[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Announce: script to automatically restart services after update of dependencies

On Mon, 2012-06-18 at 23:47 +0200, Tomas Pospisek wrote:
> On Mon, 18 Jun 2012 14:10:46 +0100, Ben Hutchings <ben@decadent.org.uk>
> wrote:
> > On Mon, 2012-06-18 at 20:40 +0800, Paul Wise wrote:
> >> On Mon, Jun 18, 2012 at 5:40 PM, Tomas Pospisek wrote:
> >> 
> >> > I want to announce restart-services here [1][2]. It's a script
> >> > that tries to restart all services that have had their
> >> > dependency packages updated. This is primarily useful when
> >> > security-relevant libraries get security releases.
> >> >
> >> > It's using checkrestart from the debian-goodies package to do
> >> > most of its work.
> >> >
> >> > Together with the unattended-upgrades package it is saving me
> >> > a lot of system maintenance time, thus I am announcing it here
> >> > in the hope that it will save others a lot of time as well.
> >> 
> >> Sounds useful, maybe put it in the debian-goodies package?
> I suggested that to Javier [3] and I think it was quite well received :-)
> > What, yet another feature reserved for those in the know?  Surely we
> > should be doing this by default.
> I agree. Can you recommend any way forward? Currently I'm aiming for
> debian-goodies as Paul proposes. However there's also the
> unattended-upgrades package, that'd maybe be an even better fit.
> However I think this really belongs somewhere on the level of apt?

I don't think this belongs in unattended-upgrades; whether you want
services automatically restarted is orthogonal to whether you perform
upgrades interactively or not.

What I think would be most useful would be an APT hook (or built-in
feature) enabled in a default installation that does:

1. Check for running processes that have the old libraries mapped
2. Depending on configuration, restart services (with the blacklist
   as suggested):
   - if set to always restart, then do
   - if set to never restart, then don't
   - if set to ask, then ask (through debconf) with a default of no
   (I think the default would be 'ask')
3. If not everything was restarted (e.g. gdm3 or non-service process),
   send mail to root saying what needs to be restarted later

(How do you map from pid to service name when using sysvinit?)

Also, the set of libraries to check could be restricted to those for
which the upgrade had urgency=high.


Ben Hutchings
If more than one person is responsible for a bug, no one is at fault.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: