I saw a toot on mastodon today talking about the program checkrestart. checkrestart, which is part of the debian-goodies package, can check and see which processes need to be restarted after an upgrade . So why is this cool, what does it do, and is it worth installing?
Well, in general linux machines get a lot of updates, but don’t need to be rebooted very often. When the ratio of updates to required reboots is high, as it is especially in the case of debian sid, there are going to be times where services may still use old libraries after doing a apt upgrade. Running checkrestart as su will list what processes and services are still using old versions of new files. It will also list the total number of processes, the number of distinct programs and packages affected, and if any of these contain systemd definitions or init scripts that can be used to restart them.
Looking into checkrestart, and installing and running it, led me to finding out about a package, that was inspired by checkrestart, called needrestart. needrestart checks which daemons need to be restarted after library upgrades. needrestart, in addition to scanning processes, will scan containers, interpreter based-daemons (Java, Perl, Python, Ruby), processor microcode upgrades for Intel CPUs, and the kernel, for cases where outdated libraries are being run, and even if there are any user sessions where outdated binaries are being run. The coolest part for me though, is that needrestart is fully integrated with apt/dpkg and will prompt you with a which services should be restarted dialog after an apt upgrade.
Even though I have run debian sid on my daily driver for over 15 years, with a potential for available updates every 6 hours, without either of these programs installed until today, I would argue, that both of these are worth installing and using. With a distro like sid, there are some best practices; and while neither checkrestart or needrestart make this best practice list (like the must have apt-listbugs, and apt-listchanges packeges), needrestart (and checkrestart) both provide useful information (and the choice to act on the provided information) that can help make your high update to reboot ratio machine more secure. These are good things to have.