-
Notifications
You must be signed in to change notification settings - Fork 687
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We shouldn't enable apt-daily service units #7298
Comments
legoktm
added a commit
that referenced
this issue
Oct 29, 2024
By enabling the services, it means it runs every time the machine boots, defeating the point of the timer. Similarly, starting the service means that it starts running while the playbook is still going, which might also explain the dpkg lock contention (#7258). Ansible will now just ensure the units are unmasked and the securedrop-config postinst will disable the services if enabled. Fixes #7298
3 tasks
legoktm
added a commit
that referenced
this issue
Oct 29, 2024
By enabling the services, it means it runs every time the machine boots, defeating the point of the timer. Similarly, starting the service/timer means that it starts running while the playbook is still going, which might also explain the dpkg lock contention (#7258). Ansible will now just ensure the units are unmasked and the securedrop-config postinst will disable the services if enabled. Fixes #7298
legoktm
added a commit
that referenced
this issue
Nov 19, 2024
By enabling the services, it means it runs every time the machine boots, defeating the point of the timer. Similarly, starting the service/timer means that it starts running while the playbook is still going, which might also explain the dpkg lock contention (#7258). Ansible will now just ensure the units are unmasked and the securedrop-config postinst will disable the services if enabled. Fixes #7298
legoktm
added a commit
that referenced
this issue
Nov 23, 2024
By enabling the services, it means it runs every time the machine boots, defeating the point of the timer. Similarly, starting the service/timer means that it starts running while the playbook is still going, which might also explain the dpkg lock contention (#7258). Ansible will now just ensure the units are unmasked and the securedrop-config postinst will disable the services if enabled. Fixes #7298
Some more context at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844453 |
legoktm
added a commit
that referenced
this issue
Nov 23, 2024
By enabling the services, it means it runs every time the machine boots, defeating the point of the timer. Similarly, starting the service/timer means that it starts running while the playbook is still going, which might also explain the dpkg lock contention (#7258). Ansible will now just ensure the units are unmasked and the securedrop-config postinst will disable the services if enabled. Fixes #7298
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
In the ansible playbook:
We should only be starting/enabling the timers not the services themselves.
I noticed this while trying to figure out why
./securedrop-admin install
kept reporting things as changing (the service needed to be started), even though I had just run it seconds before.The text was updated successfully, but these errors were encountered: