[tor-relays] fixing unattended-upgrades' config

Pascal Terjan pterjan at gmail.com
Sat Jul 7 20:29:01 UTC 2018

 On 7 July 2018 at 20:02, nusenu <nusenu-lists at riseup.net> wrote:
>>> maybe it would be a good idea to switch to unattended-upgrades?
>> I have never managed to get it to work :(
>> I have set it up on several machines and nothing ever got upgraded
>> whatever the config I set.
>> After spending too much time trying to get it to work I decided to use
>> my own script
> we added documentation for unattended-upgrades to the tor relay guide,
> I hope this is helpful for you:
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/DebianUbuntuUpdates
> maybe give it a try and let us know if it doesn't work for you?

Just a note that most of my relays are currently Ubuntu (16.04), one
is Debian and others are not Debian based

I noticed one of my relays still had and it seems to be a
16.04 where I forgot to add my script so that's a good place to see
what happens.

The syntax of the expected config seems to be different from that
documentation, I believe the one I had was the default with the tor
line added:

Unattended-Upgrade::Allowed-Origins {
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.

It seems there were 2 reasons why I was getting nothing updated:

1/ "${distro_id}:${distro_codename}-security" was wrong as security
updates are in "${distro_id}:${distro_codename}-updates", not
    For example if I understand
correctly it was first published in -security then moved to -updates
2/ tor gets blacklisted because "Package 'tor' has conffile prompt and
needs to be upgraded manually"

More information about the tor-relays mailing list