2021-12-21 15:44:49 |
Bleuzen |
bug |
|
|
added bug |
2021-12-21 15:48:10 |
Bleuzen |
description |
In Kubuntu in KDE system settings, there is a setting to enable automatic updates. However I wondered why this never actually updated the system, despite that I had automatic updates enabled for some time.
Turns out, KDE uses Discover to update the system unattended. And discover uses packagekit to trigger offline updates.
Now here is the problem: Usually this would work. It does on other distros which don't patch the polkit policy. But not on (K)ubuntu.
In the package sources there is a patch for the debian/ubuntu package:
<packagesrc>/debian/patches/policy.diff
This patch does change the permission to do offline updates from all active users to only admins.
Here:
```
@@ -273,7 +271,7 @@
<action id="org.freedesktop.packagekit.trigger-offline-update">
<!-- SECURITY:
- - Normal users are able to ask updates to be installed at
+ - Administrators are able to ask updates to be installed at
early boot time without a password.
-->
<description>Trigger offline updates</description>
@@ -282,7 +280,7 @@
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
```
With this patch, it prompts the user for a password before allowing offline updates. Now in unattended update mode, this prompt is hidden.
So basically with that patch, unattended updates on Kubuntu just fail silently.
Removing this patch (or at least reverting the change in this "org.freedesktop.packagekit.trigger-offline-update" rule) makes auto updates work again.
Please remove this change from the patch (or even the whole patch? this was last modified in 2012, so should be reviewed if still needed). |
In Kubuntu KDE system settings, there is an option to enable automatic updates. However I wondered why this never actually updated the system, despite that I had automatic updates enabled for some time.
Turns out, KDE uses Discover to update the system unattended. And discover uses packagekit to trigger offline updates.
Now here is the problem: Usually this would work. It does on other distros which don't patch the polkit policy. But not on (K)ubuntu.
In the package sources there is a patch for the debian/ubuntu package:
<packagesrc>/debian/patches/policy.diff
This patch does change the permission to do offline updates from all active users to only admins.
Here:
```
@@ -273,7 +271,7 @@
<action id="org.freedesktop.packagekit.trigger-offline-update">
<!-- SECURITY:
- - Normal users are able to ask updates to be installed at
+ - Administrators are able to ask updates to be installed at
early boot time without a password.
-->
<description>Trigger offline updates</description>
@@ -282,7 +280,7 @@
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
```
With this patch, it prompts the user for a password before allowing offline updates. Now in unattended update mode, this prompt is hidden.
So basically with that patch, unattended updates on Kubuntu just fail silently.
Removing this patch (or at least reverting the change in this "org.freedesktop.packagekit.trigger-offline-update" rule) makes auto updates work again.
Please remove this change from the patch (or even the whole patch? this was last modified in 2012, so should be reviewed if still needed). |
|
2021-12-21 15:49:24 |
Bleuzen |
description |
In Kubuntu KDE system settings, there is an option to enable automatic updates. However I wondered why this never actually updated the system, despite that I had automatic updates enabled for some time.
Turns out, KDE uses Discover to update the system unattended. And discover uses packagekit to trigger offline updates.
Now here is the problem: Usually this would work. It does on other distros which don't patch the polkit policy. But not on (K)ubuntu.
In the package sources there is a patch for the debian/ubuntu package:
<packagesrc>/debian/patches/policy.diff
This patch does change the permission to do offline updates from all active users to only admins.
Here:
```
@@ -273,7 +271,7 @@
<action id="org.freedesktop.packagekit.trigger-offline-update">
<!-- SECURITY:
- - Normal users are able to ask updates to be installed at
+ - Administrators are able to ask updates to be installed at
early boot time without a password.
-->
<description>Trigger offline updates</description>
@@ -282,7 +280,7 @@
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
```
With this patch, it prompts the user for a password before allowing offline updates. Now in unattended update mode, this prompt is hidden.
So basically with that patch, unattended updates on Kubuntu just fail silently.
Removing this patch (or at least reverting the change in this "org.freedesktop.packagekit.trigger-offline-update" rule) makes auto updates work again.
Please remove this change from the patch (or even the whole patch? this was last modified in 2012, so should be reviewed if still needed). |
In Kubuntu KDE system settings, there is an option to enable automatic updates. However I wondered why this never actually updated the system, despite that I had automatic updates enabled for some time.
Turns out, KDE uses Discover to update the system unattended. And discover uses packagekit to trigger offline updates.
Now here is the problem: Usually this would work. It does on other distros which don't patch the polkit policy. But not on (K)ubuntu.
In the package sources there is a patch for the debian/ubuntu package:
<packagesrc>/debian/patches/policy.diff
This patch does change the permission to do offline updates from all active users to only admins.
Here:
```
@@ -273,7 +271,7 @@
<action id="org.freedesktop.packagekit.trigger-offline-update">
<!-- SECURITY:
- - Normal users are able to ask updates to be installed at
+ - Administrators are able to ask updates to be installed at
early boot time without a password.
-->
<description>Trigger offline updates</description>
@@ -282,7 +280,7 @@
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
```
With this patch, it prompts the user for a password before allowing offline updates. Now in unattended update mode, this prompt is hidden.
So basically with that patch, unattended updates on Kubuntu just fail silently.
Removing this patch (or at least reverting the change in this "org.freedesktop.packagekit.trigger-offline-update" action) makes auto updates work again.
Please remove this change from the patch (or even the whole patch? this was last modified in 2012, so should be reviewed if still needed). |
|
2023-05-10 01:54:31 |
Launchpad Janitor |
packagekit (Ubuntu): status |
New |
Confirmed |
|
2023-05-10 01:54:59 |
Aroun |
bug |
|
|
added subscriber Aroun |
2023-05-10 02:12:39 |
Aroun |
packagekit (Ubuntu): status |
Confirmed |
Fix Released |
|