Red Hat Bugzilla – Bug 432783
Feature: Protect running update on shutdown
Last modified: 2008-02-14 12:51:40 EST
Description of proposed feature:
Imagine a machine that is turned on after a few days off. Anacron will start
pending cron.daily cron jobs. yum-cron is run and starts upgrading the system.
Now the user turns off the machine, possibly in the middle of a running update.
yum-cron should check for a running yum and if one is running block the stop
action until yum is finished. The easiest solution for this would be to write
the yum-cron daily script PID in a file and check for this file and PID in the
yum-cron init stop action. If the file exists and the PID is the yum-cron daily
cron script then it will wait and recheck every few seconds. An informative note
should be printed to the shutdown screen and additionally there should be a trap
that allows cancelling the stop (if it was run on the console).
Would be easy enough to code, but here are some big problems:
1) yum has a pid lock even during its (large) random wait before doing the
actual work. The random wait is so that every machine around the world running
yum-cron around the world doesn't assault the mirrors simultaneously, so is an
important feature we wouldn't want to disable, but waiting hours for a shutdown
is Bad. One could override it on console, but remotely one could get really
trapped (shutdown also disables logins).
2) Messing with the shutdown scripts is outside the scope of this package.
That's a core Fedora package, and changes there would have to be made by that
package's owners. And very carefully thought about to deal with unintended
consequences. But perhaps there is already a list of Things to Not Shut Down
During that could be looked at?
The upside would be a way to eliminate instances of rebooting with partial
upgrades in progress, lots of loose files around, perhaps a corrupted rpm
database. But, in practice I've not seen such problems in many years (and have
clobbered machines in the midst of updates). I suspect that yum and rpm are now
doing some cleanup when given a SIGTERM by the shutdown script, so that they're
not left in an un-recoverable state.
Since I can't make such a change as part of this package, I'll mark this bug as
CANTFIX. There are two places it might be addressed, though. The "sysvinit"
package owns the shutdown scripts. And some combination of yum and rpm could
address how they handle being sent a SIGTERM by the shutdown scripts.