Secure Remote Update solution(s)

Hi Dietpipeople,

We are building an embedded system using Raspberry Pis, and chose Dietpi, of course !

We will have dozens of Pis in the field and want to have them update their Linux kernel and our software running on that.
We want them to do that themselves, automatically, safely and securely, using their connection to the internet.

We saw solutions like Mender and SWupdate, but did not find any reference to using them with Dietpi.

Are people doing what we want to do with Dietpi, and if so, what is the recommended remote update solution ?

TIA !

install unattended-upgrades

# sudo apt-get install unattended-upgrades

done and done

https://wiki.debian.org/UnattendedUpgrades
https://linux-audit.com/using-unattended-upgrades-on-debian-and-ubuntu/

However for DietPi updates…I would recommend installing screen and if you have to do upgrades with that method, then use dietpi-upgrade that way in case SSH drops out.

Jep unattended-upgrades is the usual way to do that, also since it is integrated into APT API, so should be safest way. But it only applies security upgrades, no full apt-get upgrade or dist-upgrade.

DietPi disables it by default, since it’s random systemd timer lead to randomly blocked APT, thus DietPi updates/installs failing. Therefore DietPi-Software and DietPi-Update will apply APT upgrades themselves. So to enable unattended upgrades, you need to:

systemctl unmask apt-daily.service
systemctl unmask apt-daily.timer
systemctl unmask apt-daily-upgrade.service
systemctl unmask apt-daily-upgrade.timer

Thanks for the helpful replies.

So the standard Dietpi solution is just to update the OS via automatic periodical downloading of packages.

And to update our own software on the Pi, we would set up our own package repository, which the Pi periodically checks ?

The more complex solutions I researched mention things like multiple system partitions, fallbacks, atomic updating, etc.
Do Dietpi people just not worry about those issues ?