Rework %post/%postun scriptlets

All scriptlets to disable services upon final package removal are
removed. Removing rpm from a running system is not allowed by dnf and
would generally result in mayhem. Trying to clean up our enablement
symlinks is not useful. Nobody tests this and it almost certainly was
incomplete.

Only do 'journalctl --update-catalog' if /var is writeable, and remove
suppression of errors from 'journalctl --update-catalog'. It shouldn't
fail, and it it does, we should figure out why.

On upgrades, execute 'journalctl --update-catalog' and
'systemd-tmpfiles --create' in %postun, not %post. This way we won't
look at possibly-about-to-be-removed configuration.

Restart various services upon upgrade: systemd-timedated.service
systemd-timesyncd.service systemd-portabled.service
systemd-homed.service systemd-hostnamed.service
systemd-journald.service systemd-localed.service systemd-userdbd.service.
Not doing this was a bug.

user@.service and systemd-logind.service will need special handling
and are not done in this patch.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-02-11 14:37:24 +01:00
parent 834f04c00b
commit c4675f57dd

View File

@ -654,6 +654,12 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s
%post %post
systemd-machine-id-setup &>/dev/null || : systemd-machine-id-setup &>/dev/null || :
# FIXME: move to %postun. We want to restart systemd *after* removing
# files from the old rpm. Right now we may still have bits the old
# setup if the files are not present in the new version. But before
# implement restarting of *other* services after the transaction, moving
# this would make things worse, increasing the number of warnings we get
# about needed daemon-reload.
systemctl daemon-reexec &>/dev/null || { systemctl daemon-reexec &>/dev/null || {
# systemd v239 had bug #9553 in D-Bus authentication of the private socket, # systemd v239 had bug #9553 in D-Bus authentication of the private socket,
# which was later fixed in v240 by #9625. # which was later fixed in v240 by #9625.
@ -674,13 +680,13 @@ systemctl daemon-reexec &>/dev/null || {
fi fi
} }
journalctl --update-catalog &>/dev/null || : if [ $1 -eq 1 ]; then
systemd-tmpfiles --create &>/dev/null || :
# create /var/log/journal only on initial installation, # create /var/log/journal only on initial installation,
# and only if it's writable (it won't be in rpm-ostree). # and only if it's writable (it won't be in rpm-ostree).
if [ $1 -eq 1 ] && [ -w %{_localstatedir} ]; then [ -w %{_localstatedir} ] && mkdir -p %{_localstatedir}/log/journal
mkdir -p %{_localstatedir}/log/journal
[ -w %{_localstatedir} ] && journalctl --update-catalog || :
systemd-tmpfiles --create &>/dev/null || :
fi fi
# Make sure new journal files will be owned by the "systemd-journal" group # Make sure new journal files will be owned by the "systemd-journal" group
@ -691,8 +697,6 @@ chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || :
# Apply ACL to the journal directory # Apply ACL to the journal directory
setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || : setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || :
%systemd_post systemd-oomd.service
[ $1 -eq 1 ] || exit 0 [ $1 -eq 1 ] || exit 0
# We reset the enablement of all services upon initial installation # We reset the enablement of all services upon initial installation
@ -724,19 +728,17 @@ if test -d /run/systemd/system/ &&
ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
fi fi
%preun %postun
if [ $1 -eq 0 ] ; then if [ $1 -eq 1 ]; then
systemctl disable --quiet \ [ -w %{_localstatedir} ] && journalctl --update-catalog || :
remote-fs.target \ systemd-tmpfiles --create &>/dev/null || :
getty@.service \
serial-getty@.service \
console-getty.service \
debug-shell.service \
systemd-resolved.service \
systemd-homed.service \
>/dev/null || :
fi fi
%systemd_postun_with_restart systemd-timedated.service systemd-portabled.service systemd-homed.service systemd-hostnamed.service systemd-journald.service systemd-localed.service systemd-userdbd.service systemd-oomd.service
# FIXME: systemd-logind.service is excluded (https://github.com/systemd/systemd/pull/17558)
# FIXME: user@*.service needs to be restarted, but using systemctl --user daemon-reexec
%triggerun -- systemd < 246.1-1 %triggerun -- systemd < 246.1-1
# This is for upgrades from previous versions before systemd-resolved became the default. # This is for upgrades from previous versions before systemd-resolved became the default.
systemctl --no-reload preset systemd-resolved.service &>/dev/null || : systemctl --no-reload preset systemd-resolved.service &>/dev/null || :
@ -753,9 +755,6 @@ if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
systemctl start systemd-resolved.service &>/dev/null || : systemctl start systemd-resolved.service &>/dev/null || :
fi fi
%postun
%systemd_postun_with_restart systemd-oomd.service
%post libs %post libs
%{?ldconfig} %{?ldconfig}
@ -840,9 +839,9 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
%systemd_preun %udev_services %systemd_preun %udev_services
%postun udev %postun udev
# Only restart systemd-udev, to run the upgraded dameon. # Restart some services.
# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) # Others are either oneshot services, or sockets, and restarting them causes issues (#1378974)
%systemd_postun_with_restart systemd-udevd.service %systemd_postun_with_restart systemd-udevd.service systemd-timesyncd.service
%pre journal-remote %pre journal-remote
getent group systemd-journal-remote &>/dev/null || groupadd -r systemd-journal-remote 2>&1 || : getent group systemd-journal-remote &>/dev/null || groupadd -r systemd-journal-remote 2>&1 || :