Re: use of "invoke-rc.d $PACKAGE stop || exit $?" in prerm scripts
Michael Prokop wrote:
> * Bernd Schubert <bernd.schubert@pci.uni-heidelberg.de> wrote:
>
>>> inside their prerm maintainer scripts. If stopping $PACKAGE through
>>> invoke-rc.d/init-script fails, removing the package fails as well.
>
>>> Using:
>
>>> invoke-rc.d $PACKAGE stop || true
>>> /etc/init.d/$PACKAGE stop || true
>
>> We are using chroot environments (e.g. with sid) where no daemon is
>> running and invoke-rc.d will only do an "exit 0" in those chroots.
>
> How do you achieve that? For example symlinking invoke-rc.d to
> /bin/true is a workaround, but I'm searching for a general solution
> to avoid that daemons are started when upgrading even though they
> did not run before the upgrade (or don't start any service at all,
> e.g. in chroots - as you mentioned).
Via /usr/sbin/policy-rc.d, e.g.:
#!/bin/sh
# are we on hamilton?
WHERE=$(hostname -s|cut -b 1-8) # cut to remove {1,2} from hamilton{1,2}
if [ "$WHERE" = "hamilton" ]; then
# notify invoke-rc.d that nothing should be done -- we are in a chroot
exit 101
else
# allow it
exit 0
fi
(This chroot is used on the clients as their root environment)
>
>> Using the method above, wouldn't there be any chance that a bad
>> init script could kill daemons started outside the chroot?
>
> The init script would be broken then.
> Anyway, I don't see the difference between "stop || exit $?" and
> "stop || true" in this case.
What I mean is that the call of
invoke-rc.d $PACKAGE stop || true
is fine, but the second call
/etc/init.d/$PACKAGE stop || true
will not using policy-rc.d and therefore might be a possible problem. Given
the fact that we have a sid chroot on a high availibilty system and a sid
package always might cause some trouble, I don't like the idea that a
malformed script is able to stop programs outside its chroot.
Cheers,
Bernd
Reply to: