DRAFT for Disscussion: New feature Auto Update

[michelroegl-brunner]

🛠️ Note:
We are meticulous about merging code into the main branch, so please understand that pull requests not meeting the project's standards may be rejected. It's never personal!
🎮 Note for game-related scripts: These have a lower likelihood of being merged.

---

✍️ Description

This changes provide the option to automaticly update the container with a cron job.
It only works if you explicitly set this option with advanced options during CT creation.

Alltough you can retrofit any install by simply adding a file touch /opt/autoupdate_lxc and add the cronjob echo "0 0 * * * /usr/bin/update" >/etc/cron.d/autoupdate_lxc

I´d like to merge into develop first so it can be further tested before merging into main.

---

🛠️ Type of Change

Please check the relevant options:

• Bug fix (non-breaking change that resolves an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change unexpectedly)
• New script (a fully functional and thoroughly tested script or set of scripts)

---

✅ Prerequisites

The following steps must be completed for the pull request to be considered:

• Self-review performed (I have reviewed my code to ensure it follows established patterns and conventions.)
• Testing performed (I have thoroughly tested my changes and verified expected functionality.)
• Documentation updated (I have updated any relevant documentation)

---

📋 Additional Information (optional)

Provide any extra context or screenshots about the feature or fix here.

[MickLesk]

I am strongly against that. Many people have no idea about it, then thousands of issues pile up because people somehow have the auto-update on and something happens or breaks in the scripts.

[oOStroudyOo]

Assuming this is the automation and unsupervised running of "update" in the LXCs, it's something that I've thought about and would like to try.
I run container updates at midnight each day anyway but of course this doesn't cover updating of the applications themselves, only the operating system.

But I can understand MickLesks point of view.
I work in IT, so I'm competent enough to find and resolve/understand the issues when I experience them, I'm also well aware of the risks that I'm running and I perform regular back-ups of the servers + containers so can revert the changes easily.

But for somebody that's not familiar with this sort of stuff and are only running servers to save on subscription fees. This is risky.
I've spoken to a lot of people in this community, and most people that I've spoken to are here because the scripts are easy to use and they can achieve what they want in minutes without any knowledge or qualifications. Many don't actually understand Proxmox or Linux in general.

[michelroegl-brunner]

I understand both of you and your concernces, i‘ve only come up with this becouse i‘ve read the question often if there is a possiblitie for such a thing.
The Auto Update is not enabled by default with this changes! You have to install a Container with Advanced Settings and activated this feature like the Verbose Mode. So i do not see the problems with piles of issues as strongly as you do. I would not want to activate this as a deafault, i just thought to give the more advanced/experienced people the posibility to do this.

IMHO we could try it if i could lessen your concernces, and remove the feature anytime if issues because of the auto updates start piling up. I would also then add a warning in the documentation.

[oOStroudyOo]

I'd like to see it.

Perhaps not even having it in the Advanced Options as again, I think most non-technical people will select yes because it sounds "hassle free" and may not understand the risks.
Maybe having it as it's own helper-script that you run in the LXC would be a safer option.

How many different apps have you tried this with?

[michelroegl-brunner]

Yep, we also could remove it from there, but then i would also not provide a „Enable-Autoupdate.sh“ script. You would then have the same problem. And i basicly only creates a file „/opt/autoupdate-lxc“ and cronjob to run /usr/bin/upadte once a day. When you know what you are doing linux wise you could to this yourself anyway.

I‘ve testet it with a few Containers during creation, but it dose not depend on the application it self. I just added a If before the Dialouge to check if a file exkists. If yes, dont show it and kust run the update.

[Builder-DE-TH]

I appreciate the concerns but when you have 40+ (and rising) containers as I do, app updates become a chore that doesn't get done very often which means that security vulnerabilities can creep in which isn't great. These scripts are priceless because they take the monotonous drudgery out of spinning up lxcs. An app update script is the one missing piece remaining TBH.

[MickLesk]

I appreciate the concerns but when you have 40+ (and rising) containers as I do, app updates become a chore that doesn't get done very often which means that security vulnerabilities can creep in which isn't great. These scripts are priceless because they take the monotonous drudgery out of spinning up lxcs. An app update script is the one missing piece remaining TBH.

That may be, but if people (normal users) don't make constant backups and the cron destroys any LXCs or even leaves them in an unfixable state, then we probably get a lot of issues every day.
You could have created your own script based on -install.sh a long time ago, which you could execute via cron, and that would have solved this special case for you.

As I said, I am strictly against this. Also from a security perspective, these are interventions that a normal user may not be able to assess at all, or the user may not want to update at all. An even worse example is when a repo or a user is hacked (some file sharing script here), which was the case last year or at the beginning of this year. If malware gets onto x devices, I don't want to tie my shoe to the damage ^^

[michelroegl-brunner]

I understand your concerenes. I´m closing tthis up :)