[systemd-devel] Only run service with network connection

Mon Jan 6 06:58:15 UTC 2025

On Mon, Jan 6, 2025 at 8:08 AM Paul Menzel <
pmenzel+systemd-devel at molgen.mpg.de> wrote:

> Dear systemd folks,
>
>
> fwupd allows to update device firmware, and ships `fwupd-refresh.timer`
> and `fwupd-refresh.service` to refresh the fwupd metadata by downloading
> things over the network, and to update motd.
>
> Currently, if there is no network connecting during this time, the
> service is shown as failed. That downloading the metadata is not
> possible with no network connection is expected in my opinion, so the
> service should not be shown as failed [1]. Do you have a recommendation
> how to deal with this? Should `/usr/bin/fwupdmgr refresh` return a
> special exit code in this case, or should a condition be added? What
> would be used for the condition as different network manager can be used
> like NetworkManager or systemd-networkd.
>

I'd say probably nothing, as systemd [as in pid1] has no idea what each
system considers "a network connection is available". (For the same reason
network-online.target only delegates to helper services provided by each
network manager – and even those are often customized locally, e.g. I've
seen people edit the *-wait-online units to take always-on VPNs into
account, etc.) There may be multiple network managers, or none at all;
there may be an IPv4 default route or it may be an IPv6-only network; etc.

Looking at Debian, its apt-daily.service (which does a similar refresh +
unattended upgrade) brings its own "apt-helper wait-online" (I haven't
checked what it does internally) as an ExecCondition. Maybe systemd could
have a similar wait-online helper that bundles together all of the
manager-specific *-wait-online tools, but currently there's no such thing
[that I know of].

IMO, fwupd-refresh as a .timer seems to be somewhat of a "best effort"
feature, so I would rather just make the process *not report failure at
all* when the best-effort refresh fails (and maybe rename it to
"fwupd-maybe-refresh"?). That is, log an error to syslog but exit with a
success code of 0 (or have ExecStart=-/bin/foo to have systemd ignore the
exit code).

(My line of thought was that 1) 'online' is a bit unnecessarily broad, much
like systemd also tries to avoid 'after all devices' and such – a better
check would be for the specific server that is needed – and 2) what better
check than actually trying to connect to that server?)

That would certainly be less silly than 'checking for the existence of the
NetworkManager binary' as someone suggested on GitHub...

Alternatively, since fwupd overall uses a lot of GLib2, maybe it could use
its g_network_monitor_can_reach() functions? It seems that it can either
talk to NM or directly check kernel routes for the specified server.

-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250106/b2be503c/attachment.htm>