Re: Service stopping in prerm considered harmful

To: debian-devel@lists.debian.org
Subject: Re: Service stopping in prerm considered harmful
From: Steve Langasek <vorlon@debian.org>
Date: Sun, 23 Mar 2008 01:05:52 -0700
Message-id: <[🔎] 20080323080552.GA15959@dario.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 874payt77w.fsf@windlord.stanford.edu>
References: <20080323035523.GA14638@(none)> <[🔎] 874payt77w.fsf@windlord.stanford.edu>

On Sat, Mar 22, 2008 at 09:06:11PM -0700, Russ Allbery wrote:

> > For the nth time, I have a package that dpkg is unable to remove because
> > it tries to stop a service that either is already stopped (I didn't want
> > it) or couldn't start at all. In the former case, the fix seems simple:
> > start the service and remove the package. But sometimes starting the
> > service may have undesirable outcomes on the system, or the stop action
> > will fail in some way.

> > In either case, when you can't get a successful stop action for the
> > service init.d script, the package is impossible to remove without human
> > action, and not a simple one, because you need to be able to hack the
> > maintainer scripts or the init.d script.

> > Shouldn't the maintainer script actually ensure that the service is not
> > running, instead of just triggering the stop action and checking its
> > exit code? Something like (it's pseudo-code, because the status action
> > of init.d scripts prints text, it doesn't seem to give machine-friendly
> > data):

> I think the right solution to this is to require that the stop action not
> fail when the daemon already isn't running.  LSB requires this of init
> scripts.  I think we should as well.

Policy 9.3.2 says:

     The `init.d' scripts must ensure that they will behave sensibly if
     invoked with `start' when the service is already running, or with
     `stop' when it isn't, and that they don't kill unfortunately-named
     user processes.  The best way to achieve this is usually to use
     `start-stop-daemon'.

So since it's not sensible to return a non-zero exit code when "stop" is
called for an already-stopped service, this is already a severity: serious
policy violation. ;)

We can be more explicit about what it means to be "sensible", of course, but
I don't see how anyone would argue that throwing an error when the service
is already stopped would be ok.

> There may already be an open Policy bug about this, along with the several
> bugs that say that we should follow LSB in general.

Garrr, the LSB init script spec specifies requirements for LSB
*applications*, not for LSB platforms.  By all means, if there are gaps in
our init script policy we should resolve them - but that does *not* mean we
should blindly ratify the LSB policy on init scripts.  (Bug #208010 seems to
include a pretty thorough discussion of the problems with a wholesale
adoption of LSB init script rules.)

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to:

Follow-Ups:
- Re: Service stopping in prerm considered harmful
  - From: Steve Greenland <steveg@moregruel.net>

References:
- Service stopping in prerm considered harmful
  - From: Pierre THIERRY <nowhere.man@levallois.eu.org>
- Re: Service stopping in prerm considered harmful
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: RFC: preventing accidental deletion of system directories
Next by Date: Re: Service stopping in prerm considered harmful
Previous by thread: Re: Service stopping in prerm considered harmful
Next by thread: Re: Service stopping in prerm considered harmful
Index(es):
- Date
- Thread