Service stopping in prerm considered harmful - Debian

This is a discussion on Service stopping in prerm considered harmful - Debian ; For the nth time, I have a package that dpkg is unable to remove because it tries to stop a service that either is already stopped (I didn't want it) or couldn't start at all. In the former case, the ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: Service stopping in prerm considered harmful

  1. Service stopping in prerm considered harmful

    For the nth time, I have a package that dpkg is unable to remove because
    it tries to stop a service that either is already stopped (I didn't want
    it) or couldn't start at all. In the former case, the fix seems simple:
    start the service and remove the package. But sometimes starting the
    service may have undesirable outcomes on the system, or the stop action
    will fail in some way.

    In either case, when you can't get a successful stop action for the
    service init.d script, the package is impossible to remove without human
    action, and not a simple one, because you need to be able to hack the
    maintainer scripts or the init.d script.

    Shouldn't the maintainer script actually ensure that the service is not
    running, instead of just triggering the stop action and checking its
    exit code? Something like (it's pseudo-code, because the status action
    of init.d scripts prints text, it doesn't seem to give machine-friendly
    data):

    ------------------------------------------------------------------------
    # if it's running, stop it
    if(status(service) == running) {
    stop(service);
    }
    # if now it's still running, something's wrong
    if(status(service) == running) {
    exit 1;
    }
    # proceed...
    ------------------------------------------------------------------------

    Annoyingly,
    Pierre
    --
    nowhere.man@levallois.eu.org
    OpenPGP 0xD9D50D8A

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFH5dSrxe13INnVDYoRAo+RAKC+SoEKdwKw0nRXa/WA7VFjm/eiTQCfZ49P
    UT74JzaVA06hBJa3qGkWY7k=
    =z8GS
    -----END PGP SIGNATURE-----


  2. Re: Service stopping in prerm considered harmful

    Pierre THIERRY writes:

    > For the nth time, I have a package that dpkg is unable to remove because
    > it tries to stop a service that either is already stopped (I didn't want
    > it) or couldn't start at all. In the former case, the fix seems simple:
    > start the service and remove the package. But sometimes starting the
    > service may have undesirable outcomes on the system, or the stop action
    > will fail in some way.
    >
    > In either case, when you can't get a successful stop action for the
    > service init.d script, the package is impossible to remove without human
    > action, and not a simple one, because you need to be able to hack the
    > maintainer scripts or the init.d script.
    >
    > Shouldn't the maintainer script actually ensure that the service is not
    > running, instead of just triggering the stop action and checking its
    > exit code? Something like (it's pseudo-code, because the status action
    > of init.d scripts prints text, it doesn't seem to give machine-friendly
    > data):


    I think the right solution to this is to require that the stop action not
    fail when the daemon already isn't running. LSB requires this of init
    scripts. I think we should as well. There may already be an open Policy
    bug about this, along with the several bugs that say that we should follow
    LSB in general.

    --
    Russ Allbery (rra@debian.org)


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: Service stopping in prerm considered harmful

    On Sat, Mar 22, 2008 at 09:06:11PM -0700, Russ Allbery wrote:

    > > For the nth time, I have a package that dpkg is unable to remove because
    > > it tries to stop a service that either is already stopped (I didn't want
    > > it) or couldn't start at all. In the former case, the fix seems simple:
    > > start the service and remove the package. But sometimes starting the
    > > service may have undesirable outcomes on the system, or the stop action
    > > will fail in some way.


    > > In either case, when you can't get a successful stop action for the
    > > service init.d script, the package is impossible to remove without human
    > > action, and not a simple one, because you need to be able to hack the
    > > maintainer scripts or the init.d script.


    > > Shouldn't the maintainer script actually ensure that the service is not
    > > running, instead of just triggering the stop action and checking its
    > > exit code? Something like (it's pseudo-code, because the status action
    > > of init.d scripts prints text, it doesn't seem to give machine-friendly
    > > data):


    > I think the right solution to this is to require that the stop action not
    > fail when the daemon already isn't running. LSB requires this of init
    > scripts. I think we should as well.


    Policy 9.3.2 says:

    The `init.d' scripts must ensure that they will behave sensibly if
    invoked with `start' when the service is already running, or with
    `stop' when it isn't, and that they don't kill unfortunately-named
    user processes. The best way to achieve this is usually to use
    `start-stop-daemon'.

    So since it's not sensible to return a non-zero exit code when "stop" is
    called for an already-stopped service, this is already a severity: serious
    policy violation.

    We can be more explicit about what it means to be "sensible", of course, but
    I don't see how anyone would argue that throwing an error when the service
    is already stopped would be ok.

    > There may already be an open Policy bug about this, along with the several
    > bugs that say that we should follow LSB in general.


    Garrr, the LSB init script spec specifies requirements for LSB
    *applications*, not for LSB platforms. By all means, if there are gaps in
    our init script policy we should resolve them - but that does *not* mean we
    should blindly ratify the LSB policy on init scripts. (Bug #208010 seems to
    include a pretty thorough discussion of the problems with a wholesale
    adoption of LSB init script rules.)

    Cheers,
    --
    Steve Langasek Give me a lever long enough and a Free OS
    Debian Developer to set it on, and I can move the world.
    Ubuntu Developer http://www.debian.org/
    slangasek@ubuntu.com vorlon@debian.org


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  4. Re: Service stopping in prerm considered harmful

    Pierre THIERRY schrieb am Sunday, den 23. March 2008:

    > For the nth time, I have a package that dpkg is unable to remove because
    > it tries to stop a service that either is already stopped (I didn't want
    > it) or couldn't start at all. In the former case, the fix seems simple:
    > start the service and remove the package. But sometimes starting the
    > service may have undesirable outcomes on the system, or the stop action
    > will fail in some way.
    >
    > In either case, when you can't get a successful stop action for the
    > service init.d script, the package is impossible to remove without human
    > action, and not a simple one, because you need to be able to hack the
    > maintainer scripts or the init.d script.
    >
    > Shouldn't the maintainer script actually ensure that the service is not
    > running, instead of just triggering the stop action and checking its
    > exit code? Something like (it's pseudo-code, because the status action
    > of init.d scripts prints text, it doesn't seem to give machine-friendly
    > data):
    >
    > ------------------------------------------------------------------------
    > # if it's running, stop it
    > if(status(service) == running) {
    > stop(service);
    > }
    > # if now it's still running, something's wrong
    > if(status(service) == running) {
    > exit 1;
    > }
    > # proceed...
    > ------------------------------------------------------------------------

    There is a small trick with dh_installinit that can be used. dh_installinit
    supports an errorhandler. If called like:

    dh_installinit -i --error-handler=init_failed --init-script=amavis -- defaults 19 21

    it generates the following debhelper code for prerm and postinst:
    ....
    invoke-rc.d amavis stop || init_failed

    All you need then is a small function like in your postinst:

    init_failed ()
    {
    echo "WARNING: Starting amavisd-new failed. Please check your
    configuration."
    }


    This works fine for me and removes the annoying default behaviour of
    dh_installinit.

    Alex


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: Service stopping in prerm considered harmful

    Alexander Wirt writes:

    > There is a small trick with dh_installinit that can be used. dh_installinit
    > supports an errorhandler. If called like:
    >
    > dh_installinit -i --error-handler=init_failed --init-script=amavis -- defaults 19 21
    >
    > it generates the following debhelper code for prerm and postinst:
    > ...
    > invoke-rc.d amavis stop || init_failed
    >
    > All you need then is a small function like in your postinst:


    But if you can modify the postinst, you could just fix the init script....
    (Although you may still need this for a transition.)

    --
    Russ Allbery (rra@debian.org)


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  6. Re: Service stopping in prerm considered harmful

    Russ Allbery schrieb am Sunday, den 23. March 2008:

    > Alexander Wirt writes:
    >
    > > There is a small trick with dh_installinit that can be used. dh_installinit
    > > supports an errorhandler. If called like:
    > >
    > > dh_installinit -i --error-handler=init_failed --init-script=amavis -- defaults 19 21
    > >
    > > it generates the following debhelper code for prerm and postinst:
    > > ...
    > > invoke-rc.d amavis stop || init_failed
    > >
    > > All you need then is a small function like in your postinst:

    >
    > But if you can modify the postinst, you could just fix the init script....
    > (Although you may still need this for a transition.)

    True, but this does not only apply to stopping the initscript but also to
    package installations that stop because the daemon is unconfigured or if
    something has to be changed in the configs for a new version. I find it
    really annoying if a daemon that can't be started stops my installation
    process.

    Alex



    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  7. Re: Service stopping in prerm considered harmful

    On 23-Mar-08, 03:05 (CDT), Steve Langasek wrote:
    > We can be more explicit about what it means to be "sensible", of course, but
    > I don't see how anyone would argue that throwing an error when the service
    > is already stopped would be ok.


    I've had bug reports closed with *exactly* that argument (although it's
    been years). The contention is that since the init script didn't take
    the action, it's an error. So perhaps more specifity is required.

    Steve

    --
    Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world. -- seen on the net


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  8. Re: Service stopping in prerm considered harmful

    On Sun, 23 Mar 2008, Pierre THIERRY wrote:
    > For the nth time, I have a package that dpkg is unable to remove because
    > it tries to stop a service that either is already stopped (I didn't want


    For the nth time squared, an initscript MUST NOT FAIL to stop an already
    stopped service. Ever. It must return an status of zero. It is in
    LSB. It is in Debian policy. And it doesn't take half a software
    engineer to understand that initscripts are about "switch to state foo"
    rather than "perform action foo".

    This is not your problem, of course (you didn't write the script ).
    But it is the issue that is causing your problem.

    File a bug against the package please. Severity serious, section 9.3.2.
    Have the output of "sh -x /etc/init.d/