hilfe mein git ist komisch

etc/needrestart/conf.d/README.needrestart

@@ -0,0 +1,5 @@
+Files ending with .conf and located in the /etc/needrestart/conf.d
+directory are parsed by needrestart's default configuration file.
+
+Files are parsed in order (using Perl's sort sub) and override or
+modify any previously set config option.

etc/needrestart/hook.d/10-dpkg

@@ -0,0 +1,87 @@
+#!/usr/bin/perl
+
+# needrestart - Restart daemons after library updates.
+#
+# Authors:
+#   Thomas Liske <thomas@fiasko-nw.net>
+#
+# Copyright Holder:
+#   2013 - 2022 (C) Thomas Liske [http://fiasko-nw.net/~thomas/]
+#
+# License:
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this package; if not, write to the Free Software
+#   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+#
+
+# This DPKG hook tries to find the run-level scripts of the package's binary
+# which has old libraries in use. Some logic is taken from the checkrestart
+# (part of the debian-goodies package) package by Matt Zimmerman <mdz@debian.org>,
+# Javier Fernandez-Sanguino <jfs@debian.org> et. al.
+
+use Getopt::Std;
+
+use strict;
+use warnings;
+
+system("type dpkg-query 1> /dev/null 2> /dev/null");
+exit 0 if ($? != -1 && $? >> 8);
+
+our $opt_v;
+getopts('v');
+
+sub fork_pipe(@) {
+    my $pid = open(HPIPE, '-|');
+    defined($pid) || die "Can't fork: $!\n";
+
+    if($pid == 0) {
+	close(STDIN);
+	close(STDERR) unless($opt_v);
+
+	exec(@_);
+	exit;
+    }
+
+    \*HPIPE
+}
+
+my $FN = shift || die "Usage: $0 <filename>\n";
+my $psearch = fork_pipe(qw(dpkg-query --search), $FN);
+
+my @pkgs;
+while(<$psearch>) {
+    chomp;
+
+    next if(/^local diversion/);
+    next unless(/:/);
+
+    next unless(/(\S+): $FN$/);
+
+    push(@pkgs, $1);
+}
+close($psearch);
+
+exit(0) unless($#pkgs > -1);
+
+foreach my $pkg (@pkgs) {
+    print "PACKAGE|$pkg\n";
+
+    my $plist = fork_pipe(qw(dpkg-query --listfiles), $pkg);
+    while(<$plist>) {
+        chomp;
+        print "RC|$1\n" if(m@^/etc/init.d/(.+)$@ && -x $_);
+    }
+    close($plist);
+}
+
+exit(1);

etc/needrestart/hook.d/20-rpm

@@ -0,0 +1,82 @@
+#!/usr/bin/perl
+
+# needrestart - Restart daemons after library updates.
+#
+# Authors:
+#   Thomas Liske <thomas@fiasko-nw.net>
+#
+# Copyright Holder:
+#   2013 - 2022 (C) Thomas Liske [http://fiasko-nw.net/~thomas/]
+#
+# License:
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this package; if not, write to the Free Software
+#   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+#
+
+# This RPM hook tries to find the run-level scripts of the package's binary
+# which has old libraries in use.
+
+use Getopt::Std;
+
+use strict;
+use warnings;
+
+system("type rpm 1> /dev/null 2> /dev/null");
+exit 0 if ($? != -1 && $? >> 8);
+
+our $opt_v;
+getopts('c:v');
+
+sub fork_pipe(@) {
+    my $pid = open(HPIPE, '-|');
+    defined($pid) || die "Can't fork: $!\n";
+
+    if($pid == 0) {
+	close(STDIN);
+	close(STDERR) unless($opt_v);
+
+	exec(@_);
+	exit;
+    }
+
+    \*HPIPE
+}
+
+my $FN = shift || die "Usage: $0 <filename>\n";
+my $psearch = fork_pipe(qw(rpm -q --file), $FN);
+
+my @pkgs;
+while(<$psearch>) {
+    chomp;
+
+    next if(/^file .+ is not owned by any package/);
+
+    push(@pkgs, $_);
+}
+close($psearch);
+
+exit(0) unless($#pkgs > -1);
+
+foreach my $pkg (@pkgs) {
+    print "PACKAGE|$pkg\n";
+
+    my $plist = fork_pipe(qw(rpm -q --filesbypkg), $pkg);
+    while(<$plist>) {
+        chomp;
+        print "RC|$2\n" if(m@^\S+\s+/etc(/rc\.d)?/init\.d/(.+)$@ && -x $_);
+    }
+    close($plist);
+}
+
+exit(1);

etc/needrestart/hook.d/90-none

@@ -0,0 +1,63 @@
+#!/usr/bin/perl
+
+# needrestart - Restart daemons after library updates.
+#
+# Authors:
+#   Thomas Liske <thomas@fiasko-nw.net>
+#
+# Copyright Holder:
+#   2013 - 2022 (C) Thomas Liske [http://fiasko-nw.net/~thomas/]
+#
+# License:
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this package; if not, write to the Free Software
+#   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+#
+
+# This fallback hook tries the guess the rc script name from the binary name.
+# It might work with programs which are not installed via an (supported)
+# package manager like dpkg or rpm.
+
+use Getopt::Std;
+
+use strict;
+use warnings;
+
+our $opt_v;
+getopts('c:v');
+
+sub check_rc($) {
+    my $bn = shift;
+    my $rc = "/etc/init.d/$bn";
+
+    return ($bn) if(-x $rc);
+
+    return ();
+}
+
+my $FN = shift || die "Usage: $0 <filename>\n";
+
+$FN =~ m@/(([^/]+)d?)$@;
+
+my @rc;
+push(@rc, check_rc($1));
+push(@rc, check_rc($2)) if($1 ne $2);
+
+exit(0) unless($#rc > -1);
+
+foreach my $rc (@rc) {
+    print "PACKAGE|$rc\n";
+    print "RC|$rc\n";
+}
+
+exit(1);

etc/needrestart/iucode.sh

@@ -0,0 +1,16 @@
+# needrestart - Restart daemons after library updates.
+#
+# This shell script is sourced in /usr/lib/needrestart/iucode-scan-versions
+# before calling iucode_tool to detect microcode updates for Intel CPUs.
+#
+# If required you may exec iucode_tool with customized parameters. You should
+# keep the `-l $filter` option and add a final exit statement in case the
+# exec call fails.
+
+# Example (generic):
+# exec iucode_tool -l $filter --ignore-broken -tb /lib/firmware/intel-ucode -ta /usr/share/misc/intel-microcode* 2>&1
+# exit $?
+
+# Example (RHEL and derivatives):
+# lsinitrd -f kernel/x86/microcode/GenuineIntel.bin | iucode_tool -t b -l -
+# exit $?

etc/needrestart/needrestart.conf

@@ -0,0 +1,235 @@
+# needrestart - Restart daemons after library updates.
+#
+# This is the configuration file of needrestart. This is perl syntax.
+# needrestart uses reasonable default values, you might not need to
+# change anything.
+#
+
+# Verbosity:
+#  0 => quiet
+#  1 => normal (default)
+#  2 => verbose
+#$nrconf{verbosity} = 2;
+
+# Path of the package manager hook scripts.
+#$nrconf{hook_d} = '/etc/needrestart/hook.d';
+
+# Path of user notification scripts.
+#$nrconf{notify_d} = '/etc/needrestart/notify.d';
+
+# Path of restart scripts.
+#$nrconf{restart_d} = '/etc/needrestart/restart.d';
+
+# Disable sending notifications to user sessions running obsolete binaries
+# using scripts from $nrconf{notify_d}.
+#$nrconf{sendnotify} = 0;
+
+# If needrestart detects systemd it assumes that you use systemd's pam module.
+# This allows needrestart to easily detect user session. In case you use
+# systemd *without* pam_systemd.so you should set has_pam_systemd to false
+# to enable legacy session detection!
+#$nrconf{has_pam_systemd} = 0;
+
+# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
+#
+# ATTENTION: If needrestart is configured to run in interactive mode but is run
+# non-interactive (i.e. unattended-upgrades) it will fallback to list only mode.
+#
+# UBUNTU: the default restart mode when running as part of the APT hook is 'a',
+# unless a specific UI is configured (see below).
+#$nrconf{restart} = 'i';
+
+# Use preferred UI package.
+#
+# UBUNTU: the default UI when running as part of the APT hook is
+# 'Needrestart::UI::Ubuntu'.
+#$nrconf{ui} = 'NeedRestart::UI::stdio';
+
+# Change default answer to 'no' in (i)nteractive mode.
+#$nrconf{defno} = 1;
+
+# Set UI mode to (e)asy or (a)dvanced.
+#$nrconf{ui_mode} = 'e';
+
+# Print a combined `systemctl restart` command line for skipped services.
+#$nrconf{systemctl_combine} = 1;
+
+# Blacklist binaries (list of regex).
+$nrconf{blacklist} = [
+    # ignore sudo (not a daemon)
+    qr(^/usr/bin/sudo(\.dpkg-new)?$),
+
+    # ignore DHCP clients
+    qr(^/sbin/(dhclient|dhcpcd5|pump|udhcpc)(\.dpkg-new)?$),
+
+    # ignore apt-get (Debian Bug#784237)
+    qr(^/usr/bin/apt-get(\.dpkg-new)?$),
+];
+
+# Blacklist services (list of regex) - USE WITH CARE.
+# You should prefer to put services to $nrconf{override_rc} instead.
+# Any service listed in $nrconf{blacklist_rc} will be ignored completely!
+#$nrconf{blacklist_rc} = [
+#];
+
+# Override service default selection (hash of regex).
+$nrconf{override_rc} = {
+    # DBus
+    qr(^dbus) => 0,
+
+    # display managers
+    qr(^gdm) => 0,
+    qr(^kdm) => 0,
+    qr(^nodm) => 0,
+    qr(^sddm) => 0,
+    qr(^wdm) => 0,
+    qr(^xdm) => 0,
+    qr(^lightdm) => 0,
+    qr(^slim) => 0,
+    qr(^lxdm) => 0,
+
+    # networking stuff
+    qr(^bird) => 0,
+    qr(^network) => 0,
+    qr(^NetworkManager) => 0,
+    qr(^ModemManager) => 0,
+    qr(^wpa_supplicant) => 0,
+    qr(^openvpn) => 0,
+    qr(^quagga) => 0,
+    qr(^frr) => 0,
+    qr(^tinc) => 0,
+    qr(^(open|free|libre|strong)swan) => 0,
+    qr(^bluetooth) => 0,
+
+    # gettys
+    qr(^getty@.+\.service) => 0,
+    qr(^serial-getty@.+\.service) => 0,
+
+    # systemd --user
+    qr(^user@\d+\.service) => 0,
+
+    # misc
+    qr(^zfs-fuse) => 0,
+    qr(^mythtv-backend) => 0,
+    qr(^xendomains) => 0,
+    qr(^lxcfs) => 0,
+    qr(^libvirt) => 0,
+    qr(^virtlogd) => 0,
+    qr(^virtlockd) => 0,
+    qr(^docker) => 0,
+
+    # LP: #2063442
+    qr(^google-(shutdown|startup)-scripts\.service$) => 0,
+
+    # systemd stuff
+    # (see also Debian Bug#784238 & #784437)
+    qr(^emergency\.service$) => 0,
+    qr(^rescue\.service$) => 0,
+    qr(^elogind) => 0,
+
+    # do not restart oneshot services, see also #862840
+    qr(^apt-daily\.service$) => 0,
+    qr(^apt-daily-upgrade\.service$) => 0,
+    qr(^unattended-upgrades\.service$) => 0,
+    # do not restart cloud-init services which may call apt dist-upgrade
+    # non-interactively. LP: #2059337
+    qr(^cloud-(init-local|init|config|final)\.service$) => 0,
+
+    # do not restart oneshot services from systemd-cron, see also #917073
+    qr(^cron-.*\.service$) => 0,
+
+    # ignore rc-local.service, see #852864
+    qr(^rc-local\.service$) => 0,
+
+    # don't restart systemd-logind, see #798097
+    qr(^systemd-logind) => 0,
+};
+
+# Override container default selection (hash of regex).
+$nrconf{override_cont} = {
+};
+
+# Disable interpreter scanners.
+#$nrconf{interpscan} = 0;
+
+# Ignore script files matching these regexs:
+$nrconf{blacklist_interp} = [
+    # ignore temporary files
+    qr(^/tmp/),
+    qr(^/var/),
+    qr(^/run/),
+
+];
+
+# Ignore +x mapped files matching one of these regexs:
+$nrconf{blacklist_mappings} = [
+    # special device paths
+    qr(^/(SYSV00000000( \(deleted\))?|drm(\s|$)|dev/)),
+
+    # ignore memfd mappings
+    qr(^/memfd:),
+
+    # aio(7) mapping
+    qr(^/\[aio\]),
+
+    # Oil Runtime Compiler's JIT files
+    qr#/orcexec\.[\w\d]+( \(deleted\))?$#,
+
+    # plasmashell (issue #65)
+    qr(/#\d+( \(deleted\))?$),
+
+    # Java Native Access (issues #142 #185)
+    qr#/jna\d+\.tmp( \(deleted\))?$#,
+
+    # temporary stuff
+    qr#^(/var)?/tmp/#,
+    qr#^(/var)?/run/#,
+];
+
+# Verify mapped files in filesystem:
+# 0 : enabled
+# -1: ignore non-existing files, workaround for chroots and broken grsecurity kernels (default)
+# 1 : disable check completely, rely on content of maps file only
+$nrconf{skip_mapfiles} = -1;
+
+# Enable/disable hints on pending kernel upgrades:
+#  1: requires the user to acknowledge pending kernels
+#  0: disable kernel checks completely
+# -1: print kernel hints to stderr only
+#$nrconf{kernelhints} = -1;
+
+# Filter kernel image filenames by regex. This is required on Raspian having
+# multiple kernel image variants installed in parallel.
+#$nrconf{kernelfilter} = qr(kernel7\.img);
+
+# Enable/disable CPU microcode update hints:
+#  1: requires the user to acknowledge pending updates
+#  0: disable microcode checks completely
+#$nrconf{ucodehints} = 0;
+
+# Nagios Plugin: configure return code use by nagios
+# as service status[1].
+#
+# [1] https://nagios-plugins.org/doc/guidelines.html#AEN78
+#
+# Default:
+#  'nagios-status' => {
+#     'sessions' => 1,
+#     'services' => 2,
+#     'kernel' => 2,
+#     'ucode' => 2,
+#     'containers' => 1
+#  },
+#
+# Example: to ignore outdated sessions (status OK)
+# $nrconf{'nagios-status'}->{sessions} = 0;
+
+
+# Read additional config snippets.
+if(-d q(/etc/needrestart/conf.d)) {
+      foreach my $fn (sort </etc/needrestart/conf.d/*.conf>) {
+	      print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbosity} > 1);
+	      eval do { local(@ARGV, $/) = $fn; <>};
+	      die "Error parsing $fn: $@" if($@);
+      }
+}

etc/needrestart/notify.conf

@@ -0,0 +1,20 @@
+# needrestart - Restart daemons after library updates.
+#
+# Configure notification globals (shell syntax)
+#
+
+# Disable write to tty (notify.d/200-write)
+#NR_NOTIFYD_DISABLE_WRITE='1'
+
+# Disable needrestart-session (notify.d/300-needrestart-session)
+#NR_NOTIFYD_DISABLE_NEEDRESTART_SESSION='1'
+
+# Disable libnotify (notify.d/400-notify-send)
+#NR_NOTIFYD_DISABLE_NOTIFY_SEND='1'
+
+# Disable mail to user (notify.d/600-mail)
+NR_NOTIFYD_DISABLE_MAIL='1'
+
+
+# Where to find the shell function library from gettext-base
+#GETTEXTLIB='/usr/bin/gettext.sh'

etc/needrestart/notify.d/200-write

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# needrestart - Restart daemons after library updates.
+#
+# Authors:
+#   Thomas Liske <thomas@fiasko-nw.net>
+#
+# Copyright Holder:
+#   2013 - 2022 (C) Thomas Liske [http://fiasko-nw.net/~thomas/]
+#
+# License:
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+
+# Use write to notify users on TTYs.
+
+. /usr/lib/needrestart/notify.d.sh
+
+if [ "$NR_NOTIFYD_DISABLE_WRITE" = '1' ]; then
+    echo "[$0] disabled in global config" 1>&2
+    exit 1
+fi
+
+case "$NR_SESSION" in
+    /dev/tty*|/dev/pts*)
+	echo "[$0] notify user $NR_USERNAME on $NR_SESSION" 1>&2
+	{
+	    echo
+	    gettext 'Your session is running obsolete binaries or libraries as listed below.
+Please consider a relogin or restart of the affected processes!'
+	    echo
+	    echo
+	    cat -n
+	    echo
+	} | write "$NR_USERNAME" "$NR_SESSION" 2> /dev/null
+	;;
+    *)
+	echo "[$0] skip session w/o tty" 1>&2
+	exit 1
+	;;
+esac

etc/needrestart/notify.d/400-notify-send

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# needrestart - Restart daemons after library updates.
+#
+# Authors:
+#   Thomas Liske <thomas@fiasko-nw.net>
+#
+# Copyright Holder:
+#   2013 - 2022 (C) Thomas Liske [http://fiasko-nw.net/~thomas/]
+#
+# License:
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+
+# Use notify-send (from libnotify-bin) to notify a user session via dbus.
+
+NSEND='/usr/bin/notify-send'
+test -x "$NSEND" || exit 1
+
+. /usr/lib/needrestart/notify.d.sh
+
+if [ "$NR_NOTIFYD_DISABLE_NOTIFY_SEND" = '1' ]; then
+    echo "[$0] disabled in global config" 1>&2
+    exit 1
+fi
+
+case "$NR_SESSION" in
+  session*)
+    DBUS_SESSION_BUS_ADDRESS=$(sed -z -n s/^DBUS_SESSION_BUS_ADDRESS=//p "/proc/$NR_SESSPPID/environ")
+    if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+        unset DBUS_SESSION_BUS_ADDRESS
+    fi
+
+    export DISPLAY=$(sed -z -n s/^DISPLAY=//p "/proc/$NR_SESSPPID/environ")
+    export XAUTHORITY=$(sed -z -n s/^XAUTHORITY=//p "/proc/$NR_SESSPPID/environ")
+
+    if [ -z "$DISPLAY" ]; then
+        echo "[$0] could not find DISPLAY for $NR_USERNAME on $NR_SESSION" 1>&2
+        exit 1
+    fi
+
+    echo "[$0] notify user $NR_USERNAME on $DISPLAY" 1>&2
+
+    MSGTITLE=$(gettext 'Relogin or restarts required!')
+    MSGBODY=$(gettext 'Your session is running obsolete binaries or libraries as listed below.
+<i><b>Please consider a relogin or restart of the affected processes!</b></i>')'\n'$(cat)
+
+    su -p -s /bin/sh -c "$NSEND -a needrestart -u critical -i dialog-warning \"$MSGTITLE\" \"$MSGBODY\"" "$NR_USERNAME"
+    ;;
+  *)
+    echo "[$0] skip session '$NR_SESSION'" 1>&2
+    exit 1;
+    ;;
+esac

etc/needrestart/notify.d/600-mail

@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# needrestart - Restart daemons after library updates.
+#
+# Authors:
+#   Thomas Liske <thomas@fiasko-nw.net>
+#
+# Copyright Holder:
+#   2013 - 2022 (C) Thomas Liske [http://fiasko-nw.net/~thomas/]
+#
+# License:
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+
+# Use /usr/bin/mail to notify a user via e-mail.
+
+MAILX='/usr/bin/mail'
+test -x "$MAILX" || exit 1
+
+. /usr/lib/needrestart/notify.d.sh
+
+if [ "$NR_NOTIFYD_DISABLE_MAIL" = '1' ]; then
+    echo "[$0] disabled in global config" 1>&2
+    exit 1
+fi
+
+# Skip system users
+NR_USERID=$(id -u "$NR_USERNAME")
+if [ "0$NR_USERID" -gt 0 ] && [ "0$NR_USERID" -lt 1000 ]; then
+    echo "[$0] do not notify system-user $NR_USERNAME via mail" 1>&2
+    exit 1
+fi
+
+echo "[$0] notify user $NR_USERNAME on $NR_SESSION via mail" 1>&2
+
+{
+    _NR_FQDN=$(hostname -f)
+    eval_gettext 'Your session on host $_NR_FQDN ($NR_SESSION) is running obsolete binaries or libraries as listed below.'
+    echo
+    echo
+    gettext "Please consider a relogin or restart of the affected processes!"
+    echo
+    echo
+    cat
+} | fold -s -w 72 | "$MAILX" -s "Relogin or restarts on host $(hostname) required!" "$NR_USERNAME"

etc/needrestart/notify.d/README.needrestart

@@ -0,0 +1,28 @@
+Files located in /etc/needrestart/notify.d are used to notify running
+user sessions about usage of outdated libraries.
+
+needrestart runs any executable file (except *~, *.dpkg-*, *.ex) naturally
+sorted by the filename for each notification. If the result code is 0 than
+needrestart will stop to run the remaining notification binaries.
+
+
+The following environment variables are set:
+
+- NR_SESSION
+  Session identifier (tty device node or systemd's session name).
+- NR_SESSPPID
+  The first pid in the session detected by needrestart.
+- NR_UID
+  User ID of the session owner.
+- NR_USERNAME
+  Username of the session owner.
+
+
+The following file descriptors are used:
+
+- /dev/stdin
+  The list of obsolete processes.
+- /dev/stdout
+  Closed.
+- /dev/stderr
+  Available in verbose mode (-v).

etc/needrestart/restart.d/README.needrestart

@@ -0,0 +1,12 @@
+Files located in /etc/needrestart/restart.d are used for services
+requiring a special procedure for restarting instead of
+systemctl/service command.
+
+Needrestart uses executable files matching the complete service
+names. If the host uses systemd the service names have '.service' as a
+suffix (dbus vs. dbus.service). Needrestart uses the systemctl/service
+command if no executable file is available to override the default
+behavior.
+
+The environment variable NR_VERBOSE will be set to '1' if the
+executable should be verbose.

etc/needrestart/restart.d/dbus.service

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# by Vladimir Kudrya
+# https://github.com/Vladimir-csp/
+#
+# This script is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version. See <http://www.gnu.org/licenses/>.
+
+# This is a replacement for original dbus.service script by Thomas Liske <thomas@fiasko-nw.net>
+# Dbus dependencies are enumerated dynamically and restarted after dbus and systemd daemon reexec
+
+# enable xtrace if we should be verbose
+if [ "$NR_VERBOSE" = '1' ]; then
+    set -x
+fi
+
+if [ "$(id -ru)" != "0" ]
+then
+	echo "Not root, exiting" >&2
+	exit 1
+fi
+
+INIT_EXEC="$(readlink /proc/1/exe)"
+
+if [ "$(basename "$INIT_EXEC")" != "systemd" ]
+then
+	echo "Init system is not systemd ($INIT_EXEC), doing nothing"
+	exit 0
+fi
+
+get_active_deps(){
+	# return all dbus dependencies, filter out dbus and DM, leave only active
+	{
+		systemctl list-dependencies -l --reverse --plain dbus.socket
+		systemctl list-dependencies -l --reverse --plain dbus.service
+	} | grep -o '[^[:space:]]\+.service' | sort -u | while read SERVICE
+	do
+		if [ "$SERVICE" != "dbus.service" -a "$SERVICE" != "$DISPLAY_MANAGER" ] && systemctl -q is-active "$SERVICE"
+		then
+			echo "$SERVICE"
+		fi
+	done
+}
+
+# if DM is active, return canonical ID
+DISPLAY_MANAGER="$(systemctl -q is-active display-manager.service && systemctl show --value -p Id display-manager.service)"
+
+# get dependencies
+ACTIVE_DEPS="$(get_active_deps)"
+
+# get logind sessions
+SESSIONS="$(loginctl list-sessions --no-legend | grep -o '^[[:space:]]*[0-9]\+' | tr '\n' ' ')"
+
+cat << EOF
+!!! In $PAUSE seconds dbus restart will be performed !!!
+User sessions to be terminated: $SESSIONS
+
+Services to be restarted:
+$ACTIVE_DEPS
+$DISPLAY_MANAGER
+EOF
+
+[ -t 0 ] && read -p "Press Enter to continue > " PRESSENTER
+
+# prepare list to be a CLI arg
+ACTIVE_DEPS="$(echo "$ACTIVE_DEPS" | tr '\n' ' ')"
+
+# run restart sequence as transient unit...
+if [ -n "$DISPLAY_MANAGER" ]
+then
+	# terminate user sessions, stop DM, restart dbus, reexec systemd, restart dbus dependencies, start DM
+	systemd-run -G --unit=restart-dbus sh -c "loginctl terminate-session $SESSIONS ; systemctl stop $DISPLAY_MANAGER ; systemctl restart dbus.service ; sleep 1 ; systemctl daemon-reexec ; sleep 1 ; systemctl restart $ACTIVE_DEPS ; systemctl start $DISPLAY_MANAGER"
+else
+	# terminate user sessions, restart dbus, reexec systemd, restart dbus dependencies
+	systemd-run -G --unit=restart-dbus sh -c "loginctl terminate-session $SESSIONS ; systemctl restart dbus.service ; sleep 1 ; systemctl daemon-reexec ; sleep 1 ; systemctl restart $ACTIVE_DEPS"
+fi
+
+# restart sequence runs as a unit, so it is possible to view its output in the log if, any:
+# journalctl -u restart-dbus

etc/needrestart/restart.d/systemd-manager

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# needrestart - Restart daemons after library updates.
+#
+# Restarting systemd using special systemctl call.
+#
+
+# enable xtrace if we should be verbose
+if [ "$NR_VERBOSE" = '1' ]; then
+    set -x
+fi
+
+exec systemctl daemon-reexec

etc/needrestart/restart.d/sysv-init

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# needrestart - Restart daemons after library updates.
+#
+# Restart SysV's init.
+#
+
+# enable xtrace if we should be verbose
+if [ "$NR_VERBOSE" = '1' ]; then
+    set -x
+fi
+
+exec telinit u