tags 990283 - moreinfo fixed 990283 openvpn/2.5.1-2~bpo10+1 severity 990283 important thanks
Hello Daniel, thanks for your answer. since the 2.4.9-3 release, the restart on an update of openvpn was disabled due to bug #959464. This change is present in Debian stable in the current backport 2.5.1-2~bpo10+1. A new point release is therefore IMHO not necessary. I will still consult with the maintainer about this, though. CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key : 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Wire: @joergfringsfuerst Skype: joergpenguin Ring: jff Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home. Am Dienstag, dem 03.08.2021 um 18:23 -0400 schrieb Daniel Gnoutcheff: > Hello Jörg, thanks for the reply. > > > Was the computer rebooted after the update? > > It was not. Rebooting fixes the issue, as does manually kill(1)ing > the > errant openvpn instances and restarting the systemd unit(s). > > Sorry, "Upgrades break systemd supervision" was perhaps not the best > summary. It's more like "Upgrades restart openvpn outside of > systemd". > > > I have checked your bug report on every server I have access to. > > > > Likewise, I have checked the problem in multiple VMs. The error was > > not > > reproducible there either. > > This worked for me on a fresh amd64 buster VM: > > echo "deb > http://snapshot.debian.org/archive/debian/20210601T022916Z/ buster > main" >/etc/apt/sources.list.d/snapshot.list > apt update > apt install openvpn=2.4.7-1 ssl-cert > > # placeholder config > zcat /usr/share/doc/openvpn/examples/sample-config- > files/server.conf.gz >/etc/openvpn/server.conf > ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/openvpn/server.crt > ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/openvpn/ca.crt > ln -s /etc/ssl/private/ssl-cert-snakeoil.key > /etc/openvpn/server.key > openssl dhparam -out /etc/openvpn/dh2048.pem 2048 > openvpn --genkey --secret /etc/openvpn/ta.key > > systemctl start openvpn@server > > apt install unattended-upgrades > systemctl start apt-daily-upgrade > systemctl status > # Observe: openvpn process is now in apt-daily-upgrade.service > systemctl start apt-daily-upgrade # (a second time) > # systemd now warns about the lingering process > > Alternatively, replace 'apt install unattended-upgrades' and > everything > thereafter with: > > apt upgrade > systemctl status > > Which should show the openvpn daemon lingering in whatever scope unit > contains your shell. > > Or, simpler still: > > invoke-rc.d openvpn cond-restart > > which is invoked by openvpn's postinst and has much the same effect. > > > Can you please provide the complete update logs? > > Attached are extracts of of `journalctl --output=with-unit` and > /var/log/unattended-upgrades/unattended-upgrades-dpkg.log after > having > done the above. HTH! > > Thanks,
signature.asc
Description: This is a digitally signed message part