I recently tried a Ubuntu based Distro in a VM. What I liked the most is the upgrade mechanism.
You can choose to receive updates as you choose. It’s LTS of course.
I can choose to look for security updates only. If available, Download it and apply it. And for feature updates (including Bug fixes), I could do the same too.
I have been a Fedora user for 10 Months. I really love it. The main thing I kind of hate is updates being arrived on a daily basis or mostly about 6/7 days of a week. I tolerated it. But now this, being available and myself being introduced to the dnf update --security and dnf offline-upgrade --security download.
I think, the biggest problem for me, is fixed. I can continue to receive automatic security updates and apply them on next boot and apply feature updates whenever I want like checking them on sunday.
Problem, even though I am using it for 10 months. I don’t know how to configure this, I found dnf-automatic but it seems apply it when system is on.
What I want to do is create a policy that checks for dnf offline-upgrade update --security download daily and notify of that only when I use my system and apply them the next time I boot my system.
And I want other updates to be checked on a bi-weekly basis and I be notified in which case Security updates shouldn’t be listed there since they are already applied except when it’s available during the bi-weekly along them.
I do not fully know about this or to deploy this successfully. Hence the question here.
I would expect the same with flatpak too but it doesn’t offer it.
P.S. This is my first post here. So, Thought of reddit and told in a very elaborate way.
Forget to add this point, I need to show Discover (KDE User) to show only the security updates when it checks and the same for feature updates, of course except when checking for feature updates also brings security updates.
I know that, I just want to use the --security argument for my use case. I am not trying to propose for altering the default. Just asking help to customize behaviour for my own machine.
It’s even good for me if dnf offline-upgrade --security download and prepares the system to update to next boot. I atleast want that to happen. If possible, in that case, I don’t care about Discover not showing the specific updates. Since this would be setup to be done automatically.
This is kind of an awkaward request to be placed since fedora is supposed to be Bleeding edge but I want it to be controlled by myself.
What I want to do is create a policy that checks for dnf offline-upgrade update --security download daily and notify of that only when I use my system and apply them the next time I boot my system.
I asked ChatGPT to do this and got the following reply. See if it helps you anyway:
Here's a policy that achieves your desired functionality:
**Components:**
1. **Script:** This script will check for updates and notify you.
2. **Cron Job:** This schedules the script to run daily.
3. **Desktop Notification (Optional):** This provides a visual notification on your desktop when you log in.
**Script (save as `check_security_updates.sh`):**
```bash
#!/bin/bash
# Check for security updates
updates=$(dnf offline-upgrade --security download --downloadonly 2>&1)
# Check if updates are available
if [[ $? -eq 0 ]]; then
# Save updates list (optional, for debugging)
# echo "$updates" > /tmp/security_updates.log
# Notify user (choose your preferred method)
# Option 1: Using notify-send (desktop notification)
notify-send "Security Updates Available!" "Run 'sudo dnf offline-upgrade reboot' to apply." &
# Option 2: Printing to terminal
echo "Security updates available. Run 'sudo dnf offline-upgrade reboot' to apply."
fi
Explanation:
The script checks for security updates using dnf offline-upgrade --security download --downloadonly.
--downloadonly ensures only downloading and not installing.
2>&1 redirects both standard output and error messages to the variable updates.
It checks the exit code ($?) of the dnf command. If successful (exit code 0), it means updates are available.
Optional: You can uncomment the line saving the update list for debugging purposes.
Notification: Choose your preferred notification method:
Option 1: Uses notify-send for a desktop notification (requires it to be installed).
Option 2: Prints a message to the terminal.
Running the Script:
Make the script executable: chmod +x check_security_updates.sh
(Optional) Choose your notification method by uncommenting the desired line in the script.
Cron Job:
Open crontab for editing: crontab -e
Add the following line to run the script daily (adjust the time if needed):
0 0 * * * /path/to/check_security_updates.sh
Explanation:
0 0 * * *: This runs the script at midnight every day.
/path/to/check_security_updates.sh: Replace this with the actual path to your script.
Applying Updates:
Once notified, you can apply the downloaded updates by running:
sudo dnf offline-upgrade reboot
Important Notes:
This policy downloads updates daily. Consider adjusting the cron job schedule if needed.
Ensure you have sufficient disk space for downloaded updates.
This approach doesn’t automatically apply updates. Remember to run sudo dnf offline-upgrade reboot to install them.
You could run a user systemd service/timer to see if /var/lib/dnf/system-upgrade/system-upgrade-transaction.json exists and if it does provide a user notification indicating there are updates.
You could pair this with another system systemd service that runs the offline upgrade on a timer.
For reference here’s a simple setup I did based on the above to see if it would work. You will probably need to customize this to support what you would like to do.
System Service to download updates: /etc/systemd/system/downloadupdates.service
User Service to check to see if updates have been downloaded: ~/.config/systemd/user/notifyupdates.service
[Unit]
Description="Check to see if the updates json file is there and notify folks"
ConditionPathExists=/var/lib/dnf/system-upgrade/system-upgrade-transaction.json
[Service]
Type=oneshot
ExecStart=%h/bin/notifyupdates.bash
RemainAfterExit=yes
[Install]
WantedBy=default.target
User timer for the service: ~/.config/systemd/user/notifyupdates.timer
[Unit]
Description=Timer to check and see if updates have been downloaded
[Timer]
Unit=notifyupdates.service
OnStartupSec=2h
OnUnitInactiveSec=12h
[Install]
WantedBy=timers.target
Script for the notifcation: ~/bin/notifyupdates.bash