Bug 1094932

Summary: subscription-manager: script and/or trigger should not directly enable systemd units
Product: Red Hat Enterprise Linux 7 Reporter: Andy Lutomirski <luto>
Component: subscription-managerAssignee: William Poteat <wpoteat>
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: low Docs Contact:
Priority: medium    
Version: 7.2CC: alikins, awood, bcourt, bkearney, jpazdziora, khowell, lkocman, redakkan, vpavlin, vrjain, wpoteat
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1163968 (view as bug list) Environment:
Last Closed: 2017-08-01 19:18:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1163968, 1271839    
Bug Blocks: 1090684, 1121117, 1201663, 1378128    

Description Andy Lutomirski 2014-05-06 17:23:36 UTC 
My query script thinks that subscription-manager has a script or trigger that directly enables a systemd unit using 'systemctl enable'.  It probably should not.  Please update this packages to use the macroized scriptlet (https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd).

If your package has an exception from FESCo permitting it to enable
itself, please make sure that the service in question is listed in the
appropriate preset file.

There is a general exception described here:

https://fedoraproject.org/wiki/Starting_services_by_default

If your package falls under the general exception, then it is possible
that no change is required.  Nevertheless, if you are relying on the
exception, please make sure that your rpm scripts are sensible.  The
exception is:

In addition, any service which does not remain persistent on the system (aka, it "runs once then goes away"), does not listen to incoming connections during initialization, and does not require configuration to be functional may be enabled by default (but is not required to do so). An example of "runs once then goes away" service is iptables.

Given that this issue can affect Fedora 20 users who install your
package as a dependency, this bug should be fixed in Fedora 20 and
Rawhide.
Comment 1 Jaroslav Reznik 2015-03-03 17:01:04 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 2 Adrian Likins 2015-08-13 14:02:20 UTC 
Pinged redhat-release-server component about that side of it at https://bugzilla.redhat.com/show_bug.cgi?id=1163968
Comment 3 William Poteat 2016-09-26 18:16:57 UTC 
systemctl commands removed. Issue will only be resolved when the preset file has been updated by rel-eng.
Comment 7 Rehana 2017-05-02 10:51:13 UTC 
Retested with ;

# subscription-manager version
server type: This system is currently not registered.
subscription management server: 0.9.51.21-1
subscription management rules: 5.15.1
subscription-manager: 1.19.10-1.el7
python-rhsm: 1.19.5-1.el7


Demonstrating that with older subscription-manager packages(subscription-manager: 1.17.15-1.el7 and python-rhsm: 1.17.9-1.el7) the rpm scriptlets contains /bin/systemctl enable commands 

# rpm -q --scripts subscription-manager | grep /bin/systemctl
    /bin/systemctl enable rhsmcertd.service >/dev/null 2>&1 || :
    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
    /bin/systemctl try-restart rhsmcertd.service >/dev/null 2>&1 || :

with the latest subscription-manager packages from brew (subscription-manager: 1.19.10-1.el7 and python-rhsm: 1.19.5-1.el7 ) /bin/systemctl enable commands are removed

# rpm -q --scripts subscription-manager | grep /bin/systemctl
# 
 
Full contents for reference 
-------------------------------

# rpm -q --scripts subscription-manager 
postinstall scriptlet (using /bin/sh):
    
if [ $1 -eq 1 ] ; then 
        # Initial installation 
        systemctl preset rhsmcertd.service >/dev/null 2>&1 || : 
fi 


if [ -x /bin/dbus-send ] ; then
    dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig > /dev/null 2>&1 || :
fi

if [ "$1" -eq "2" ] ; then
    /sbin/service rhsmcertd condrestart >/dev/null 2>&1 || :
fi
preuninstall scriptlet (using /bin/sh):
if [ $1 -eq 0 ] ; then
        
if [ $1 -eq 0 ] ; then 
        # Package removal, not upgrade 
        systemctl --no-reload disable rhsmcertd.service > /dev/null 2>&1 || : 
        systemctl stop rhsmcertd.service > /dev/null 2>&1 || : 
fi 


    if [ -x /bin/dbus-send ] ; then
        dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig > /dev/null 2>&1 || :
    fi
fi
postuninstall scriptlet (using /bin/sh):
    
systemctl daemon-reload >/dev/null 2>&1 || : 
if [ $1 -ge 1 ] ; then 
        # Package upgrade, not uninstall 
        systemctl try-restart rhsmcertd.service >/dev/null 2>&1 || : 
fi
Comment 8 Rehana 2017-05-02 13:55:28 UTC 
Based on comment 7 , Marking the bug as Verified
Comment 9 Kevin Howell 2017-05-03 15:07:56 UTC 
*** Bug 1209382 has been marked as a duplicate of this bug. ***
Comment 10 errata-xmlrpc 2017-08-01 19:18:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2083