search

PiSupply / iot-lora-image

RPi SD Card Image for IoT LoRa Range
11 stars 6 forks source link

Setup automatic Apt Security Updates #31

Closed ryanteck closed 4 years ago

ryanteck commented 4 years ago

Automatically update via apt

ryanteck commented 4 years ago 
Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
 //     "origin=Debian,codename=${distro_codename}-updates";
//      "origin=Debian,codename=${distro_codename}-proposed-updates";
   //     "origin=Debian,codename=${distro_codename},label=Debian";
     //   "origin=Debian,codename=${distro_codename},label=Debian-Security";

        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
      "o=Raspbian,a=stable";
      "o=Raspbian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
};
ryanteck commented 4 years ago

This will require re-evaluation once the new image is done. Currently the plan is to switch to using Yocto as the base OS which means it'll be the package manager for that if there is one. However by also switching to mender this won't be as much of an issue.

ryanteck commented 4 years ago

New re-valuation.

Going to test a Lightweight version of Raspbian with docker. This image will get most updates via APT so doesn't rely on us running a server.

The docker container images will be uploaded somewhere (github, our server, docker images) and there will be some kind of Python program that can be downloaded by the program to self update.

This part might be able to be via an apt package on the RPi repos but we'll need to see if this would be possible.

This offers a good level of automatic updating and not for those who don't want it. Being based on Raspbian would also benefit those who would prefer that instead.

Next steps: Test out small raspbian image.

ryanteck commented 4 years ago

Believe this is done, just requires some more testing