automatic restart of services
After installing security updates, it is necessary to restart the affected services to get rid of the vulnerabilities present in previous versions of the packages. Currently, apk provides no means for doing this automatically. A decent implementation of this functionality would take shared library dependencies into account.
One possible implementation finds the transitive closure of the updated packages, where the transitive relation follows the package dependencies in the reverse direction. Then each init script owned by any package in the closure is invoked with the restart command if the respective service is running.
#1 Updated by Natanael Copa over 5 years ago
- Project changed from Alpine Package Keeper to Alpine Linux
I think we want implement this a s a trigger watching /etc/init.d rather than integrate an init system in apk-tools itself.
#2 Updated by Kaarle Ritvanen over 5 years ago
I wrote the description after discussing the problem with Timo. He thought it would be better to implement this in APK because the described algorithm needs dependency information inaccessible for triggers. A restart function based on the trigger's logic would be a partial solution at best because it ignores library dependencies.
Of course, functions specific to any init system should be properly abstracted if implemented within APK.
#4 Updated by Timo Teräs almost 5 years ago
I've been thinking about this. Apk-tools should track and report all the init.d scripts whose 'owner' package or any of it's transitive dependencies got changed. I believe then it would be a script's job to restart them if needed, possibly doing it interactively. Any additional thoughts?
#5 Updated by Kaarle Ritvanen almost 5 years ago
This sounds good. The proposed scheme would not take dynamic dependencies, such as modules loaded with dlopen, into account. But I don't know if this is a big problem because typically such modules are updated at the same time as the main package.
If the restart script is interactive, it should be possible to configure the behavior also by command line arguments to make it scriptable.
#8 Updated by Natanael Copa over 4 years ago
- I dont want enable auto start/stop/restart unless user explicitly asks for it. So this feature needs to be enabled in config or with option (eg apk upgrade --auto or similar)
- We should not hardcode dependency for openrc in apk binary in case we switch to runit or something else in future
- we probably also want to be able to check if service is running before apk del and exit with error or autostop it if --auto (or similar) specified.