How to update Mattermost-Omnibus with unattended-upgrade?

[caugner]

I tried the following origin, but it doesn't seem to work:

# /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
        "deb.packages.mattermost.com:${distro_codename}";
};

[caugner]

Unfortunately, the mattermost apt list seems to have an invalid origin: 🤔

$ grep -P "Origin|Suite" /var/lib/apt/lists/deb.packages.mattermost.com_dists_focal_InRelease                                                                          1 ↵
Origin: . focal
Suite: focal

$ grep -P "Origin|Suite" /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_focal-security_InRelease
Origin: Ubuntu
Suite: focal-security

Therefore, the only workaround for now seems to use Origins-Pattern instead of Allowed-Origins and allow unattended-upgrade to update every package:

Unattended-Upgrade::Origins-Pattern {
    "origin=*";
};

(Source: https://unix.stackexchange.com/a/427190)

edit: Another workaround is to add the current Origin:

# /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        ". focal:${distro_codename}";
}

[caugner]

Maybe this could be fixed by telling Aptly to set the Origin field to "mattermost" or similar here:

mattermost-omnibus/scripts/sync-and-publish

Lines 36 to 37 in 7ec7fe2

	cp scripts/aptly.conf $HOME/.aptly.conf
	aptly publish snapshot -batch -force-overwrite -gpg-key="${GPG_KEY_ID}" ${release}-snapshot "s3:remote:"

[caugner]

Here are the origins that other repos use:

$ grep -hR Origin: /var/lib/apt/lists/ | sort -u                                                                                                                     130 ↵
Origin: apt.postgresql.org
Origin: . focal
Origin: nginx
Origin: Ubuntu

edit: And GitLab uses the following:

Origin: packages.gitlab.com/gitlab/gitlab-ee

[caugner]

FWIW If Mattermost's Origin field were set to "Mattermost" (to be consistent with "Ubuntu"), unattended upgrades could be configured as follows:

Unattended-Upgrade::Allowed-Origins {
        "Mattermost:${distro_codename}";
};