On Wed, Jul 27, 2016 at 6:58 PM, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote: > On Wed, Jul 27, 2016 at 11:39 AM, Ruben Kerkhof <ruben@xxxxxxxxxxxxxxxx> wrote: >> On Wed, Jul 27, 2016 at 2:16 PM, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote: >>> Why would you want this to be something packaged? We have 'reboot >>> recommended' in our bodhi update metadata, and that seems like a much >>> better place for it. >> >> My guess is that 'reboot recommended' is true for each kernel update. > > Yes, of course. But it isn't required. You're right of course, we can't require anything from our users, only recommend they do something. > >> What I'd like to know is if the system is booted into the latest >> kernel, and I need that >> information in an easy to consume way. > > That's entirely separate from 'reboot recommended' or > 'reboot-required'. There are many cases where a kernel update is > pushed out but you might not have any reason to actually boot into it. > I quite frequently skip non-security kernel updates if nothing else is > actually wrong. We fix bugs in a large number of places, and not all > of those places are things your machine might care about. My understanding of /var/run/reboot-required in Debian is simply of being an indicator that there's a different kernel installed from the current one, and that you need to reboot for it to have effect. You're still free to not look at this file and skip kernel updates of course. I'm assuming (perhaps wrongly) that a majority of users just run the latest and greatest. > >> Unless I misunderstand what you're proposing, in that case, can you >> please elaborate? > > I can try. > > If all you want to know is whether the most recently installed kernel > is running, then you can do that via a script that compares uname to > the output of an RPM query on the kernel package. That's fairly > trivial to do. I have something mostly working (http://paste.fedoraproject.org/396520/69643975/ for those interested) > (I explicitly say 'most recently installed' because the kernel is odd > in that multiple kernels are installed and the most recently installed > kernel may actually not be the _newest_ kernel.) I hadn't thought of that, thanks. > > However, if you are looking to know whether something (kernel or > otherwise) recommends rebooting, then you would want to look at the > update metadata. Grub, openssl, glibc, etc can all recommend > rebooting for a variety of reasons. > >>> Otherwise, you run into cases where multiple >>> packages want to write/own the file, etc. >> >> Hence my proposal for a reboot-required package which is the owner and >> writes the file. > > Sure, but that is a lot of hassle that seems unnecessary. Also, > because recommend vs. required are different, I would not be willing > to e.g. modify the kernel package to Require: reboot-required. It > simply isn't an accurate reflection of every possibility. Nor would I > be willing to add it in cases where it is required but remove it other > times. That's a lot of spec file munging and it would get annoying. If the reboot-required package just drops a script in /etc/kernel/postinst.d, the kernel package doesn't need to Require: anything, or am I missing something? > >>> Also, I think "recommended" is really the appropriate terminology >>> here. There is very little that _requires_ a reboot to be done after >>> it is installed. >> >> It's that little part I care very much about ;) > > For what purpose though? Do you care because you want to make sure > your software is running with all security fixes? Do you care because > you want to simply be running the latest and greatest at all times? Primarily security fixes. > > Checking the update metadata could probably be done in dnf itself if > it isn't already. I believe Software already looks at this flag if > you are using that to apply your updates. If you simply want to > always be running the latest, then 'dnf update && reboot' solves that > need. In the case I've been thinking of the updates are done by us, or puppet, but the reboots are scheduled by our customers at a time which suits them. We don't always know if they've rebooted already and checking /var/run/reboot-required would be an easy way to remind them. For Debian / Ubuntu motd also lets them know as soon as they login, which helps. > > josh > -- Kind regards, Ruben -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
