Skip to content

needrestart should refresh after upgrades directly

the current needrestart deployment is a great start, but it could be improved. right now, it runs once a day to save power and CPU usage, but we could run it in a more timely manner.

first, it could run on boot. this would clear out counters about out of date microcode and kernels, for example (and of course out of date libraries).

second, it should run as a dpkg post hook. needrestart already ships with a hook, in /etc/apt/apt.conf.d/99needrestart:

DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke || true"; };

this is much trickier, because we can't exactly just patch that file right there (or can we?), at least not without more significant modifications to the debian package. (actually, that pinvoke script is upstream, so we could patch it there too, but anyways.)

we could also add another post-invoke script, but i'm not sure how that configuration work and, more importantly, how it's ordered. but it would be really nice to update the metrics after needrestart runs after dpkg.

i wonder if a simple fix would be to tweak the above hook to be:

DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke -o | sponge ... || true"; };

the rationale is that needrestart would do its restarts and output the metrics at the same time. but i'm not sure this is how it works, that should be checked as well.