Right after installing Turris OS 3.8, I turned on the “update approval needed” option, both on Turris 1.0 and Omnia, to avoid further problems caused by updates breaking the router while I was far away from it. This is the updater config now:
config approvals 'approvals'
option need '1'
However, yesterday’s update was installed without any warning and approval. Did anyone experience the same behavior? The approval is requested though when I add or remove any records from pkglists, which is rather annoying than useful.
Yes I noticed that some of you are reporting it here on forum. But reality is that I have no idea how that happened. Huge stretch of fantasy is that we are using hash of generated plan to confirm it and there is slight possibility that hash collision occurred. But that is so slim chance that I don’t believe that and also all of you would have to have same last confirmed plan (possibly some user lists?). So there is probably bug somewhere. But I can’t reproduce it. I went over all relevant code and I can’t found anything. Simply said I don’t see anything else to do other than wait and see if it happens again and if so try to found what those two situation has in common.
@cynerd: I unfortunately have to state this problem still exists.
My turris updated some minutes ago without adhering to the “update approval needed”-option. I have not restarted the router yet and like to help fixing this problem.
Thank you for all reports and your helps in discovering why updates sometimes approve them self. If you don’t need technical explanation then just note that fix is planned to be in Turris OS 3.8.4 and so that release should be last one to be automatically installed without your approval.
Problem was how updater.sh was called from cron script. No argument was passed to updater.sh and so it was executed as being in foreground and because of bug in pkgupdate update confirmation (no stdin had same effect as pressed return key) such execution was automatically approved.
So fix is to edit file /etc/conf.d/updater to look something like this:
The change is that -b switch was added to updater.sh script.
Also because of this bug with this fix we will start to ship this file as part of package so there will be no longer option to edit it to run updater at arbitrary time. And also updater will no longer be executed just twice a day but every four hours with random delay from initial time of execution. If you don’t want your router to be updated while you are working then approvals are suggested. You will be again notified about these changes on Turris OS 3.8.4 release.
Should I delete the trailing ampersand? My updater command looks like this now (before edit): /usr/bin/updater.sh >/dev/null 2>&1 &
I thought it means execution in background even without -b switch.
Yes you may. Basically new implementation will be just /usr/bin/updater.sh -b --rand-sleep. But --rand-sleep is not yet implemented in version of updater.sh you have.
