How run Apper updates without user interaction? [Debian 8.10 - KDE 4.14.2]


  • Moderator

    Apper drives me crazy on our Office PC (KDE 4.14.2, Debian 8.10). Friday it nagged a user to update Chrome for many times.
    I configured Apper to update automatically and do not show notifications, but it always opens a disturbing popup "Authentication is required to update software" to get a password from user to upgrade. 😞
    =:/
    But this is not good as the regular user has no rights to do this. Thats why i want to get rid of this user interaction.
    I want Linux to run and install updates automatically.

    I already had installed unattended-upgrades and set in /etc/apt/apt.conf.d/50unattended-upgrades

    Unattended-Upgrade::Origins-Pattern {
            // Codename based matching:
            // This will follow the migration of a release through different
            // archives (e.g. from testing to stable and later oldstable).
            "o=Debian,n=jessie";
            "o=Debian,n=jessie-updates";
    //      "o=Debian,n=jessie-proposed-updates";
            "o=Debian,n=jessie,l=Debian-Security";
    
            // Archive or Suite based matching:
            // Note that this will silently match a different release after
            // migration to the specified archive (e.g. testing becomes the
            // new stable).
    //      "o=Debian,a=stable";
    //      "o=Debian,a=stable-updates";
    //      "o=Debian,a=proposed-updates";
            "origin=Debian,codename=${distro_codename},label=Debian-Security";
    };
    

    What is missing to do this? Whats wrong with my Apper/Packagekit config?
    Your help is really appreciated and would help me to calm down my antipathy against KDE.



  • @gwen-dragon if getting rid of GUI packet management is an option the cleanest way would be to remove PackageKit/Apper.
    Debians unattended-upgrades do not need these for periodic updates.

    Else it would be interesting if disabling updates through Apper/Packagekit interferes with the (independent/parallel) setup of unattended-upgrades.
    Somtimes apt (via cronjob) and PackageKit have/had fights over who gets the package database lock.


  • Moderator

    Packagekit and Apper was removed now.

    But unattended-upgrades does not upgrade all installed packages.
    I checked this with run-parts /etc/cron.daily .

    I need a safe upgrade in background with no user action needed.



  • You can play with the sudoers file. You can add commands to the group wheel that needs no password. Like Luke do it in this video ( starts at 4.45min)

    https://www.youtube.com/watch?v=nSHOb8YU9Gw


  • Moderator

    @RocknRolf group wheel NOPASSWORD is a good idea. πŸ™‚
    I will try if this solves the package updates problem.



  • @gwen-dragon I think you also can adopt this for the User only.



  • Btw. I set wheel always to NOPASSWORD on my machines. I know it is not save...



  • @gwen-dragon if there are any messages

    adjusting candidate version: <pkgname>=<pkgversion>
    

    in the unattended-upgrades -d --dry-run output then some more tweaking of /etc/apt/apt.conf.d/50unattended-upgrades is needed.

    Aptitude can help to better identify Origin patterns (jessie-*) for pending updates than command line apt-cache.

    The cron script checks for timestamps and refuses to run consecutively.
    Best to disable cron during tests and call /etc/cron.daily/apt for a last check directly after all problems found during dry run are resolved…

    Additionally, the lines

    "o=Debian,n=jessie,l=Debian-Security";
    "o=Debian,n=${distro_codename},l=Debian-Security";
    

    resolve (in this case) to identical values and constitute duplicates.


  • Moderator

    @rocknrolf I know, dear Linux fellow πŸ˜‰


  • Moderator

    Updating of my Linux servers is easier 😞

    @becm Unfortunately i saw that Vivaldi and Google Chrome could not be updated unattended.
    What a hell.



  • @gwen-dragon not to incure the dragon's wrath (again), but I assume you tested

    "o=Vivaldi Technologies,a=stable,l=Official Vivaldi package repository"
    

    already (label part should be optional)?


  • Moderator

    That means, if i want more automatic updates i have to add all other external repos? But that is the admin hell i wanted to escape from. =:(

    Is there no program which can do that for me addin the information to the special apt config file?
    How to extract the needed data from apt's sources.list.d files?



  • @gwen-dragon the origin field seems to be mandatory.

    A (very) crude first approximation may be

    apt-cache policy | grep release | awk 'NR > 1' | cut -d, -f 2,3 | uniq
    

    unless a better solution/tool can be found.

    If anyone wants a go at it:
    apt-cache extracts information from /var/lib/apt/lists/*Packages files.
    Maybe /var/lib/apt/lists/*Release files may also be a good sources.



  • @gwen-dragon apparently upgrade sources allow pattern matching.
    See /usr/bin/unattended-upgrade line 361ff. (for 0.83.3.2+deb8u1_all).

    So to match all package origins:

    Unattended-Upgrade::Origins-Pattern {
      "origin=*";
    };
    

    Use at own risk: No out-of-data system available to test at the moment.
    Ubuntu 17.09 instance applied all updates via cronjob and above config.
    Reducing match scope(s) for more important systems may be advisable.


  • Moderator

    I forgot to tell, i solved it long ago.

    I fixed with unattended-upgrade and adding the policy "o=Vivaldi Technologies,a=stable"; to config 50unattended-upgrades.


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.