On 7 July 2018 at 20:02, nusenu nusenu-lists@riseup.net wrote:
maybe it would be a good idea to switch to unattended-upgrades?
I have never managed to get it to work :( I have set it up on several machines and nothing ever got upgraded whatever the config I set. After spending too much time trying to get it to work I decided to use my own script
we added documentation for unattended-upgrades to the tor relay guide, I hope this is helpful for you:
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/DebianUbuntuUpda...
maybe give it a try and let us know if it doesn't work for you?
Just a note that most of my relays are currently Ubuntu (16.04), one is Debian and others are not Debian based
I noticed one of my relays still had 0.3.1.9 and it seems to be a 16.04 where I forgot to add my script so that's a good place to see what happens.
The syntax of the expected config seems to be different from that documentation, I believe the one I had was the default with the tor line added:
Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}"; "${distro_id}:${distro_codename}-security"; // Extended Security Maintenance; doesn't necessarily exist for // every release and this system may not have it installed, but if // available, the policy for updates is such that unattended-upgrades // should also install from here by default. "${distro_id}ESM:${distro_codename}"; "TorProject:${distro_codename}"; };
It seems there were 2 reasons why I was getting nothing updated:
1/ "${distro_id}:${distro_codename}-security" was wrong as security updates are in "${distro_id}:${distro_codename}-updates", not -security; For example if I understand https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.6/+publishing... correctly it was first published in -security then moved to -updates 2/ tor gets blacklisted because "Package 'tor' has conffile prompt and needs to be upgraded manually"