Remind users about software updates

[allanday]

People running toolboxes without the latest security updates is a Bad Thing™. It would therefore be good to have a mechanism by which they are reminded that their toolboxes are out of date, or require updates.

It would be good to investigate potential technical solutions to this. In UX terms, we probably want a minimal and non-intrusive reminder, like:

$ toolbox enter fedora-32
fedora-32: 7 days since the last update check. Please run 'dnf update'.
⬢ $

[tpopela]

One idea here would be to use the output of dnf updateinfo list --security --available that can produce e.g.:

0 $ dnf updateinfo list --security --available
Fedora 32 openh264 (From Cisco) - x86_64                                                                                                                                                                        201  B/s | 543  B     00:02
Fedora Modular 32 - x86_64                                                                                                                                                                                       15 kB/s |  22 kB     00:01
Fedora Modular 32 - x86_64 - Updates                                                                                                                                                                             84 kB/s |  19 kB     00:00
Fedora Modular 32 - x86_64 - Updates                                                                                                                                                                            903 kB/s | 1.1 MB     00:01
Fedora Modular 32 - x86_64 - Test Updates                                                                                                                                                                        16 kB/s |  18 kB     00:01
Fedora Modular 32 - x86_64 - Test Updates                                                                                                                                                                       178 kB/s | 349 kB     00:01
Fedora 32 - x86_64 - Test Updates                                                                                                                                                                                33 kB/s |  13 kB     00:00
Fedora 32 - x86_64 - Test Updates                                                                                                                                                                               2.0 MB/s | 2.9 MB     00:01
Fedora 32 - x86_64 - Updates                                                                                                                                                                                     19 kB/s |  14 kB     00:00
Fedora 32 - x86_64 - Updates                                                                                                                                                                                    3.0 MB/s |  13 MB     00:04
Fedora 32 - x86_64                                                                                                                                                                                               30 kB/s |  22 kB     00:00
RCM Tools for Fedora 32 (RPMs)                                                                                                                                                                                  0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'rcm-tools-fedora-rpms':
  - Curl error (6): Couldn't resolve host name for https://download.devel.redhat.com/rel-eng/RCMTOOLS/latest-RCMTOOLS-2-F-32/compose/Everything/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]
Error: Failed to download metadata for repo 'rcm-tools-fedora-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: rcm-tools-fedora-rpms
FEDORA-2020-9336b65f82 Moderate/Sec.  brotli-1.0.9-3.fc32.x86_64
FEDORA-2020-9336b65f82 Moderate/Sec.  brotli-devel-1.0.9-3.fc32.x86_64
FEDORA-2020-fb144e7de5 Unknown/Sec.   ca-certificates-2020.2.41-1.1.fc32.noarch
FEDORA-2020-214865ce21 Important/Sec. chromium-85.0.4183.121-1.fc32.x86_64
FEDORA-2020-214865ce21 Important/Sec. chromium-common-85.0.4183.121-1.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  createrepo_c-0.16.1-2.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  createrepo_c-libs-0.16.1-2.fc32.x86_64
FEDORA-2020-965e406543 Moderate/Sec.  cryptsetup-libs-2.3.4-1.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  dnf-4.4.0-1.fc32.noarch
FEDORA-2020-47a7fbf50d Unknown/Sec.   dnf-4.4.0-2.fc32.noarch
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  dnf-data-4.4.0-1.fc32.noarch
FEDORA-2020-47a7fbf50d Unknown/Sec.   dnf-data-4.4.0-2.fc32.noarch
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  dnf-plugins-core-4.0.18-1.fc32.noarch
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  dnf-utils-4.0.18-1.fc32.noarch
FEDORA-2020-b2a2c830cf Important/Sec. git-2.26.2-1.fc32.x86_64
FEDORA-2020-b2a2c830cf Important/Sec. git-core-2.26.2-1.fc32.x86_64
FEDORA-2020-b2a2c830cf Important/Sec. git-core-doc-2.26.2-1.fc32.noarch
FEDORA-2020-d860479b2a Moderate/Sec.  glibc-2.31-4.fc32.x86_64
FEDORA-2020-d860479b2a Moderate/Sec.  glibc-common-2.31-4.fc32.x86_64
FEDORA-2020-d860479b2a Moderate/Sec.  glibc-devel-2.31-4.fc32.x86_64
FEDORA-2020-d860479b2a Moderate/Sec.  glibc-headers-2.31-4.fc32.x86_64
FEDORA-2020-d860479b2a Moderate/Sec.  glibc-minimal-langpack-2.31-4.fc32.x86_64
FEDORA-2020-4246288e21 Moderate/Sec.  gnutls-3.6.15-1.fc32.x86_64
FEDORA-2020-eba554b9d5 Moderate/Sec.  libX11-1.6.12-1.fc32.x86_64
FEDORA-2020-eba554b9d5 Moderate/Sec.  libX11-common-1.6.12-1.fc32.noarch
FEDORA-2020-eba554b9d5 Moderate/Sec.  libX11-xcb-1.6.12-1.fc32.x86_64
FEDORA-2020-94211d0a7d Moderate/Sec.  libarchive-3.4.3-1.fc32.x86_64
FEDORA-2020-9336b65f82 Moderate/Sec.  libbrotli-1.0.9-3.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  libdnf-0.54.2-1.fc32.x86_64
FEDORA-2020-47a7fbf50d Unknown/Sec.   libdnf-0.54.2-2.fc32.x86_64
FEDORA-2020-f09ecf5985 Moderate/Sec.  libjpeg-turbo-2.0.4-3.fc32.x86_64
FEDORA-2020-c3ca827d31 Moderate/Sec.  libmetalink-0.1.3-13.fc32.x86_64
FEDORA-2020-941b563a80 Low/Sec.       libproxy-0.4.15-19.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  librepo-1.12.1-1.fc32.x86_64
FEDORA-2020-f4f5e49cb8 Low/Sec.       libssh-0.9.5-1.fc32.x86_64
FEDORA-2020-f4f5e49cb8 Low/Sec.       libssh-config-0.9.5-1.fc32.noarch
FEDORA-2020-eb942ee0db Important/Sec. libuv-1:1.39.0-1.fc32.x86_64
FEDORA-2020-77b758d6dc Unknown/Sec.   libuv-1:1.40.0-1.fc32.x86_64
FEDORA-2020-35087800be Moderate/Sec.  libxml2-2.9.10-7.fc32.x86_64
FEDORA-2020-d7ed9f18ff Low/Sec.       lua-libs-5.3.5-8.fc32.x86_64
FEDORA-2020-fcc91a28e8 Important/Sec. openssl-1:1.1.1g-1.fc32.x86_64
FEDORA-2020-fcc91a28e8 Important/Sec. openssl-devel-1:1.1.1g-1.fc32.x86_64
FEDORA-2020-fcc91a28e8 Important/Sec. openssl-libs-1:1.1.1g-1.fc32.x86_64
FEDORA-2020-b2a2c830cf Important/Sec. perl-Git-2.26.2-1.fc32.noarch
FEDORA-2020-c3b07cc5c9 Moderate/Sec.  python-unversioned-command-3.8.5-1.fc32.noarch
FEDORA-2020-e9251de272 Unknown/Sec.   python27-2.7.18-2.fc32.x86_64
FEDORA-2020-887d3fa26f Moderate/Sec.  python27-2.7.18-6.fc32.x86_64
FEDORA-2020-c3b07cc5c9 Moderate/Sec.  python3-3.8.5-1.fc32.x86_64
FEDORA-2020-c3b07cc5c9 Moderate/Sec.  python3-devel-3.8.5-1.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  python3-dnf-4.4.0-1.fc32.noarch
FEDORA-2020-47a7fbf50d Unknown/Sec.   python3-dnf-4.4.0-2.fc32.noarch
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  python3-dnf-plugins-core-4.0.18-1.fc32.noarch
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  python3-hawkey-0.54.2-1.fc32.x86_64
FEDORA-2020-47a7fbf50d Unknown/Sec.   python3-hawkey-0.54.2-2.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  python3-libdnf-0.54.2-1.fc32.x86_64
FEDORA-2020-47a7fbf50d Unknown/Sec.   python3-libdnf-0.54.2-2.fc32.x86_64
FEDORA-2020-c3b07cc5c9 Moderate/Sec.  python3-libs-3.8.5-1.fc32.x86_64
FEDORA-2020-d0f892b069 Moderate/Sec.  sqlite-libs-3.33.0-1.fc32.x86_64
FEDORA-2020-5d9f0ce2b3 Moderate/Sec.  yum-4.4.0-1.fc32.noarch
FEDORA-2020-47a7fbf50d Unknown/Sec.   yum-4.4.0-2.fc32.noarch
FEDORA-2020-08402f4071 Important/Sec. zeromq-4.3.3-1.fc32.x86_64

and then allow the user to install them with sudo dnf upgrade --security that only installs the available security updates.

[felipeborges]

podman seems to install a systemd timer at /usr/lib/systemd/system/podman-auto-update.timer for auto updating.

[mfocko]

podman seems to install a systemd timer at /usr/lib/systemd/system/podman-auto-update.timer for auto updating.

@felipeborges updates images and even with that, it expects the images to be updated

[debarshiray]

podman seems to install a systemd timer at
/usr/lib/systemd/system/podman-auto-update.timer for auto updating.

As far as I can make it, podman auto-update re-creates the container when it sees an updated image. See podman-auto-update(1).

This works nicely for the usual service-specific OCI containers, where the containers can be thrown away and restarted without any problems, but would be disruptive for our pet Toolbox containers.

[KilianHanich]

To add to this, being able to tell toolbox to "update all toolboxes" would be quite a nice QoL.

Obviously, the image would need to specify how to do this, but it would be quite nice even if not crucial.