blob: bb2b45e67070928c4780c4985d3c437707d3f265 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
After a security updrate of a library one needs to restart all programs that make use of this library in order for the security update to become effective. [[whatmaps]] takes a package name and looks (on Linux systems) in */proc/pid/maps* for processes that map shared objects contained in a certain package. It then looks for the corresponding processes to find the services that need to be restarted.
It currently supports Debian and Fedora but might also work well on other Debian or RPM based distributions. The current release is 0.0.1.
[[!toc ]]
## Installation
Since it's a single script you can either use the script right away or call:
python setup.py
to install it. You can also build a Debian package from the 'debian/master' branch.
### Pre-built packages
Debian Packages for Lenny and Squeeze can be found [here][].
## Usage
Simply pass the names of the packages that had shared objects updated:
whatmaps <pkg1> <pkg2>
The example output looks like:
# whatmaps libssl0.9.8
WARNING: No service script found in 'krb5-auth-dialog' for '['/usr/bin/krb5-auth-dialog']' - restart manually
WARNING: No service script found in 'openssh-client' for '['/usr/bin/ssh-agent']' - restart manually
WARNING: No service script found in 'vim-gnome' for '['/usr/bin/vim.gnome']' - restart manually
WARNING: No service script found in 'isc-dhcp-client' for '['/sbin/dhclient']' - restart manually
WARNING: No service script found in 'wpasupplicant' for '['/sbin/wpa_supplicant']' - restart manually
Services that possibly need to be restarted:
postfix
libvirt-bin
ntpd
Note that the processes [[whatmaps]] warns about above are packages without any init scripts (e.g. started by a desktop session). They need to be restarted manually at the moment. The services found by [[whatmaps]] can be restarted using the *--restart* option:
whatmaps --restart <pkg1> <pkg2>
### Apt Integration
To enable automatic restarts during security updates on Debian based systems set:
Whatmaps::Enable-Restart "1";
in */etc/apt/apt.conf.d/20services*.
<a href="https://flattr.com/thing/48104/Sigxcpu-org-projects" target="_blank">
<img src="http://api.flattr.com/button/button-compact-static-100x17.png" alt="Flattr this" title="Flattr this" border="0" /></a>
## Source Code
The source code is available via:
git clone git://honk.sigxcpu.org/git/whatmaps.git/
## Notes
Checkrestart in the [debian-goodies][] package detects processes that need to be restarted by checking if a file was deleted but is still in use by using lsof. You might want to try this one since it is well tested in Debian since 2003. The idea behind whatmaps is to do the lookup on a per package basis so we can let apt decide if it's a security upgrade (based on the origin) and only restart the service in this case.
## TODO
* More reliable mapping between processes and init scripts
* Better support for daemons in interpreted languages like xend or calendarserver, so far we only detect that /usr/bin/python2.X is affected.
* Check Desktop files (suspend/resume makes them long running) and notify users about affected processes in their session
* Support for other init systems besides SysV-RC
* Try to runtime inspect python/perl/java for loaded modules using lsof or PTRACE_PEEKDATA
* <s>Apt integration</s>
* <s>Better Fedora support</s>
## Author
whatmaps was written by [[Guido Günther|/agx]].
## License
whatmaps is free software and licensed under the GPL Version 3.
[here]: /projects/whatmaps/releases/
[debian-goodies]: http://packages.debian.org/debian-goodies
|
