Every time I log into Silverblue 30 the system asks me to enter the admin password in order to check for software updates. When my computer has been suspended for a few hours there are typically five to eight of these dialogues waiting for me.
Is there a way to disable these automatic software checks?
There is details on how to disable the automatic checks and updates on the doc site
There is no graphical configuration tool available yet to setup automatic upgrades, so you need to edit files manually and run commands from the terminal to get it setup.
First check what the current configuration is of automatic upgrade by running the rpm-ostree status command in the terminal. The first line of the output will show if automatic upgrade is enabled or not. If it says AutomaticUpdates: disabled then automatic upgrade is not enabled. If it says AutomaticUpdates: fetch then an upgrade will be downloaded but not staged. If it says AutomaticUpdates: stage the upgrade files will be downloaded and copied to the new image that will be activated after a reboot. To enable automatic ostree upgrade, do the following:
Edit the file /etc/rpm-ostreed.conf and in the [daemon] section, uncomment and change the line that says #AutomaticUpdatePolicy=none to AutomaticUpdatePolicy=fetch to download the upgrade files only, or change it to AutomaticUpdatePolicy=stage to download and copy the files to the new OS image. Then save the file.
Run the command rpm-ostree reload to make rpm-ostree aware of the configuration changes.
Start the systemd unit timer by running command sudo systemctl enable rpm-ostreed-automatic.timer and then sudo systemctl start rpm-ostreed-automatic.timer.
The default timer configuration is set to be triggered one hour after boot and then repeat every one day thereafter. To change the timer frequency, edit the file /etc/systemd/system/timers.target.wants/rpm-ostreed-automatic.timer
You can check that the rpm-ostreed-automatic.timer is enabled by running the command systemctl list-timers. If it is in the output list, then it is enabled.
Disable Automatic Upgrade
To disable automatic upgrade, disable the rpm-ostreed-automatic.service with the command sudo systemctl disable rpm-ostreed-automatic.service.
The odd thing is that the output of rpm-ostree status shows that automatic updates are disabled. The rpm-ostreed-automatic.timer service isn’t been enabled. These are the default settings - I haven’t changed them.
# rpm-ostree status | grep AutomaticUpdates
AutomaticUpdates: disabled
# systemctl status rpm-ostreed-automatic.timer
â—Ź rpm-ostreed-automatic.timer - RPM-OSTree Automatic Update Trigger
Loaded: loaded (/usr/lib/systemd/system/rpm-ostreed-automatic.timer; disabled; vendor preset: disabled)
Active: inactive (dead)
After entering the admin password I see that both gnome-software and rpm-ostree are running. My best guess is that the password prompt is triggered by Gnome Software. I have disabled automatic updates and automatic update notifications in the Gnome Software preference but alas, I keep getting the password prompts - lots of them.
For what it’s worth, I had the same issue when I looked at Silverblue 29 (see DistroWatch.com: Put the fun back into computing. Use Linux, BSD.).
What’s the exact text of the password prompt? That should help to figure out where the problem might be coming from.
If you don’t feel like messing around with any of that, another solution might be to add yourself to the wheel group via usermod -aG wheel $USER.
**Authentication Required**
Authentication is required to update software
Administrator
Password:
That seems to have solved the issue!
Hi, im fairly new to the whole fedora silverblue thing.
I’m currently trying to get rid of the “Authentication required” pop up at every login on a standard user. Adding the User to the wheel group is currently not an option.
Is it possible to give the user the rights to check for updates while not giving him the rights to set preferences and make admin things?
You can use polkit rules for that; the Arch wiki article I linked is a fantastic resource for writing them.
You can find the action names in /usr/share/polkit-1/actions, most notably for this case the files org.freedesktop.Flatpak.policy and org.projectatomic.rpmostree1.policy. Just be careful to not accidentally give more permissions than you intend.
it worked!
thank you so much you saved my weekend 
the rule I had to add was :
polkit.addRule(function(action, subject) {
if (action.id == “org.projectatomic.rpmostree1.upgrade” || “org.projectatomic.rpmostree1.deploy”) {
return polkit.Result.YES;
}
});
have a nice weekend 
this is not the way this should be solved. The problem is that wheel can do all sorts of things without password prompt, while non-wheel users are not allowed to even update or check for updates.
As Fedora is a semi rolling distro, I would suppose that the best solution for this is to allow all users to do update and deploy without a password prompt.
Users should not need to be in the wheel group to be able to have a service running in the background keep track of the latest upgrades.
The result would be a system with for example Students, where the admin nearly never logs in, that doesnt update at all!
There is a way to fix this, to add a custom polkit exception, similar to the one allowing wheel to do all these things without a passoword prompt
Not 100% sure how this rule would look like, see my linked issue for followup changes