[Software] [Solved] Unattended upgrades doesn´t work

[magarpol]

Hi all,

I have a problem with unattended upgrades, exactly the same configuration work on another server, and after days of trying to solve it I gave up, I have tried everything that I found in the net.

Server: Debian GNU/Linux 12 (bookworm)
kernel: 6.1.0-18-amd64

Code: Select all

cat /etc/apt/apt.conf.d/50unattended-upgrades
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
//
// Lines below have the format format is "keyword=value,...".  A
// package will be upgraded only if the values in its metadata match
// all the supplied keywords in a line.  (In other words, omitted
// keywords are wild cards.) The keywords originate from the Release
// file, but several aliases are accepted.  The accepted keywords are:
//   a,archive,suite (eg, "stable")
//   c,component     (eg, "main", "contrib", "non-free")
//   l,label         (eg, "Debian", "Debian-Security")
//   o,origin        (eg, "Debian", "Unofficial Multimedia Packages")
//   n,codename      (eg, "jessie", "jessie-updates")
//     site          (eg, "http.debian.net")
// The available values on the system are printed by the command
// "apt-cache policy", and can be debugged by running
// "unattended-upgrades -d" and looking at the log file.
//
// Within lines unattended-upgrades allows 2 macros whose values are
// derived from /etc/debian_version:
//   ${distro_id}            Installed origin.
//   ${distro_codename}      Installed codename (eg, "buster")
Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Docker,codename=${distro_codename},label=Docker CE";

        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};

// Python regular expressions, matching packages to exclude from upgrading
Unattended-Upgrade::Package-Blacklist {
    // The following matches all packages starting with linux-
//  "linux-";

    // Use $ to explicitely define the end of a package name. Without
    // the $, "libc6" would match all of them.
//  "libc6$";
//  "libc6-dev$";
//  "libc6-i686$";

    // Special characters need escaping
//  "libstdc\+\+6$";

    // The following matches packages like xen-system-amd64, xen-utils-4.1,
    // xenstore-utils and libxenstore3.0
//  "(lib)?xen(store)?";

    // For more information about Python regular expressions, see
    // https://docs.python.org/3/howto/regex.html
};

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "true";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGTERM. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all updates when the machine is shutting down
// instead of doing it in the background while the machine is running.
// This will (obviously) make shutdown slower.
// Unattended-upgrades increases logind's InhibitDelayMaxSec to 30s.
// This allows more time for unattended-upgrades to shut down gracefully
// or even install a few packages in InstallOnShutdown mode, but is still a
// big step back from the 30 minutes allowed for InstallOnShutdown previously.
// Users enabling InstallOnShutdown mode are advised to increase
// InhibitDelayMaxSec even further, possibly to 30 minutes.
// Unattended-Upgrade::InstallOnShutdown "false";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
Unattended-Upgrade::Mail "xxx@host.de";

// Set this value to "true" to get emails only on errors. Default
Unattended-Upgrade::Mail "xxx@host.de";
//Unattended-Upgrade::MailOnlyOnError "false";

// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

// Do automatic removal of newly unused dependencies after the upgrade
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";

// Automatically reboot *WITHOUT CONFIRMATION* if
//  the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";

// Automatically reboot even if there are users currently logged in
//Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "04:00";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

// Enable logging to syslog. Default is False
//
Unattended-Upgrade::SyslogEnable "true";

// Specify syslog facility. Default is daemon
// Unattended-Upgrade::SyslogFacility "daemon";

// Download and install upgrades only on AC power
// (i.e. skip or gracefully stop updates on battery)
// Unattended-Upgrade::OnlyOnACPower "true";

// Download and install upgrades only on non-metered connection
// (i.e. skip or gracefully stop updates on a metered connection)
// Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";

// Verbose logging
// Unattended-Upgrade::Verbose "false";

// Print debugging information both in unattended-upgrades and
// in unattended-upgrade-shutdown
// Unattended-Upgrade::Debug "false";

When running unattended-upgrades --dry-run --debug

Code: Select all

Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/download.docker.com_linux_debian_dists_buster_stable_binary-amd64_Packages'  a=buster,c=stable,v=,o=Docker,l=Docker CE arch='amd64' site='download.docker.com' IndexType='Debian Package Index' Size=359545 ID:30> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_non-free-firmware_i18n_Translation-en'  a=stable-security,c=non-free-firmware,v=12,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=924 ID:29> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_non-free-firmware_binary-amd64_Packages'  a=stable-security,c=non-free-firmware,v=12,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=1300 ID:28> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_contrib_i18n_Translation-en'  a=stable-security,c=contrib,v=12,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=653 ID:27> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_contrib_binary-amd64_Packages'  a=stable-security,c=contrib,v=12,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=1351 ID:26> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_main_i18n_Translation-en'  a=stable-security,c=main,v=12,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=658395 ID:25> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=12,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=900601 ID:24> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-backports_non-free_i18n_Translation-en'  a=stable-backports,c=non-free,v=,o=Debian Backports,l=Debian Backports arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=749 ID:23> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-backports_non-free_binary-amd64_Packages'  a=stable-backports,c=non-free,v=,o=Debian Backports,l=Debian Backports arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=2881 ID:22> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-backports_contrib_i18n_Translation-en'  a=stable-backports,c=contrib,v=,o=Debian Backports,l=Debian Backports arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=19432 ID:21> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-backports_contrib_binary-amd64_Packages'  a=stable-backports,c=contrib,v=,o=Debian Backports,l=Debian Backports arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=23009 ID:20> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-backports_main_i18n_Translation-en'  a=stable-backports,c=main,v=,o=Debian Backports,l=Debian Backports arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=881624 ID:19> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-backports_main_binary-amd64_Packages'  a=stable-backports,c=main,v=,o=Debian Backports,l=Debian Backports arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1121125 ID:18> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_non-free-firmware_i18n_Translation-en'  a=stable-updates,c=non-free-firmware,v=12-updates,o=Debian,l=Debian arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=696 ID:17> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_non-free-firmware_binary-amd64_Packages'  a=stable-updates,c=non-free-firmware,v=12-updates,o=Debian,l=Debian arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1446 ID:16> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_non-free_i18n_Translation-en'  a=stable-updates,c=non-free,v=12-updates,o=Debian,l=Debian arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=64597 ID:15> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_non-free_binary-amd64_Packages'  a=stable-updates,c=non-free,v=12-updates,o=Debian,l=Debian arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=101751 ID:14> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_contrib_i18n_Translation-en'  a=stable-updates,c=contrib,v=12-updates,o=Debian,l=Debian arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=538 ID:13> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_contrib_binary-amd64_Packages'  a=stable-updates,c=contrib,v=12-updates,o=Debian,l=Debian arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1224 ID:12> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_main_i18n_Translation-en'  a=stable-updates,c=main,v=12-updates,o=Debian,l=Debian arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=83585 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_main_binary-amd64_Packages'  a=stable-updates,c=main,v=12-updates,o=Debian,l=Debian arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=66998 ID:10> with -32768 pin

Code: Select all

 tail -f /var/log/unattended-upgrades/unattended-upgrades.log
2024-03-08 11:11:42,320 DEBUG adjusting candidate version: docker-compose-plugin=2.21.0-1~debian.10~buster
2024-03-08 11:11:42,476 DEBUG Checking: libpq5 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2024-03-08 11:11:42,490 DEBUG adjusting candidate version: libpq5=15.5-0+deb12u1
2024-03-08 11:11:42,540 DEBUG Checking: libunbound8 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2024-03-08 11:11:42,550 DEBUG adjusting candidate version: libunbound8=1.17.1-2+deb12u1
2024-03-08 11:11:42,700 DEBUG pkgs that look like they should be upgraded:
2024-03-08 11:11:42,805 DEBUG fetch.run() result: 0
2024-03-08 11:11:42,851 DEBUG Packages blacklist due to conffile prompts: []
2024-03-08 11:11:42,852 INFO No packages found that can be upgraded unattended and no pending auto-removals
2024-03-08 11:11:42,852 INFO The list of kept packages can't be calculated in dry-run mode.

Code: Select all

apt list --upgradable
Listing... Done
bind9-dnsutils/stable-security 1:9.18.24-1 amd64 [upgradable from: 1:9.18.19-1~deb12u1]
bind9-host/stable-security 1:9.18.24-1 amd64 [upgradable from: 1:9.18.19-1~deb12u1]
bind9-libs/stable-security 1:9.18.24-1 amd64 [upgradable from: 1:9.18.19-1~deb12u1]
containerd.io/buster 1.6.28-1 amd64 [upgradable from: 1.6.26-1]
dnsutils/stable-security 1:9.18.24-1 all [upgradable from: 1:9.18.19-1~deb12u1]
docker-buildx-plugin/buster 0.13.0-1~debian.10~buster amd64 [upgradable from: 0.11.2-1~debian.10~buster]
docker-ce-cli/buster 5:25.0.4-1~debian.10~buster amd64 [upgradable from: 5:24.0.7-1~debian.10~buster]
docker-ce-rootless-extras/buster 5:25.0.4-1~debian.10~buster amd64 [upgradable from: 5:24.0.7-1~debian.10~buster]
docker-ce/buster 5:25.0.4-1~debian.10~buster amd64 [upgradable from: 5:24.0.7-1~debian.10~buster]
docker-compose-plugin/buster 2.24.7-1~debian.10~buster amd64 [upgradable from: 2.21.0-1~debian.10~buster]
libpq5/stable-security 15.6-0+deb12u1 amd64 [upgradable from: 15.5-0+deb12u1]
libunbound8/stable-security 1.17.1-2+deb12u2 amd64 [upgradable from: 1.17.1-2+deb12u1]

[fabien]

Hello magarpol, welcome to the forum!

I have a problem with unattended upgrades, exactly the same configuration work on another server

What is the Debian version of your other server? From what I see, probably Debian 10 Buster.

Server: Debian GNU/Linux 12 (bookworm)
kernel: 6.1.0-18-amd64

Code: Select all

cat /etc/apt/apt.conf.d/50unattended-upgrades
[...]
Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Docker,codename=${distro_codename},label=Docker CE";

You removed the line that works for Debian-Security on Bookworm, i.e. the line

Code: Select all

"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

The line above it is intended to work with Buster. You have to look at how the Release file is made.
On Buster:

Code: Select all

$> head -n16 /var/lib/apt/lists/deb.debian.org_debian-security_dists_buster_updates_InRelease
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian-Security
Suite: oldoldstable
Version: 10
Codename: buster                       ### <--
Date: Tue, 27 Feb 2024 14:52:50 UTC
Valid-Until: Tue, 05 Mar 2024 14:52:50 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armhf i386
Components: updates/main updates/contrib updates/non-free
Description: Debian 10 - Security Updates
MD5Sum:
 d41d8cd98f00b204e9800998ecf8427e        0 contrib/Contents-amd64

On Bookworm:

Code: Select all

$> head -n16 /var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_InRelease
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian-Security
Suite: stable-security
Version: 12
Codename: bookworm-security            ### <--
Date: Wed, 06 Mar 2024 18:08:21 UTC
Valid-Until: Wed, 13 Mar 2024 18:08:21 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
Components: updates/main updates/contrib updates/non-free-firmware updates/non-free
Description: Debian 12 - Security Updates
SHA256:
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855        0 contrib/Contents-amd64

So on Bookworm the code name for Security is checked with codename=${distro_codename}-security

The line with Docker doesn't work because the Release file refers to Buster, but ${distro_codename} is Bookworm.

[magarpol]

Hi @fabien thanks for your reply.

The server where unattended-upgrades work has the following:

Server: Debian GNU/Linux 12 (bookworm)
kernel: 6.1.0-13-amd64

so it´s pretty much the same as the one it doesn´t work.

[magarpol]

What is the Debian version of your other server? From what I see, probably Debian 10 Buster.

Just to clarify, all the info that I posted is for the server that it doesn´t work.

[fabien]

How could it work in Bookworm if the line

Code: Select all

"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

is missing?

What give the following commands on the server that works?

Code: Select all

$> grep '${distro_codename}-security' /etc/apt/apt.conf.d/50unattended-upgrades

and

Code: Select all

$> head -n16 /var/lib/apt/lists/*_debian*_InRelease

[magarpol]

$> grep '${distro_codename}-security' /etc/apt/apt.conf.d/50unattended-upgrades

Code: Select all

grep '${distro_codename}-security' /etc/apt/apt.conf.d/50unattended-upgrades
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

and

$> head -n16 /var/lib/apt/lists/*_debian*_InRelease

Code: Select all

==> /var/lib/apt/lists/ftp.fau.de_debian_dists_bookworm_InRelease <==
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian
Suite: stable
Version: 12.5
Codename: bookworm
Changelogs: https://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog
Date: Sat, 10 Feb 2024 11:07:25 UTC
Acquire-By-Hash: yes
No-Support-for-Architecture-all: Packages
Architectures: all amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
Components: main contrib non-free-firmware non-free
Description: Debian 12.5 Released 10 February 2024
MD5Sum:

==> /var/lib/apt/lists/ftp.fau.de_debian_dists_bookworm-updates_InRelease <==
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian
Suite: stable-updates
Version: 12-updates
Codename: bookworm-updates
Date: Thu, 07 Mar 2024 02:16:32 UTC
Valid-Until: Thu, 14 Mar 2024 02:16:32 UTC
Acquire-By-Hash: yes
No-Support-for-Architecture-all: Packages
Architectures: all amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
Components: main contrib non-free-firmware non-free
Description: Debian 12 - Updates
SHA256:

==> /var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_InRelease <==
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian-Security
Suite: stable-security
Version: 12
Codename: bookworm-security
Date: Thu, 07 Mar 2024 10:13:56 UTC
Valid-Until: Thu, 14 Mar 2024 10:13:56 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
Components: updates/main updates/contrib updates/non-free-firmware updates/non-free
Description: Debian 12 - Security Updates
SHA256:
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855        0 contrib/Contents-amd64

[fabien]

Code: Select all

grep '${distro_codename}-security' /etc/apt/apt.conf.d/50unattended-upgrades
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

So the configuration is not the same on the server that works.
You should do a diff and spot the differences.

[friendlysalmon88]

I just checked Debian Busters' EOL and it will no longer be supported after June 30th of this year so I'd strongly recommend that the OP consider migrating their Buster based machine to a release such as BullEye which come to it support EOL ad of 06/30/2026. I wouldn't recommend the BullsEye route and would much rather se the OP ugrade or do a full back up and re installation of Debian 12 BookWorm which i is going to be in active support cycle until June 30th of 2028.

[sunrat]

I just checked Debian Busters' EOL and it will no longer be supported after June 30th of this year so I'd strongly recommend that the OP consider migrating their Buster based machine to a release such as BullEye which come to it support EOL ad of 06/30/2026. I wouldn't recommend the BullsEye route and would much rather se the OP ugrade or do a full back up and re installation of Debian 12 BookWorm which i is going to be in active support cycle until June 30th of 2028.

Please read a topic fully before offering advice. OP is using Bookworm but has a buster repo for docker.

[magarpol]

How could it work in Bookworm if the line

Code: Select all

"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

is missing?
[/code]

Ok sorry for the late reply, I understood not what you were saying. Edited the line and now it looks like:

Code: Select all

//      "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Docker,codename=${distro_codename},label=Docker CE";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

I stopped the process and started again, now the list is of pending updates is shorter:

Code: Select all

apt list --upgradable
Listing... Done
containerd.io/buster 1.6.28-1 amd64 [upgradable from: 1.6.26-1]
docker-buildx-plugin/buster 0.13.0-1~debian.10~buster amd64 [upgradable from: 0.11.2-1~debian.10~buster]
docker-ce-cli/buster 5:25.0.4-1~debian.10~buster amd64 [upgradable from: 5:24.0.7-1~debian.10~buster]
docker-ce-rootless-extras/buster 5:25.0.4-1~debian.10~buster amd64 [upgradable from: 5:24.0.7-1~debian.10~buster]
docker-ce/buster 5:25.0.4-1~debian.10~buster amd64 [upgradable from: 5:24.0.7-1~debian.10~buster]
docker-compose-plugin/buster 2.24.7-1~debian.10~buster amd64 [upgradable from: 2.21.0-1~debian.10~buster]

[magarpol]

Ok I solved the Docker updates problem by adding on 50unattended-updates the following line:

Code: Select all

"o=Docker,a=buster,l=Docker CE,c=stable";

[fabien]

I understood not what you were saying.

Yes, rereading I think my explanation was easy to understand when you already understand the problem, sorry for that . But in the end, you did it, congratulations
Please mark your topic as solved by editing the title of your first post, e.g.
[Software][Solved] Unattended upgrades doesn´t work