On Wed, Jul 27, 2016 at 2:49 PM, Ruben Kerkhof <ruben@xxxxxxxxxxxxxxxx> wrote: > On Wed, Jul 27, 2016 at 6:58 PM, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote: >> On Wed, Jul 27, 2016 at 11:39 AM, Ruben Kerkhof <ruben@xxxxxxxxxxxxxxxx> wrote: >>> On Wed, Jul 27, 2016 at 2:16 PM, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> wrote: >>>> Why would you want this to be something packaged? We have 'reboot >>>> recommended' in our bodhi update metadata, and that seems like a much >>>> better place for it. >>> >>> My guess is that 'reboot recommended' is true for each kernel update. >> >> Yes, of course. But it isn't required. > > You're right of course, we can't require anything from our users, only > recommend they do something. > >> >>> What I'd like to know is if the system is booted into the latest >>> kernel, and I need that >>> information in an easy to consume way. >> >> That's entirely separate from 'reboot recommended' or >> 'reboot-required'. There are many cases where a kernel update is >> pushed out but you might not have any reason to actually boot into it. >> I quite frequently skip non-security kernel updates if nothing else is >> actually wrong. We fix bugs in a large number of places, and not all >> of those places are things your machine might care about. > > My understanding of /var/run/reboot-required in Debian is simply of > being an indicator > that there's a different kernel installed from the current one, and > that you need to reboot for it to have effect. > > You're still free to not look at this file and skip kernel updates of course. > I'm assuming (perhaps wrongly) that a majority of users just run the > latest and greatest. > >> >>> Unless I misunderstand what you're proposing, in that case, can you >>> please elaborate? >> >> I can try. >> >> If all you want to know is whether the most recently installed kernel >> is running, then you can do that via a script that compares uname to >> the output of an RPM query on the kernel package. That's fairly >> trivial to do. > > I have something mostly working > (http://paste.fedoraproject.org/396520/69643975/ for those interested) > >> (I explicitly say 'most recently installed' because the kernel is odd >> in that multiple kernels are installed and the most recently installed >> kernel may actually not be the _newest_ kernel.) > > I hadn't thought of that, thanks. > >> >> However, if you are looking to know whether something (kernel or >> otherwise) recommends rebooting, then you would want to look at the >> update metadata. Grub, openssl, glibc, etc can all recommend >> rebooting for a variety of reasons. >> >>>> Otherwise, you run into cases where multiple >>>> packages want to write/own the file, etc. >>> >>> Hence my proposal for a reboot-required package which is the owner and >>> writes the file. >> >> Sure, but that is a lot of hassle that seems unnecessary. Also, >> because recommend vs. required are different, I would not be willing >> to e.g. modify the kernel package to Require: reboot-required. It >> simply isn't an accurate reflection of every possibility. Nor would I >> be willing to add it in cases where it is required but remove it other >> times. That's a lot of spec file munging and it would get annoying. > > If the reboot-required package just drops a script in /etc/kernel/postinst.d, > the kernel package doesn't need to Require: anything, or am I missing something? How does the reboot-required package get installed in the first place? I was assuming something during the update process would install it, which means something has to Require it or install it in some manner. (As an aside, I've never heard of /etc/kerne/postinst.d until now. I have no idea if anything even looks in there in Fedora.) >>>> Also, I think "recommended" is really the appropriate terminology >>>> here. There is very little that _requires_ a reboot to be done after >>>> it is installed. >>> >>> It's that little part I care very much about ;) >> >> For what purpose though? Do you care because you want to make sure >> your software is running with all security fixes? Do you care because >> you want to simply be running the latest and greatest at all times? > > Primarily security fixes. OK. It might be beneficial to look at the update metadata anyway in that case, to see what is labeled as a security fix. >> Checking the update metadata could probably be done in dnf itself if >> it isn't already. I believe Software already looks at this flag if >> you are using that to apply your updates. If you simply want to >> always be running the latest, then 'dnf update && reboot' solves that >> need. > > In the case I've been thinking of the updates are done by us, or > puppet, but the reboots are scheduled > by our customers at a time which suits them. We don't always know if > they've rebooted already > and checking /var/run/reboot-required would be an easy way to remind them. > > For Debian / Ubuntu motd also lets them know as soon as they login, which helps. I think what you're trying to accomplish is certainly possible. I'm not sure the exact implementation of having it done as a separate package is the best method, but it's a possibility I guess. josh -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
