wireguard dkms systemd

Fabian Grünbichler fabian.gruenbichler at student.tuwien.ac.at
Mon Nov 5 12:27:44 CET 2018 

On Mon, Nov 05, 2018 at 01:28:37PM +0700, Daniel Kahn Gillmor wrote:
> On Sun 2018-11-04 16:35:07 +0100, Jason A. Donenfeld wrote:
> > FWIW, Ubuntu users got confused with reloading the kernel module (let
> > alone systemd's view of units), so we wound up adding something a bit
> > strange to the postinst:
> >
> > https://github.com/EggieCode/wireguard-ppa/blob/master/debian/wireguard-dkms.postinst#L36-L72
> >
> > Not sure that Debian would want to follow suite with such a thing though...
> 
> i like some of the ideas there, but i don't think i'd want it as-is, for
> at least a few reasons:
> 
>  * the administrator's choice mechanism
>   (/etc/wireguard/.reload-module-on-update) is rather idiosyncratic.
>   Using a single boolean debconf question is probably a better approach.
> 
>  * echoing suggestions to stdout to rmmod/modprobe just before actually
>    doing the thing seems like a recipe for it happening twice.  I think
>    i wouldn't make that prompt if the administrator has already asked
>    the system to do the upgrade.

Ack.

>  * i'm leery of the "systemctl daemon-reload" approach in particular, as
>    mentioned above.  if lots of packages did that in their postinst
>    they'd be interacting weirdly with each other during a multi-package
>    upgrade.

I don't see how reloading systemd units too often can cause any kind of
interference, and in fact debhelper already does this for both the
'restart in postinst' (default in compat 10+) and the 'stop in prerm,
start in postinst' (default in compat <= 9) mode - unconditionally, on
every upgrade of a package that ships an automatically (re)started unit.

random data point: on this system with 1606 maintscripts in place, 93
have some variant of systemctl daemon-reload in them (and 12 even have
multiple calls in one maintscript). on a server running Stretch, the
ratio is 72/597.

unnecessarily reloading does of course prolong the upgrade itself, but
since we can't easily tell that the unit has been modified, and not
reloading in case it has been makes the restart fail, the tradeoff of
always reloading on upgrade seems reasonable to me.

FWIW, I'd like to see some variant of transparent reloading integrated
into the Debian packages (even if disabled by default).

> thanks for the pointer though!

thanks for your work on wireguard in Debian :)

More information about the WireGuard mailing list