I’m running Fedora 34, and using dnf-automatic, set to install any updates. I have added a ExecStopPost line to dnf-automatic-install.service, which calls a script:
The problem is that this script is called every time dnf-automatic is run, even when no software is updated. How can I get it to run only after updates?
If I must, I’ll write a script that duplicates dnf-automatic, using the exit code from:
dnf check-update
The documentation says it returns exit code 100 when there is updates, but it returns 0. Do I have to write a parser to solve this issue, or am I doing it wrong?
I’m trying to do what I want using the stock Fedora utilities, but when they don’t work as advertised, this makes it frustrating.
Thanks for your reply! The issue with needs-restarting is it seems to be broken:
root@bix[~]# dnf needs-restarting -r
Core libraries or services have been updated since boot-up:
* kernel
* systemd
Reboot is required to fully utilize these updates.
More information: https://access.redhat.com/solutions/27943
This is just after I rebooted. The kernel and systemd are up to date, so I don’t know why it’s telling me it needs restarting when it doesn’t need restarting. Am I missing something?
So it looks like some are reporting as expected, some not. Oh dear. Not encouraging at all. I don’t know if there are any differences between the hosts.
Returning to the rkhunter part of the original question: one way to check if it needs to be rerun would be to compare the date of the most recent transaction from dnf history list with the timestamp of a separate timestamp file. You might wish to use date +%s --date=… to get the timestamp in a convenient format.
Perhaps you already parse the output of dnf history to know what packages to do propupd on so you don’t accidentally hide actual changes rkhunter should have warned about?
For the restart part, dnf needs-restarting -r will (when it is working) signal more than just a kernel update. But perhaps it is actually closer to what you really want for that part of the script?
I wrote a script that calls the update check, then if an update is pending, regular rkhunter, then if no errors, does the update, then the propupd.
After weeks of grief trying to get systemd dnf-automatic.sevice to work consistently, my script was written in a couple of hours and works reliably 100% of the time, with full logging.
I’ve learned the hard way that if a part of the systemd borg gets in the way, turn it off instead of trying to fix it.