Bug#676509: (please add restart-services to debian-goodies): Any followup?
Hi, Andrea Villa wrote: was just looking at this today and wondered if it got any further. From my point of view, in the meanwhile there are already enough tools in Debian which are specificly written for automatic restarts (needrestart, whatmaps, etc.). So I don't think that debian-goodies -- which so far only provided commandline tools and no APT hooks -- should provide another implementation of that feature. Please have a look at needrestart which works very well for me. (I haven't looked or worked closer at whatmaps, so I can't give a recommendation there. But that doesn't mean that it worse than needrestart, so you may want to look at it, too.) Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
Dear Alex, in the light of last week's heartbleed-bug the inclusion of restart-services should be reconsidered. When doing automated updates with apt-get update apt-get -y upgrade neither Apache, nor Nginx were restarted properly after updating OpenSSL. Thomas's script provides a tested solution. To address the problems with login managers or GNOME stuff there could be an optional setting to whitelist those. Please consider the inclusion of this part of the script. With it, users could simply do apt-get update apt-get -y upgrade restart-services in the future and get updates quicker. Thank you, Manuel Riel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
Hi, Manuel Riel wrote: in the light of last week's heartbleed-bug the inclusion of restart-services should be reconsidered. It though won't help for stable where this issue is mostly present. Please consider the inclusion of this part of the script. With it, users could simply do apt-get update apt-get -y upgrade restart-services in the future and get updates quicker. Have a look at the package needrestart in testing. I currently consider it the better solution as such functionality (running as APT hook) should be packaged separately anyway. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
On 14 April 2014 08:34, Manuel Riel manu_...@snapdragon.cc wrote: in the light of last week's heartbleed-bug the inclusion of restart-services should be reconsidered. When doing automated updates with (...) Please consider the inclusion of this part of the script. With it, users could simply do apt-get update apt-get -y upgrade restart-services in the future and get updates quicker. Already users can use 'checkrestart' to determine which services to restart after upgrading OpenSSL. I've used this succesfully in a few servers I had to update due to last week's heartbleed bug. Automatically restarting all services is dangerous (as mentioned by Axel in this bug report) and should be done with care. Users using the 'restart-services' script might believe to be completely safe after a security the case when that might not be true if checkrestart had a false-positive. I personally would prefer administrators to carefully review checkrestart output and take action rather than blindly run a script. I do see the value of the script (for those managing many machines) howerver. In any case, since 'needrestart' already exists, isn't it possible to join both tools? As this approach (automatically restarting services) is prone to bugs (just look at [1]) in the long run it would make more sense to have 1 tool than to duplicate the functionality and, consequently, the bugs that might arise. Regards Javier [1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=needrestart;dist=unstable
Bug#676509: please add restart-services to debian-goodies
Hi, Javier Fernandez-Sanguino wrote: On 14 April 2014 08:34, Manuel Riel manu_...@snapdragon.cc wrote: Already users can use 'checkrestart' to determine which services to restart after upgrading OpenSSL. I've used this succesfully in a few servers I had to update due to last week's heartbleed bug. I did that mostly with the libs test of the hobbit-plugins package. We found a few issue while doing so, so that one isn't perfect either. (Didn't really expect anything else. :-) Automatically restarting all services is dangerous (as mentioned by Axel in this bug report) and should be done with care. That's one of the reasons why I think that such functionality should be in its own package, i.e. we should not deploy an APT hook for restart-services. I personally would prefer administrators to carefully review checkrestart output and take action rather than blindly run a script. I do see the value of the script (for those managing many machines) howerver. needrestart by default shows a list of services via a debconf-like TUI interface and you can decided which of the proposed services should be really restarted. In any case, since 'needrestart' already exists, isn't it possible to join both tools? I fear not. needrestart was written with the knowledge that checkrestart exists, but works differently. From it's package description: It is inspired by checkrestart from the debian-goodies package. It does not rely on lsof as checkrestart does. Similarily, the hobbit-plugins test libs is written in Perl as it relies on a Perl-written client library for the Hobbit/Xymon monitoring system. Needrestart is written in Perl, too, but using a common library is not an option either, as the hobbit tests don't run as root and lsof is called via sudo which needrestart doesn't use lsof and needs to be run as root as far as I can see. So to make the hobbit libs test be build on top of checkrestart, a hobbit client library in Python needs to be written. (And I must admit, I do prefer Perl over Python as programming language, so I won't rewrite a Perl written tool which I maintain in Python.) Alternatively checkrestart needs a clear API to be properly used by other tools. As this approach (automatically restarting services) is prone to bugs (just look at [1]) in the long run it would make more sense to have 1 tool than to duplicate the functionality and, consequently, the bugs that might arise. Agreed, but I currently don't see a chance for that unless there's a documented and stable API. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
Hi Thomas, Tomas Pospisek wrote: Thanks. Also restart-services has been discussed here: http://lists.debian.org/debian-devel/2012/06/msg00592.html Thanks for this hint. and has some interesting ideas. Indeed. I was thinking about some of them, too. However I came to the conclusion that there are quite some cases where automatic restarts are no good idea. The mentioned login managers and some GNOME stuff for example. So I'm fine with debian-goodies as its place, especially because it fits to checkrestart. But I'm also fine, if someone (possibly also later) will make its own package out of it or incorporate it into some package of higher priority. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
Hi Tomas, Tomas Pospisek wrote: Package: debian-goodies Version: 0.61-0.1 Severity: wishlist Tags: patch Michal Fiala (Cc'ed), has created a restart-services script that takes the output of checkrestart and restarts the indicated services. Please include it in debian-goodies. A forked debian-goodies that includes restart-services lives here: http://github.com/tpo/debian-goodies Thanks for the addition. I'll have a closer look after the freeze. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
On Mon, 22 Oct 2012, Axel Beckert wrote: Hi Tomas, Michal Fiala (Cc'ed), has created a restart-services script that takes the output of checkrestart and restarts the indicated services. Please include it in debian-goodies. A forked debian-goodies that includes restart-services lives here: http://github.com/tpo/debian-goodies Thanks for the addition. I'll have a closer look after the freeze. Thanks. Also restart-services has been discussed here: http://lists.debian.org/debian-devel/2012/06/msg00592.html and has some interesting ideas. *t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676509: please add restart-services to debian-goodies
Package: debian-goodies Version: 0.61-0.1 Severity: wishlist Tags: patch Michal Fiala (Cc'ed), has created a restart-services script that takes the output of checkrestart and restarts the indicated services. Please include it in debian-goodies. A forked debian-goodies that includes restart-services lives here: http://github.com/tpo/debian-goodies Thanks, *t -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-19-generic (SMP w/8 CPU cores) Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages debian-goodies depends on: ii curl 7.19.7-1ubuntu1.1 Get a file from an HTTP, HTTPS or ii dctrl-tools [grep-dctr 2.14 Command-line tools to process Debi ii dialog 1.1-20080819-1Displays user-friendly dialog boxe ii perl 5.10.1-8ubuntu2.1 Larry Wall's Practical Extraction ii python 2.6.5-0ubuntu1An interactive high-level object-o ii whiptail 0.52.10-5ubuntu1 Displays user-friendly dialog boxe Versions of packages debian-goodies recommends: ii lsof 4.81.dfsg.1-1build1 List open files Versions of packages debian-goodies suggests: ii popularity-contest1.48ubuntu1Vote for your favourite packages a ii xdg-utils 1.0.2-6.1ubuntu3.2 desktop integration utilities from ii zenity2.30.0-0ubuntu1Display graphical dialog boxes fro -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
