Bug 1094906

Summary: dnssec-trigger: script and/or trigger should not directly enable systemd units
Product: [Fedora] Fedora Reporter: Andy Lutomirski <luto>
Component: dnssec-triggerAssignee: Pavel Šimerda (pavlix) <psimerda>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: luto, psimerda, pspacek, pwouters, thozza, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-06 18:13:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1090684    

Description Andy Lutomirski 2014-05-06 17:19:17 UTC 
My query script thinks that dnssec-trigger has a script or trigger that directly enables a systemd unit using 'systemctl enable'.  It probably should not.  Please update this packages to use the macroized scriptlet (https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd).

If your package has an exception from FESCo permitting it to enable
itself, please make sure that the service in question is listed in the
appropriate preset file.

There is a general exception described here:

https://fedoraproject.org/wiki/Starting_services_by_default

If your package falls under the general exception, then it is possible
that no change is required.  Nevertheless, if you are relying on the
exception, please make sure that your rpm scripts are sensible.  The
exception is:

In addition, any service which does not remain persistent on the system (aka, it "runs once then goes away"), does not listen to incoming connections during initialization, and does not require configuration to be functional may be enabled by default (but is not required to do so). An example of "runs once then goes away" service is iptables.

Given that this issue can affect Fedora 20 users who install your
package as a dependency, this bug should be fixed in Fedora 20 and
Rawhide.
Comment 1 Pavel Šimerda (pavlix) 2014-05-06 17:30:37 UTC 
Yep, I know about this "feature" and I don't like it either but we did that as a temporary measure before NetworkManager is capable of rewriting /etc/resolv.conf on request. While the easiest solution is just to remove the call to systemctl, it will leave the network in a half-configured state after 'systemctl stop dnssec-triggerd'.
Comment 2 Pavel Šimerda (pavlix) 2014-05-06 17:34:58 UTC 
Just in case... is 'systemctl try-restart' (which is being used here) not acceptable at least as a temporary solution?
Comment 3 Andy Lutomirski 2014-05-06 17:49:36 UTC 
I think my query script queried too old a version of dnssec-trigger.  I don't see a problem right now.

The spec file could probably still be simplified by using %systemd_postun_with_restart, but I don't think there's an actual bug.  Sorry.  Feel free to close this if you don't want to make any changes.
Comment 4 Andy Lutomirski 2014-05-06 18:02:34 UTC 
Also, if you are actually doing something complicated here, asking FESCo's opinion might be a good idea.  I'm not any kind of authority here; I just got annoyed at finding a bunch of packages that were clearly and erroneously enabling themselves.
Comment 5 Pavel Šimerda (pavlix) 2014-05-06 18:13:44 UTC 
(In reply to Andy Lutomirski from comment #3)
> I think my query script queried too old a version of dnssec-trigger.  I
> don't see a problem right now.

Thanks!

> The spec file could probably still be simplified by using
> %systemd_postun_with_restart,

Current master and f20 branch:

%postun·
%systemd_postun_with_restart %{name}d.service

> but I don't think there's an actual bug. 
> Sorry.  Feel free to close this if you don't want to make any changes.

Sure. Thank you for your effort.