[tor-relays] fixing unattended-upgrades' config
Pascal Terjan
pterjan at gmail.com
Sat Jul 7 20:29:01 UTC 2018
On 7 July 2018 at 20:02, nusenu <nusenu-lists at riseup.net> wrote:
>
>>> maybe it would be a good idea to switch to unattended-upgrades?
>>
>> I have never managed to get it to work :(
>> I have set it up on several machines and nothing ever got upgraded
>> whatever the config I set.
>> After spending too much time trying to get it to work I decided to use
>> my own script
>
> we added documentation for unattended-upgrades to the tor relay guide,
> I hope this is helpful for you:
>
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/DebianUbuntuUpdates
>
> maybe give it a try and let us know if it doesn't work for you?
Just a note that most of my relays are currently Ubuntu (16.04), one
is Debian and others are not Debian based
I noticed one of my relays still had 0.3.1.9 and it seems to be a
16.04 where I forgot to add my script so that's a good place to see
what happens.
The syntax of the expected config seems to be different from that
documentation, I believe the one I had was the default with the tor
line added:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESM:${distro_codename}";
"TorProject:${distro_codename}";
};
It seems there were 2 reasons why I was getting nothing updated:
1/ "${distro_id}:${distro_codename}-security" was wrong as security
updates are in "${distro_id}:${distro_codename}-updates", not
-security;
For example if I understand
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.6/+publishinghistory
correctly it was first published in -security then moved to -updates
2/ tor gets blacklisted because "Package 'tor' has conffile prompt and
needs to be upgraded manually"
More information about the tor-relays
mailing list