Automatic Software Update in Systemtray - Authentication

WolfGrossi · February 20, 2018, 4:12pm

Greetings,

there is a system monitor running (nettraffic etc.etc.) with KDE Plasma 5, 24/7.
The user is not privileged.
Software update occurs daily and requires password, which must to be entered manually.

Question:

Can I configure the automatic system updater in systemtray to use a saved password?
Or should I disable the systemtray updater and create a zypper cronjob?

Thanks for hints,
Wolf

wolfi323 · February 20, 2018, 4:36pm

Question:

Can I configure the automatic system updater in systemtray to use a saved password?

Or should I disable the systemtray updater and create a zypper cronjob?

By default, there should not be a need for a password to install updates.

You probably changed the security level though I suppose.

grep SECURITY /etc/sysconfig/security

It is indeed possible to setup a cron job that runs zypper (as root) if you want, YaST can even do that for you (“Online Update Configuration”, package yast2-online-update-configuration).
There is also a cronjob that automatically runs PackageKit to install updates (like the update applet), that one can be configured in /etc/sysconfig/packagekit-background.

It’s your decision though if you want to do that.

WolfGrossi · February 21, 2018, 10:46am

/etc/sysconfig/security is unchanged.
As I just found out, the update process performs a software repository refresh before getting updates.
The message reads

Authentication is required to refresh the systen sources

yast/software repositories ‘autorefresh’ is not set for any repository.

Any hints?
Wolf

wolfi323 · February 21, 2018, 12:54pm

So, what does that command print?

As I just found out, the update process performs a software repository refresh before getting updates.

Also this is allowed by default without needing a password.

yast/software repositories ‘autorefresh’ is not set for any repository.

Then there won’t ever be any updates found. You should at least enable Auto-Refresh for the update repo.

Please post the output of “zypper lr -d” as well.

WolfGrossi · February 21, 2018, 4:36pm

> grep SYSTEM /etc/sysconfig/security

PERMISSION_SECURITY="easy local"
# PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or

zypper ld -r


Repository priorities are without effect. All enabled repositories share the same priority.

#  | Alias                           | Name                                    | Enabled | GPG Check | Refresh | Priority | Type   
---+---------------------------------+-----------------------------------------+---------+-----------+---------+----------+--------
 1 | download.opensuse.org-non-oss   | Main Repository (NON-OSS)               | Yes     | (r ) Yes  | Yes     |   99     | yast2  
 2 | download.opensuse.org-non-oss_1 | Update Repository (Non-Oss)             | Yes     | (r ) Yes  | Yes     |   99     | rpm-md 
 3 | download.opensuse.org-oss       | Main Repository (OSS)                   | Yes     | (r ) Yes  | Yes     |   99     | yast2  
 4 | download.opensuse.org-oss_1     | Main Update Repository                  | Yes     | (r ) Yes  | Yes     |   99     | rpm-md 
 5 | openSUSE-Leap-42.3-0            | openSUSE-Leap-42.3-0                    | No      | ----      | ----    |   99     | yast2  
 6 | repo-debug                      | openSUSE-Leap-42.3-Debug                | No      | ----      | ----    |   99     | yast2  
 7 | repo-debug-non-oss              | openSUSE-Leap-42.3-Debug-Non-Oss        | No      | ----      | ----    |   99     | yast2  
 8 | repo-debug-update               | openSUSE-Leap-42.3-Update-Debug         | No      | ----      | ----    |   99     | rpm-md 
 9 | repo-debug-update-non-oss       | openSUSE-Leap-42.3-Update-Debug-Non-Oss | No      | ----      | ----    |   99     | rpm-md 
10 | repo-source                     | openSUSE-Leap-42.3-Source               | No      | ----      | ----    |   99     | yast2  
11 | repo-source-non-oss             | openSUSE-Leap-42.3-Source-Non-Oss       | No      | ----      | ----    |   99     | yast2

I reduced width by cutting all after ‘Type’.

Any thoughts?
Thank you for your time.
Wolf

wolfi323 · February 21, 2018, 5:03pm

Ok, this means you shouldn’t need a password.
(unless you modified some /etc/polkit* files manually.

What does this command list?

grep -iR refresh /etc/polkit-*

zypper ld -r

Repository priorities are without effect. All enabled repositories share the same priority.

| Alias | Name | Enabled | GPG Check | Refresh | Priority | Type

—±--------------------------------±----------------------------------------±--------±----------±--------±---------±-------
1 | download.opensuse.org-non-oss | Main Repository (NON-OSS) | Yes | (r ) Yes | Yes | 99 | yast2
2 | download.opensuse.org-non-oss_1 | Update Repository (Non-Oss) | Yes | (r ) Yes | Yes | 99 | rpm-md
3 | download.opensuse.org-oss | Main Repository (OSS) | Yes | (r ) Yes | Yes | 99 | yast2
4 | download.opensuse.org-oss_1 | Main Update Repository | Yes | (r ) Yes | Yes | 99 | rpm-md

So Auto-Refresh is actually enabled for those 4, which is fine.

Well, the only other reason I can think of that you get the mentioned error message is that your user session is not registered correctly.
What displaymanager are you using?
What’s the output of “loginctl”, i.e. is your user session displayed?
You are not booting to text mode and running “startx”, are you?

WolfGrossi · February 25, 2018, 5:27pm

I’m gonna manage update via cron with

zypper patch --with-optional

appears being more transparent.

Thank you for your time
Wolf