Subscribe via feed.

Ubuntu Server update openssl requires reboot

Posted by Michael on September 22, 2010 – 10:27 am

So I had the joy of updating an Ubuntu 10.04 LTS web server today. I logged in and did an apt-get updateNext I did an aptitude dist-upgrade I was told the following packages would need to be updated.

apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common bzip2 dpkg dpkg-dev libapache2-mod-php5 libbz2-1.0 libssl0.9.8 openssl php5 php5-cli
php5-common php5-curl php5-gd php5-ldap php5-mysql php5-odbc php5-sqlite

Nothing in this list looked to me like I would need a reboot, so I went through with it. The update completed successfully, and I went on about some other tasks I needed to complete on this server. To do that I needed to open another session to the server. When I logged in I was greeted with a message telling me the server needed to be rebooted.. Why on earth would I need to do that for this simple update.. The first place to look for the WHY is

/var/run/reboot-required*

In these files you find the message and the package causing the need. Only thing listed in here was libssl0.9.8 Why should this need a reboot I thought to my self so I did some digging I found this annoying bug. Long and short of it is there is a bug that has been open on this issue for over 2 years that causes the ssl package to report a reboot is needed when its not. The good news is that you might not really need to reboot after this update. I did not need to reboot, and here is how I know:lsof |grep ssl When I run this command on my web server I get the following:

=> lsof |grep ssl
master 912 root DEL REG 251,0 3145880 /lib/libssl.so.0.9.8
qmgr 977 postfix DEL REG 251,0 3145880 /lib/libssl.so.0.9.8
apache2 1456 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
pickup 2006 postfix mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 3752 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 3931 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 3932 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 3969 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32085 root mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32272 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32360 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32439 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32440 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32442 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32447 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8
apache2 32448 www-data mem REG 251,0 333856 3147107 /lib/libssl.so.0.9.8

What this shows is that apache2 and postfix are the only things using ssl on my box, so all I really need to do is restart apache and postfix. Apache was restarted already from the updates so that leaves only postfix. A simple service postfix restart fixes postfix. Now my system is still telling me that I need to reboot.. I can shut that up by doing the following:rm /var/run/reboot-required* I hope this will help some folks out there avoid unneeded reboots.

Tags: , ,
This post is under “Linux, Systems Administration” and has 2 respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

2 Responds so far- Add one»

  1. 1. melcart Said:

    Hmmm…..

    Not sure just looking for usages of libssl is enough as the libssl package provides libcrypto as well.

  2. 2. Michael Said:

    In this case I think it is, if you notice that package was not updated when I updated the system. When I check what is using libcrypto the only thing that I didnt restart was sshd and since it nor libcrypto was updated restarting it would not help.. Another key is that the system will add all package names causing you to need to reboot to that reboot-required file.

Post a reply