[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apt-get upgrade no service restart


I manage several Debian systems and have a script in place that does a apt-get update and apt-get upgrade --dry-run each night and sends me a mail if it shows any package to be installed / upgraded.
Of course on all my systems (some Squeeze, most Wheezy) it showed the updates for openssl last week and I patches those systems. 

For some reason it seems one system never got the libssl / openssl update listed until last night. This morning I got an email that it needed that update. 

First question:
How is it possible that one system will not see the update until last night when I have been running the update cycle each night and all my systems use the same uplink?

To make sure I install the latest updates I use a tiny script that does another apt-get update before it does apt-get upgrade.
Ok, so I logged in to the system and fired up my update script. It installed the update but..... to my surprise it did NOT restart the services that use libssl / openssl. :-(
See quoted text at the bottom. Checkrestrat showed me the services that needed to be restarted and I did that by hand but...

Second question:
Why did the apt-get update NOT restart the services? How can I find out?

This system is a Wheezy system that started life as a Squeeze installation in case that may be relevant. However, I have more of those and they did not show this behavior.

# apt-get upgrade
The following packages will be upgraded:
  libssl1.0.0 openssl
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,954 kB of archives.
After this operation, 110 kB disk space will be freed.
Do you want to continue [Y/n]?
Get:1 http://security.debian.org/ wheezy/updates/main libssl1.0.0 amd64 1.0.1e-2+deb7u7 [1,255 kB]
Get:2 http://security.debian.org/ wheezy/updates/main openssl amd64 1.0.1e-2+deb7u7 [699 kB]
Fetched 1,954 kB in 42s (45.8 kB/s)
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 32528 files and directories currently installed.)
Preparing to replace libssl1.0.0:amd64 1.0.1e-2+deb7u6 (using .../libssl1.0.0_1.0.1e-2+deb7u7_amd64.deb) ...
Unpacking replacement libssl1.0.0:amd64 ...
Preparing to replace openssl 1.0.1e-2+deb7u6 (using .../openssl_1.0.1e-2+deb7u7_amd64.deb) ...
Unpacking replacement openssl ...
Processing triggers for man-db ...
Setting up libssl1.0.0:amd64 (1.0.1e-2+deb7u7) ...
Checking for services that may need to be restarted...done.
Checking init scripts...

Setting up openssl (1.0.1e-2+deb7u7) ...
linutr:~# checkrestart
Found 6 processes using old versions of upgraded files
(5 distinct programs)
(5 distinct packages)

Of these, 5 seem to contain init scripts which can be used to restart them:
The following packages seem to have init scripts that could be used
to restart them:
        2824    /usr/sbin/sshd
        7369    /usr/sbin/sshd
        15337   /usr/sbin/snmpd
        7452    /usr/sbin/ntpd
        7321    /usr/sbin/openvpn
        7522    /usr/sbin/nrpe

These are the init scripts:
service ssh restart
service snmpd restart
service ntp restart
service openvpn restart
service nagios-nrpe-server restart


With kind regards,
Bonno Bloksma

university of applied sciences
julianalaan 9 / 7553 ab  hengelo / the netherlands

Reply to: