After a security update of a library one needs to restart all programs that make use of this library in order for the security update to become effective.takes a package name and looks (on Linux systems) in /proc/pid/maps for processes that map shared objects contained in a certain package. It then looks for the corresponding processes to find the services that need to be restarted.
It supports more complex scenarious like package A needing a restart of package B or blacklisting services on a global or per package basis by (for now) internal lists and dicts.
It currently supports Debian and Fedora but might also work well on other Debian or RPM based distributions. The current release is 0.0.3.
Since it's a single script you can either use the script right away or call:
to install it. You can also build a Debian package from the 'debian/master' branch.
Debian Packages for Wheezy can be found here.
Simply pass the names of the packages that had shared objects updated:
whatmaps <pkg1> <pkg2>
The example output looks like:
# whatmaps libssl0.9.8 WARNING: No service script found in 'krb5-auth-dialog' for '['/usr/bin/krb5-auth-dialog']' - restart manually WARNING: No service script found in 'openssh-client' for '['/usr/bin/ssh-agent']' - restart manually WARNING: No service script found in 'vim-gnome' for '['/usr/bin/vim.gnome']' - restart manually WARNING: No service script found in 'isc-dhcp-client' for '['/sbin/dhclient']' - restart manually WARNING: No service script found in 'wpasupplicant' for '['/sbin/wpa_supplicant']' - restart manually Services that possibly need to be restarted: postfix libvirt-bin ntpd
Note that the processeswarns about above are packages without any init scripts (e.g. started by a desktop session). They need to be restarted manually at the moment. The services found by can be restarted using the --restart option:
whatmaps --restart <pkg1> <pkg2>
To enable automatic restarts during security updates on Debian based systems set:
The source code is available via:
git clone https://git.sigxcpu.org/cgit/whatmaps
and can be browsed here.
Checkrestart in the debian-goodies package detects processes that need to be restarted by checking if a file was deleted but is still in use by using lsof. You might want to try this one since it is well tested in Debian since 2003. The idea behind whatmaps is to do the lookup on a per package basis so we can let apt decide if it's a security upgrade (based on the origin) and only restart the service in this case.
More reliable mapping between processes and init scripts
- Better support for daemons in interpreted languages like xend or calendarserver, so far we only detect that /usr/bin/python2.X is affected.
- Check Desktop files (suspend/resume makes them long running) and notify users about affected processes in their session
- Try to runtime inspect python/perl/java for loaded modules using lsof or PTRACE_PEEKDATA
Apt integration Better Fedora support
- Support for other init systems (filerc, upstart) besides SysV-RC and systemd
- DNF/Yum integration
whatmaps was written by Guido Günther.
whatmaps has it's own mailing list for general discussion and patches.
whatmaps is free software and licensed under the GPL Version 3.