Unattended-upgrades writes logs to `/var/log/unattended-upgrades/` but
Unattended-upgrades writes logs to `/var/log/unattended-upgrades/` but
also `/var/log/dpkg.log`.
also `/var/log/dpkg.log`.
The default configuration file for unattended-upgrades is at `/etc/apt/apt.conf.d/50unattended-upgrades`.
The default configuration file for unattended-upgrades is at
`/etc/apt/apt.conf.d/50unattended-upgrades`.
Pending upgrades are still noticed by Nagios which warns loudly about them in its
Pending upgrades are still noticed by Nagios which warns loudly about them in its
usual channels.
usual channels.
If a package origin isn't picked by unattended upgrades it will need to be upgraded
Note that unattended-upgrades is configured to upgrade packages
by hand or its origin added to `modules/profile/manifests/unattended_upgrades.pp` in
regardless of their origin (`Unattended-Upgrade::Origins-Pattern {
puppet.
"origin=*" }`). If a new `sources.list` entry is added, it
*will* be picked up and applied by unattended-upgrades unless it has a
special policy (like Debian's backports). It is *strongly* recommended
that new `sources.list` entries be paired with a "pin" (see
[apt_preferences(5)](https://manpages.debian.org/apt_preferences.5)). See also [tpo/tpa/team#40771](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40771) for a
