Hi Sorry for the long delay anwsering.
>> I am using it with unattended-upgrades.
>> (...)
>> I expected needrestart to automatically reload the services using obsolete
>> libssl, like it used to.
> This is triggered by the bugfix for Debian Bug#876459 and is
> intentional (upstream's point of view).
> (...)
> The behavior before 2.11-3+deb9u1 was a bug and has been fixed in
> stretch's point release 9.4.
Wow...
I expected my system to continue installing security updates AND enabling
them by restarting the affected services when needed.
I find that Debian 9.4 release news "needrestart - Fix switching to list
mode if debconf is run non-interactively" message is inadequate:
There should be a huge fat warning telling people that their system is no
longer protected by security upgrades; and that default behavior of
needrestart is to do nothing!
Please consider adding a debian/NEWS file.
> You could change the default mode to automaticly restart (that also
> effects the interactive mode). (Hint: with needrestart 3.0 it is
> possible to set the NEEDRESTART_MODE environment variable to override
> needrestart's restart mode... might be used in the unattended-upgrade
> cronjob).
This did the trick for me, without enabling backports:
--- /etc/apt/apt.conf.d/99needrestart.orig 2018-06-18 15:29:27.913148439
+0000
+++ /etc/apt/apt.conf.d/99needrestart 2018-06-18 15:29:42.337066054 +0000
@@ -5,4 +5,4 @@
# was no error during installation.
#
-DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke &&
/usr/lib/needrestart/apt-pinvoke || true"; };
+DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke &&
/usr/lib/needrestart/apt-pinvoke -ra || true"; };
Thank you for your detailed answer and for taking care of needrestart! <3
signature.asc
Description: This is a digitally signed message part.
