Support for delayed updates
This is the foris counter-part of turris/updater#112. It should be possible to:
- Configure the mode in which updater operates.
- Approve and deny requests issued by the updater.
The options to configure the mode are:
-
updater.approvals.need
: If set to true (false by default), the updater needs an approval to perform updaters. -
updater.approvals.notify:
If set to true (by default), a notification is generated whenever new approval request is issued. -
updater.approvals.auto_grant_seconds
: If set, an approval is granted after so many seconds after the request is issued unless the user denies it in the meantime.
Note that the section (named approvals
, of type approvals
) may need to be created first.
Reasonable modes would be something like:
- No approvals (the default,
need
set to false) ‒ updater just does whatever it likes without asking. - Approvals with timeouts ‒
need
set to true, andauto_grant_seconds
set to something reasonable. - Strict approvals ‒
need
set to true,auto_grant_seconds
non-existing.
It may be best to leave the notify
at its default.
To manipulate the approvals, new version of nuci was issued (turris/nuci!12 (merged)). The <get>
contains the requests ‒ both the ones unhandled and the ones approved or denied by the user. There may be one current request ‒ the others are outdated. The current one has a list of actions that would be taken. To manipulate them, send <grant>
or <deny>
RPCs. All this is in the updater
model.
Note that this works only with updater-ng, so it makes sense to show it only in omnia. Also, as the notifications are of the update
type, the notification level should be set to at least such level, or user's wouldn't get the notifications. Does it make sense to have a check for it and ask the user to fix it?
As for how it would look like. The configuration can be on the updater tab. The requests that need approval can go to the intro page with notifications ‒ it could look similar to the notifications, but it would have two buttons (approve and deny) ‒ something like restart has one button.