unattended upgrades with caddy

Deemo@bookwormstory.social to Selfhosted@lemmy.world – 20 points –

Edit: credit to exu@feditown.com

Assuming you installed caddy via Debian, Ubuntu, Raspbian method

https://caddyserver.com/docs/install#debian-ubuntu-raspbian

add "cloudsmith/caddy/stable:any-version"; to /etc/apt/apt.conf.d/50unattended-upgrades

Example:

// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
        "cloudsmith/caddy/stable:any-version";
};

Link to comment chain (not sure how to add links in a federated way)

https://feditown.com/comment/1221458

https://bookwormstory.social/post/2100056/4136035

Origional post:

Hi guys anyone know how to use un attended upgrades with caddy.

I have ubuntu server 22.0.4.

The part that stumps me is caddy uses a external repository cloud Smith making ot difficult to setup.

I installed caddy via Debian, Ubuntu, Raspbian

https://caddyserver.com/docs/install#debian-ubuntu-raspbian

The closest example I could find to unattended upgrades with a external repo was this example using docker.

/etc/apt/apt.conf.d/50unattended-upgrades

"Docker:${distro_codename}";

https://blog.coffeebeans.at/archives/1299

I'm not sure if it's as simple as

/etc/apt/apt.conf.d/50unattended-upgrades

"Caddy:${distro_codename}";

Edit:

One more question affect would adding

APT::Unattended-Upgrade::Package-Blacklist "";

/etc/apt/apt.conf.d/20auto-upgrades

have?

Edit2:

I just removed this I only found this from google gemini (which probably isn't the best source of info)

APT::Unattended-Upgrade::Package-Blacklist "";
8

You are viewing a single comment

Firstly thank you so much for explaing this for me.

"origin=Zabbix,codename=${distro_codename}"; //Zabbix Agent repository

I tried using this as a template for caddy

 500 https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version/main arm64 Packages
     release o=cloudsmith/caddy/stable,a=any-version,n=any-version,l=source=none,c=main,b=arm64
     origin dl.cloudsmith.io

I assume origin is:

o=cloudsmith/caddy/stable

When adding this rule

"origin=cloudsmith/caddy/stable,codename=${distro_codename}"; //Caddy repository

I get this error

Unable to parse Unattended-Upgrade::Allowed-Origins.
An error occurred: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):

https://pastebin.com/raw/7gtkRw7c

When changing the syntax to:

"cloudsmith/caddy/stable:${distro_codename}"; // Caddy

The error goes away.

Any ideas?

You're right with the origin. codename or n in short form is any-version. ${distro_codename} won't match that, as it contains the codename for your distro release, like bookworm for Debian 12.
With any-version the repo owner's basically saying you can install this regardless of your distro version or they handle it on their end somehow.

Try just using the origin instead, like this.

"origin=cloudsmith/caddy/stable";

"origin=cloudsmith/caddy/stable";

Unable to parse Unattended-Upgrade::Allowed-Origins. An error occurred: not enough values to unpack (expected 2, got 1)


// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
        "origin=cloudsmith/caddy/stable";
};

Huh, I guess Ubuntu patched Unattended Upgrades to change the config format.
Try "cloudsmith/caddy/stable:any-version";