux-buildinfo-4\.19\.0\-8\-amd64$|^linux-source-4\.19\.0\-8\-amd64$) regexp to find running kernel packages
Checking: ca-certificates ([<Origin component:'main' archive:'stable-updates' origin:'Debian' label:'Debian' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: ca-certificates=20190110
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
blacklist: []
whitelist: []
No packages found that can be upgraded unattended and no pending auto-removals

apt-cache policy ca-certificates 显示新版本:

  Installed: 20190110
  Candidate: 20200601~deb10u1
  Version table:
     20200601~deb10u1 500
        500 http://deb.debian.org/debian buster-updates/main amd64 Packages
 *** 20190110 500
        500 http://deb.debian.org/debian buster/main amd64 Packages
        100 /var/lib/dpkg/status

那么为什么没有安装呢?

'Allowed origins are' 行指定允许从 DebianDebian-Security 升级。

apt-cache policy ca-certificates 的输出中,您可以看到 ca-certificates 来自不同的来源,buster-updates

要更改此设置,您可以取消注释 /etc/apt/apt.conf.d/50unattended-upgrades 中的 "origin=Debian,codename=${distro_codename}-updates"; 行或在以后的文件中覆盖 Unattended-Upgrade::Origins-Pattern 配置。