Enable fwupd-refresh.timer by default on IoT, CoreOS & Server editions

[travier]

Important links

• Fedora Change Page: https://fedoraproject.org/wiki/Changes/EnableFwupdRefreshByDefault
• FESCo discussion: https://pagure.io/fesco/issue/3054

Describe the enhancement

fwupd-refresh systemd service unit & timer are designed to regularly refresh the fwupd metadata and update the MOTD when new firmware updates can be applied on a system.

We should submit a Fedora Change for F39 to enable fwupd-refresh.timer by default on IoT, CoreOS & Server editions so that users get reminded about firmware updates.

On desktops, firmware updates are generally coordinated by graphical applications such as GNOME Software or Plasma Discover.

System details

N/A

Additional information

See related discussion in #1478

---

Note that we have to submit the change before Tue 2023-06-27 (System Wide Changes) or Tue 2023-07-18 (Self Contained Changes): https://fedorapeople.org/groups/schedule/f-39/f-39-key-tasks.html

---

Steps to make this change:

• Make a (draft) Fedora Change request:
  • https://docs.fedoraproject.org/en-US/program_management/changes_policy/
  • https://docs.fedoraproject.org/en-US/program_management/changes_guide/
• Reach out to the IoT & Server working groups:
  • https://pagure.io/fedora-iot/issues
  • https://pagure.io/fedora-server/issues
• With replies from folks above, submit the change request.

[resdigita]

Just detected this by chance. Seems reasonable to me to include it into Server as well. Unfortunately, I'm not familiar with the current state. I guess, currently, does happen nothing at all? And wouldn't it be helpful to include an email as well (in addition to MOTD)?

([email protected] - Server WG)

[travier]

Just detected this by chance.

Note that this issue is for tracking on our side. We'll submit a proper Fedora Change request that will be announced on fedora-devel.

Seems reasonable to me to include it into Server as well. Unfortunately, I'm not familiar with the current state. I guess, currently, does happen nothing at all? And wouldn't it be helpful to include an email as well (in addition to MOTD)?

Nothing happens right now without this timer. If you want an email, then you'd likely have to write the code to do it as we're unlikely do it for Fedora CoreOS.

[ravanelli]

The Fedora change page was created: https://fedoraproject.org/wiki/Changes/EnableFwupdRefreshByDefault
I asked for review/inputs on it in the FCOs meeting today.

[dustymabe]

The change page text LGTM

[travier]

Suggestion for the "Detailed Description":

Firmware for hardware devices can have bugs and firmware updates generally help address those. Firmware updates might however need manual interaction, a reboot or device unplug/re-plug so we can not enable firmware update by default.

This change thus only enable notifying about new firmware updates, not installing them.

With this change, Fedora installations will contact the Linux Vendor Firmware Service (LVFS, https://fwupd.org/) to get the updated metadata but will not send any information about the hardware without user interaction.

See the LVFS privacy policy at https://lvfs.readthedocs.io/en/latest/privacy.html.

[travier]

Can you start reaching out to the IoT & Server WG?

[travier]

@hughsie Could you confirm what I've written in #1512 (comment) about privacy implications? Thanks

[hughsie]

@travier that's completely correct, thanks. Downloading the metadata is from the CDN and there are no logs on that at all -- the only time we'd contact the LVFS server directly is to download the firmware payload blob itself (we have to check the country of the requester for ITAR/EAR legal reasons) and then after that the user can optionally upload a success/failure report.

A more accurate version might be to change:

With this change, Fedora installations will contact the Linux Vendor Firmware Service CDN (LVFS, https://cdn.fwupd.org/) to get the updated metadata..

[ravanelli]

Open issues for IoT & Server working groups:

• https://pagure.io/fedora-server/issue/115
• https://pagure.io/fedora-iot/issue/52

[travier]

I've update the Wiki page to link to the discussions in the various places.

[travier]

I've also pinged the Server WG: https://discussion.fedoraproject.org/t/feedback-for-fedora-change-enable-fwupd-refresh-timer-by-default/85943

[ravanelli]

Request change submitted.
Status: ChangeReadyForWrangler

[travier]

I've updated the Change now that the Server WG has answered

[travier]

FESCo discussion: https://pagure.io/fesco/issue/3054

[travier]

This has been accepted by FESCo in https://pagure.io/fesco/issue/3054 so we can do the change now.

[travier]

PR in fedora-release RPM, mostly for Server & IoT as they do not "preset-all" and thus need a manual unit enablement: https://src.fedoraproject.org/rpms/fedora-release/pull-request/279

[travier]

Change for FCOS: coreos/fedora-coreos-config#2562

[travier]

Semi related PRs & issues:

fwupd:

• Clarify order of fwupd-refresh.preset systemd preset config fwupd/fwupd#6115
• Remove fwupd-refresh.preset & contrib/fwupd.spec.in: Follow presets for fwupd-refresh.timer fwupd/fwupd#6116
• https://src.fedoraproject.org/rpms/fwupd/pull-request/9

rpm-ostree (count me timer):

• packaging/spec.in: Enable rpm-ostree-countme.timer following presets rpm-ostree#4548
• https://src.fedoraproject.org/rpms/rpm-ostree/pull-request/55

[dustymabe]

The fix for this went into next stream release 39.20230916.1.1. Please try out the new release and report issues.

[dustymabe]

The fix for this went into testing stream release 39.20231101.2.0. Please try out the new release and report issues.

[dustymabe]

The fix for this went into stable stream release 39.20231101.3.0.