Customizing updates as user's needs

I recently tried a Ubuntu based Distro in a VM. What I liked the most is the upgrade mechanism.

You can choose to receive updates as you choose. It’s LTS of course.

I can choose to look for security updates only. If available, Download it and apply it. And for feature updates (including Bug fixes), I could do the same too.

I have been a Fedora user for 10 Months. I really love it. The main thing I kind of hate is updates being arrived on a daily basis or mostly about 6/7 days of a week. I tolerated it. But now this, being available and myself being introduced to the dnf update --security and dnf offline-upgrade --security download.

I think, the biggest problem for me, is fixed. I can continue to receive automatic security updates and apply them on next boot and apply feature updates whenever I want like checking them on sunday.

Problem, even though I am using it for 10 months. I don’t know how to configure this, I found dnf-automatic but it seems apply it when system is on.

What I want to do is create a policy that checks for dnf offline-upgrade update --security download daily and notify of that only when I use my system and apply them the next time I boot my system.

And I want other updates to be checked on a bi-weekly basis and I be notified in which case Security updates shouldn’t be listed there since they are already applied except when it’s available during the bi-weekly along them.

I do not fully know about this or to deploy this successfully. Hence the question here.

I would expect the same with flatpak too but it doesn’t offer it.


P.S. This is my first post here. So, Thought of reddit and told in a very elaborate way.

1 Like

Forget to add this point, I need to show Discover (KDE User) to show only the security updates when it checks and the same for feature updates, of course except when checking for feature updates also brings security updates.

Added dnf-system-upgrade

Discover uses packagekit, an abstraction layer for many package managers.

Without separate repos this is not easily possible, you would need to implement that in packagekit and then display in Discover.

I didnt even know Fedora had security updates. Fedora is not LTS, so updates are updates.

On LTS distros, package versions are kept and the patches are backported. This means you have real security updates.

On Fedora afaik you just get an update that fixes a security issue, but this means the package gets a new version.

I know that, I just want to use the --security argument for my use case. I am not trying to propose for altering the default. Just asking help to customize behaviour for my own machine.

It’s even good for me if dnf offline-upgrade --security download and prepares the system to update to next boot. I atleast want that to happen. If possible, in that case, I don’t care about Discover not showing the specific updates. Since this would be setup to be done automatically.

This is kind of an awkaward request to be placed since fedora is supposed to be Bleeding edge but I want it to be controlled by myself.

Added dnf-automatic

The simplest way to do this would be to roll your own scripts and setup a systemd service and timer or a cron job to execute them on a schedule.

This is probably a good place to start. Systemd Timers for Scheduling Tasks - Fedora Magazine

1 Like

Hey, Joe, I think it’s the only way to do so for me. Problem is I can’t configure Offline updates with dnf-automatic.

In that case, What would I need is a trigger file apart from dnf offline-upgrade reboot to apply updates on next boot instead of instantly rebooting.

What I want to do is create a policy that checks for dnf offline-upgrade update --security download daily and notify of that only when I use my system and apply them the next time I boot my system.

I asked ChatGPT to do this and got the following reply. See if it helps you anyway:

Here's a policy that achieves your desired functionality:

**Components:**

1. **Script:** This script will check for updates and notify you.
2. **Cron Job:** This schedules the script to run daily.
3. **Desktop Notification (Optional):** This provides a visual notification on your desktop when you log in.

**Script (save as `check_security_updates.sh`):**

```bash
#!/bin/bash

# Check for security updates
updates=$(dnf offline-upgrade --security download --downloadonly 2>&1)

# Check if updates are available
if [[ $? -eq 0 ]]; then
  # Save updates list (optional, for debugging)
  # echo "$updates" > /tmp/security_updates.log

  # Notify user (choose your preferred method)
  # Option 1: Using notify-send (desktop notification)
  notify-send "Security Updates Available!" "Run 'sudo dnf offline-upgrade reboot' to apply." &

  # Option 2: Printing to terminal
  echo "Security updates available. Run 'sudo dnf offline-upgrade reboot' to apply."
fi

Explanation:

  • The script checks for security updates using dnf offline-upgrade --security download --downloadonly.
    • --downloadonly ensures only downloading and not installing.
    • 2>&1 redirects both standard output and error messages to the variable updates.
  • It checks the exit code ($?) of the dnf command. If successful (exit code 0), it means updates are available.
  • Optional: You can uncomment the line saving the update list for debugging purposes.
  • Notification: Choose your preferred notification method:
    • Option 1: Uses notify-send for a desktop notification (requires it to be installed).
    • Option 2: Prints a message to the terminal.

Running the Script:

  1. Make the script executable: chmod +x check_security_updates.sh
  2. (Optional) Choose your notification method by uncommenting the desired line in the script.

Cron Job:

  1. Open crontab for editing: crontab -e
  2. Add the following line to run the script daily (adjust the time if needed):
0 0 * * * /path/to/check_security_updates.sh

Explanation:

  • 0 0 * * *: This runs the script at midnight every day.
  • /path/to/check_security_updates.sh: Replace this with the actual path to your script.

Applying Updates:

Once notified, you can apply the downloaded updates by running:

sudo dnf offline-upgrade reboot

Important Notes:

  • This policy downloads updates daily. Consider adjusting the cron job schedule if needed.
  • Ensure you have sufficient disk space for downloaded updates.
  • This approach doesn’t automatically apply updates. Remember to run sudo dnf offline-upgrade reboot to install them.

Is there a possibility to create trigger file to apply updates on next boot without using commands ?

I’m not sure there is.

You could run a user systemd service/timer to see if /var/lib/dnf/system-upgrade/system-upgrade-transaction.json exists and if it does provide a user notification indicating there are updates.

You could pair this with another system systemd service that runs the offline upgrade on a timer.

For reference here’s a simple setup I did based on the above to see if it would work. You will probably need to customize this to support what you would like to do.

System Service to download updates: /etc/systemd/system/downloadupdates.service

[Unit]
Description="Downloads offline updates"

[Service]
Type=oneshot
ExecStart=/usr/bin/dnf offline-upgrade download -y 

[Install]
WantedBy=multi-user.target

System Timer for the service: /etc/systemd/system/downloadupdates.timer

[Unit]
Description=Timer to download updates

[Timer]
Unit=downloadupdates.service
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target

User Service to check to see if updates have been downloaded: ~/.config/systemd/user/notifyupdates.service

[Unit]
Description="Check to see if the updates json file is there and notify folks"
ConditionPathExists=/var/lib/dnf/system-upgrade/system-upgrade-transaction.json

[Service]
Type=oneshot
ExecStart=%h/bin/notifyupdates.bash
RemainAfterExit=yes

[Install]
WantedBy=default.target


User timer for the service: ~/.config/systemd/user/notifyupdates.timer

[Unit]
Description=Timer to check and see if updates have been downloaded

[Timer]
Unit=notifyupdates.service
OnStartupSec=2h
OnUnitInactiveSec=12h

[Install]
WantedBy=timers.target

Script for the notifcation: ~/bin/notifyupdates.bash

#!/usr/bin/env bash
whattodo=$(notify-send  -u critical --icon=utilities-terminal --action="opt1=reboot" --action="opt2=wait" Updates Downloaded)
case "${whattodo}" in 
    "opt1")
      /usr/bin/kgx -e "sudo dnf offline-upgrade reboot"
      ;;
    "opt2")
      systemctl --user stop notifyupdates.service
      exit
      ;;
  esac

1 Like

This would work out

Added quality-team, ubuntu-transition