ns"@gmail.com>
Cc: unattended-upgra...@packages.debian.org, a...@packages.debian.org
Date: Sun, 21 May 2017 10:00:39 +0800
In-Reply-To: <149503839934.494.1328921687138228967.reportbug@unstable>
References: <149503839934.494.1328921687138228967.reportbug@unstable>
Organization: Debian
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature"; boundary="=-d04L31o33fSsEC3P957B"
X-Mailer: Evolution 3.22.6-1
Mime-Version: 1.0
--=-d04L31o33fSsEC3P957B
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Control: severity -1 serious
Control: usertags -1 + bittenby
On Wed, 17 May 2017 16:26:39 +0000 Alan Jenkins wrote:
> The script for apt-daily.service was recently modified by an update.
> When this update was installed by `unattended-upgrades`, `needrestart`
> restarted the service.=C2=A0=C2=A0I.e. needrestart terminates unattended-=
upgrades,
> and hence itself.=C2=A0=C2=A0This causes a few lines of log noise (below)=
, and
> does not quite seem desirable.
This is a pretty serious bug (upgraded severity). It doesn't result in
data loss but it is a serious interruption of the upgrade process,
which means that the usual mail sent by unattended-upgrades is never
sent to the admin of the system and no services are restarted.
> So either apt-daily.service could be treated specially, or needrestart
> could ignore all Type=3Doneshot services.
I think it need to not restart oneshot services by default, since it
has no information about whether or not they can be safely restarted.
I would guess that most oneshot services cannot be safely restarted.
> The latter raises questions about a longer-running oneshot service
> which is security-sensitive...=C2=A0=C2=A0So I think the simplest solutio=
n is
> treat apt-daily.service specially.
I think oneshot services are meant to exit ASAP rather than running for
a long time. They will be listed in the "needs restarting" section, so
I think it is fine to not restart oneshot services by default.
> apt-daily-upgrade.service should also be treated the same way,
> because it also runs unattended-upgrades.
>=C2=A0
> I think unattended-upgrades.service should also be treated
> the same way, because this is the service that runs unattended-upgrades
> on shutdown (if enabled).
Agreed.
--=20
bye,
pabs
https://wiki.debian.org/PaulWise
--=-d04L31o33fSsEC3P957B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAlkg9MgACgkQMRa6Xp/6
aaO6Mg/+NKkEMhZqvDTq9moN0AvsuQODgHzFqoERIYcUAEW+AOkVSsLdoKRQ3fjI
YwbTqSwE5tyY61TE/7LV6VV21+B+P8NibyPJkiGNZDZu/9p+E/mpd7mmdz0t3+r0
vwmoIzt+SdKhEaGV6NE+50SVrVrVyMEc8EAUa5yVjHJkbHyGMuDBVIp4wlj7IYBd
V4wd0xGRCbXZZE28BkZxRrZBB6sOiDXSPeskuDUVSO9MxN0MzCBpPz1GI1PrC0i0
ToWC3IiQR12lYfYsn8nWhRf6KJ1uulcMEnC7BqhA5SVK+d1ovkybA/u90a/Rpj5/
4OQIkNw+Ldp3MDBd0PHqELXXAyNgjdfPR6zDwNLXSu+1PPVUvSIKB2Tv3AWzTZVT
4AagdzskHrlBBXMLxwUnTH1qxn1yYTO6HR2pSBFOAJkPWslGUUyAL3/4JAVfPRdg
vY5mCAFGmPqAp56C5Iy2Y8iMkfwJuSJnvFpNlKdpbyVfbRHWaY5Org1jlAoiEmLH
Nlm+kXrEtzAc7bQOQq02SkijVTzrVTq+sLP/v94FwtSTTT7ghoWxWQ25DyijDw/z
+quhQJzRsuS2rC2b6fj8Ef3z89+XLQYbxeQhxsRpTKspxoh/cbe8AiuLjh3Gm2g/
95quW8xR2swyL25yC3hZ0NGbiCW/nhBhADnO28SYziyay7jzDsA=
=cAfp
-----END PGP SIGNATURE-----
--=-d04L31o33fSsEC3P957B--
