WIP: Introduce new config options for blacklisting by Origin #334
Conversation
|
IMO this should be done by pinning instead and pinning already works reliably. |
This commit introduces two new options for blacklisting packages: Unattended-Upgrade::Blacklist-Origins-Pattern and Unattended-Upgrade::Blacklist-Origins-Strict. With this, users are able to manage updates comming from third party repositories manually, without the risk of packages being automatically upgraded by u-u if a higher version of such become available in u-u's managed repositories
markkrj
force-pushed
the
blacklist-by-patterns
branch
from
4f77eaf
to
77477fe
Compare
|
Imagine we have a third party repo which we use for installing some (not just one) package, and manage updates from it manually. Currently, we would need to:
From those options, only 2 would be acceptable, but then we would need to pin every package we install from 3rd parties, and hope to not forget anyone. With the option introduced by this PR, we could pin down an entire repo, from which we intend to manage updates manually. |
|
#287 has a more generic proposed solution for this problem |
How would we solve this problem with APT config? |
Unattended-upgrades could use additional APT preferences, too, where users could set u-u-specific pinning. |
If the implementation of that proposal respects pinning for disallowed repositories, then yes... |
Fix #319
This allows users to blacklist origins (by pattern) instead of individual packages.
This way, we would not need to change configurations for every package installed from a third party repo, and instead blacklist an entire repo.
I renamed and refactored some functions to better reflect what they do and avoid duplicating code and also because some functions had somewhat misleading/confusing names (as
is_in_allowed_origin, which checked if a version is in allowed origins andver_in_allowed_origin, which returns a version from a specified set of origin patterns).If renaming those are not acceptable, or might be breaking, I can revert the naming changes, as it might be merely cosmetic.
I did not added tests and docs yet, as I don't know if this approach would be acceptable.