zerotier
ZeroTier /var/lib/apt/lists/ file is difficult to integrate with unattended-upgrades
I'm opening this issue as I found an old:
/var/lib/apt/lists/download.zerotier.com_debian_buster_dists_buster_InRelease
Oddly, this system is a Ubuntu system. In any case, interestingly, reinstalling results in a slightly different file:
download.zerotier.com_debian_focal_dists_focal_InRelease
The contents of this file include (the previous file I no longer have but, I recall this saying "buster" in place of "focal"):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Origin: focal focal
Label: focal focal
Suite: focal
Codename: focal
This could be improved the identifier here results in a non-zerotier specific origin. I'm not an expert here, but it seems better practice would be to have something like
Hash: SHA256
Origin: zerotier-zerotierone
Label: ZeroTier
Suite: focal
Codename: focal
This would allow adding zerotier, stably to unattended upgrades, with a more specific namespace; something like:
Unattended-Upgrade::Allowed-Origins {
"zerotier-zerotierone:${distro_codename}";
...
Then this file should also be automatically updated when updating the distrobution.
For more information see:
- https://linux-audit.com/upgrading-external-packages-with-unattended-upgrade/
- https://github.com/mvo5/unattended-upgrades/blob/master/README.md
I "discovered this" after realizing the one ubuntu server I'm running hadn't self updated ZeroTier since 1.6.x (though it was applying other security updates).
Could you send us a patch with these changes? I believe the installer is open source.
