FileXXXXXXXXXXX

File manager - Edit - /var/www/payraty/helpdesk/public/storage/needrestart.tar

Back
apt-pinvoke��0000755��00000003034�00000000000�0006670 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # RUNDIR=/run/needrestart # dpkg had an error... exit (silently) if [ -e "$RUNDIR/errored" ]; then [ -e "$RUNDIR/unpacked" ] && echo "needrestart is being skipped since dpkg has failed" rm -f "$RUNDIR/errored" exit 0 fi if [ -e "$RUNDIR/unpacked" ]; then # check if system is shutting down, see also Debian Bug#914753 if [ -d '/run/systemd/system' ]; then sd=$(dbus-send --system --dest=org.freedesktop.login1 \ --print-reply \ /org/freedesktop/login1 \ org.freedesktop.DBus.Properties.Get \ string:org.freedesktop.login1.Manager \ string:PreparingForShutdown 2> /dev/null) if [ "$sd" != "${sd% true}" ]; then echo "skipping needrestart since system is preparing for shutdown" exit 0 fi fi if [ -n "$NEEDRESTART_SUSPEND" ]; then echo "packages have been installed but needrestart is suspended" exit 0 fi rm -f "$RUNDIR/unpacked" exec /usr/sbin/needrestart "$@" fi ��iucode-scan-versions��0000755��00000004556�00000000000�0010505 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this package; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # handle verbose mode if [ "$1" = "1" ]; then set -x fi # filter for processor signature (and flags if available) sig=$(iucode_tool --scan-system 2>&1 \| grep -oE '[^[:space:]]+$') #' if [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]; then filter="-s $sig,"$(cat /sys/devices/system/cpu/cpu0/microcode/processor_flags) else filter="-S" fi # allow local command override test -r /etc/needrestart/iucode.sh && . /etc/needrestart/iucode.sh # early boot initrd (required at least on Arch Linux) if type bsdtar > /dev/null 2>&1 ; then imgfiles="" for img in /boot/intel-ucode.img /boot/early_ucode.cpio ; do if [ -r "$img" ]; then imgfiles="$imgfiles $img" fi done if [ -n "$imgfiles" ]; then cat $imgfiles \| bsdtar -Oxf /dev/stdin \| iucode_tool -l $filter -tb - 2>&1 exit $? fi fi # look for microcode updates in the filesystem IUCODE_TOOL_EXTRA_OPTIONS="" test -r /etc/default/intel-microcode && . /etc/default/intel-microcode # do not scan if adding Intel microcode to initrd is disabled test "$IUCODE_TOOL_INITRAMFS" = "no" && exit 0 # run iucode_tool to scan for microcodes if [ -r /usr/share/misc/intel-microcode* ]; then exec iucode_tool -l $filter --ignore-broken -tb /lib/firmware/intel-ucode -ta /usr/share/misc/intel-microcode* 2>&1 exit $? fi iucode_tool -l $filter --ignore-broken $IUCODE_TOOL_EXTRA_OPTIONS -tb /lib/firmware/intel-ucode 2>&1 \| grep "$sig" ��dpkg-status��0000755��00000002025�00000000000�0006700 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # RUNDIR=/run/needrestart mkdir -p "$RUNDIR" touched=0 errored=0 while read tag p0 p1 p2 p3 p4 pp; do if [ "$tag" = 'status:' ] && [ "$p1" = 'unpacked' ]; then if [ "$touched" = 0 ]; then touch "$RUNDIR/unpacked" touched=1 fi else if [ "$tag" = 'status:' ] && \ [ "$p1" = ':' ] && \ [ "$p2" = 'error' ] && \ [ "$p3" = ':' ]; then if [ "$errored" = 0 ]; then touch "$RUNDIR/errored" errored=1 fi fi fi done ��notify.d.sh��0000644��00000001631�00000000000�0006574 0��ustar�00��# needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # Shell library for scripts in /etc/needrestart/notify.d/ NOTIFYCONF='/etc/needrestart/notify.conf' GETTEXTLIB='/usr/bin/gettext.sh' export TEXTDOMAIN='needrestart-notify' if [ ! -r "$NOTIFYCONF" ]; then echo "[$0] Unable to read $NOTIFYCONF - aborting!" 1>&2 exit 1; fi # Load global config . "$NOTIFYCONF" # Load gettext shell library . "$GETTEXTLIB" # Get LANG of session export LANG=$(sed -z -n s/^LANG=//p "/proc/$NR_SESSPPID/environ") ��vmlinuz-get-version��0000755��00000003634�00000000000�0010405 0��ustar�00��#!/bin/sh # ---------------------------------------------------------------------- # This file was taken from the Linux kernel source tree (scripts/extract-vmlinux) # and has been adopted for the use within needrestart. # # extract-vmlinux - Extract uncompressed vmlinux from a kernel image # # Inspired from extract-ikconfig # (c) 2009,2010 Dick Streefland <dick@streefland.net> # # (c) 2011 Corentin Chary <corentin.chary@gmail.com> # # Adopted for needrestart # (c) 2016 - 2017 Thomas Liske <liske@ibh.de> # # Licensed under the GNU General Public License, version 2 (GPLv2). # ---------------------------------------------------------------------- get_version() { # search and output version string pattern grep -aom 1 'Linux version [0123456789].' "$1" && exit 0 } try_decompress() { # The obscure use of the "tr" filter is to work around older versions of # "grep" that report the byte offset of the line instead of the pattern. # Try to find the header ($1) and decompress from here for pos in $(tr "$1\n$2" "\n$2=" < "$img" \| grep -abo "^$2"); do pos=${pos%%:} tail -c+$pos "$img" \| $3 > $tmp 2>/dev/null get_version $tmp done } # Check invocation: me=${0##/} img=$1 if [ $# -lt 1 ] \|\| [ $# -gt 2 ] \|\| [ ! -s "$img" ]; then echo "Usage: $me <kernel-image> [debug]" >&2 exit 2 fi if [ "$2" = "1" ]; then set -x fi # Prepare temp files: tmp=$(mktemp) trap "rm -f $tmp" 0 # Initial attempt for uncompressed images or objects: get_version $img # That didn't work, so retry after decompression. which gunzip > /dev/null && try_decompress '\037\213\010' xy gunzip which unxz > /dev/null && try_decompress '\3757zXZ\000' abcde unxz which bunzip2 > /dev/null && try_decompress 'BZh' xy bunzip2 which unlzma > /dev/null && try_decompress '\135\0\0\0' xxx unlzma which lzop > /dev/null && try_decompress '\211\114\132' xy 'lzop -d' ��restart.d/dbus.service��0000755��00000002214�00000000000�0010734 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Restart dbus and affiliated services under systemd using a procedure # suggested by @Vladimir-csp in github issue #44. # # enable xtrace if we should be verbose if [ "$NR_VERBOSE" = '1' ]; then set -x fi # check if there is a Display Manager running STATE_DM=$(systemctl show display-manager --property=ActiveState) # prepare well-known list of services requiring restart after restarting D-Bus RESTART_CHK="NetworkManager.service" RESTART_SVC="systemd-logind.service systemd-journald.service" for svc in $RESTART_CHK; do if [ "$(systemctl show $svc --property=ActiveState)" = 'ActiveState=active' ]; then RESTART_SVC="$RESTART_SVC $svc" fi done # stop Display Manager if running if [ "$STATE_DM" = 'ActiveState=active' ]; then systemctl stop display-manager.service fi # restard D-Bus systemctl restart dbus.service # reexec systemd systemctl daemon-reexec # restart daemons that directly depend on D-Bus systemctl restart $RESTART_SVC # start Display Manager again if [ "$STATE_DM" = 'ActiveState=active' ]; then systemctl start display-manager.service fi ��restart.d/sysv-init��0000755��00000000305�00000000000�0010304 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Restart SysV's init. # # enable xtrace if we should be verbose if [ "$NR_VERBOSE" = '1' ]; then set -x fi exec telinit u ��restart.d/systemd-manager��0000755��00000000357�00000000000�0011446 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Restarting systemd using special systemctl call. # # enable xtrace if we should be verbose if [ "$NR_VERBOSE" = '1' ]; then set -x fi exec systemctl daemon-reexec ��restart.d/README.needrestart��0000644��00000001016�00000000000�0011610 0��ustar�00��Files located in /etc/needrestart/restart.d are used for services requiring a special procedure for restarting instead of systemctl/service command. Needrestart uses executable files matching the complete service names. If the host uses systemd the service names have '.service' as a suffix (dbus vs. dbus.service). Needrestart uses the systemctl/service command if no executable file is available to override the default behavior. The environment variable NR_VERBOSE will be set to '1' if the executable should be verbose. ��hook.d/20-rpm��0000755��00000003634�00000000000�0006640 0��ustar�00��#!/usr/bin/perl # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this package; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # This RPM hook tries to find the run-level scripts of the package's binary # which has old libraries in use. use Getopt::Std; use strict; use warnings; system("type rpm 1> /dev/null 2> /dev/null"); exit 0 if ($? != -1 && $? >> 8); our $opt_v; getopts('c:v'); sub fork_pipe(@) { my $pid = open(HPIPE, '-\|'); defined($pid) \|\| die "Can't fork: $!\n"; if($pid == 0) { close(STDIN); close(STDERR) unless($opt_v); exec(@_); exit; } \HPIPE } my $FN = shift \|\| die "Usage: $0 <filename>\n"; my $psearch = fork_pipe(qw(rpm -q --file), $FN); my @pkgs; while(<$psearch>) { chomp; next if(/^file .+ is not owned by any package/); push(@pkgs, $_); } close($psearch); exit(0) unless($#pkgs > -1); foreach my $pkg (@pkgs) { print "PACKAGE\|$pkg\n"; my $plist = fork_pipe(qw(rpm -q --filesbypkg), $pkg); while(<$plist>) { chomp; print "RC\|$2\n" if(m@^\S+\s+/etc(/rc\.d)?/init\.d/(.+)$@ && -x $_); } close($plist); } exit(1); ��hook.d/10-dpkg��0000755��00000004160�00000000000�0006761 0��ustar�00��#!/usr/bin/perl # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this package; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # This DPKG hook tries to find the run-level scripts of the package's binary # which has old libraries in use. Some logic is taken from the checkrestart # (part of the debian-goodies package) package by Matt Zimmerman <mdz@debian.org>, # Javier Fernandez-Sanguino <jfs@debian.org> et. al. use Getopt::Std; use strict; use warnings; system("type dpkg-query 1> /dev/null 2> /dev/null"); exit 0 if ($? != -1 && $? >> 8); our $opt_v; getopts('v'); sub fork_pipe(@) { my $pid = open(HPIPE, '-\|'); defined($pid) \|\| die "Can't fork: $!\n"; if($pid == 0) { close(STDIN); close(STDERR) unless($opt_v); exec(@_); exit; } \HPIPE } my $FN = shift \|\| die "Usage: $0 <filename>\n"; my $psearch = fork_pipe(qw(dpkg-query --search), $FN); my @pkgs; while(<$psearch>) { chomp; next if(/^local diversion/); next unless(/:/); next unless(/(\S+): $FN$/); push(@pkgs, $1); } close($psearch); exit(0) unless($#pkgs > -1); foreach my $pkg (@pkgs) { print "PACKAGE\|$pkg\n"; my $plist = fork_pipe(qw(dpkg-query --listfiles), $pkg); while(<$plist>) { chomp; print "RC\|$1\n" if(m@^/etc/init.d/(.+)$@ && -x $_); } close($plist); } exit(1); ��hook.d/90-none��0000755��00000003066�00000000000�0007007 0��ustar�00��#!/usr/bin/perl # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this package; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # This fallback hook tries the guess the rc script name from the binary name. # It might work with programs which are not installed via an (supported) # package manager like dpkg or rpm. use Getopt::Std; use strict; use warnings; our $opt_v; getopts('c:v'); sub check_rc($) { my $bn = shift; my $rc = "/etc/init.d/$bn"; return ($bn) if(-x $rc); return (); } my $FN = shift \|\| die "Usage: $0 <filename>\n"; $FN =~ m@/(([^/]+)d?)$@; my @rc; push(@rc, check_rc($1)); push(@rc, check_rc($2)) if($1 ne $2); exit(0) unless($#rc > -1); foreach my $rc (@rc) { print "PACKAGE\|$rc\n"; print "RC\|$rc\n"; } exit(1); ��notify.conf��0000644��00000001041�00000000000�0006660 0��ustar�00��# needrestart - Restart daemons after library updates. # # Configure notification globals (shell syntax) # # Disable write to tty (notify.d/200-write) #NR_NOTIFYD_DISABLE_WRITE='1' # Disable needrestart-session (notify.d/300-needrestart-session) #NR_NOTIFYD_DISABLE_NEEDRESTART_SESSION='1' # Disable libnotify (notify.d/400-notify-send) #NR_NOTIFYD_DISABLE_NOTIFY_SEND='1' # Disable mail to user (notify.d/600-mail) NR_NOTIFYD_DISABLE_MAIL='1' # Where to find the shell function library from gettext-base #GETTEXTLIB='/usr/bin/gettext.sh' ��conf.d/README.needrestart��0000644��00000000361�00000000000�0011053 0��ustar�00��Files ending with .conf and located in the /etc/needrestart/conf.d directory are parsed by needrestart's default configuration file. Files are parsed in order (using Perl's sort sub) and override or modify any previously set config option. ��iucode.sh��0000644��00000001247�00000000000�0006315 0��ustar�00��# needrestart - Restart daemons after library updates. # # This shell script is sourced in /usr/lib/needrestart/iucode-scan-versions # before calling iucode_tool to detect microcode updates for Intel CPUs. # # If required you may exec iucode_tool with customized parameters. You should # keep the `-l $filter` option and add a final exit statement in case the # exec call fails. # Example (generic): # exec iucode_tool -l $filter --ignore-broken -tb /lib/firmware/intel-ucode -ta /usr/share/misc/intel-microcode 2>&1 # exit $? # Example (CentOS): # lsinitrd -f kernel/x86/microcode/GenuineIntel.bin $(/boot/initramfs-.img\|sort -n\|tail -n 1) \| iucode_tool -t b -l - # exit $? ��needrestart.conf��0000644��00000013574�00000000000�0007706 0��ustar�00��# needrestart - Restart daemons after library updates. # # This is the configuration file of needrestart. This is perl syntax. # needrestart uses reasonable default values, you might not need to # change anything. # # Verbosity: # 0 => quiet # 1 => normal (default) # 2 => verbose #$nrconf{verbosity} = 2; # Path of the package manager hook scripts. #$nrconf{hook_d} = '/etc/needrestart/hook.d'; # Path of user notification scripts. #$nrconf{notify_d} = '/etc/needrestart/notify.d'; # Path of restart scripts. #$nrconf{restart_d} = '/etc/needrestart/restart.d'; # Disable sending notifications to user sessions running obsolete binaries # using scripts from $nrconf{notify_d}. #$nrconf{sendnotify} = 0; # If needrestart detects systemd it assumes that you use systemd's pam module. # This allows needrestart to easily detect user session. In case you use # systemd without* pam_systemd.so you should set has_pam_systemd to false # to enable legacy session detection! #$nrconf{has_pam_systemd} = 0; # Restart mode: (l)ist only, (i)nteractive or (a)utomatically. # # ATTENTION: If needrestart is configured to run in interactive mode but is run # non-interactive (i.e. unattended-upgrades) it will fallback to list only mode. # #$nrconf{restart} = 'i'; # Use preferred UI package. #$nrconf{ui} = 'NeedRestart::UI::stdio'; # Change default answer to 'no' in (i)nteractive mode. #$nrconf{defno} = 1; # Set UI mode to (e)asy or (a)dvanced. #$nrconf{ui_mode} = 'e'; # Print a combined `systemctl restart` command line for skipped services. #$nrconf{systemctl_combine} = 1; # Blacklist binaries (list of regex). $nrconf{blacklist} = [ # ignore sudo (not a daemon) qr(^/usr/bin/sudo(\.dpkg-new)?$), # ignore DHCP clients qr(^/sbin/(dhclient\|dhcpcd5\|pump\|udhcpc)(\.dpkg-new)?$), # ignore apt-get (Debian Bug#784237) qr(^/usr/bin/apt-get(\.dpkg-new)?$), ]; # Blacklist services (list of regex) - USE WITH CARE. # You should prefer to put services to $nrconf{override_rc} instead. # Any service listed in $nrconf{blacklist_rc} will be ignored completely! #$nrconf{blacklist_rc} = [ #]; # Override service default selection (hash of regex). $nrconf{override_rc} = { # DBus qr(^dbus) => 0, # display managers qr(^gdm) => 0, qr(^kdm) => 0, qr(^nodm) => 0, qr(^sddm) => 0, qr(^wdm) => 0, qr(^xdm) => 0, qr(^lightdm) => 0, qr(^slim) => 0, qr(^lxdm) => 0, # networking stuff qr(^bird) => 0, qr(^network) => 0, qr(^NetworkManager) => 0, qr(^ModemManager) => 0, qr(^wpa_supplicant) => 0, qr(^openvpn) => 0, qr(^quagga) => 0, qr(^frr) => 0, qr(^tinc) => 0, qr(^(open\|free\|libre\|strong)swan) => 0, qr(^bluetooth) => 0, # gettys qr(^getty@.+\.service) => 0, # systemd --user qr(^user@\d+\.service) => 0, # misc qr(^zfs-fuse) => 0, qr(^mythtv-backend) => 0, qr(^xendomains) => 0, qr(^lxcfs) => 0, qr(^libvirt) => 0, qr(^virtlogd) => 0, qr(^virtlockd) => 0, qr(^docker) => 0, # systemd stuff # (see also Debian Bug#784238 & #784437) qr(^emergency\.service$) => 0, qr(^rescue\.service$) => 0, qr(^elogind) => 0, # do not restart oneshot services, see also #862840 qr(^apt-daily\.service$) => 0, qr(^apt-daily-upgrade\.service$) => 0, qr(^unattended-upgrades\.service$) => 0, # do not restart oneshot services from systemd-cron, see also #917073 qr(^cron-.\.service$) => 0, # ignore rc-local.service, see #852864 qr(^rc-local\.service$) => 0, # don't restart systemd-logind, see #798097 qr(^systemd-logind) => 0, }; # Override container default selection (hash of regex). $nrconf{override_cont} = { }; # Disable interpreter scanners. #$nrconf{interpscan} = 0; # Ignore script files matching these regexs: $nrconf{blacklist_interp} = [ # ignore temporary files qr(^/tmp/), qr(^/var/), qr(^/run/), ]; # Ignore +x mapped files matching one of these regexs: $nrconf{blacklist_mappings} = [ # special device paths qr(^/(SYSV00000000( $deleted$)?\|drm(\s\|$)\|dev/)), # ignore memfd mappings qr(^/memfd:), # aio(7) mapping qr(^/\[aio\]), # Oil Runtime Compiler's JIT files qr#/orcexec\.[\w\d]+( $deleted$)?$#, # plasmashell (issue #65) qr(/#\d+( $deleted$)?$), # Java Native Access (issues #142 #185) qr#/jna\d+\.tmp( $deleted$)?$#, # temporary stuff qr#^(/var)?/tmp/#, qr#^(/var)?/run/#, ]; # Verify mapped files in filesystem: # 0 : enabled # -1: ignore non-existing files, workaround for chroots and broken grsecurity kernels (default) # 1 : disable check completely, rely on content of maps file only $nrconf{skip_mapfiles} = -1; # Enable/disable hints on pending kernel upgrades: # 1: requires the user to acknowledge pending kernels # 0: disable kernel checks completely # -1: print kernel hints to stderr only #$nrconf{kernelhints} = -1; # Filter kernel image filenames by regex. This is required on Raspian having # multiple kernel image variants installed in parallel. #$nrconf{kernelfilter} = qr(kernel7\.img); # Enable/disable CPU microcode update hints: # 1: requires the user to acknowledge pending updates # 0: disable microcode checks completely #$nrconf{ucodehints} = 0; # Nagios Plugin: configure return code use by nagios # as service status[1]. # # [1] https://nagios-plugins.org/doc/guidelines.html#AEN78 # # Default: # 'nagios-status' => { # 'sessions' => 1, # 'services' => 2, # 'kernel' => 2, # 'ucode' => 2, # 'containers' => 1 # }, # # Example: to ignore outdated sessions (status OK) # $nrconf{'nagios-status'}->{sessions} = 0; # Read additional config snippets. if(-d q(/etc/needrestart/conf.d)) { foreach my $fn (sort </etc/needrestart/conf.d/.conf>) { print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbosity} > 1); eval do { local(@ARGV, $/) = $fn; <>}; die "Error parsing $fn: $@" if($@); } } ��notify.d/400-notify-send��0000755��00000003377�00000000000�0010737 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # Use notify-send (from libnotify-bin) to notify a user session via dbus. NSEND='/usr/bin/notify-send' test -x "$NSEND" \|\| exit 1 . /usr/lib/needrestart/notify.d.sh if [ "$NR_NOTIFYD_DISABLE_NOTIFY_SEND" = '1' ]; then echo "[$0] disabled in global config" 1>&2 exit 1 fi case "$NR_SESSION" in session) DBUS_SESSION_BUS_ADDRESS=$(sed -z -n s/^DBUS_SESSION_BUS_ADDRESS=//p "/proc/$NR_SESSPPID/environ") if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then unset DBUS_SESSION_BUS_ADDRESS fi export DISPLAY=$(sed -z -n s/^DISPLAY=//p "/proc/$NR_SESSPPID/environ") export XAUTHORITY=$(sed -z -n s/^XAUTHORITY=//p "/proc/$NR_SESSPPID/environ") if [ -z "$DISPLAY" ]; then echo "[$0] could not find DISPLAY for $NR_USERNAME on $NR_SESSION" 1>&2 exit 1 fi echo "[$0] notify user $NR_USERNAME on $DISPLAY" 1>&2 MSGTITLE=$(gettext 'Relogin or restarts required!') MSGBODY=$(gettext 'Your session is running obsolete binaries or libraries as listed below. <i><b>Please consider a relogin or restart of the affected processes!</b></i>')'\n'$(cat) su -p -s /bin/sh -c "$NSEND -a needrestart -u critical -i dialog-warning \"$MSGTITLE\" \"$MSGBODY\"" "$NR_USERNAME" ;; ) echo "[$0] skip session '$NR_SESSION'" 1>&2 exit 1; ;; esac ��notify.d/README.needrestart��0000644��00000001420�00000000000�0011433 0��ustar�00��Files located in /etc/needrestart/notify.d are used to notify running user sessions about usage of outdated libraries. needrestart runs any executable file (except ~, .dpkg-, .ex) naturally sorted by the filename for each notification. If the result code is 0 than needrestart will stop to run the remaining notification binaries. The following environment variables are set: - NR_SESSION Session identifier (tty device node or systemd's session name). - NR_SESSPPID The first pid in the session detected by needrestart. - NR_UID User ID of the session owner. - NR_USERNAME Username of the session owner. The following file descriptors are used: - /dev/stdin The list of obsolete processes. - /dev/stdout Closed. - /dev/stderr Available in verbose mode (-v). ��notify.d/200-write��0000755��00000002104�00000000000�0007613 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # Use write to notify users on TTYs. . /usr/lib/needrestart/notify.d.sh if [ "$NR_NOTIFYD_DISABLE_WRITE" = '1' ]; then echo "[$0] disabled in global config" 1>&2 exit 1 fi case "$NR_SESSION" in /dev/tty\|/dev/pts) echo "[$0] notify user $NR_USERNAME on $NR_SESSION" 1>&2 { echo gettext 'Your session is running obsolete binaries or libraries as listed below. Please consider a relogin or restart of the affected processes!' echo echo cat -n echo } \| write "$NR_USERNAME" "$NR_SESSION" 2> /dev/null ;; ) echo "[$0] skip session w/o tty" 1>&2 exit 1 ;; esac ��notify.d/600-mail��0000755��00000002524�00000000000�0007415 0��ustar�00��#!/bin/sh # needrestart - Restart daemons after library updates. # # Authors: # Thomas Liske <thomas@fiasko-nw.net> # # Copyright Holder: # 2013 - 2020 (C) Thomas Liske [http://fiasko-nw.net/~thomas/] # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # Use /usr/bin/mail to notify a user via e-mail. MAILX='/usr/bin/mail' test -x "$MAILX" \|\| exit 1 . /usr/lib/needrestart/notify.d.sh if [ "$NR_NOTIFYD_DISABLE_MAIL" = '1' ]; then echo "[$0] disabled in global config" 1>&2 exit 1 fi # Skip system users NR_USERID=$(id -u "$NR_USERNAME") if [ "0$NR_USERID" -gt 0 ] && [ "0$NR_USERID" -lt 1000 ]; then echo "[$0] do not notify system-user $NR_USERNAME via mail" 1>&2 exit 1 fi echo "[$0] notify user $NR_USERNAME on $NR_SESSION via mail" 1>&2 { _NR_FQDN=$(hostname -f) eval_gettext 'Your session on host $_NR_FQDN ($NR_SESSION) is running obsolete binaries or libraries as listed below.' echo echo gettext "Please consider a relogin or restart of the affected processes!" echo echo cat } \| fold -s -w 72 \| "$MAILX" -s "Relogin or restarts on host $(hostname) required!" "$NR_USERNAME" ��needrestart.templates��0000644��00000014277�00000000000�0010760 0��ustar�00��Template: needrestart/ui-query_pkgs_title Type: title Description: Daemons using outdated libraries Description-cs.UTF-8: Procesy služeb, které používají zastaralé knihovny Description-de.UTF-8: Dienste, die veraltete Bibliotheken nutzen Description-ru.UTF-8: Демоны, использующие устаревшие библиотеки Template: needrestart/ui-query_pkgs Type: multiselect Choices: ${PKGS} Description: Which services should be restarted? Description-cs.UTF-8: Které služby by měly být restartovány? Description-de.UTF-8: Welche Dienste sollen neu gestartet werden? Description-ru.UTF-8: Какие службы должны быть перезапущены? Template: needrestart/ui-kernel_announce_abi Type: note Description: Newer kernel available The currently running kernel version is ${KVERSION} and there is an ABI compatible upgrade pending. . Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting. Description-cs.UTF-8: Je k dispozici novější verze jádra Nyní je provozováno na jádru verze ${KVERSION} a přitom je k dispozici aktualizace, která zachovává kompatibilní ABI rozhraní. . Restart systému pro načtení nového jádra nebude obsloužen automaticky, takže byste měli zvážit restart stroje. Description-de.UTF-8: Neuer Kernel vorhanden Für die aktuelle Kernel-Version ${KVERSION} ist ein ABI-kompatibles Update vorhanden. . Das System wird nicht automatisch neu gestartet, um den neuen Kernel zu laden. Ein Neustart sollte durchgeführt werden. Description-ru.UTF-8: Доступно новое ядро Версия текущего ядра: ${KVERSION}, имеется незаконченное обновление, несовместимое на уровне ABI. . Перезапуск системы для загрузки нового ядра не производится автоматически, поэтому запланируйте перезагрузку. Template: needrestart/ui-kernel_announce_ver Type: note Description: Newer kernel available The currently running kernel version is ${KVERSION} which is not the expected kernel version ${EVERSION}. . Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting. Description-cs.UTF-8: Je k dispozici novější verze jádra Nyní provozovaná verze jádra je ${KVERSION}, což není očekávaná verze ${EVERSION}. . Restart systému pro načtení nového jádra nebude obsloužen automaticky, takže byste měli zvážit restart stroje. Description-de.UTF-8: Neuer Kernel vorhanden Die aktuelle Kernel-Version ist ${KVERSION}, es wird jedoch die Version ${EVERSION} erwartet. . Das System wird nicht automatisch neu gestartet, um den neuen Kernel zu laden. Ein Neustart sollte durchgeführt werden. Description-ru.UTF-8: Доступно новое ядро Версия текущего ядра: ${KVERSION}, что отлично от ожидаемой версии ${EVERSION}. . Перезапуск системы для загрузки нового ядра не производится автоматически, поэтому запланируйте перезагрузку. Template: needrestart/ui-kernel_title Type: title Description: Pending kernel upgrade Description-cs.UTF-8: Čekající aktualizace jádra Description-de.UTF-8: Ausstehendes Kernel-Upgrade Description-ru.UTF-8: Ожидается обновление ядра Template: needrestart/ui-ehint_title Type: title Description: Restart pending... Description-cs.UTF-8: Čekající restart… Description-de.UTF-8: Ausstehender Neustart... Description-ru.UTF-8: Ожидается перезапуск... Template: needrestart/ui-ehint_announce Type: note Description: This system runs ${EHINT} - you should consider rebooting! For more details, run «needrestart -m a». Description-cs.UTF-8: Tento systém je spuštěný s ${EHINT} – měli byste zvážit restart! Další informace získáte spuštěním „needrestart -m a“. Description-de.UTF-8: Das System verwendet ${EHINT} - ein Neustart sollte durchgeführt werden. Der Befehl »needrestart -m a« zeigt mehr Details. Description-ru.UTF-8: Эта система использует ${EHINT} - запланируйте перезагрузку! Для получения подробностей выполните «needrestart -m a». Template: needrestart/ui-ucode_title Type: title Description: Outdated processor microcode Description-cs.UTF-8: Zastaralý mikrokód procesoru Description-de.UTF-8: Veralteter Prozessor Mikrocode Template: needrestart/ui-ucode_announce Type: note Description: Processor microcode update The currently running processor microcode revision is ${CURRENT} which is not the expected microcode revision ${AVAIL}. . Restarting the system to load the new processor microcode will not be handled automatically, so you should consider rebooting. Description-cs.UTF-8: Aktualizace mikrokódu procesoru Nyní provozovaná revize mikrokódu procesoru je ${CURRENT}, což není očekávaná revize ${AVAIL}. . Restart systému pro načtení nového mikrokódu procesoru nebude obsloužen automaticky, takže byste měli zvážit restart stroje. Description-de.UTF-8: Prozessor Mikrocode-Update Die laufende Prozessor Mikrocode-Revision ist ${CURRENT}, es wird jedoch die Revision ${AVAIL} erwartet. . Das System wird nicht automatisch neu gestartet, um den neuen Prozessor Mikrocode zu laden. Ein Neustart sollte durchgeführt werden. Template: needrestart/ui-query_conts_title Type: title Description: Containers using outdated libraries Description-cs.UTF-8: Kontejnery používající zastaralé knihovny Description-de.UTF-8: Container, die veraltete Bibliotheken nutzen Description-ru.UTF-8: Контейнеры, использующие устаревшие библиотеки Template: needrestart/ui-query_conts Type: multiselect Choices: ${CONTS} Description: Which containers should be restarted? Description-cs.UTF-8: Které kontejnery by měly být restartovány? Description-de.UTF-8: Welche Container sollen neu gestartet werden? Description-ru.UTF-8: Какие контейнеры должны быть перезапущены? ��NEWS.gz��0000644��00000002337�00000000000�0005630 0��ustar�00��V�n�6\|.��6j�M��X��i��@_�$J"L�/��w��N��]��9C� �z�8zS��F�z�Q��͓�x��8��=�(�N�6�8$2��NS��6& ��q��4蠉��<Mڵ�ʚ:p�R�ZN�G��ZQ��1k�&�&ť�: K�F�L��Ա��&��Y�J��,:FNƻ}x��UJ9�n�K:p#Q�{�˺#w�L��;��[i��q�ѷ��\��j��T��8% ��<��5��w��<Ikb"��$�� #��t��mu��/�O��L��x��F�-�J4��I��ȭ�O{Q�I7�-ņ��5�\I�s��w�V��k��'�G��?�s��4K��]K�.��/��?T�\`Yx�J��u��K=�+eRO޶}��X��W��.�0p��x��},=z��x�L��4�F�[�#"�nѼ�,�OW��u�c��v�4��%NMy5�� G︶e��5i;=�s;9��ن.��8�Ճ�v�F��J��l��]�:�2�elc�[[��O�5�G�:7��V�@��s��p��^�� U�a�O�n�s��\|��I��4O�I}�w��N��e0��r;,��$\�%��AC N�0�Q�y��0�r<�F�%��f8 7��Yd�X@e�0]��(�/��t��߄˛&!��[�r��L �ޯ�/��ڢ#1q9πM�t?$0�t5��8'�s3jt��]\�]h��f�J䧂ı%�\|�SmM�܅�A:U��ߒ�H��ꎳM��n��^��9~ ��O3�J��}�'��= ��t9��Lʋ��a+��y��;`9�e01�x�f��IX\n$��\Q��=�+$�8��SZ\|k��r� �[HM��Ҏ�y�6�j��q�� 6 'پ�BE�ʪ��.P��.��yqdYsa3q0b+u�m�Z8��V '�2찍v~L]�II��c��,��/-��5+�Xz,d��?~d<�b�<��EW��~fd�g�-��\�6[�W�ɷ�ܒE�ˬ�.��M��(�0�`&qF�.Y�'��l$V�C�lYU�`�y�T�סUk�f�I��'��changelog.Debian.gz��0000644��00000003001�00000000000�0010151 0��ustar�00��W�r�6}�W�L��&ER�,�n'��q�v<��6}�HHDD.��Ǻ�I[r[qә� ��=��Y�S�I�4�^u��3cõ��5\|"e��M�dz�9�<]�\Ҍ�rk��8:�_~��o��g LH�(TB1��T�DH��`\| �)U w��?0 ��^D�`��ݖ3�;�iNU��`�~'�Л��I�I� ��)�Ia(� ��Bh#��L�X��j��uN�=�S`xF'��Dσ��dF$\|��$��?��7)Ⴓ�~�_�.s� A1ZD1�;I4H��1�u��-�U̻�9��[�t�K!�W ̓�%�ٔIkp��1�]GA\�D�&�d��qw�y�� Q�ļA<HbD<~��:?ܻ<ºy��FՑ�S��˷��.��s&/)רF�ȸ��>�p�ٔ�x0-�i�1iEK -(�K��4��A!Hf)&r�$�b� ��mP��n�rbc��M�r�ݻ��5T��i+��&��!IJ-�~�X 8M8��ۄ�l�C��<�_��,+��>�,�pc>GW�O��Kf�4��M�1"�/��!�\�Tp�-wH+�D�aݶnIK1��Vb,U]�ڪ�+;}��<C>\|��=t�^�Dݧ�!\|�=��RO�9#8ZOsd.Cx��8�� ٖ�i���`Y!G��;gXɨ��s�б��U��Q�A��JT�q��)�)�AUĎJ�%��Λ��A��$��cD54�g'�T�w�ESeDSOo�� \�5,��HQ>m&e8�a�NJ��{��5��4��T�șP&��Ι��>Hǽ6�2��kl3��ii��)^=\'�m^��[�X�FA�p��y� �)�⁣\�Dfv�vϧ��M�;��e�� u��:��B\�@�Ri��"x��z��>�h��V�"\|S��V89�rQ1��U�(Pܟ ~sX��\i�uD׷4fC6��\ZG�Zm��ހ�� @��@��{�(s�{��ƶߠ��]a�RT�Ѥ�m}�0�୦.5Ymd�U��³_a#�� /�-��Ԟ��K7�1Q,]��Q�2��4D ��A!� ��Ao7f�)Z� &N��Yڵ_4�u �k�2�N�$q� 8X/��w�o��:��̈��?i�ޒ��.t ��Y�dcº�-��p (�H,��~Ps6��RJ�c.��R&l:a}��0��s��)�:��/�Ui��BN��~�{��5d16Qҳ��h-d�g��{5�rK8�Y�#��;��8��P3�7\ܬJ�L�;�k\|�a��'��>��C\|��:s_��O��8�v�v��V��V/�lǝ��=Վgx?T�H��j0��t��(��'"ثd�X��[؊��j�� h1��O�bxI�M�^z�T�˭�-�\|��NEWS.Debian.gz��0000644��00000000447�00000000000�0007011 0��ustar�00��MP[N�@��)F�Te�My� �ķ�u��.��zn��p��=ό�1�1QH8��+/09�w�b ��x?��i\,��)�Ç�Q�C��UK˻z2 gOȲ�Tf]��?+�9�� P�p��#�)�2q�5I��[�uL=�rKӐ�x�J7J�A��G8�k/MO��/� 즮�O�>�l}s��s}�L�ѓZ��z�s"�zH��kY�-� �O�R��%�{�X�!��=�ol/Q<7 s0W��(�,LQ,~�{`N��README.Interp.md��0000644��00000004630�00000000000�0007227 0��ustar�00��needrestart - interpreter support ================================= Needrestart checks running processes for using obsolete binaries. If no obsolete binary was found needrestart scans for known interpreters. There are special packages (NeedRestart::Interp::) implementing the source code file list extraction. The executable (/proc/<pid>/exec) is used to detect the running interpreter. Whenever source files where located their ctime values are retrieved. If any of the source files has been changed after process creation time a restart of the pid is triggered. This is no perfect valuation since there are no inode information like for loaded binary objects nor has needrestart any chance to get a verified list of sourced files.. NeedRestart::Interp::Java ------------------------- Recognized binaries: /.+/bin/java Find source file by: n/a Try to detected loaded \.(class\|jar) files by looking at open files. This approach will not reliably detect loaded java files. Finding the original command used to launch a java program is not that easy. Since there is no shebang we will not find any data about the original command in /proc/$PID. Running on systemd will allow us to find the service name due to the cgroup name - seems to work for java daemons like tomcat6. NeedRestart::Interp::Perl ------------------------- Recognized binaries: /usr/(local/)?bin/perl Find source file by: command line interpretation The source file is scanned only for 'use' lines, other module loading mechanisms will not be recognized. This function used the Module::ScanDeps package to get the used Perl packages until needrestart 3.7. Module::ScanDeps is not used any more as it seems not to be designed to work with untrustworthy perl sources which would allow an attacker to use needrestart for local privilege escalation.* NeedRestart::Interp::Python --------------------------- Recognized binaries: /usr/(local/)?bin/python.* Find source file by: command line interpretation The source file is scanned for 'import' and 'from' lines. All paths in `sys.path` are scanned for the module files. This should work on any static loaded modules. NeedRestart::Interp::Ruby ------------------------- Recognized binaries: /usr/(local/)?bin/ruby.* Find source file by: command line interpretation The source file is scanned for 'load' and 'require' lines. All paths in `$:` are scanned for the module files. This should work on any static loaded modules. ��copyright��0000644��00000002064�00000000000�0006442 0��ustar�00��Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: needrestart Source: https://github.com/liske/needrestart/releases Files: * Copyright: 2013 - 2016 Thomas Liske [http://fiasko-nw.net/~thomas/] License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". ��README.md��0000644��00000006033�00000000000�0005766 0��ustar�00��needrestart =========== About ----- needrestart checks which daemons need to be restarted after library upgrades. It is inspired by checkrestart from the debian-goodies package. There are some hook scripts in the ``ex/`` directory (to be used with apt and dpkg. The scripts will call needrestart after any package installation/upgrades. needrestart should work on GNU/Linux. It has limited functionality on GNU/kFreeBSD since `/proc/<pid>/maps` does not show removed file links. Restarting Services ------------------- needrestart supports but does not require systemd (available since v0.6). If systemd is used you should use libpam-systemd, too. If needrestart detects systemd it will assume that libpam-systemd is used and relies on cgroup names to detect if a process belongs to a user session or a daemon. If you do not use libpam-systemd you should set $nrconf{has_pam_systemd} to 0 within needrestart.conf. If systemd is not available or does not return a service name needrestart uses hooks to identify the corresponding System V init script. The shipped hooks support the following package managers: * dpkg * rpm * pacman The service command is used to run the traditional System V init script. Frontends --------- needrestart uses a modular approach based on perl packages providing the user interface. The following frontends are shipped: * NeedRestart::UI::Debconf using debconf * NeedRestart::UI::stdio fallback using stdio interaction Kernel & Microcode ------------------ needrestart 0.8 brings a obsolete kernel detection feature. Since needrestart 3.5 it is possible to filter kernel image filenames (required on [Raspberry Pi](README.raspberry.md)). In needrestart 3.0 a [processor microcode update detection feature](README.uCode.md) for Intel CPUs has been added. Since needrestart 3.5 the AMD CPU support has been added. Interpreters ------------ needrestart 0.8 brings an [interpreter scanning feature](README.Interp.md). Interpreters not only map binary (shared) objects but also use plaintext source files. The interpreter detection tries to check for outdated source files since they may contain security issues, too. This is only a heuristic and might fail to detect all relevant source files. The following interpreter scanners are shipped: * NeedRestart::Interp::Java * NeedRestart::Interp::Perl * NeedRestart::Interp::Python * NeedRestart::Interp::Ruby Containers ---------- needrestart 2.1 [detects some container technologies](README.Cont.md). If a process is part of a container it might not be possible to restart it using Sys-V/systemd. There are special perl packages (NeedRestart::CONT::) implementing the container detection and restarting. The following container detectors are shipped: NeedRestart::CONT::docker * NeedRestart::CONT::LXC * NeedRestart::CONT::machined Batch Mode ---------- needrestart can be run in [batch mode](README.batch.md) to use the results within other programs or scripts. There is also a [nagios plugin mode](README.nagios.md) available. ��examples/needrestart-nagios��0000644��00000000424�00000000000�0012044 0��ustar�00��# needrestart nagios plugin sudoers.d config file # ----------------------------------------------- # # Please consider a look at /etc/sudoers.d/README howto enable this file. # # Allow nagios to execute the needrestart command nagios ALL=NOPASSWD: /usr/sbin/needrestart -p ��README.nagios.md��0000644��00000001421�00000000000�0007241 0��ustar�00��needrestart - nagios plugin mode ================================ Needrestart can be used as a nagios plugin: ```console # needrestart -p CRIT - Kernel: 4.6.0-1-amd64, Services: 1 (!), Containers: none, Sessions: 2 (!)\|Kernel=0;0;;0;2 Services=1;;0;0 Containers=0;;0;0 Sessions=2;0;;0 Services: - NetworkManager.service Sessions: - thomas @ session #16 - thomas @ user manager service ``` Since needrestart requires root privileges to scan processes of other users you should use sudo. Needrestart ships some example files to run needrestart as nagios plugin using sudo: - `ex/nagios/check_needrestart` - calls sudo to invoke needrestart - `ex/nagios/needrestart-nagios` - sudo(8) config allowing nagios to run needrestart as root - `ex/nagios/plugin.conf` - nagios(8) integration ��README.batch.md��0000644��00000001640�00000000000�0007045 0��ustar�00��needrestart - batch mode ======================== Needrestart can be run in batch mode: ```console # needrestart -b NEEDRESTART-VER: 2.1 NEEDRESTART-KCUR: 3.19.3-tl1+ NEEDRESTART-KEXP: 3.19.3-tl1+ NEEDRESTART-KSTA: 1 NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-machined.service NEEDRESTART-CONT: LXC web1 NEEDRESTART-SESS: metabase @ user manager service NEEDRESTART-SESS: root @ session #28017 ``` Batch mode can be used to use the results of needrestart in other scripts. While needrestart is run in batch mode it will never show any UI dialogs nor restart anything. The output format is compliant with the apt-dater protocol[1]. [1] https://github.com/DE-IBH/apt-dater-host/blob/master/doc/ The kernel status (`NEEDRESTART-KSTA`) value has the following meaning: - 0: unknown or failed to detect - 1: no pending upgrade - 2: ABI compatible upgrade pending - 3: version upgrade pending ��README.Cont.md��0000644��00000002250�00000000000�0006665 0��ustar�00��needrestart - container support =============================== If needrestart has found a process using obsolete binaries it checks if the process is part of a container. If the process is part of a container it might not be possible to restart it using Sys-V/systemd. There are special packages (NeedRestart::CONT::) implementing the container detection and restarting. NeedRestart::CONT::docker ------------------------- Recognized by: cgroup path (`/system.slice/docker-.scope` \|\| `/docker/`) Docker containers are ignored (needrestart 2.12+) since there are no updates within docker containers by design. NeedRestart::CONT::LXC ---------------------- Recognized by: cgroup path (`/lxc/` \|\| `/lxc.payload/`) For each container which should be restarted needrestart calls `lxc-stop --reboot --name $NAME`. This package also supports LXD containers, which are restarted by `lxc restart $NAME` or `lxc restart --project=$PROJECT $NAME` for containers in projects. NeedRestart::CONT::machined --------------------------- Recognized by: cgroup path (`/machine.slice/machine-.scope`) For each container which should be restarted needrestart calls `machinectl reboot $NAME`. ��README.uCode.md��0000644��00000001706�00000000000�0007026 0��ustar�00��needrestart - microcode support =============================== Some CPU architectures supports microcode updates to mitigate hardware-level bugs. Needrestart checks if the current running microcode signature matches the most recent version available on the host. The detection is currently only supported for AMD and Intel CPUs. AMD --- Needrestart decodes the AMD ucode firmware files to check for updates. This requires to know the cpu's CPUID value. The most reliable way is to use the cpuid kernel module (modprobe cpuid). As a fallback the CPUID is calculated from /proc/cpuinfo. The calculation might be wrong and should be avoided by loading the cpuinfo kernel module. Intel ----- Needrestart uses `iucode-tool`[1] to test for pending microcode updates. On Debian GNU/Linux it should be sufficient to install the `intel-microcode` package: ```console # apt-get install intel-microcode ``` [1] https://gitlab.com/iucode-tool/iucode-tool/wikis/home ��README.raspberry.md��0000644��00000001257�00000000000�0010001 0��ustar�00��needrestart - Raspberry Pi ========================== Raspbian and other linux distros are installing multiple kernel images in parallel: - `kernel.img` - `kernel7.img` - `kernel7l.img` - `kernel8.img` This might result in a continuous pending kernel update false positive. There is a configuration option in needrestart to filter the kernel image filenames to ignore the unused image files. To filter the kernel image on a RPi 2 or RPi 3: ```shell $ cat << EOF > /etc/needrestart/conf.d/kernel.conf # Filter kernel image filenames by regex. This is required on Raspian having # multiple kernel image variants installed in parallel. $nrconf{kernelfilter} = qr(kernel7\.img); EOF ``` ��

| ver. 1.4 | Github | . | PHP 8.3.30 | Generation time: 0.01 | proxy | phpinfo | Settings