[Fedora-packaging] Systemd upgrades and user-selected auto-start

Stephen Gallagher sgallagh at redhat.com
Tue Sep 20 13:04:47 UTC 2011

Our current scriptlets for systemd result in an unacceptable upgrade
case. Specifically, it reverts all services to their default
enabled/disabled status. We should allow packagers to include scripts
that keep the user-selected auto-start between upgrades.

For example, HTTPD does not start automatically when installed (because
its default configuration is not necessarily useful). However, once it's
been set up by a user and selected for autostart with ckconfig (for
example), we should not be disabling it on upgrade.

The reverse might also be true. In a hardened environment, a service
that is configured for auto-start by default might be disabled for
security reasons. Turning it back on by default during an upgrade could
then be viewed as a security vulnerability.

I think the guidelines need to be relaxed so that scriptlets like the
following could be added:

%triggerun -- sssd < %{version}-%{release}
if /sbin/chkconfig --level 3 sssd ; then
        /bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1
|| :

if /sbin/chkconfig --level 5 sssd ; then
        /bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1
|| :

/sbin/chkconfig --del sssd >/dev/null 2>&1 || :

In this case, we check to see if the sssd service was running in
runlevel three or five, and if so we enable it on upgrade. (Yes, I'm
aware that this is currently in violation of packaging standards, but
SSSD was converted prior to the standard being decided upon).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/packaging/attachments/20110920/3908fdf1/attachment.bin 

More information about the packaging mailing list