Am 10.03.22 um 16:11 schrieb Arnaud Rebillout:
Package: systemd Version: 250.3-2 Severity: normal User: de...@kali.org Usertags: origin-kaliDear Maintainer, Since v250, systemd moved the tmpfiles config for /etc/resolv.conf out of the file tmpfiles.d/etc.conf and inside a new file tmpfiles.d/systemd-resolve.conf. Cf: https://github.com/systemd/systemd/commit/b15f6eae The Debian package does not install tmpfiles.d/etc.conf, however with this change it now installs the new file tmpfiles.d/systemd-resolve.conf. One way to see that: +--- (debian stable) | # dpkg-query -W | grep '^systemd\s' | systemd 247.3-6 | # grep -rn "resolv\.conf" /usr/lib/tmpfiles.d/ +--- +--- (debian unstable) | # dpkg-query -W | grep '^systemd\s' | systemd 250.3-2 | # grep -rn "resolv\.conf" /usr/lib/tmpfiles.d/ | /usr/lib/tmpfiles.d/systemd-resolve.conf:10:L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf +--- The consequence of this change is that, on boot, if there's no file /etc/resolv.conf, systemd creates a symlink /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf. However, since systemd-resolved is not enabled, it's a dead symlink, and DNS resolution is broken. Of course, on most systems there's already a file /etc/resolv.conf, so an upgrade of the systemd package is unlikely to cause an issue. However the problem manifests itself when building new systems (eg. with debos), on first boot there is no file /etc/resolv.conf, and this dead symlink effectively breaks the network.From what I see, I have the impression that this new filetmpfiles.d/systemd-resolve.conf is shipped in the package by mistake, and should simply be removed from the package?
There is https://github.com/systemd/systemd/pull/21317 and to some extent relevant as well https://github.com/systemd/systemd/issues/21402Might be, that the only clean solution (at least for Debian) is to split out systemd-resolved into its own subpackage (and move this tmpfile along with it). This sub-package would then enable systemd-resolved by default upon installation.
Of course the upgrade path is a bit tricky, so I shyed away from doing this. Michael
OpenPGP_signature
Description: OpenPGP digital signature
