Upgrading system via GUI

Hello,
i implemnetd a rule to upgrade the system

rule "execute string_flag_System upgrade"
when
    Item string_flag_System received command "Upgrade"
then
    try {
        logInfo("execute string_flag_System upgrade", "upgrading off openHAB")
        var ScriptResponse = executeCommandLine(Duration.ofSeconds(20),"sudo","apt-get update")
        logInfo("execute string_flag_System upgrade", "upgrading openHAB " + ScriptResponse.toString() )
        //logInfo("execute string_flag_System upgrade", "upgrading off openHAB")
        ScriptResponse = executeCommandLine(Duration.ofSeconds(20),"sudo","apt-get upgrade")
        logInfo("execute string_flag_System upgrade", "upgrading openHAB " + ScriptResponse.toString() )
        //executeCommandLine("sudo","apt-get update")
        //executeCommandLine("sudo","apt-get upgrade")
        string_flag_System.postUpdate(NULL)
    }
    catch(Throwable T)
    {
        logError("Error", "Some bad stuff happened in \"execute string_flag_System upgrade\": " + T.toString)
    }
    finally
    {

    }
end

and added it to the sudoers file

openhab   ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/systemctl, /bin/apt-get update, /usr/bin/apt update, /bin/apt-get upgrade, /usr/bin/apt-get upgrade, /bin/apt update, /bin/apt-get upgrade, /bin/apt upgrade

but still get this in the log

022-08-26 21:58:59.091 [INFO ] [t.execute string_flag_System upgrade] - upgrading off openHAB
2022-08-26 21:58:59.190 [INFO ] [t.execute string_flag_System upgrade] - upgrading openHAB 
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
sudo: a terminal is required to read the password; either use the -S option to read class="afterFrom marked"> from standard input or configure an askpass helper
sudo: a password is required
2022-08-26 21:58:59.281 [INFO ] [t.execute string_flag_System upgrade] - upgrading openHAB 
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
sudo: a terminal is required to read the password; either use the -S option to read class="afterFrom marked"> from standard input or configure an askpass helper
sudo: a password is required

any help appreciated :slight_smile:

The first time you run a sudo command, you have to acknowledge the that message you see there in the logs, whether or not you have it set for NOPASSWD.

You’ll need to run sudo as the openhab user so you can ack that message, or search for some tutorials on how to suppress that message (I’m pretty sure there is one).

Note: if openHAB itself get’s upgraded it will stop OH which will kill the apt command itself and likely leave you in a semi-broken state.

I run the sudo command several times as user openhab in the command line everything went fine…

Are you sure you are not running it as openhabian? That message above only appears the first time you run sudo as a given user and will continue to show until you acknowledge it by pressing ‘y’.

Yes…used

sudo -u openhab sudo apt-get update

Try

sudo -u openhab bash
sudo apt-get update

But again, if you continue down this path, the first time that openHAB itself gets upgraded you’re going to end up with a broken system.

If that doesn’t change anything, your answer is probably going to be on a general Linux forum and the docs for sudo. Running apt from openHAB like this isn’t something we do because it breaks the system.

Thanks for the hint I am aware…can I exclude one package being upgraded?

Probably. The docs for apt will say. It will probably involve pinning the version of openHAB to a specific version.

Tried your command 2 post up…still same issue…

Reboot and power off is running only apt-get not

Did you configure the first two using any argument in executeCommandLine ?
The third one you defined using arguments but you did not separate the argument by using a command.
I would expect that it needs to be

ScriptResponse = executeCommandLine(Duration.ofSeconds(20),"sudo","apt-get",  "upgrade")

As @rlkoshak already stated the command may require an argument to force the execution in case a confirmation is required.

openhabian-config uses these options:

apt-get upgrade --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"

I personally would like to have full control over the upgrade process. I would like to know if there is any main change in a package that is being installed. In case of an unattended upgrade a package might be upgraded that breaks something. Being aware of the packages that were upgrade you have at least an idea where to search for root causes.
Sometimes there are complex dependencies that I prefer to manually resolve or at least I would like to know the proposals / assumptions the system does.
So wouldn’t it be better to get informed by the system that there is an update available and do it manually ?

I also thought about this direction…to get an information that an update is available…any idea how to do this?

e.g. run

apt list --upgradable

which will give:

Listing... Done
grafana/stable 9.1.1 armhf [upgradable from: 9.0.2]
libc-bin/oldstable 2.28-10+rpt2+rpi1+deb10u1 armhf [upgradable from: 2.28-10+rpt2+rpi1]
libc-dev-bin/oldstable 2.28-10+rpt2+rpi1+deb10u1 armhf [upgradable from: 2.28-10+rpt2+rpi1]
libc-l10n/oldstable 2.28-10+rpt2+rpi1+deb10u1 all [upgradable from: 2.28-10+rpt2+rpi1]
libc6-dbg/oldstable 2.28-10+rpt2+rpi1+deb10u1 armhf [upgradable from: 2.28-10+rpt2+rpi1]
libc6-dev/oldstable 2.28-10+rpt2+rpi1+deb10u1 armhf [upgradable from: 2.28-10+rpt2+rpi1]
libc6/oldstable 2.28-10+rpt2+rpi1+deb10u1 armhf [upgradable from: 2.28-10+rpt2+rpi1]
libcairo-gobject2/oldstable 1.16.0-4+rpt1+deb10u1 armhf [upgradable from: 1.16.0-4+rpt1]
libcairo2/oldstable 1.16.0-4+rpt1+deb10u1 armhf [upgradable from: 1.16.0-4+rpt1]
libpulse0/oldstable 12.2-4+deb10u1+rpt3 armhf [upgradable from: 12.2-4+deb10u1+rpi3]
libtirpc-common/oldstable 1.1.4-0.4+deb10u1 all [upgradable from: 1.1.4-0.4]
libtirpc3/oldstable 1.1.4-0.4+deb10u1 armhf [upgradable from: 1.1.4-0.4]
locales/oldstable 2.28-10+rpt2+rpi1+deb10u1 all [upgradable from: 2.28-10+rpt2+rpi1]
multiarch-support/oldstable 2.28-10+rpt2+rpi1+deb10u1 armhf [upgradable from: 2.28-10+rpt2+rpi1]
tzdata/oldstable 2021a-0+deb10u6 all [upgradable from: 2021a-0+deb10u5]

or

apt-get -u -V upgrade --assume-no

which results in ( because of progress ‘bar’ the returned value in a variable might look different )

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   grafana (9.0.2 => 9.1.1)
   libc-bin (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   libc-dev-bin (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   libc-l10n (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   libc6 (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   libc6-dbg (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   libc6-dev (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   libcairo-gobject2 (1.16.0-4+rpt1 => 1.16.0-4+rpt1+deb10u1)
   libcairo2 (1.16.0-4+rpt1 => 1.16.0-4+rpt1+deb10u1)
   libpulse0 (12.2-4+deb10u1+rpi3 => 12.2-4+deb10u1+rpt3)
   libtirpc-common (1.1.4-0.4 => 1.1.4-0.4+deb10u1)
   libtirpc3 (1.1.4-0.4 => 1.1.4-0.4+deb10u1)
   locales (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   multiarch-support (2.28-10+rpt2+rpi1 => 2.28-10+rpt2+rpi1+deb10u1)
   tzdata (2021a-0+deb10u5 => 2021a-0+deb10u6)
15 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 99.8 MB of archives.
After this operation, 5,478 kB of additional disk space will be used.
Do you want to continue? [Y/n] N
Abort.

With ( this needs to be put into a file as pipes are not supported in the executeCommandLine parameters )

apt-get -u -V upgrade --assume-no | grep upgraded,

you just get

15 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Output is related to simulated results. The upgrade is not yet done although it is implied by the time that is used in that sentence.

PS you guys may be interested in my PR below … although it has been more-or-less abandoned by the core developers as “won’t do / too difficult” …

1 Like

To avoid openhab of being upgraded:
sudo apt-mark hold openhab

To allow an upgrade again:
sudo apt-mark unhold openhab

1 Like

I use “unattended-upgrade” (on Ubuntu based OS) since years without any problems. Pinning the Openhab version to the major version - at the moment it’s 3..

1 Like