CanAutoUpdate should not decide by util.HaveAdminRights

[ihipop]

AdGuardHome/home/control_update.go

Lines 101 to 114 in d1e55c3

	if runtime.GOOS != "windows" &&
	((tlsConf.Enabled && (tlsConf.PortHTTPS < 1024 ||
	tlsConf.PortDNSOverTLS < 1024 ||
	tlsConf.PortDNSOverQUIC < 1024)) ||
	config.BindPort < 1024 ||
	config.DNS.Port < 1024) {
	// On UNIX, if we're running under a regular user,
	// but with CAP_NET_BIND_SERVICE set on a binary file,
	// and we're listening on ports <1024,
	// we won't be able to restart after we replace the binary file,
	// because we'll lose CAP_NET_BIND_SERVICE capability.
	canUpdate, _ = util.HaveAdminRights()
	}
	ret["can_autoupdate"] = canUpdate

if we run AdGuardHome by systemd like this

[Unit]
Description=Adguard Home
Requires=network.target
After=network.target

[Service]
Type=simple
####ExecStartPre=-/sbin/setcap cap_net_bind_service=+ep /config/ihipop/AdGuardHome/AdGuardHome
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/config/ihipop/AdGuardHome/AdGuardHome
Restart=always
RestartSec=2s
User=dnsmasq
PermissionsStartOnly=true
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

The CAP_NET_BIND_SERVICE capability is grant by systemd and not exists in filesystem
AmbientCapabilities doc https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
It's safe to upgrade then

[ihipop]

#1193 7ff743a
#1944

[ihipop]

IMO,the simple way is to have a auto update policy option， let the administrator to decide whether it’s safe or not to auto upgrade
The administrator is responsible for the failure of auto update
To interactive with systemd is not a good idea because it’s tooo heavy behavior and bundle to much to platform code
Let‘s keep it simple 。

[ihipop]

Suggestions：

• deprecated no-check-update option
• add new update-policy option

New policy：

• auto:
  auto update if possible, with a new version and execute file is located and writable on file system ,ignore the Capabilities stuff
• manual: (default)
  same as auto but will not update self until administrator click it on admin panel
• disable:
  same as the old no-check-update, will not perform any update check so will no self-update

[EugeneOne1]

This should be fixed as of snapshot 641db73. Could you please check if our solution fixes the issue for you?

[ihipop]

This should be fixed as of snapshot 641db73. Could you please check if our solution fixes the issue for you?

I take a glance at the code ,Nice and clean fix than what I've suggested !!!
I will take a try and close my issue if it works fine

[ainar-g]

@ihipop, hi, any news? Can we close the issue for now?

[ainar-g]

I'll close this issue for now. Please feel free to reopen with more details if you think it should be reopened.