AutomaticUpdates
3361
Comment: results after the first bof
|
2985
cleanups
|
Deletions are marked like this. | Additions are marked like this. |
Line 26: | Line 26: |
One problem with unattended upgrades are packages that ask questions in | The problem with unattended upgrades are packages that ask questions in |
Line 28: | Line 28: |
kernel, libc, etc. Another problem is that there may be conffile questions during the upgrade. |
kernel, libc, etc. Another problem is that there may be conffile questions during the upgrade. [[BR]] |
Line 36: | Line 35: |
The packages must be prepared for it (don't ask questions, don't prompt, no new conffile). |
The packages must be prepared for it (don't ask questions, don't prompt, no new conffile). |
Line 39: | Line 37: |
(origin: ubuntu-security), if anything is installed/upgraded that does not comes from ubuntu-security we will ignore it. |
(origin: ubuntu-security), if anything is installed/upgraded that does not comes from ubuntu-security we will ignore it. |
Line 52: | Line 49: |
{{{#!python import apt cache = apt.Cache() for pkg in cache: if pkg.isUpgradable() and pkg.candidateOrigin == "breezy-security": pkg.markUpgrade() # TODO: Check if something unwanted was marked for upgrade/removal if cache.BrokenCount > 0: # TODO: Undo the last action and try something else. pkg.unmarkUpgrade() }}} |
Launchpad entry: https://launchpad.net/distros/ubuntu/+spec/unattended-package-upgrades
Created: Date(2005-11-02T19:41:30Z) by MichaelVogt
Contributors: DanielBurrows, GustavoNiemeyer, ReinardTartler
Packages affected: apt, python-apt
Summary
Automatic Updates - automatic installation of (security) updates, possible even when current user has no sudo privileges
Rationale
When ubuntu is used by a user without sudo privileges, he cannot upgrade it with security updates. This can mean a machine will be vulnerable to security risks for a prolonged period of time. Also some people just don't care about updates and other technical stuff. They just don't want to be bothered and have ubuntu to keep itself updated and secure.
Use cases
Scope
Design
The problem with unattended upgrades are packages that ask questions in postinst. Fortunately there are few of them nowdays, but we still have kernel, libc, etc. Another problem is that there may be conffile questions during the upgrade. BR
We may run dpkg with --force-conf-old. A problem with this is that:
- a security upgrade may be using a new version for a (default) conffile
- a upgrade may need a new conffile format
The packages must be prepared for it (don't ask questions, don't prompt, no new conffile). We will limit ourself to security upgrades for the installed distro (origin: ubuntu-security), if anything is installed/upgraded that does not comes from ubuntu-security we will ignore it.
Implementation
Write it in python-apt, check what's upgradable and comes from security; verify if it does not a) break/remove anything b) installs stuff outside security; upgrade it. It will be tied into the apt cron-job we have already.
Code
AutomaticUpdates (last edited 2008-08-06 16:27:19 by localhost)