[valtam]

You're doing great, I love looking at your code.

Sent from my Phone using Tapatalk

[ralphy]

Both issues are now fixed, although the manual cron job editing fix is a "work-around" to deal with it for now.

It is working fine in my machines... I have it checking for updates every 2 minutes and updates notifications are popping up like madman  ;D

[valtam]

Working wonderfully here too Ralphy, great stuff :) Will continue to refine this and it should be a 3.4 Feature.

[ralphy]

Regarding https://github.com/linuxlite/liteupdates...-266911721 issue.

/usr/local/sbin/updatenotify

Code:

#!/bin/bash

xhost local:$USER > /dev/null 2>&1
export DISPLAY=:0
apt-get update > /dev/null 2>&1
UPD=$(/usr/lib/update-notifier/apt-check --human-readable && echo && echo Click here to remove this message)
notify-send -i /usr/share/icons/Faenza/apps/48/system-software-installer.png --expire-time=10000 'Install Updates' "$UPD"
exit

xhost local:$USER > /dev/null 2>&1
Provides access to an application running as sudo or su to the graphical server (aka X session aka computer screen):

Therefore I was under the impression that we were already executing the application as root. This is what's open for discussion I believe... but before we get into that:

IMPORTANT: We need to close the hole created by xhost local:$USER > /dev/null 2>&1 before exiting the script. Otherwise (although local) we are leaving the door open for abuse:

xhost -  #To get things back to normal, with controlled access to the X screen

Code:

#!/bin/bash

xhost local:$USER > /dev/null 2>&1
export DISPLAY=:0
apt-get update > /dev/null 2>&1
UPD=$(/usr/lib/update-notifier/apt-check --human-readable && echo && echo Click here to remove this message)
notify-send -i /usr/share/icons/Faenza/apps/48/system-software-installer.png --expire-time=10000 'Install Updates' "$UPD"
xhost - > /dev/null 2>&1
exit

[valtam]

Nice catch on the xhost hole. When I put together a program, and it outputs information to the user, I try to think like that user.
The notification told me there was 1 update when there was in fact 10. As a new user, I would think to myself, "that program is not accurate. It's telling me one thing, and the result is another".

[ralphy]

I agree with your point Jerry. It is certainly important to keep this in perspective. I failed to realize that the command is being executed without privileges because on my test VM I'm running the cron as root. Obviously, running it as a root cronjob is not ideal because this will make it a global setting for all admins... Furthermore, assuming that multiple admins login to the machine, they may want to have their own notification preferences and your solution, at that point, is the one that makes the most sense :) :

Code:

#! /bin/sh
# Postinst script for Lite Update Notify

set -e

IDUSER=$(grep -Po '^sudo.+:\K.*$' /etc/group)

if [ `id -u $IDUSER 2>/dev/null || echo -1` -ge 0 ]; then
    echo "$IDUSER ALL=NOPASSWD: /usr/local/sbin/updatenotify" >> /etc/sudoers

else
    echo "Script failed..."
fi

But I recommend we use /etc/sudoers.d instead of modifying the default /etc/sudoers file for multiple reasons.

I think this can be done as we set the cronjob because we have admin privileges at that point. Thus, we can create or remove each sudoer under /etc/sudoers.d using the $LUNUSER variable the same way we are using it to create the cron job.

Throw at me what you think about that.

[valtam]

I need to think this through, and experiment at this end. Haven't used /etc/sudoers.d before.

[valtam]

Ok, I think I have a good implementation. Would you like to test in a VM?

- postinst script in debian package checks for the file:

Code:

/etc/sudoers.d/lun

If it doesn't exist, it gets created.

- /etc/sudoers/lun contains:

Code:

%sudo ALL=NOPASSWD: /usr/local/sbin/updatenotify

A simpler way to ensure only sudo users get use of the sudo apt-get update command in /usr/local/sbin/updatenotify

- I have a 2 min setting in there for testing purposes.

- Later, I'll include a script in the debian package to remove the lun file from /etc/sudoers.d/ dir.

[ralphy]

where is that code at?

[valtam]

https://www.linuxliteos.com/files/liteup...uxlite.deb