On 2022-06-19, at 13:48:59 +0200, Arturo Borrero Gonzalez wrote:
> On Fri, 10 Jun 2022 12:21:37 +0200 Christian Göttsche wrote:
> > Package: nftables
> > Version: 1.0.4-1
> > Severity: serious
> >
> > Dear Maintainer,
> >
> > upgrades of nftables stop the service but do not start it (even if the
> > service is actually enabled).
> > This can lead to lockouts, e.g. when using special rules for ssh access.
> >
> >
> > nft.preinst:
> >
> > #!/bin/sh
> > set -e
> > # Automatically added by dh_installsystemd/13.7.1
> > if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = upgrade ] && [ -d
> > /run/systemd/system ] ; then
> > deb-systemd-invoke stop 'nftables.service' >/dev/null || true
> > fi
> > # End automatically added section
> >
> >
> > nft.postinst:
> >
> > #!/bin/sh
> > set -e
> > # Automatically added by dh_installsystemd/13.7.1
> > if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" =
> > "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
> > if deb-systemd-helper debian-installed 'nftables.service'; then
> > # This will only remove masks created by d-s-h on package
> > removal.
> > deb-systemd-helper unmask 'nftables.service' >/dev/null ||
> > true
> >
> > if deb-systemd-helper --quiet was-enabled
> > 'nftables.service'; then
> > # Create new symlinks, if any.
> > deb-systemd-helper enable 'nftables.service'
> > >/dev/null || true
> > fi
> > fi
> >
> > # Update the statefile to add new symlinks (if any), which need to
> > be cleaned
> > # up on purge. Also remove old symlinks.
> > deb-systemd-helper update-state 'nftables.service' >/dev/null || true
> > fi
> > # End automatically added section
>
> I confirmed this can be a problem:
>
> [...]
>
> @Alberto, @Jeremy,
>
> It seems to me like we need to play with the dh_installsystemd
> --no-restart-after-upgrade option, but don't have time to figure out the
> right logic.
>
> I'm currently unable to handle this. Could you please take a look?
Passing `--restart-after-upgrade` does the trick:
diff -u nftables_1.0.4-1/postinst nftables_1.0.4-2/postinst
--- nftables_1.0.4-1/postinst 2022-06-07 23:59:59.000000000 +0100
+++ nftables_1.0.4-2/postinst 2022-06-19 18:04:19.000000000 +0100
@@ -17,3 +17,13 @@
deb-systemd-helper update-state 'nftables.service' >/dev/null || true
fi
# End automatically added section
+# Automatically added by dh_installsystemd/13.7.1
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" =
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+ if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then
+ systemctl --system daemon-reload >/dev/null || true
+ if [ -n "$2" ]; then
+ deb-systemd-invoke try-restart 'nftables.service'
>/dev/null || true
+ fi
+ fi
+fi
+# End automatically added section
I've pushed that and a few other changes to Salsa.
J.
signature.asc
Description: PGP signature
