After a security update of a library one needs to restart all programs that make use of this library in order for the security update to become effective. [[whatmaps]] takes a package name and looks (on Linux systems) in */proc/pid/maps* for processes that map shared objects contained in a certain package. It then looks for the corresponding processes to find the services that need to be restarted. It supports more complex scenarious like package A needing a restart of package B or blacklisting services on a global or per package basis by (for now) internal lists and dicts. It currently supports Debian and Fedora but might also work well on other Debian or RPM based distributions. The current release is 0.0.3. [[!toc ]] ## Installation Since it's a single script you can either use the script right away or call: python setup.py to install it. You can also build a Debian package from the 'debian/master' branch. ### Pre-built packages Debian Packages for Wheezy can be found [here][]. ## Usage Simply pass the names of the packages that had shared objects updated: whatmaps The example output looks like: # whatmaps libssl0.9.8 WARNING: No service script found in 'krb5-auth-dialog' for '['/usr/bin/krb5-auth-dialog']' - restart manually WARNING: No service script found in 'openssh-client' for '['/usr/bin/ssh-agent']' - restart manually WARNING: No service script found in 'vim-gnome' for '['/usr/bin/vim.gnome']' - restart manually WARNING: No service script found in 'isc-dhcp-client' for '['/sbin/dhclient']' - restart manually WARNING: No service script found in 'wpasupplicant' for '['/sbin/wpa_supplicant']' - restart manually Services that possibly need to be restarted: postfix libvirt-bin ntpd Note that the processes [[whatmaps]] warns about above are packages without any init scripts (e.g. started by a desktop session). They need to be restarted manually at the moment. The services found by [[whatmaps]] can be restarted using the *--restart* option: whatmaps --restart ### Apt Integration To enable automatic restarts during security updates on Debian based systems set: Whatmaps::Enable-Restart "1"; in */etc/apt/apt.conf.d/20services*. [[!template id=honk_git repo="whatmaps"]] ## Notes Checkrestart in the [debian-goodies][] package detects processes that need to be restarted by checking if a file was deleted but is still in use by using lsof. You might want to try this one since it is well tested in Debian since 2003. The idea behind whatmaps is to do the lookup on a per package basis so we can let apt decide if it's a security upgrade (based on the origin) and only restart the service in this case. ## TODO * More reliable mapping between processes and init scripts * Better support for daemons in interpreted languages like xend or calendarserver, so far we only detect that /usr/bin/python2.X is affected. * Check Desktop files (suspend/resume makes them long running) and notify users about affected processes in their session * Try to runtime inspect python/perl/java for loaded modules using lsof or PTRACE_PEEKDATA * Apt integration * Better Fedora support * Support for other init systems (filerc, upstart) besides SysV-RC and systemd * DNF/Yum integration ## Author whatmaps was written by [[Guido Günther|/agx]]. [[!template id=honk_ml project="whatmaps"]] ## License whatmaps is free software and licensed under the GPL Version 3. [here]: /projects/whatmaps/releases/ [debian-goodies]: http://packages.debian.org/debian-goodies