[Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
Thomas Bushnell, BSG
244250 at bugs.launchpad.net
Wed Oct 5 01:13:59 UTC 2011
On Wed, Oct 5, 2011 at 12:54 AM, Marc Deslauriers <
marc.deslauriers at canonical.com> wrote:
> Right now, the best way we have of determining if we're a server or a
> desktop is to check if X is running. It's not ideal, and suggestions are
> welcome.
>
I think my question is suggesting that there really isn't a principled
distinction between "desktop" and "server" for things like this.
> We need a way for sysadmins to get notifications that some of the major
> automatic updates they are installing, such as openssl and the kernel,
> require services and/or the system to get restarted after a security
> update. The mechanism we have now is the reboot notification tool.
>
It's the right tool, but the correct approach is the standard one: Debian
packages should do in-place upgrades, except the kernel. With libc much work
was spent figuring out what to restart and how, and it works. openssl should
do the same thing.
> I agree that a lot of libraries can have security issues also, and in
> fact, most of the server packages will gracefully restart when they get
> security updates. For openssl, and a few other select libraries, things
> are different. Security issues in openssl usually are of importance for
> network servers, and automatically restarting all the running daemons
> isn't an option, especially since the server could be running software
> that wasn't installed from packages in the archive. In this case, the
> reboot notification indicates to the sysadmin that manual intervention
> is needed. If the sysadmin decides that nothing on his server is
> affected, he can simply remove the reboot notification file. Yes, this
> solution is far from perfect, but the alternative is to disable
> notifications completely, which is not a viable option.
Not running X doesn't mean that someone is running ssl servers, right? Why
not look for ssl servers, specifically, and only if there are ssl servers
running, call for the reboot?
Thomas
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/244250
Title:
Spurious reboot notifications caused by libssl upgrades.
Status in “openssl” package in Ubuntu:
Fix Released
Bug description:
The postinst script for libssl0.9.8 currently has a bug where it sends
a reboot notifcation whenever libssl is configured. So reconfiguring
libssl0.9.8 or even just installing libssl0.9.8 will result in a
reboot notification. Sending of the reboot notification should
definitely be moved inside the upgrading guard. The correct fix is
likely to move it inside a version comparison guard for particular
important updates like Colin suggests below -- this is what every
other standard package using notify-reboot-required does.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions
More information about the foundations-bugs
mailing list