[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 2 commits: needrestart.conf as coming from bullseye (virt32a)

Holger Levsen (@holger) gitlab at salsa.debian.org
Wed Jun 2 13:17:35 BST 2021 


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
a729e95e by Holger Levsen at 2021-06-02T14:16:33+02:00
needrestart.conf as coming from bullseye (virt32a)

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
0aa17b9d by Holger Levsen at 2021-06-02T14:17:15+02:00
configure needrestart to restart all services automatically

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- + hosts/common/etc/needrestart/needrestart.conf


Changes:

=====================================
hosts/common/etc/needrestart/needrestart.conf
=====================================
@@ -0,0 +1,217 @@
+
+# needrestart - Restart daemons after library updates.
+#
+# This is the configuration file of needrestart. This is perl syntax.
+# needrestart uses reasonable default values, you might not need to
+# change anything.
+#
+
+# Verbosity:
+#  0 => quiet
+#  1 => normal (default)
+#  2 => verbose
+#$nrconf{verbosity} = 2;
+
+# Path of the package manager hook scripts.
+#$nrconf{hook_d} = '/etc/needrestart/hook.d';
+
+# Path of user notification scripts.
+#$nrconf{notify_d} = '/etc/needrestart/notify.d';
+
+# Path of restart scripts.
+#$nrconf{restart_d} = '/etc/needrestart/restart.d';
+
+# Disable sending notifications to user sessions running obsolete binaries
+# using scripts from $nrconf{notify_d}.
+#$nrconf{sendnotify} = 0;
+
+# If needrestart detects systemd it assumes that you use systemd's pam module.
+# This allows needrestart to easily detect user session. In case you use
+# systemd *without* pam_systemd.so you should set has_pam_systemd to false
+# to enable legacy session detection!
+#$nrconf{has_pam_systemd} = 0;
+
+# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
+#
+# ATTENTION: If needrestart is configured to run in interactive mode but is run
+# non-interactive (i.e. unattended-upgrades) it will fallback to list only mode.
+#
+$nrconf{restart} = 'a';
+
+# Use preferred UI package.
+#$nrconf{ui} = 'NeedRestart::UI::stdio';
+
+# Change default answer to 'no' in (i)nteractive mode.
+#$nrconf{defno} = 1;
+
+# Set UI mode to (e)asy or (a)dvanced.
+#$nrconf{ui_mode} = 'e';
+
+# Print a combined `systemctl restart` command line for skipped services.
+#$nrconf{systemctl_combine} = 1;
+
+# Blacklist binaries (list of regex).
+$nrconf{blacklist} = [
+    # ignore sudo (not a daemon)
+    qr(^/usr/bin/sudo(\.dpkg-new)?$),
+
+    # ignore DHCP clients
+    qr(^/sbin/(dhclient|dhcpcd5|pump|udhcpc)(\.dpkg-new)?$),
+
+    # ignore apt-get (Debian Bug#784237)
+    qr(^/usr/bin/apt-get(\.dpkg-new)?$),
+];
+
+# Blacklist services (list of regex) - USE WITH CARE.
+# You should prefere to put services to $nrconf{override_rc} instead.
+# Any service listed in $nrconf{blacklist_rc} will be ignored completely!
+#$nrconf{blacklist_rc} = [
+#];
+
+# Override service default selection (hash of regex).
+$nrconf{override_rc} = {
+    # DBus
+    qr(^dbus) => 0,
+
+    # display managers
+    qr(^gdm) => 0,
+    qr(^kdm) => 0,
+    qr(^nodm) => 0,
+    qr(^sddm) => 0,
+    qr(^wdm) => 0,
+    qr(^xdm) => 0,
+    qr(^lightdm) => 0,
+    qr(^slim) => 0,
+    qr(^lxdm) => 0,
+
+    # networking stuff
+    qr(^bird) => 0,
+    qr(^network) => 0,
+    qr(^NetworkManager) => 0,
+    qr(^ModemManager) => 0,
+    qr(^wpa_supplicant) => 0,
+    qr(^openvpn) => 0,
+    qr(^quagga) => 0,
+    qr(^frr) => 0,
+    qr(^tinc) => 0,
+    qr(^(open|free|libre|strong)swan) => 0,
+    qr(^bluetooth) => 0,
+
+    # gettys
+    qr(^getty at .+\.service) => 0,
+
+    # systemd --user
+    qr(^user@\d+\.service) => 0,
+
+    # misc
+    qr(^zfs-fuse) => 0,
+    qr(^mythtv-backend) => 0,
+    qr(^xendomains) => 0,
+    qr(^lxcfs) => 0,
+    qr(^libvirt) => 0,
+    qr(^docker) => 0,
+
+    # systemd stuff
+    # (see also Debian Bug#784238 & #784437)
+    qr(^emergency\.service$) => 0,
+    qr(^rescue\.service$) => 0,
+
+    # do not restart oneshot services, see also #862840
+    qr(^apt-daily\.service$) => 0,
+    qr(^apt-daily-upgrade\.service$) => 0,
+    qr(^unattended-upgrades\.service$) => 0,
+    # do not restart oneshot services from systemd-cron, see also #917073
+    qr(^cron-.*\.service$) => 0,
+
+    # ignore rc-local.service, see #852864
+    qr(^rc-local\.service$) => 0,
+
+    # don't restart systemd-logind, see #798097
+    qr(^systemd-logind) => 0,
+};
+
+# Override container default selection (hash of regex).
+$nrconf{override_cont} = {
+};
+
+# Disable interpreter scanners.
+#$nrconf{interpscan} = 0;
+
+# Ignore script files matching these regexs:
+$nrconf{blacklist_interp} = [
+    # ignore temporary files
+    qr(^/tmp/),
+    qr(^/var/),
+    qr(^/run/),
+
+];
+
+# Ignore +x mapped files matching one of these regexs:
+$nrconf{blacklist_mappings} = [
+    # special device paths
+    qr(^/(SYSV00000000( \(deleted\))?|drm(\s|$)|dev/)),
+
+    # ignore memfd file used by nvidia binary drivers
+    qr(^/memfd:/.glXXXXXX),
+
+    # aio(7) mapping
+    qr(^/\[aio\]),
+
+    # Oil Runtime Compiler's JIT files
+    qr#/orcexec\.[\w\d]+( \(deleted\))?$#,
+
+    # plasmashell (issue #65)
+    qr(/#\d+( \(deleted\))?$),
+
+    # temporary stuff
+    qr#^(/var)?/tmp/#,
+    qr#^(/var)?/run/#,
+];
+
+# Verify mapped files in fileystem:
+# 0 : enabled
+# -1: ignore non-existing files, workaround for chroots and broken grsecurity kernels (default)
+# 1 : disable check completely, rely on content of maps file only
+$nrconf{skip_mapfiles} = -1;
+
+# Enable/disable hints on pending kernel upgrades:
+#  1: requires the user to acknowledge pending kernels
+#  0: disable kernel checks completely
+# -1: print kernel hints to stderr only
+#$nrconf{kernelhints} = -1;
+
+# Filter kernel image filenames by regex. This is required on Raspian having
+# multiple kernel image variants installed in parallel.
+#$nrconf{kernelfilter} = qr(kernel7\.img);
+
+# Enable/disable CPU microcode update hints:
+#  1: requires the user to acknowledge pending updates
+#  0: disable microcode checks completely
+#$nrconf{ucodehints} = 0;
+
+# Nagios Plugin: configure return code use by nagios
+# as service status[1].
+#
+# [1] https://nagios-plugins.org/doc/guidelines.html#AEN78
+#
+# Default:
+#  'nagios-status' => {
+#     'sessions' => 1,
+#     'services' => 2,
+#     'kernel' => 2,
+#     'ucode' => 2,
+#     'containers' => 1
+#  },
+#
+# Example: to ignore outdated sessions (status OK)
+# $nrconf{'nagios-status'}->{sessions} = 0;
+
+
+# Read additional config snippets.
+if(-d q(/etc/needrestart/conf.d)) {
+      foreach my $fn (sort </etc/needrestart/conf.d/*.conf>) {
+	      print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbosity} > 1);
+	      eval do { local(@ARGV, $/) = $fn; <>};
+	      die "Error parsing $fn: $@" if($@);
+      }
+}



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/07652d29f7fd4b0e736f1fd048840cbc998da1fe...0aa17b9dc246324ea536d1a2fb215bb16cee2999

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/07652d29f7fd4b0e736f1fd048840cbc998da1fe...0aa17b9dc246324ea536d1a2fb215bb16cee2999
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20210602/41bdb3b3/attachment-0001.htm>

More information about the Qa-jenkins-scm mailing list