Authentication required in Silverblue

Every time I log into Silverblue 30 the system asks me to enter the admin password in order to check for software updates. When my computer has been suspended for a few hours there are typically five to eight of these dialogues waiting for me.

Is there a way to disable these automatic software checks?

There is details on how to disable the automatic checks and updates on the doc site

There is no graphical configuration tool available yet to setup automatic upgrades, so you need to edit files manually and run commands from the terminal to get it setup.

First check what the current configuration is of automatic upgrade by running the rpm-ostree status command in the terminal. The first line of the output will show if automatic upgrade is enabled or not. If it says AutomaticUpdates: disabled then automatic upgrade is not enabled. If it says AutomaticUpdates: fetch then an upgrade will be downloaded but not staged. If it says AutomaticUpdates: stage the upgrade files will be downloaded and copied to the new image that will be activated after a reboot. To enable automatic ostree upgrade, do the following:

Edit the file /etc/rpm-ostreed.conf and in the [daemon] section, uncomment and change the line that says #AutomaticUpdatePolicy=none to AutomaticUpdatePolicy=fetch to download the upgrade files only, or change it to AutomaticUpdatePolicy=stage to download and copy the files to the new OS image. Then save the file.

Run the command rpm-ostree reload to make rpm-ostree aware of the configuration changes.

Start the systemd unit timer by running command sudo systemctl enable rpm-ostreed-automatic.timer and then sudo systemctl start rpm-ostreed-automatic.timer.

The default timer configuration is set to be triggered one hour after boot and then repeat every one day thereafter. To change the timer frequency, edit the file /etc/systemd/system/timers.target.wants/rpm-ostreed-automatic.timer

You can check that the rpm-ostreed-automatic.timer is enabled by running the command systemctl list-timers. If it is in the output list, then it is enabled.

Disable Automatic Upgrade
To disable automatic upgrade, disable the rpm-ostreed-automatic.service with the command sudo systemctl disable rpm-ostreed-automatic.service.

The odd thing is that the output of rpm-ostree status shows that automatic updates are disabled. The rpm-ostreed-automatic.timer service isn’t been enabled. These are the default settings - I haven’t changed them.

# rpm-ostree status | grep AutomaticUpdates
AutomaticUpdates: disabled

# systemctl status rpm-ostreed-automatic.timer
● rpm-ostreed-automatic.timer - RPM-OSTree Automatic Update Trigger
   Loaded: loaded (/usr/lib/systemd/system/rpm-ostreed-automatic.timer; disabled; vendor preset: disabled)
   Active: inactive (dead)

After entering the admin password I see that both gnome-software and rpm-ostree are running. My best guess is that the password prompt is triggered by Gnome Software. I have disabled automatic updates and automatic update notifications in the Gnome Software preference but alas, I keep getting the password prompts - lots of them.

For what it’s worth, I had the same issue when I looked at Silverblue 29 (see https://www.distrowatch.com/weekly.php?issue=20181112#silverblue).

What’s the exact text of the password prompt? That should help to figure out where the problem might be coming from.

If you don’t feel like messing around with any of that, another solution might be to add yourself to the wheel group via usermod -aG wheel $USER.

    **Authentication Required**
    Authentication is required to update software
    Administrator
    Password:

That seems to have solved the issue!

Hi, im fairly new to the whole fedora silverblue thing.
I’m currently trying to get rid of the “Authentication required” pop up at every login on a standard user. Adding the User to the wheel group is currently not an option.
Is it possible to give the user the rights to check for updates while not giving him the rights to set preferences and make admin things?

You can use polkit rules for that; the Arch wiki article I linked is a fantastic resource for writing them.

You can find the action names in /usr/share/polkit-1/actions, most notably for this case the files org.freedesktop.Flatpak.policy and org.projectatomic.rpmostree1.policy. Just be careful to not accidentally give more permissions than you intend.

1 Like

it worked!
thank you so much you saved my weekend :slight_smile:

the rule I had to add was :

polkit.addRule(function(action, subject) {
if (action.id == “org.projectatomic.rpmostree1.upgrade” || “org.projectatomic.rpmostree1.deploy”) {
return polkit.Result.YES;
}
});

have a nice weekend :partying_face: