[opensuse-factory] How to prevent update from enabling services?
Hello, on both Tumbleweed and Leap 15.0, I noticed that one of recent updates enabled service "purge-kernels" even if I had disabled it explicitly earlier. In this particular case it's just a nuisance, I simply disabled the service again and reinstalled lost packages. But I find the general idea that an update can enable (existing) services on its own - and even services which I had explicitly disabled before - very disturbing. Is there a way to prevent such behaviour? Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday, 26 March 2018 08:18:02 CEST Michal Kubecek wrote:
Hello,
on both Tumbleweed and Leap 15.0, I noticed that one of recent updates enabled service "purge-kernels" even if I had disabled it explicitly earlier.
In this particular case it's just a nuisance, I simply disabled the service again and reinstalled lost packages. But I find the general idea that an update can enable (existing) services on its own - and even services which I had explicitly disabled before - very disturbing.
Is there a way to prevent such behaviour?
You can try to "mask" a service which will prevent the service to be started or enabled. I do not have an experience if the masking will survive a package update though. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Mon, Mar 26, 2018 at 08:23:48AM +0200, Oliver Kurz wrote:
On Monday, 26 March 2018 08:18:02 CEST Michal Kubecek wrote:
Hello,
on both Tumbleweed and Leap 15.0, I noticed that one of recent updates enabled service "purge-kernels" even if I had disabled it explicitly earlier.
In this particular case it's just a nuisance, I simply disabled the service again and reinstalled lost packages. But I find the general idea that an update can enable (existing) services on its own - and even services which I had explicitly disabled before - very disturbing.
Is there a way to prevent such behaviour?
You can try to "mask" a service which will prevent the service to be started or enabled. I do not have an experience if the masking will survive a package update though.
That the service got enabled again seems to have been a bug of my systemd presets split, and should not have happened. Not sure if you can configure the multiversion in zypp.conf to disallow any multiversion deinstall. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michal Kubecek wrote:
Hello,
on both Tumbleweed and Leap 15.0, I noticed that one of recent updates enabled service "purge-kernels" even if I had disabled it explicitly earlier.
So it was really enabled, or just running? Last time I had such a case (avahi) it was a 'Wants' entry in another service that launched it although I had disabled it... -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday, 26 March 2018 8:37 Peter Suetterlin wrote:
Michal Kubecek wrote:
Hello,
on both Tumbleweed and Leap 15.0, I noticed that one of recent updates enabled service "purge-kernels" even if I had disabled it explicitly earlier.
So it was really enabled, or just running? Last time I had such a case (avahi) it was a 'Wants' entry in another service that launched it although I had disabled it...
Service purge-kernels is a one-shot script started at boot which checks installed kernel packages and uninstalls obsolete ones (based on what you configured to preserve). On Tumbleweed, the update enabled it and on reboot, it ran and performed the cleanup; on Leap 15.0, I was already aware so that I noticed the messages zypper dup issued and disabled the service before rebooting. On both, "systemctl disable purge-kernels" resolved the problem. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2018-03-26 08:50, Michal Kubecek wrote:
Service purge-kernels is a one-shot script started at boot which checks installed kernel packages and uninstalls obsolete ones (based on what you configured to preserve). On Tumbleweed, the update enabled it and on reboot, it ran and performed the cleanup; on Leap 15.0, I was already aware so that I noticed the messages zypper dup issued and disabled the service before rebooting. On both, "systemctl disable purge-kernels" resolved the problem.
/etc/zypp/zypp.conf: multiversion.kernels = latest,latest-20,running ? -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On Mon, Mar 26, 2018 at 02:46:17PM +0200, Carlos E. R. wrote:
On 2018-03-26 08:50, Michal Kubecek wrote:
Service purge-kernels is a one-shot script started at boot which checks installed kernel packages and uninstalls obsolete ones (based on what you configured to preserve). On Tumbleweed, the update enabled it and on reboot, it ran and performed the cleanup; on Leap 15.0, I was already aware so that I noticed the messages zypper dup issued and disabled the service before rebooting. On both, "systemctl disable purge-kernels" resolved the problem.
/etc/zypp/zypp.conf: multiversion.kernels = latest,latest-20,running
?
I'm aware of that but on some machines I do not want purge-kernels to run at all as I want to keep _all_ kernel packages until I decide to uninstall them. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michal Kubecek composed on 2018-03-26 18:44 (UTC+0200): ...
/etc/zypp/zypp.conf: multiversion.kernels = latest,latest-20,running ... I'm aware of that but on some machines I do not want purge-kernels to run at all as I want to keep _all_ kernel packages until I decide to uninstall them.
The service won't run if the trigger file in /boot/ is absent, ( /boot/do_purge_kernels ?). Years ago I started deleting it automatically as a part of another routine post-updates cleanup process. -- "Wisdom is supreme; therefore get wisdom. Whatever else you get, get wisdom." Proverbs 4:7 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday, 26 March 2018 19:46 Felix Miata wrote:
Michal Kubecek composed on 2018-03-26 18:44 (UTC+0200):
I'm aware of that but on some machines I do not want purge-kernels to run at all as I want to keep _all_ kernel packages until I decide to uninstall them.
The service won't run if the trigger file in /boot/ is absent, ( /boot/do_purge_kernels ?). Years ago I started deleting it automatically as a part of another routine post-updates cleanup process.
Good to know, thanks. My original question was more general as enabling security services might be even a security problem. But as Marcus said, it was a one time mistake. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Michal Kubecek <mkubecek@suse.cz> [03-26-18 02:18]:
Hello,
on both Tumbleweed and Leap 15.0, I noticed that one of recent updates enabled service "purge-kernels" even if I had disabled it explicitly earlier.
In this particular case it's just a nuisance, I simply disabled the service again and reinstalled lost packages. But I find the general idea that an update can enable (existing) services on its own - and even services which I had explicitly disabled before - very disturbing.
Is there a way to prevent such behaviour?
fwiw, I also have purge-kernels disabled on Tumbleweed for quite some time and just checked it, still disabled. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (7)
-
Carlos E. R. -
Felix Miata -
Marcus Meissner -
Michal Kubecek -
Oliver Kurz -
Patrick Shanahan -
Peter Suetterlin