#910377 Inhibit reboot/shutdown if dpkg is running

Package:
dpkg
Source:
dpkg
Description:
Debian package management system
Submitter:
Laurent Bigonville
Date:
2023-09-18 14:24:05 UTC
Severity:
wishlist
#910377#5
Date:
2018-10-05 16:36:45 UTC
From:
To:
Hi,

Not sure if this should be reported here or in dpkg

Shouldn't it be intresting to add a hook in dpkg to inhibit the
reboot/shutdown of the machine while packages are being
updated/installed?

Kind regards,

Laurent Bigonville

#910377#10
Date:
2018-10-05 19:28:45 UTC
From:
To:
Am 05.10.18 um 18:36 schrieb Laurent Bigonville:


I don't see how this could be implemented via a dpkg hook.
Can you elaborate, maybe provide a hook file which implements what you
have in mind?

That said, also keep in mind, that the inhibit mechanism does not work
if the reboot request is triggered by privileged users [1], e.g. if you
trigger a reboot as root, an existing inhibitor blocks are ignored.

Michael

[1] https://github.com/systemd/systemd/issues/6644

#910377#15
Date:
2018-10-05 19:30:43 UTC
From:
To:
Am 05.10.18 um 21:28 schrieb Michael Biebl:

This issue describes this even better
https://github.com/systemd/systemd/issues/2680

#910377#20
Date:
2019-08-30 22:34:32 UTC
From:
To:
It seems there is no real interest to change this upstream and even if
at some point in the future there was a way to make inhibitors work for
the root user, I think such an inhibitor lock shoud be take directly by
dpkg.  I don't think the hook interface is sufficient for that.

Regards,
Michael

#910377#29
Date:
2021-05-19 14:03:16 UTC
From:
To:
reopen 910377
reassign dpkg 1.20.9
thanks
work
if you

I'm reopening this issue and reassigning it dpkg package, that would at
least avoid non privileged users to restart the machine when there is an
update happening.

Apparently RPM has this functionality via a plugin. The manpage of the
plugins available at [0] and says:

        This plugin for RPM prevents the system to enter shutdown, sleep
        or idle mode while there is a rpm transaction running to prevent
        system corruption that can occur if the transaction is
        interrupted by a reboot.

        This is achieved by using the inhibit DBUS interface of systemd.
        The call is roughly equivalent to executing

        systemd-inhibit --mode=block --what=idle:sleep:shutdown --who=RPM
        --why="Transaction running"

The code is available in [1]

Having something similar in dpkg would be nice, but that would mean that
dpkg will grow a dependency on libdbus and/or libsystemd, not sure how
that would work

[0] https://man7.org/linux/man-pages/man8/rpm-plugin-systemd-inhibit.8.html
[1]
https://github.com/rpm-software-management/rpm/blob/master/plugins/systemd_inhibit.c

#910377#34
Date:
2021-05-19 14:11:47 UTC
From:
To:
Laurent Bigonville writes:

For what it's worth apt supports this already when apt invokes dpkg:

```C++
         if (_config->FindB("DPkg::Inhibit-Shutdown", true))
            Fd = Inhibit("shutdown", "APT", "APT is installing or removing packages", "block");
```

Ansgar

#910377#45
Date:
2021-05-19 17:33:25 UTC
From:
To:
Or just use apt which already does this instead of manually running
dpkg? I mean, it wouldn't hurt to have dpkg inhibit too, but it's not
really relevant for most users given that apt-pkg library does and hence
apt, aptitude, packagekit.

#910377#50
Date:
2023-09-18 10:24:20 UTC
From:
To:
[ CCing #910377 for some context. ]

Hi!

I guess one case that this does not cover is when the user initiates a
shutdown/reboot, and an external superuser might be performing remote
package management on that system.

But in that case, that same superuser can use a frontend that already
inhibits those actions (such as apt), or on systems using systemd can
run dpkg via systemd-inhibit.

Well dpkg is supposed to be resilient against system crashes, abrupt
shutdowns or reboots anyway, breakage in dpkg in those cases (but not
due to specific handling from within some other package) should be
considered bugs in dpkg.

Both are protected by dpkg and apt, for dpkg just with different
--force-<foo> options, so that you can control which one to let through.

Agreed.

apt already does this, so any other frontend using libapt or apt
directly will get this automatically.

While dpkg on systems using systemd _could_ by default take an
system inhibitor lock, and could provide a good enough reason like say
"Packaging system upgrade" or whatever, my concern has been with the
added dependency chain, and after reading your mail and thinking about
this now, I have to agree this seems like a higher level policy.
(Of course dpkg could also do that and grow a new --no-inhibit,
or --refuse-inhibit or similar option, but still.)

But then, I recalled I had a git branch adding a dpkg-db-lock command
with a --wait-lock option, that I could recover and polish to provide
an example pre-hook script that would call that via a background
systemd-inhibit if systemd is running and the command is available,
where an admin that wanted to do that for their system or fleet of
systems could hook into the dpkg config. I've done that locally, and
will check whether that's viable and probably merge it for 1.22.1
or 1.22.2, so that people that want to do it can easily do so.

Thanks,
Guillem

#910377#55
Date:
2023-09-18 10:38:04 UTC
From:
To:
I'm not sure how that works because you'd need to respawn yourself
with systemd-inhibit, whereas the API essentially gives you a file
descriptor over dbus that you keep open until it is safe to reboot.

#910377#60
Date:
2023-09-18 14:16:12 UTC
From:
To:
Hi,

     popen("systemd-inhibit ... cat", "w");

should work.

    Simon