Debian unattended-upgrades does not upgrade all packages

upgrade debian update automatic-updates

I have installed the Debian unattended-upgrades package. It upgrades most, but not all packages. If I execute apt-get upgrade after it has run, a few more packages will be installed.

Here's my /etc/apt/sources.list:

deb http://ftp.de.debian.org/debian/ squeeze main non-free
deb-src http://ftp.de.debian.org/debian/ squeeze main non-free

deb http://security.debian.org/ squeeze/updates main non-free
deb-src http://security.debian.org/ squeeze/updates main non-free

# squeeze-updates, previously known as 'volatile'
deb http://ftp.de.debian.org/debian/ squeeze-updates main non-free
deb-src http://ftp.de.debian.org/debian/ squeeze-updates main non-free

# squeeze backports
deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free

# LTS
deb http://http.debian.net/debian/ squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free

And here's my /etc/apt/apt.conf.d/50unattended-upgrades file. My guess is that the problem might be in the first few lines which are supposed to match my sources.list entries:

// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
    "${distro_id} stable";
    "${distro_id} ${distro_codename}-security";
    "${distro_id} ${distro_codename}/updates";
    "${distro_id} ${distro_codename}-updates";
    "${distro_id} ${distro_codename}-backports";
    "${distro_id} ${distro_codename}-lts";
};

// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

Here's an excerpt of the log file:

2014-11-19 22:37:15,159 INFO Initial blacklisted packages:
2014-11-19 22:37:15,160 INFO Starting unattended upgrades script
2014-11-19 22:37:15,160 INFO Allowed origins are: ["('Debian', 'stable')", "('Debian', 'squeeze-security')", "('Debian', 'squeeze/updates')", "('Debian', 'squeeze-updates')", "('Debian', 'squeeze-backports')", "('Debian', 'squeeze-lts')"]
2014-11-19 22:37:54,146 INFO Packages that are upgraded: apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common apt apt-utils bash bind9-host dnsutils file gnupg gpgv host libbind9-60 libc-bin libc6 libdns69 libgnutls26 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 libmagic1 libmysqlclient16 libpq5 libssl0.9.8 libtasn1-3 libxml2 linux-base linux-image-2.6.32-5-amd64 locales mysql-client mysql-client-5.1 mysql-common openssl postgresql postgresql-8.4 postgresql-client postgresql-client-8.4 procmail python2.6 python2.6-minimal rsyslog tzdata wget
2014-11-19 22:37:54,147 INFO Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2014-11-19_22:37:54.147207.log'
2014-11-19 22:39:33,921 INFO All upgrades installed

Finally, here are the packages that are not installed. This line is executed right after the unattended-upgrades package ran.

# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  python-reportbug
The following packages will be upgraded:
  base-files dpkg exim4 exim4-base exim4-config exim4-daemon-light libdbi-perl libxfont1 openssh-client openssh-server ssh
11 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B/6,839 kB of archives.
After this operation, 45.1 kB disk space will be freed.
Do you want to continue [Y/n]?

Please advise how to fix the config files so that also these packages get updated.


After reading the source code I figured it out. Debian Squeeze is now named "oldstable". Here is the relevant section for Debian Squeeze:

// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
    "${distro_id} oldstable";
    "${distro_id} ${distro_codename}-security";
    "${distro_id} ${distro_codename}-lts";
    "${distro_id} ${distro_codename}-updates";
    "${distro_id} ${distro_codename}-backports";
};

While I'm at it, here is the configuration file for Debian Wheezy:

// Automatically upgrade packages from these origin patterns
Unattended-Upgrade::Origins-Pattern {
    // Archive or Suite based matching:
    // Note that this will silently match a different release after
    // migration to the specified archive (e.g. testing becomes the
    // new stable).
    "o=Debian,a=stable";
    "o=Debian,a=stable-updates";
    "o=Debian,a=stable-backports";
//  "origin=Debian,archive=stable,label=Debian-Security";
//  "origin=Debian,archive=oldstable,label=Debian-Security";
};

Related

Dockerfile separation of concerns for a secure apache httpd server with respect to SSL certification files
How do I disable the metadata lookup at cirros boot?
HP Procurve 2920 VLANs with DHCP cannot ping
How to use CNAME to external hosts on local DNS Server?
Set MTU of interface via powershell
Puppet: How to skip restart during package upgrade until config is replaced?
SCSI disks capped at 40 MB/s
Windows Event Collector Load Balancing to multiple Collectors
Rename Junk folder in dovecot IMAP server
Strange non-delivery behavior with Office 365 Hosted Exchange
How can I introspect the "shared subtree" mount flags for a particular mount?
ProxyPassReverse Not Working with 302 Redirect