How Do You Setup Manual System Updates?

As much as I appreciate the convenience of automatic updates, automatically restarting at 8pm while I’m in the middle of a match in Overwatch is unacceptable. I normally run all of my auto-updating stuff in a “check for updates and notify but don’t do anything until I say so” mode, which does not seem to be a thing in TurrisOS yet. Worse, when I go to run the script manually, it fails with the message “Updater disabled.”

Is there a way to set this up that I’m not seeing? I suppose I can always enable updates, run and then disable it again, but that’s a pain and I’d really rather not have to do that.

Also, as an aside, the maintenance page heavily implies that auto restarting will happen after 0 to 10 days if notifications are turned on. Can I turn on notifications without automatically restarting? Why is everything trying to restart my router all the time?

Why dont you change time when Turris Omnia will do automatic restart? You can do it in Foris.

Well, you cannot replace kernel without restarting the device, can you? All other updates actually go quite smoothly without having to restart the router.

Is kernel-patching/livepatching or whatever it is called, to big for Turris-OS? This is being supported by default since kernel 4.4 so i have heard.

Yes, it is. And it’s generally not worth it especially if reboot only takes 30 seconds or so.

@Ondrej_Caletka, You got a point there.

livepatching is currently not supported and frankly it is meant and used just to do critical security updates on servers so you have some time to plan your maintenance window as it might take a while before you get to it. And it has some non-trivial maintenance overhead.

1 Like

It’s currently set to restart at 3:30am. However, the update system did not seem to care and restarted immediately following the update anyway. So, that’s not really a safe option here (and, yes, the local time is set correctly on the router).

That’s understandable, but let me perform the update manually so I know when it’s safe to restart. I don’t understand why the update process needs to be completely hands off or exceedingly tedious. I feel like there’s a middle ground here that’s being overlooked.

1 Like

This shouldn’t happen and hasn’t happen to me. Maybe there is some other issue.

You can achieve something like that by keeping updates enabled but disabling the updater cron job. Then you can start updates manually by running at your leisure.

The updater already supports modes in which you either need to confirm each update, or in which it gives you some configurable time before proceeding to decide if you want that update. The problem is, only the backend supports it and it’s not even remotely user friendly and it is not much documented.

So yes, it is planned and yes, if you want to be brave and test it without the UI, feel free. You can have a look into the script or here:, section approvals.

1 Like

@vorner Perfect! That’s exactly what I’m looking for. Thanks!

Getting 404 on that link. Can you update it? It’s been referenced in multiple posts.


Me personally:
Delete updater’s cron
Disable automatic updates via Foris

When you want to upgrade:
Enable automatic updates via Foris
run /usr/bin/
After update Disable automatic updates via Foris

1 Like

Hello @vorner,
I have been able to get working Approvals functionality on my TO and I am so happy for this functionality especially when I am not home for weeks and need fully working OpenVPN/DNS/Something that will not be broken by update (just example I am not saying that any update did broke OpenVPN :wink: so far).
However I have few questions.

  • I see I can grant a approval for whole update, but is there any way that I can approve only some of packages listed in /usr/share/updater/need_approval ?

  • Is there any interface in Foris right now or the email I am getting is not correct right now?

Oznámení o aktualizacích

Updater žádá o autorizaci akcí. Autorizaci můžete přidělit v administračním rozhraní Foris.


@kixorz here is updated link

1 Like

In the Debian world, people who subscribe to stable security updates get nothing else. If there are no software version upgrades included in a security update, less things can go wrong and less time will be spent fixing anything that does go wrong.

This is a good way of keeping a system stable. People also have more confidence in this approach and so they do the updates more promptly.

I have the impression it is harder for smaller communities like OpenWRT to maintain a stable release branch, so one way that people can solve this issue may be running Debian on the Turris Omnia.

Getting support for the HW isn’t easy even for WRT, so I doubt it will be significantly better for Debian or other distro not focused on routers.

1 Like