On 27/03/14 08:01 PM, Thomas Bächler wrote: > Since systemd 212, systemd timers support the Persistent=true option for > OnCalendar timers. This is functionality similar to anacron: > > Persistent= > Takes a boolean argument. If true the service unit is immediately > triggered when the timer unit is activated and the timer elapsed at > least once since the last time the service unit has been triggered > by the timer unit. The time when the service unit was last > triggered is stored on disk. This is useful to catch up for missed > timers when a machine is shutdown temporarily and then is powered > up again. Note that this setting only has an effect on timers > configured with OnCalendar=. > > This means that we could replace the cron.* dropin scripts with systemd > services and timers. > > Pros: > * enabled by default (in contrast to cronie) > * systems without need for crontabs can disable/uninstall cron > * service will be simpler than the rather long dropin scripts > > Cons: > * services are run in parallel instead of sequentially (is this even a > con? timer start will be randomized, and we can increase accuracy to an > hour to randomize even more) > * no holdoff time after boot as it seems > > Affected packages: > > community/awstats 7.2-1 /etc/cron.hourly/awstats > community/snapper 0.2.1-1 /etc/cron.hourly/snapper > community/sysstat 10.3.1-1 /etc/cron.hourly/sysstat > > core/logrotate 3.8.7-1 /etc/cron.daily/logrotate > core/man-db 2.6.6-1 /etc/cron.daily/man-db > core/mlocate 0.26-1 /etc/cron.daily/updatedb > core/shadow 4.1.5.1-7 /etc/cron.daily/shadow > extra/hylafax 6.0.6-4 /etc/cron.daily/hylafax > community/atop 2.0.2-1 /etc/cron.daily/atop > community/dspam 3.10.2-8 /etc/cron.daily/dspam_maintenance > community/logwatch 7.4.0-3 /etc/cron.daily/0logwatch > community/snapper 0.2.1-1 /etc/cron.daily/snapper > community/sysstat 10.3.1-1 /etc/cron.daily/sysstat > > extra/pkgstats 2.3-3 /etc/cron.weekly/pkgstats > community/squid 3.4.4-1 /etc/cron.weekly/squid > > I'd be willing to convert all the core packages and put them to testing > if people agree that this is the right course.
I think it would make sense to remove cronie from base when these are migrated to timer units. It's not enabled by default, and ships with a setuid binary (crontab) so it opens up a vulnerability in the base install. Among others (although one requires cron to be enabled): * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0424 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6097
signature.asc
Description: OpenPGP digital signature