Secure Remote Update solution(s)

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
triptrap
Posts: 2
Joined: Tue Aug 28, 2018 10:45 am

Secure Remote Update solution(s)

Post by triptrap »

Hi Dietpipeople,

We are building an embedded system using Raspberry Pis, and chose Dietpi, of course !

We will have dozens of Pis in the field and want to have them update their Linux kernel and our software running on that.
We want them to do that themselves, automatically, safely and securely, using their connection to the internet.

We saw solutions like Mender and SWupdate, but did not find any reference to using them with Dietpi.

Are people doing what we want to do with Dietpi, and if so, what is the recommended remote update solution ?

TIA !
User avatar
WarHawk
Posts: 606
Joined: Thu Jul 20, 2017 8:55 am

Re: Secure Remote Update solution(s)

Post by WarHawk »

install unattended-upgrades

Code: Select all

# sudo apt-get install unattended-upgrades
done and done

https://wiki.debian.org/UnattendedUpgrades
https://linux-audit.com/using-unattende ... nd-ubuntu/

However for DietPi updates...I would recommend installing screen and if you have to do upgrades with that method, then use dietpi-upgrade that way in case SSH drops out.
User avatar
MichaIng
Site Admin
Posts: 2293
Joined: Sat Nov 18, 2017 6:21 pm

Re: Secure Remote Update solution(s)

Post by MichaIng »

Jep unattended-upgrades is the usual way to do that, also since it is integrated into APT API, so should be safest way. But it only applies security upgrades, no full apt-get upgrade or dist-upgrade.

DietPi disables it by default, since it's random systemd timer lead to randomly blocked APT, thus DietPi updates/installs failing. Therefore DietPi-Software and DietPi-Update will apply APT upgrades themselves. So to enable unattended upgrades, you need to:

Code: Select all

systemctl unmask apt-daily.service
systemctl unmask apt-daily.timer
systemctl unmask apt-daily-upgrade.service
systemctl unmask apt-daily-upgrade.timer
triptrap
Posts: 2
Joined: Tue Aug 28, 2018 10:45 am

Re: Secure Remote Update solution(s)

Post by triptrap »

Thanks for the helpful replies.

So the standard Dietpi solution is just to update the OS via automatic periodical downloading of packages.

And to update our own software on the Pi, we would set up our own package repository, which the Pi periodically checks ?

The more complex solutions I researched mention things like multiple system partitions, fallbacks, atomic updating, etc.
Do Dietpi people just not worry about those issues ?
Post Reply