Bug 2255718

Summary: systemd-resolved: service is not restarted after upgrade
Product: [Fedora] Fedora Reporter: Petr Menšík <pemensik>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: fedoraproject, filbranden, lnykryn, msekleta, ryncsn, systemd-maint, yuwatana, zbyszek
Target Milestone: ---Keywords: Upgrades
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/systemd/systemd/pull/30549
Whiteboard:
Fixed In Version: systemd-255.2-2.fc40 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-01-09 17:30:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2222672    

Description Petr Menšík 2023-12-23 16:58:26 UTC 
When testing fix for bug #2222672 (CVE-2023-7008), I have found package upgrade does not ensure systemd-resolved.service is restarted after package update. That is done by scriptlets such as:

%postun
%systemd_postun_with_restart %{name}.service

It is surprising systemd maintainers themselves have it missing.

I have used scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=110707583
From branch: https://src.fedoraproject.org/fork/pemensik/rpms/systemd/tree/CVE-2023-7008

Reproducible: Always

Steps to Reproduce:
1. Create build modifying behaviour, such as CVE-2023-7008 fix
2. Install systemd-resolved update
3. Test behaviour on running daemon, whether its behaviour has changed.
4. systemctl restart systemd-resolved
5. Recheck behaviour and ensure it is the same.
Actual Results:  
Reported nothing has changed:
https://github.com/systemd/systemd/pull/30549#issuecomment-1868013733

Because package lacks restart, no behaviour has changed. But not because it was unfixed, but because my machine were not running updated version yet. 

Expected Results:  
Package contains appropriate scriptlets for all actions and behaviour changes immediately after update package transaction. Should not require manual restart afterwards.

I have found:
%preun resolved
%post resolved # contains %systemd_post systemd-resolved.service
%posttrans resolved

I am missing:
%systemd_preun
%systemd_postun_with_restart

Whose I have in all my DNS caches, where such updates work better.
Comment 1 Petr Menšík 2023-12-23 17:24:53 UTC 
systemd-resolved package is missing, what is described on:
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_scriptlets
Comment 2 Fedora Update System 2024-01-09 15:45:02 UTC 
FEDORA-2024-eb62cd6a19 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-eb62cd6a19
Comment 3 Fedora Update System 2024-01-09 17:30:24 UTC 
FEDORA-2024-eb62cd6a19 has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.