From: Frank Brehm Date: Wed, 19 Jun 2019 20:35:45 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=ff8aa4f613450b4e1c06f43e3b3548b5d4e1de30;p=config%2Fsarah%2Fetc.git committing changes in /etc after apt run Package changes: +libintl-perl 1.26-2 all +libintl-xs-perl 1.26-2+b1 amd64 +libmodule-find-perl 0.13-1 all +libmodule-scandeps-perl 1.23-1 all +libproc-processtable-perl 0.53-2 amd64 +libsort-naturally-perl 1.03-1 all +needrestart 2.11-3+deb9u1 all --- diff --git a/.etckeeper b/.etckeeper index ee41b4b..c0f4c9d 100755 --- a/.etckeeper +++ b/.etckeeper @@ -13,7 +13,6 @@ mkdir -p './clamav/virusevent.d' mkdir -p './console' mkdir -p './dbus-1/session.d' mkdir -p './dovecot/private' -mkdir -p './dpkg/dpkg.cfg.d' mkdir -p './fail2ban/fail2ban.d' mkdir -p './initramfs-tools/conf.d' mkdir -p './initramfs-tools/hooks' @@ -136,6 +135,7 @@ maybe chmod 0644 'apt/apt.conf.d/05etckeeper' maybe chmod 0644 'apt/apt.conf.d/20listchanges' maybe chmod 0644 'apt/apt.conf.d/70debconf' maybe chmod 0644 'apt/apt.conf.d/99force-ipv4' +maybe chmod 0644 'apt/apt.conf.d/99needrestart' maybe chmod 0644 'apt/foreign-packages.txt.2017-07-19.00' maybe chmod 0644 'apt/listchanges.conf' maybe chmod 0755 'apt/preferences.d' @@ -417,6 +417,7 @@ maybe chmod 0700 'dovecot/private' maybe chmod 0755 'dpkg' maybe chmod 0644 'dpkg/dpkg.cfg' maybe chmod 0755 'dpkg/dpkg.cfg.d' +maybe chmod 0644 'dpkg/dpkg.cfg.d/needrestart' maybe chmod 0755 'dpkg/origins' maybe chmod 0644 'dpkg/origins/debian' maybe chmod 0644 'dpkg/shlibs.default' @@ -1058,6 +1059,25 @@ maybe chmod 0644 'nagios-plugins/config/telnet.cfg' maybe chmod 0644 'nagios-plugins/config/users.cfg' maybe chmod 0644 'nail.rc' maybe chmod 0644 'nanorc' +maybe chmod 0755 'needrestart' +maybe chmod 0755 'needrestart/conf.d' +maybe chmod 0644 'needrestart/conf.d/README.needrestart' +maybe chmod 0755 'needrestart/hook.d' +maybe chmod 0755 'needrestart/hook.d/10-dpkg' +maybe chmod 0755 'needrestart/hook.d/20-rpm' +maybe chmod 0755 'needrestart/hook.d/90-none' +maybe chmod 0644 'needrestart/needrestart.conf' +maybe chmod 0644 'needrestart/notify.conf' +maybe chmod 0755 'needrestart/notify.d' +maybe chmod 0755 'needrestart/notify.d/200-write' +maybe chmod 0755 'needrestart/notify.d/400-notify-send' +maybe chmod 0755 'needrestart/notify.d/600-mail' +maybe chmod 0644 'needrestart/notify.d/README.needrestart' +maybe chmod 0755 'needrestart/restart.d' +maybe chmod 0644 'needrestart/restart.d/README.needrestart' +maybe chmod 0755 'needrestart/restart.d/dbus.service' +maybe chmod 0755 'needrestart/restart.d/systemd-manager' +maybe chmod 0755 'needrestart/restart.d/sysv-init' maybe chmod 0755 'network' maybe chmod 0755 'network/if-down.d' maybe chmod 0755 'network/if-down.d/bind9' diff --git a/apt/apt.conf.d/99needrestart b/apt/apt.conf.d/99needrestart new file mode 100644 index 0000000..1c6639c --- /dev/null +++ b/apt/apt.conf.d/99needrestart @@ -0,0 +1,8 @@ +# needrestart - Restart daemons after library updates. +# +# Call needrestart after package upgrades/installations and check +# for pending service restarts. Should only be triggered if there +# was no error during installation. +# + +DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke || true"; }; diff --git a/dpkg/dpkg.cfg.d/needrestart b/dpkg/dpkg.cfg.d/needrestart new file mode 100644 index 0000000..2477d13 --- /dev/null +++ b/dpkg/dpkg.cfg.d/needrestart @@ -0,0 +1,7 @@ +# needrestart - Restart daemons after library updates. +# +# Scan for (successfully) installed packages, +# triggers needrestart in apt's Dpkg::Post-Invoke +# hook. + +status-logger=(test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null) diff --git a/needrestart/conf.d/README.needrestart b/needrestart/conf.d/README.needrestart new file mode 100644 index 0000000..5a1649c --- /dev/null +++ b/needrestart/conf.d/README.needrestart @@ -0,0 +1,5 @@ +Files ending with .conf and located in the /etc/needrestart/conf.d +directory are parsed by needrestart's default configuration file. + +Files are parsed in order (using Perl's sort sub) and override or +modify any previously set config option. diff --git a/needrestart/hook.d/10-dpkg b/needrestart/hook.d/10-dpkg new file mode 100755 index 0000000..6a7c9b4 --- /dev/null +++ b/needrestart/hook.d/10-dpkg @@ -0,0 +1,86 @@ +#!/usr/bin/perl + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this package; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# + +# This DPKG hook tries to find the run-level scripts of the package's binary +# which has old libraries in use. Some logic is taken from the checkrestart +# (part of the debian-goodies package) package by Matt Zimmerman , +# Javier Fernandez-Sanguino et. al. + +use Getopt::Std; + +use strict; +use warnings; + +system("type dpkg-query 1> /dev/null 2> /dev/null"); +exit 0 if ($? != -1 && $? >> 8); + +our $opt_v; +getopts('v'); + +sub fork_pipe(@) { + my $pid = open(HPIPE, '-|'); + defined($pid) || die "Can't fork: $!\n"; + + if($pid == 0) { + close(STDIN); + close(STDERR) unless($opt_v); + + exec(@_); + exit; + } + + \*HPIPE +} + +my $FN = shift || die "Usage: $0 \n"; +my $psearch = fork_pipe(qw(dpkg-query --search), $FN); + +my @pkgs; +while(<$psearch>) { + chomp; + + next if(/^local diversion/); + next unless(/:/); + + next unless(/([^:]+): $FN$/); + + push(@pkgs, $1); +} +close($psearch); + +exit(0) unless($#pkgs > -1); + +foreach my $pkg (@pkgs) { + print "PACKAGE|$pkg\n"; + + my $plist = fork_pipe(qw(dpkg-query --listfiles), $pkg); + while(<$plist>) { + print "RC|$1\n" if(m@^/etc/init.d/(.+)$@); + } + close($plist); +} + +exit(1); diff --git a/needrestart/hook.d/20-rpm b/needrestart/hook.d/20-rpm new file mode 100755 index 0000000..d183f5a --- /dev/null +++ b/needrestart/hook.d/20-rpm @@ -0,0 +1,81 @@ +#!/usr/bin/perl + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this package; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# + +# This RPM hook tries to find the run-level scripts of the package's binary +# which has old libraries in use. + +use Getopt::Std; + +use strict; +use warnings; + +system("type rpmquery 1> /dev/null 2> /dev/null"); +exit 0 if ($? != -1 && $? >> 8); + +our $opt_v; +getopts('c:v'); + +sub fork_pipe(@) { + my $pid = open(HPIPE, '-|'); + defined($pid) || die "Can't fork: $!\n"; + + if($pid == 0) { + close(STDIN); + close(STDERR) unless($opt_v); + + exec(@_); + exit; + } + + \*HPIPE +} + +my $FN = shift || die "Usage: $0 \n"; +my $psearch = fork_pipe(qw(rpmquery --file), $FN); + +my @pkgs; +while(<$psearch>) { + chomp; + + next if(/^file .+ is not owned by any package/); + + push(@pkgs, $_); +} +close($psearch); + +exit(0) unless($#pkgs > -1); + +foreach my $pkg (@pkgs) { + print "PACKAGE|$pkg\n"; + + my $plist = fork_pipe(qw(rpmquery --filesbypkg), $pkg); + while(<$plist>) { + print "RC|$2\n" if(m@^\S+\s+/etc(/rc\.d)?/init\.d/(.+)$@); + } + close($plist); +} + +exit(1); diff --git a/needrestart/hook.d/90-none b/needrestart/hook.d/90-none new file mode 100755 index 0000000..a0c3ea2 --- /dev/null +++ b/needrestart/hook.d/90-none @@ -0,0 +1,63 @@ +#!/usr/bin/perl + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this package; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# + +# This fallback hook tries the guess the rc script name from the binary name. +# It might work with programs which are not installed via an (supported) +# package manager like dpkg or rpm. + +use Getopt::Std; + +use strict; +use warnings; + +our $opt_v; +getopts('c:v'); + +sub check_rc($) { + my $bn = shift; + my $rc = "/etc/init.d/$bn"; + + return ($bn) if(-x $rc); + + return (); +} + +my $FN = shift || die "Usage: $0 \n"; + +$FN =~ m@/(([^/]+)d?)$@; + +my @rc; +push(@rc, check_rc($1)); +push(@rc, check_rc($2)) if($1 ne $2); + +exit(0) unless($#rc > -1); + +foreach my $rc (@rc) { + print "PACKAGE|$rc\n"; + print "RC|$rc\n"; +} + +exit(1); diff --git a/needrestart/needrestart.conf b/needrestart/needrestart.conf new file mode 100644 index 0000000..bcafa12 --- /dev/null +++ b/needrestart/needrestart.conf @@ -0,0 +1,201 @@ + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# This is the configuration file of needrestart. This is perl syntax. +# needrstart uses reasonable default values, you might not need to +# change anything. + +# Verbosity: +# 0 => quiet +# 1 => normal (default) +# 2 => verbose +#$nrconf{verbosity} = 2; + +# Path of the package manager hook scripts. +#$nrconf{hook_d} = '/etc/needrestart/hook.d'; + +# Path of user notification scripts. +#$nrconf{notify_d} = '/etc/needrestart/notify.d'; + +# Path of restart scripts. +#$nrconf{restart_d} = '/etc/needrestart/restart.d'; + +# Disable sending notifications to user sessions running obsolete binaries +# using scripts from $nrconf{notify_d}. +#$nrconf{sendnotify} = 0; + +# If needrestart detects systemd it assumes that you use systemd's pam module. +# This allows needrestart to easily detect user session. In case you use +# systemd *without* pam_systemd.so you should set has_pam_systemd to false +# to enable legacy session detection! +#$nrconf{has_pam_systemd} = 0; + +# Restart services (l)ist only, (i)nteractive or (a)utomatically. +#$nrconf{restart} = 'i'; + +# Use preferred UI package. +#$nrconf{ui} = 'NeedRestart::UI::stdio'; + +# Change default answer to 'no' in (i)nteractive mode. +#$nrconf{defno} = 1; + +# Set UI mode to (e)asy or (a)dvanced. +#$nrconf{ui_mode} = 'e'; + +# Print a combined `systemctl restart` command line for skipped services. +#$nrconf{systemctl_combine} = 1; + +# Blacklist binaries (list of regex). +$nrconf{blacklist} = [ + # ignore sudo (not a daemon) + qr(^/usr/bin/sudo(\.dpkg-new)?$), + + # ignore DHCP clients + qr(^/sbin/(dhclient|dhcpcd5|pump|udhcpc)(\.dpkg-new)?$), + + # ignore apt-get (Debian Bug#784237) + qr(^/usr/bin/apt-get(\.dpkg-new)?$), +]; + +# Blacklist services (list of regex) - USE WITH CARE. +# You should prefere to put services to $nrconf{override_rc} instead. +# Any service listed in $nrconf{blacklist_rc} we be ignored completely! +#$nrconf{blacklist_rc} = [ +#]; + +# Override service default selection (hash of regex). +$nrconf{override_rc} = { + # DBus + qr(^dbus) => 0, + + # display managers + qr(^gdm) => 0, + qr(^kdm) => 0, + qr(^nodm) => 0, + qr(^sddm) => 0, + qr(^wdm) => 0, + qr(^xdm) => 0, + qr(^lightdm) => 0, + qr(^slim) => 0, + qr(^lxdm) => 0, + + # networking stuff + qr(^network-manager) => 0, + qr(^NetworkManager) => 0, + qr(^wpa_supplicant) => 0, + qr(^openvpn) => 0, + qr(^quagga) => 0, + qr(^tinc) => 0, + + # gettys + qr(^getty@.+\.service) => 0, + + # systemd --user + qr(^user@\d+\.service) => 0, + + # misc + qr(^zfs-fuse) => 0, + qr(^mythtv-backend) => 0, + qr(^xendomains) => 0, + qr(^lxcfs) => 0, + + # workaround for broken systemd-journald + # (see also Debian Bug#771122 & #771254) + qr(^systemd-journald) => 0, + + # more systemd stuff + # (see also Debian Bug#784238 & #784437) + qr(^emergency\.service$) => 0, + qr(^rescue\.service$) => 0, + + # Do not restart oneshot service apt-daily, unattended-upgrades.service + # and apt-daily-upgrade.service,see #862840 + qr(^apt-daily\.service$) => 0, + qr(^apt-daily-upgrade\.service$) => 0, + qr(^unattended-upgrades\.service$) => 0, + + # Ignore rc-local.service, see #852864 + qr(^rc-local\.service$) => 0, + + # don't restart systemd-logind, see #798097 + qr(^systemd-logind) => 0, +}; + +# Override container default selection (hash of regex). +$nrconf{override_cont} = { +}; + +# Disable interpreter scanners. +#$nrconf{interpscan} = 0; + +# Ignore script files matching these regexs: +$nrconf{blacklist_interp} = [ + # ignore temporary files + qr(^/tmp/), + qr(^/var/), + qr(^/run/), + +]; + +# Ignore +x mapped files matching one of these regexs: +$nrconf{blacklist_mappings} = [ + # special device paths + qr(^/(SYSV00000000$|drm$|dev/)), + + # aio(7) mapping + qr(^/\[aio\]), + + # Oil Runtime Compiler's JIT files + qr#/orcexec\.[\w\d]+( \(deleted\))?$#, +]; + +# Verify mapped files in fileystem: +# 0 : enabled (default) +# -1: ignore non-existing files, workaround for broken grsecurity kernels +# 1 : disable check completely, rely on content of maps file only +$nrconf{skip_mapfiles} = (-d '/proc/sys/kernel/grsecurity' ? -1 : 0); + +# Enable/disable hints on pending kernel upgrades: +# 1: requires the user to acknowledge pending kernels +# 0: disable kernel checks completely +# -1: print kernel hints to stderr only +#$nrconf{kernelhints} = -1; + +# Nagios Plugin: configure return code use by nagios +# as service status[1]. +# +# [1] https://nagios-plugins.org/doc/guidelines.html#AEN78 +# +# Default: +# 'nagios-status' => { +# 'sessions' => 1, +# 'services' => 2, +# 'kernel' => 2, +# 'containers' => 1 +# }, +# +# Example: to ignore outdated sessions (status OK) +# $nrconf{'nagios-status'}->{sessions} = 0; + + +# Read additional config snippets. +if(-d q(/etc/needrestart/conf.d)) { + foreach my $fn (sort ) { + print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbose}); + eval do { local(@ARGV, $/) = $fn; <>}; + die "Error parsing $fn: $@" if($@); + } +} diff --git a/needrestart/notify.conf b/needrestart/notify.conf new file mode 100644 index 0000000..6f31369 --- /dev/null +++ b/needrestart/notify.conf @@ -0,0 +1,32 @@ +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# Configure notification globals (shell syntax) + +# Disable write to tty (notify.d/200-write) +#NR_NOTIFYD_DISABLE_WRITE='1' + +# Disable needrestart-session (notify.d/300-needrestart-session) +#NR_NOTIFYD_DISABLE_NEEDRESTART_SESSION='1' + +# Disable libnotify (notify.d/400-notify-send) +#NR_NOTIFYD_DISABLE_NOTIFY_SEND='1' + +# Disable mail to user (notify.d/600-mail) +NR_NOTIFYD_DISABLE_MAIL='1' + + +# Where to find the shell function library from gettext-base +#GETTEXTLIB='/usr/bin/gettext.sh' diff --git a/needrestart/notify.d/200-write b/needrestart/notify.d/200-write new file mode 100755 index 0000000..8f9b769 --- /dev/null +++ b/needrestart/notify.d/200-write @@ -0,0 +1,44 @@ +#!/bin/sh + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# Use write to notify users on TTYs. + +. /usr/lib/needrestart/notify.d.sh + +if [ "$NR_NOTIFYD_DISABLE_WRITE" = '1' ]; then + echo "[$0] disabled in global config" 1>&2 + exit 1 +fi + +case "$NR_SESSION" in + /dev/tty*|/dev/pts*) + echo "[$0] notify user $NR_USERNAME on $NR_SESSION" 1>&2 + { + echo + gettext 'Your session is running obsolete binaries or libraries as listed below. +Please consider a relogin or restart of the affected processes!' + echo + echo + cat -n + echo + } | write "$NR_USERNAME" "$NR_SESSION" 2> /dev/null + ;; + *) + echo "[$0] skip session w/o tty" 1>&2 + exit 1 + ;; +esac diff --git a/needrestart/notify.d/400-notify-send b/needrestart/notify.d/400-notify-send new file mode 100755 index 0000000..d0cdc25 --- /dev/null +++ b/needrestart/notify.d/400-notify-send @@ -0,0 +1,54 @@ +#!/bin/sh + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# Use notify-send (from libnotify-bin) to notify a user session via dbus. + +NSEND='/usr/bin/notify-send' +test -x "$NSEND" || exit 1 + +. /usr/lib/needrestart/notify.d.sh + +if [ "$NR_NOTIFYD_DISABLE_NOTIFY_SEND" = '1' ]; then + echo "[$0] disabled in global config" 1>&2 + exit 1 +fi + +case "$NR_SESSION" in + session*) + # cleanup environment + unset DBUS_SESSION_BUS_ADDRESS + export DISPLAY=$(sed -z -n s/^DISPLAY=//p "/proc/$NR_SESSPPID/environ") + export XAUTHORITY=$(sed -z -n s/^XAUTHORITY=//p "/proc/$NR_SESSPPID/environ") + + if [ -z "$DISPLAY" ]; then + echo "[$0] could not find DISPLAY for $NR_USERNAME on $NR_SESSION" 1>&2 + exit 1 + fi + + echo "[$0] notify user $NR_USERNAME on $DISPLAY" 1>&2 + + MSGTITLE=$(gettext 'Relogin or restarts required!') + MSGBODY=$(gettext 'Your session is running obsolete binaries or libraries as listed below. +Please consider a relogin or restart of the affected processes!')'\n'$(cat) + + su -p -s /bin/sh -c "$NSEND -u critical -i dialog-warning \"$MSGTITLE\" \"$MSGBODY\"" "$NR_USERNAME" + ;; + *) + echo "[$0] skip session '$NR_SESSION'" 1>&2 + exit 1; + ;; +esac diff --git a/needrestart/notify.d/600-mail b/needrestart/notify.d/600-mail new file mode 100755 index 0000000..c8476f9 --- /dev/null +++ b/needrestart/notify.d/600-mail @@ -0,0 +1,48 @@ +#!/bin/sh + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# Use /usr/bin/mail to notify a user via e-mail. + +MAILX='/usr/bin/mail' +test -x "$MAILX" || exit 1 + +. /usr/lib/needrestart/notify.d.sh + +if [ "$NR_NOTIFYD_DISABLE_MAIL" = '1' ]; then + echo "[$0] disabled in global config" 1>&2 + exit 1 +fi + +# Skip system users +NR_USERID=`id -u "$NR_USERNAME"` +if [ "0$NR_USERID" -gt 0 -a "0$NR_USERID" -lt 1000 ]; then + echo "[$0] do not notify system-user $NR_USERNAME via mail" 1>&2 + exit 1 +fi + +echo "[$0] notify user $NR_USERNAME on $NR_SESSION via mail" 1>&2 + +{ + _NR_FQDN=$(hostname -f) + eval_gettext 'Your session on host $_NR_FQDN ($NR_SESSION) is running obsolete binaries or libraries as listed below.' + echo + echo + gettext "Please consider a relogin or restart of the affected processes!" + echo + echo + cat +} | fold -s -w 72 | "$MAILX" -s "Relogin or restarts on host $(hostname) required!" "$NR_USERNAME" diff --git a/needrestart/notify.d/README.needrestart b/needrestart/notify.d/README.needrestart new file mode 100644 index 0000000..aa06bf4 --- /dev/null +++ b/needrestart/notify.d/README.needrestart @@ -0,0 +1,28 @@ +Files located in /etc/needrestart/notify.d are used to notify running +user sessions about usage of outdated libraries. + +needrestart runs any executable file (except *~, *.dpkg-*, *.ex) naturally +sorted by the filename for each notification. If the result code is 0 than +needrestart will stop to run the remaining notification binaries. + + +The following environment variables are set: + +- NR_SESSION + Session identifier (tty device node or systemd's session name). +- NR_SESSPPID + The first pid in the session detected by needrestart. +- NR_UID + User ID of the session owner. +- NR_USERNAME + Username of the session owner. + + +The following file descriptors are used: + +- /dev/stdin + The list of obsolete processes. +- /dev/stdout + Closed. +- /dev/stderr + Available in verbose mode (-v). diff --git a/needrestart/restart.d/README.needrestart b/needrestart/restart.d/README.needrestart new file mode 100644 index 0000000..2c80b7e --- /dev/null +++ b/needrestart/restart.d/README.needrestart @@ -0,0 +1,12 @@ +Files located in /etc/needrestart/restart.d are used for services +requiring a special procedure for restarting instead of +systemctl/service command. + +Needrestart uses executable files matching the complete service +names. If the host uses systemd the service names have '.service' as a +suffix (dbus vs. dbus.service). Needrestart uses the systemctl/service +command if no executable file is available to override the default +behavior. + +The environment variable NR_VERBOSE will be set to '1' if the +executable should be verbose. diff --git a/needrestart/restart.d/dbus.service b/needrestart/restart.d/dbus.service new file mode 100755 index 0000000..de98cf7 --- /dev/null +++ b/needrestart/restart.d/dbus.service @@ -0,0 +1,55 @@ +#!/bin/sh + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# Restart dbus and affiliated services under systemd using a procedure +# suggested by @Vladimir-csp in github issue #44. + +# enable xtrace if we should be verbose +if [ "$NR_VERBOSE" = '1' ]; then + set -x +fi + +# check if there is a Display Manager running +STATE_DM=$(systemctl show display-manager --property=ActiveState) + +# prepare well-known list of services requiring restart after restarting D-Bus +RESTART_CHK="NetworkManager.service" +RESTART_SVC="systemd-logind.service systemd-journald.service" +for svc in $RESTART_CHK; do + if [ "$(systemctl show $svc --property=ActiveState)" = 'ActiveState=active' ]; then + RESTART_ADD="$RESTART_ADD $svc" + fi +done + +# stop Display Manager if running +if [ "$STATE_DM" = 'ActiveState=active' ]; then + systemctl stop display-manager.service +fi + +# restard D-Bus +systemctl restart dbus.service + +# reexec systemd +systemctl daemon-reexec + +# restart daemons that directly depend on D-Bus +systemctl restart $RESTART_SVC + +# start Display Manager again +if [ "$STATE_DM" = 'ActiveState=active' ]; then + systemctl start display-manager.service +fi diff --git a/needrestart/restart.d/systemd-manager b/needrestart/restart.d/systemd-manager new file mode 100755 index 0000000..50e7d34 --- /dev/null +++ b/needrestart/restart.d/systemd-manager @@ -0,0 +1,23 @@ +#!/bin/sh + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# enable xtrace if we should be verbose +if [ "$NR_VERBOSE" = '1' ]; then + set -x +fi + +exec systemctl daemon-reexec diff --git a/needrestart/restart.d/sysv-init b/needrestart/restart.d/sysv-init new file mode 100755 index 0000000..4839766 --- /dev/null +++ b/needrestart/restart.d/sysv-init @@ -0,0 +1,23 @@ +#!/bin/sh + +# needrestart - Restart daemons after library updates. +# +# Authors: +# Thomas Liske +# +# Copyright Holder: +# 2013 - 2017 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] +# +# License: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# + +# enable xtrace if we should be verbose +if [ "$NR_VERBOSE" = '1' ]; then + set -x +fi + +exec telinit u