feat: run system updates as root, run user updates for each user

README.md

@@ -26,34 +26,82 @@ COPY --from=ghcr.io/ublue-os/ublue-update:latest /rpms/ublue-update.noarch.rpm /
 RUN rpm-ostree override remove ublue-os-update-services && rpm-ostree install /tmp/rpms/ublue-update.noarch.rpm
 ```
 
+> **Note**
+> If you are on an image derived from uBlue main, you will need to remove or disable automatic updates with rpm-ostreed, to do this, you need to remove or change this line in the config file: `AutomaticUpdatePolicy=stage` (set to `none` if you don't want to remove the line)
+
+
 ## Command Line
 
+To run a complete system update, it's recommended to use systemd:
+
+```
+$ systemctl start ublue-update.service
+```
+
+This allows for passwordless system updates (user must be in `wheel` group)
+
+
+### Run updates from command line (not recommended)
+
+Only run user updates (rootless):
+```
+$ ublue-update
 ```
-usage: ublue-update [-h] [-f] [-c] [-u]
+
+Only run system updates (requires root):
+```
+$ pkexec ublue-update --system
+```
+
+```
+usage: ublue-update [-h] [-f] [-c] [-u] [-w] [--system]
 
 options:
   -h, --help         show this help message and exit
   -f, --force        force manual update, skipping update checks
   -c, --check        run update checks and exit
   -u, --updatecheck  check for updates and exit
+  -w, --wait         wait for transactions to complete and exit
+  --system           only run system updates (requires root)
 ```
 
+## Troubleshooting
+
+You can check the ublue-update logs by running this command:
+```
+$ journalctl -exu 'ublue-update.service'
+```
 
 # Configuration
 
+## Update Scripts
+Update scripts are separated into two directories inside of `/etc/ublue-update.d`
+
+### `/etc/ublue-update.d/user`
+
+Update scripts are ran as user. Scripts included:
+  - per-user flatpak update scripts (uninstalling unused deps and repairing flatpak install for maintenence)
+  - distrobox update script
+  - fleek update script
+
+### `/etc/ublue-update.d/system`
+
+Update scripts are ran as root, these updates are meant to be system-wide. Scripts included:
+  - OS update script (depends on [`rpm-ostree`](https://github.com/coreos/rpm-ostree))
+  - system-wide flatpak update scripts (uninstalling unused deps and repairing flatpak install for maintenence)
+
 
 ## Location
-valid config paths (in order of priority)
 
-```"$HOME"/.config/ublue-update/ublue-update.toml```
+### Valid config paths (in order of priority):
 
 ```/etc/ublue-update/ublue-update.toml```
 
 ```/usr/etc/ublue-update/ublue-update.toml```
 
 
 ## Config Variables
-section: `checks`
+Section: `checks`
 
 `min_battery_percent`: checks if battery is above specified percent
 
@@ -62,7 +110,7 @@ section: `checks`
 `max_mem_percent`: checks if memory usage is below specified the percent
 
 
-section: `notify`
+Section: `notify`
 
 `dbus_notify`: enable graphical notifications via dbus
 

files/etc/ublue-update.d/00-system-update.sh → files/etc/ublue-update.d/system/00-system-update.sh

@@ -1,3 +1,3 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 
 /usr/bin/rpm-ostree update

files/etc/ublue-update.d/01-flatpak-system-update.sh → files/etc/ublue-update.d/system/01-flatpak-system-update.sh

@@ -1,3 +1,3 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 
 /usr/bin/flatpak --system update -y --noninteractive

files/etc/ublue-update.d/03-flatpak-system-repair-cleanup.sh → files/etc/ublue-update.d/system/02-flatpak-system-repair-cleanup.sh

@@ -1,5 +1,4 @@
-#!/usr/bin/bash
-
+#!/usr/bin/env bash
 
 /usr/bin/flatpak uninstall --system --unused -y --noninteractive
 /usr/bin/flatpak repair --system

files/etc/ublue-update.d/02-flatpak-user-update.sh → files/etc/ublue-update.d/user/00-flatpak-user-update.sh

@@ -1,3 +1,3 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 
 /usr/bin/flatpak --user update -y --noninteractive

files/etc/ublue-update.d/04-flatpak-user-repair-cleanup.sh → files/etc/ublue-update.d/user/01-flatpak-user-repair-cleanup.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 
 
 /usr/bin/flatpak uninstall --user --unused -y --noninteractive

files/etc/ublue-update.d/05-distrobox-user-update.sh → files/etc/ublue-update.d/user/02-distrobox-user-update.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 
 if [ -x /usr/bin/distrobox ]; then
     /usr/bin/distrobox upgrade -a

files/etc/ublue-update.d/06-fleek-user-update.sh → files/etc/ublue-update.d/user/03-fleek-user-update.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/bash
+#!/usr/bin/env bash
 
 if [ -x /var/usrlocal/bin/fleek ]; then
     /var/usrlocal/bin/fleek update -a

files/usr/etc/polkit-1/rules.d/ublue-update.rules

@@ -0,0 +1,8 @@
+polkit.addRule(function(action, subject) {
+    if (subject.isInGroup("wheel") &&
+        action.id == "org.freedesktop.systemd1.manage-units" &&
+        action.lookup("unit") == "ublue-update.service")
+    {
+        return polkit.Result.YES;
+    }
+})

files/usr/lib/systemd/user/ublue-update.service → files/usr/lib/systemd/system/ublue-update.service

@@ -2,9 +2,5 @@
 Description=Universal Blue Update Oneshot Service
 
 [Service]
-Restart=on-failure
-RestartSec=1h
 Type=oneshot
 ExecStart=/usr/bin/ublue-update
-
-

files/usr/lib/systemd/user/ublue-update.timer → files/usr/lib/systemd/system/ublue-update.timer

@@ -3,9 +3,8 @@ Description=Auto Update System Timer For Universal Blue
 Wants=network-online.target
 
 [Timer]
-RandomizedDelaySec=10m
-OnBootSec=2m
-OnCalendar=*-*-* 4:00:00
+OnBootSec=20min
+OnUnitInactiveSec=6h
 Persistent=true
 
 [Install]

pyproject.toml

@@ -16,8 +16,6 @@ classifiers = [
 ]
 dependencies = [
     "psutil",
-    "pygobject",
-    "dbus-python",
 ]
 dynamic = ["version"]