RE: apt-get upgrade no service restart
Bonno Bloksma wrote: [...] > But that is funy because the checkrestart command that I issued right after > found several services that needed restarting. But maybe they did not need a > restart just for hartbleed? Correct. The checking of services was done as an exception due to the severity of the Heartbleed vulnerability. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/liqqdb$n68$1...@ger.gmane.org
RE: apt-get upgrade no service restart
Hi Rafael, >> How is it possible that one system will not see the update until last >> night when I have been running the update cycle each night and all my >> systems use the same uplink? > > >From the log: > >> Preparing to replace libssl1.0.0:amd64 1.0.1e-2+deb7u6 (using >> .../libssl1.0.0_1.0.1e-2+deb7u7_amd64.deb) > > You were upgrading to the version that I just released last night - perhaps > the other machines ran apt-get update before it was released so they didn't > see it. Aha, I assumed this was the same ssl upgrade I had seen on my other systems last week. I now see this is the upgrade from deb7u6 to deb7u7. >> - >> Why did the apt-get update NOT restart the services? How can I find out? > > Services are never automatically restarted due to library updates, you need > to do that by hand. Some times, restarting services might be proposed. Ok, I assumes the restarts were allways done as last week several ssl upgrades did service restarts for me. > The message in the log is just libssl1.0.0 checking for services that might > need to be restarted to get the Heartbleed bugfix applied. Had it found any, > it would have proposed you to restart them. But that is funy because the checkrestart command that I issued right after found several services that needed restarting. But maybe they did not need a restart just for hartbleed? Bonno Bloksma -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/89d1798a7351d040b4e74e0a043c69d786190...@hglexch-01.tio.nl
Re: apt-get upgrade no service restart
Hi, Bonno Bloksma wrote: [...] > How is it possible that one system will not see the update until last night > when I have been running the update cycle each night and all my systems use > the same uplink? >From the log: > Preparing to replace libssl1.0.0:amd64 1.0.1e-2+deb7u6 (using > .../libssl1.0.0_1.0.1e-2+deb7u7_amd64.deb) You were upgrading to the version that I just released last night - perhaps the other machines ran apt-get update before it was released so they didn't see it. > - > Why did the apt-get update NOT restart the services? How can I find out? Services are never automatically restarted due to library updates, you need to do that by hand. Some times, restarting services might be proposed. The message in the log is just libssl1.0.0 checking for services that might need to be restarted to get the Heartbleed bugfix applied. Had it found any, it would have proposed you to restart them. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/liqmof$853$1...@ger.gmane.org
apt-get upgrade no service restart
Hi, I manage several Debian systems and have a script in place that does a apt-get update and apt-get upgrade --dry-run each night and sends me a mail if it shows any package to be installed / upgraded. Of course on all my systems (some Squeeze, most Wheezy) it showed the updates for openssl last week and I patches those systems. For some reason it seems one system never got the libssl / openssl update listed until last night. This morning I got an email that it needed that update. First question: - How is it possible that one system will not see the update until last night when I have been running the update cycle each night and all my systems use the same uplink? To make sure I install the latest updates I use a tiny script that does another apt-get update before it does apt-get upgrade. Ok, so I logged in to the system and fired up my update script. It installed the update but. to my surprise it did NOT restart the services that use libssl / openssl. :-( See quoted text at the bottom. Checkrestrat showed me the services that needed to be restarted and I did that by hand but... Second question: - Why did the apt-get update NOT restart the services? How can I find out? This system is a Wheezy system that started life as a Squeeze installation in case that may be relevant. However, I have more of those and they did not show this behavior. -=-=-=-=-=--=-=-=-=-=-=-=-=- # apt-get upgrade The following packages will be upgraded: libssl1.0.0 openssl 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 1,954 kB of archives. After this operation, 110 kB disk space will be freed. Do you want to continue [Y/n]? Get:1 http://security.debian.org/ wheezy/updates/main libssl1.0.0 amd64 1.0.1e-2+deb7u7 [1,255 kB] Get:2 http://security.debian.org/ wheezy/updates/main openssl amd64 1.0.1e-2+deb7u7 [699 kB] Fetched 1,954 kB in 42s (45.8 kB/s) Reading changelogs... Done Preconfiguring packages ... (Reading database ... 32528 files and directories currently installed.) Preparing to replace libssl1.0.0:amd64 1.0.1e-2+deb7u6 (using .../libssl1.0.0_1.0.1e-2+deb7u7_amd64.deb) ... Unpacking replacement libssl1.0.0:amd64 ... Preparing to replace openssl 1.0.1e-2+deb7u6 (using .../openssl_1.0.1e-2+deb7u7_amd64.deb) ... Unpacking replacement openssl ... Processing triggers for man-db ... Setting up libssl1.0.0:amd64 (1.0.1e-2+deb7u7) ... Checking for services that may need to be restarted...done. Checking init scripts... Setting up openssl (1.0.1e-2+deb7u7) ... linutr:~# checkrestart Found 6 processes using old versions of upgraded files (5 distinct programs) (5 distinct packages) Of these, 5 seem to contain init scripts which can be used to restart them: The following packages seem to have init scripts that could be used to restart them: openssh-server: 2824/usr/sbin/sshd 7369/usr/sbin/sshd snmpd: 15337 /usr/sbin/snmpd ntp: 7452/usr/sbin/ntpd openvpn: 7321/usr/sbin/openvpn nagios-nrpe-server: 7522/usr/sbin/nrpe These are the init scripts: service ssh restart service snmpd restart service ntp restart service openvpn restart service nagios-nrpe-server restart -=-=-=-=-=--=-=-=-=-=-=-=-=- With kind regards, Bonno Bloksma tio university of applied sciences julianalaan 9 / 7553 ab hengelo / the netherlands -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/89d1798a7351d040b4e74e0a043c69d786190...@hglexch-01.tio.nl