Bug#1060297: acmetool's systemd timer is stopped when the package is upgraded

Sun, 20 Apr 2025 21:39:13 -0700

This happened to me again today. Having learned a little more about Debian packaging, I looked at the flowchart of the upgrade process[1] and the maintainer scripts executed. The file /var/lib/dpkg/info/acmetool.preinst contains the following code: 

   # Automatically added by dh_installsystemd/13.24.2
   if [ -z "$DPKG_ROOT" ] && [ "$1" = upgrade ] && [ -d
   /run/systemd/system ] ; then
            deb-systemd-invoke stop 'acmetool.timer' >/dev/null || true
   fi
   # End automatically added section
...which would explain why the timer gets stopped on upgrade. Unfortunately, I can't find "deb-systemd-invoke stop" in debhelper's source in the context of a preinst script[2], nor can I find any reference to a preinst script in the acmetool packaging[3], so I'm at a loss to explain where that code comes from.
It occurs to me that the above code would be fine if the postinst script restarted the timer afterwards. Looking at acmetool's control file, I see it calls: 

   dh_installsystemd --no-enable --no-start acmetool.timer

...where "--no-start" is described as:

   Do not start the unit file after upgrades and after initial
   installation (the
   latter is only relevant for services without a corresponding init
   script).
I can understand not wanting to start the timer after initial installation (it doesn't have a valid configuration, so it'll probably just produce errors if started), but given that Let's Encrypt is shortening certificate times to 47 days[4], and no longer sending reminder emails when certificates are about to expire[5], having acmetool upgrades silently stop certificate renewals is pretty annoying.
Perhaps "--no-stop-on-upgrade" could be added to the dh_installsystemd invocation? Since acmetool isn't a long-lived service, restarting it automatically on upgrade isn't necessary, it'll restart itself  anyway. 


Timothy.


[1]: https://www.debian.org/doc/debian-policy/ap-flowcharts.html
[2]: https://github.com/search?q=repo%3ADebian%2Fdebhelper%20deb-systemd-invoke%20stop&type=code
[3]: https://salsa.debian.org/search?search=preinst&nav_source=navbar&project_id=6891&group_id=2638&search_code=true&repository_ref=master 

[4]: https://www.theregister.com/2025/04/14/ssl_tls_certificates/

[5]: https://letsencrypt.org/2025/01/22/ending-expiration-emails/

Reply via email to