Same services restarted for pam library upgrade and libc upgrade

Bug #745004 reported by Scott Kitterman
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Fix Released
update-manager (Ubuntu)

Bug Description

Binary package hint: update-manager

It would be nice if these service restart prompts could be combined (I know this is technically very complex). It would be more efficient for server admins to be not have to sit and stare at the console waiting for blocking prompts on the upgrade.

Tags: iso-testing

Related branches

Changed in update-manager (Ubuntu):
importance: Undecided → Wishlist
tags: added: iso-testing
Revision history for this message
Michael Vogt (mvo) wrote :

I add a task for pam itself, the debconf handling is outside of update-managers control, but maybe Steve has a good idea how to improve the experience for this.

Revision history for this message
Steve Langasek (vorlon) wrote :

The prompt happens when libpam0g is configured; that's the only point at which we have reliable information about the services present that need to be restarted. If we check at any earlier point (such as with dpkg-preconfigure before libpam is on the system), we can't be sure that our list is complete since other service-providing packages may have been unpacked onto the system in the meantime as part of the upgrade.

I received the same complaint in Debian about lenny->squeeze upgrades; I really don't see any way to improve this without sacrificing robustness, unless we work on fixing the underlying services to not *need* a restart for libpam upgrades.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Then perhaps starting on that work is worth a spec for the oneiric cycle to get started. These service restarts are disruptive and should go away. If fixing the services is the right answer, the sooner it's started, the sooner it's done.

Revision history for this message
Scott Kitterman (kitterman) wrote : has been started to track the feature work associated with resolving this issue.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Fixed the name based on oneiric naming conventions:

Colin Watson (cjwatson)
Changed in pam (Ubuntu):
status: New → Triaged
Changed in update-manager (Ubuntu):
status: New → Triaged
Changed in pam (Ubuntu):
importance: Undecided → Wishlist
Steve Langasek (vorlon)
Changed in pam (Ubuntu):
importance: Wishlist → Low
Changed in update-manager (Ubuntu):
status: Triaged → Invalid
Steve Langasek (vorlon)
Changed in pam (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.9 KiB)

This bug was fixed in the package pam - 1.1.3-6ubuntu1

pam (1.1.3-6ubuntu1) precise; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
      not present there or in /etc/security/pam_env.conf. (should send to
    - debian/libpam0g.postinst: only ask questions during update-manager when
      there are non-default services running.
    - debian/libpam0g.postinst: check if gdm is actually running before
      trying to reload it.
    - debian/libpam0g.postinst: the init script for 'samba' is now named
      'smbd' in Ubuntu, so fix the restart handling.
    - Change Vcs-Bzr to point at the Ubuntu branch.
    - debian/patches-applied/series: Ubuntu patches are as below ...
    - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
      initialise RLIMIT_NICE rather than relying on the kernel limits.
    - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
      Deprecate pam_unix' explicit "usergroups" option and instead read it
      from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
      there. This restores compatibility with the pre-PAM behaviour of login.
    - debian/patches-applied/pam_motd-legal-notice: display the contents of
      /etc/legal once, then set a flag in the user's homedir to prevent
      showing it again.
    - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
      for update-motd, with some best practices and notes of explanation.
    - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
      to update-motd(5)
    - debian/local/common-session{,-noninteractive}: Enable pam_umask by
      default, now that the umask setting is gone from /etc/profile.
    - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  * Dropped changes, included in Debian:
    - debian/patches-applied/update-motd: set a sane umask before calling
      run-parts, and restore the old mask afterwards, so /run/motd gets
      consistent permissions.
    - debian/patches-applied/update-motd: new module option for pam_motd,
      'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
    - debian/libpam0g.postinst: drop kdm from the list of services to
  * Build-depend on libfl-dev in addition to flex, for cross-building

pam (1.1.3-6) unstable; urgency=low

  * debian/patches-applied/hurd_no_setfsuid: we don't want to check all
    setre*id() calls; we know that there are situations where some of these
    may fail but we don't care. As long as the last setre*id() call in each
    set succeeds, that's the state we mean to be in.
  * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer
    keeps libpam loaded persistently at runtime, so it's not necessary to
    force a kdm restart on ABI bump. Which is good, since restarting kdm
    now seems to also log users out of running sessions, which we rather
    want to avoid. Closes: #632673, LP: #744944.
  * debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask...


Changed in pam (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers