rpcbind.spec contains: %post if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || : fi This is bad: rpcbind gets pulled in by things like libvirt, but it should not be listening globally just because libvirt is installed.
Please move to the RPM macros for this: https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Macroized_scriptlets_.28Fedora_18.2B.29
Something like this: diff --git a/rpcbind.spec b/rpcbind.spec index 1dd8541..00d0b2c 100644 --- a/rpcbind.spec +++ b/rpcbind.spec @@ -93,10 +93,7 @@ if [ -z "$rpcid" -o "$rpcid" != "32" ]; then -M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1 fi %post -if [ $1 -eq 1 ] ; then - # Initial installation - /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || : -fi +%systemd_post rpcbind.service %preun if [ $1 -eq 0 ]; then @@ -109,11 +106,7 @@ if [ $1 -eq 0 ]; then fi %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ]; then - # Package upgrade, not uninstall - /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || : -fi +%systemd_postun_with_restart rpcbind.service %triggerun -- rpcbind < 0.2.0-15 %{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:
Does this need a %systemd_preun as well? If not, it looks sensible to me.
(In reply to Andy Lutomirski from comment #3) > Does this need a %systemd_preun as well? If not, it looks sensible to me. Well here is what the %preun does %preun if [ $1 -eq 0 ]; then # Package removal, not upgrade /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || : /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || : /usr/sbin/userdel rpc 2>/dev/null || : /usr/sbin/groupdel rpc 2>/dev/null || : rm -rf /var/lib/rpcbind fi I guess I could change the two systemctl commands to one %systemd_preun rpcbind.service But since I have no idea what %systemd_preun does, I'm a bit hesitant...
Disclaimer: I am neither an RPM nor a systemd expert. But here goes anyway: In my /lib/rpm/macros.d/macros.systemd, I have: %systemd_post() \ if [ $1 -eq 1 ] ; then \ # Initial installation \ /usr/bin/systemctl preset %{?*} >/dev/null 2>&1 || : \ fi \ %{nil} %systemd_preun() \ if [ $1 -eq 0 ] ; then \ # Package removal, not upgrade \ /usr/bin/systemctl --no-reload disable %{?*} > /dev/null 2>&1 || : \ /usr/bin/systemctl stop %{?*} > /dev/null 2>&1 || : \ fi \ %{nil} %systemd_postun() \ /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : \ %{nil} %systemd_postun_with_restart() \ /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : \ if [ $1 -ge 1 ] ; then \ # Package upgrade, not uninstall \ /usr/bin/systemctl try-restart %{?*} >/dev/null 2>&1 || : \ fi \ %{nil} So %systemd_preun looks very similar to what you have already :) There's probably an argument to be made for using the macro, since maybe the macro will change some day for a good reason.
While you are there, add rpcbind.socket to the macros invocations too, see: https://bugs.freedesktop.org/show_bug.cgi?id=63735
Packaging guideline says scriptlets should not remove user/groups: https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strategies It will help with %systemd_preun adoption. The "rm -rf /var/lib/rpcbind" is related to https://bugzilla.redhat.com/show_bug.cgi?id=1027235 . I did not investigate, but does rpcbind really leave files there? Perhaps stopping the socket too will help avoid the rm?
The following patch pass a smoke test (and fix #1027235 too). --- rpcbind.spec.orig 2013-12-02 13:51:34.000000000 -0200 +++ rpcbind.spec 2014-05-20 13:30:31.049931472 -0300 @@ -92,28 +92,20 @@ /usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \ -M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1 fi + %post -if [ $1 -eq 1 ] ; then - # Initial installation - /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || : -fi +%systemd_post rpcbind.service rpcbind.socket %preun +%systemd_preun rpcbind.service rpcbind.socket if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || : - /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || : /usr/sbin/userdel rpc 2>/dev/null || : /usr/sbin/groupdel rpc 2>/dev/null || : - rm -rf /var/lib/rpcbind + /usr/bin/rm -f /var/lib/rpcbind/* fi %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ]; then - # Package upgrade, not uninstall - /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || : -fi +%systemd_postun_with_restart rpcbind.service rpcbind.socket %triggerun -- rpcbind < 0.2.0-15 %{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:
Looks good to me. I think that rpcbind should also be removed from the default preset, but that's a separate issue (bug 1099595).
I forgot to change the Requires to 'systemd' ('systemd-units' if for F17 and earlier). And 'systemd-sysv' does not even exist anymore. --- rpcbind.spec.orig 2013-12-02 13:51:34.000000000 -0200 +++ rpcbind.spec 2014-05-20 14:38:18.457091710 -0300 @@ -14,12 +14,12 @@ Requires: glibc-common setup Conflicts: man-pages < 2.43-12 -BuildRequires: automake, autoconf, libtool, systemd-units +BuildRequires: automake, autoconf, libtool, systemd BuildRequires: libtirpc-devel, quota-devel, tcp_wrappers-devel Requires(pre): coreutils shadow-utils -Requires(post): chkconfig systemd-units systemd-sysv -Requires(preun): systemd-units -Requires(postun): systemd-units coreutils +Requires(post): chkconfig systemd +Requires(preun): systemd +Requires(postun): systemd coreutils Provides: portmap = %{version}-%{release} Obsoletes: portmap <= 4.0-65.3 @@ -92,28 +92,20 @@ /usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \ -M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1 fi + %post -if [ $1 -eq 1 ] ; then - # Initial installation - /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || : -fi +%systemd_post rpcbind.service rpcbind.socket %preun +%systemd_preun rpcbind.service rpcbind.socket if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || : - /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || : /usr/sbin/userdel rpc 2>/dev/null || : /usr/sbin/groupdel rpc 2>/dev/null || : - rm -rf /var/lib/rpcbind + /usr/bin/rm -f /var/lib/rpcbind/* fi %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ]; then - # Package upgrade, not uninstall - /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || : -fi +%systemd_postun_with_restart rpcbind.service rpcbind.socket %triggerun -- rpcbind < 0.2.0-15 %{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:
Also, the %triggerun section with systemd-sysv-convert can be dropped I think. https://fedorahosted.org/fpc/ticket/308 http://pkgs.fedoraproject.org/cgit/systemd.git/commit/?id=5ccbe72a72f1a161f3c5ac1ff0fb64c7a0d2098b
This will need to be fixed for https://fedorahosted.org/fesco/ticket/1310 to be effective.
*** Bug 850298 has been marked as a duplicate of this bug. ***
rpcbind-0.2.1-2.1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rpcbind-0.2.1-2.1.fc21
Package rpcbind-0.2.1-2.1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-2.1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13642/rpcbind-0.2.1-2.1.fc21 then log in and leave karma (feedback).
Package rpcbind-0.2.1-3.0.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-3.0.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13642/rpcbind-0.2.1-3.0.fc21 then log in and leave karma (feedback).
rpcbind-0.2.1-4.0.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rpcbind-0.2.1-4.0.fc21
rpcbind-0.2.1-4.0.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
rpcbind-0.2.4-8.rc3.fc27.x86_64 is showing this problem. I am using no rpc services, yet rpcbind is running: $ rpcinfo program version netid address service owner 100000 4 tcp6 ::.0.111 portmapper superuser 100000 3 tcp6 ::.0.111 portmapper superuser 100000 4 udp6 ::.0.111 portmapper superuser 100000 3 udp6 ::.0.111 portmapper superuser 100000 4 tcp 0.0.0.0.0.111 portmapper superuser 100000 3 tcp 0.0.0.0.0.111 portmapper superuser 100000 2 tcp 0.0.0.0.0.111 portmapper superuser 100000 4 udp 0.0.0.0.0.111 portmapper superuser 100000 3 udp 0.0.0.0.0.111 portmapper superuser 100000 2 udp 0.0.0.0.0.111 portmapper superuser 100000 4 local /run/rpcbind.sock portmapper superuser 100000 3 local /run/rpcbind.sock portmapper superuser
(In reply to Patrick O'Callaghan from comment #19) > rpcbind-0.2.4-8.rc3.fc27.x86_64 is showing this problem. I am using no rpc > services, yet rpcbind is running: > > $ rpcinfo > program version netid address service owner > 100000 4 tcp6 ::.0.111 portmapper superuser > 100000 3 tcp6 ::.0.111 portmapper superuser > 100000 4 udp6 ::.0.111 portmapper superuser > 100000 3 udp6 ::.0.111 portmapper superuser > 100000 4 tcp 0.0.0.0.0.111 portmapper superuser > 100000 3 tcp 0.0.0.0.0.111 portmapper superuser > 100000 2 tcp 0.0.0.0.0.111 portmapper superuser > 100000 4 udp 0.0.0.0.0.111 portmapper superuser > 100000 3 udp 0.0.0.0.0.111 portmapper superuser > 100000 2 udp 0.0.0.0.0.111 portmapper superuser > 100000 4 local /run/rpcbind.sock portmapper superuser > 100000 3 local /run/rpcbind.sock portmapper superuser I should note that this is not a fresh install of F27. It's possible that rpcbind was enabled in an earlier version and simply stayed that way.