ns"@gmail.com> Cc: unattended-upgra...@packages.debian.org, a...@packages.debian.org Date: Sun, 21 May 2017 10:00:39 +0800 In-Reply-To: <149503839934.494.1328921687138228967.reportbug@unstable> References: <149503839934.494.1328921687138228967.reportbug@unstable> Organization: Debian Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-d04L31o33fSsEC3P957B" X-Mailer: Evolution 3.22.6-1 Mime-Version: 1.0
--=-d04L31o33fSsEC3P957B Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Control: severity -1 serious Control: usertags -1 + bittenby On Wed, 17 May 2017 16:26:39 +0000 Alan Jenkins wrote: > The script for apt-daily.service was recently modified by an update. > When this update was installed by `unattended-upgrades`, `needrestart` > restarted the service.=C2=A0=C2=A0I.e. needrestart terminates unattended-= upgrades, > and hence itself.=C2=A0=C2=A0This causes a few lines of log noise (below)= , and > does not quite seem desirable. This is a pretty serious bug (upgraded severity). It doesn't result in data loss but it is a serious interruption of the upgrade process, which means that the usual mail sent by unattended-upgrades is never sent to the admin of the system and no services are restarted. > So either apt-daily.service could be treated specially, or needrestart > could ignore all Type=3Doneshot services. I think it need to not restart oneshot services by default, since it has no information about whether or not they can be safely restarted. I would guess that most oneshot services cannot be safely restarted. > The latter raises questions about a longer-running oneshot service > which is security-sensitive...=C2=A0=C2=A0So I think the simplest solutio= n is > treat apt-daily.service specially. I think oneshot services are meant to exit ASAP rather than running for a long time. They will be listed in the "needs restarting" section, so I think it is fine to not restart oneshot services by default. > apt-daily-upgrade.service should also be treated the same way, > because it also runs unattended-upgrades. >=C2=A0 > I think unattended-upgrades.service should also be treated > the same way, because this is the service that runs unattended-upgrades > on shutdown (if enabled). Agreed. --=20 bye, pabs https://wiki.debian.org/PaulWise --=-d04L31o33fSsEC3P957B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAlkg9MgACgkQMRa6Xp/6 aaO6Mg/+NKkEMhZqvDTq9moN0AvsuQODgHzFqoERIYcUAEW+AOkVSsLdoKRQ3fjI YwbTqSwE5tyY61TE/7LV6VV21+B+P8NibyPJkiGNZDZu/9p+E/mpd7mmdz0t3+r0 vwmoIzt+SdKhEaGV6NE+50SVrVrVyMEc8EAUa5yVjHJkbHyGMuDBVIp4wlj7IYBd V4wd0xGRCbXZZE28BkZxRrZBB6sOiDXSPeskuDUVSO9MxN0MzCBpPz1GI1PrC0i0 ToWC3IiQR12lYfYsn8nWhRf6KJ1uulcMEnC7BqhA5SVK+d1ovkybA/u90a/Rpj5/ 4OQIkNw+Ldp3MDBd0PHqELXXAyNgjdfPR6zDwNLXSu+1PPVUvSIKB2Tv3AWzTZVT 4AagdzskHrlBBXMLxwUnTH1qxn1yYTO6HR2pSBFOAJkPWslGUUyAL3/4JAVfPRdg vY5mCAFGmPqAp56C5Iy2Y8iMkfwJuSJnvFpNlKdpbyVfbRHWaY5Org1jlAoiEmLH Nlm+kXrEtzAc7bQOQq02SkijVTzrVTq+sLP/v94FwtSTTT7ghoWxWQ25DyijDw/z +quhQJzRsuS2rC2b6fj8Ef3z89+XLQYbxeQhxsRpTKspxoh/cbe8AiuLjh3Gm2g/ 95quW8xR2swyL25yC3hZ0NGbiCW/nhBhADnO28SYziyay7jzDsA= =cAfp -----END PGP SIGNATURE----- --=-d04L31o33fSsEC3P957B--