[Pkg-varnish-devel] Bug#870712: varnish: Package overwrites /lib/systemd/system/varnish.service

Bails bails+debian-bugs at circle-interactive.co.uk
Fri Aug 4 12:57:28 UTC 2017

Source: varnish
Version: 4.0.2-1+deb8u1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

-- System Information:
Debian Release: 8.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-0.bpo.3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

The updated varnish package 4.0.2-1+deb8u1 overwrites the systemd config file /lib/systemd/system/varnish.service

As this file needs to be modifeid to set the bind line to anything other than the default :6081 bind port updating this package breraks any running varnish instance.

The package does not seem to respect the configuration found in /etc/default/varnish hence the need to modify /lib/systemd/system/varnish.service


>From /lib/systemd/system/varnish.service

ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/default.vcl
ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

The ExecStart line needs to be modified if varnish is to run on anything other than :6081

Typically we have to manually change this to e.g.

ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/default.vcl
ExecStart=/usr/sbin/varnishd -a -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

This was literally blown away  by the latest package update which was carried out automatically via unattended-upgrades causing serious downtime. As a sticking plaster fix we have blacklist the package from unattended-upgrades.



More information about the Pkg-varnish-devel mailing list