On Wed, Jun 15, 2016 at 10:31 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > Of course, this comes with its own headaches, since of course if you are using > an encrypted drive, you need to enter your password twice: once to start the > update and once for the post-update reboot. Why not change from logout > reboot > update > reboot, to logout > update > reboot/shutdown? I don't see how unattended/scheduled updates can really work otherwise. It's probably not sane to stick the KEK (hash) into NVRAM so it's there for unattended updates even if there's a sure fire way to remove that entry after the reboot. > A while ago I was working on a patch > to PackageKit that would skip the second reboot and just `systemd isolate > default.target` after the upgrade unless the kernel (or other early boot package > like dracut) was updated. I never finished it, but I could try to dig it out and > pass it on to someone who is interested in continuing it. It's the first reboot that needs to go away in order to solve the unattended update problem though. -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
