English Spanish
Automatic Updates
A general rule that applies in most cases is as follows:
_If the machine is a critical server, for which unplanned downtime of a service on the machine can not be tolerated, then you should not use automatic updates. Otherwise, you *may* choose to use them._
How are automatic updates done?
You can use a service to automatically download and install any new updates (for example security updates).
Install and settings of dnf-automatic
sudo dnf install dnf-automatic
env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf
Run dnf-automatic
to enable and start the `systemd` timer.
Check status of `dnf-automatic`:
systemctl list-timers dnf-*
Changes as of Fedora 26
As of Fedora 26 there are now three timers that control dnf-automatic.
`dnf-automatic-download.timer` - Only download
`dnf-automatic-install.timer` - Download and install
`dnf-automatic-notifyonly.timer` - Only notify via configured emitters in `/etc/dnf/automatic.conf`
You can still use `download_updates` and `apply_updates` settings from inside `/etc/dnf/automatic.conf`.
Can we trust DNF updates?
Dnf in Fedora has the GPG key checking enabled by default. Assuming that you have imported the correct GPG keys, and still have `gpgcheck=1` in your `/etc/dnf/dnf.conf`, then we can at least assume that any automatically installed updates were not corrupted or modified from their original state. Using the GPG key checks, there is no way for an attacker to generate packages that your system will accept as valid (unless they have a copy of the *private* key corresponding to one you installed) and any data corruption during download would be caught.