Bug#1051479: squid-deb-proxy: Illegal SRV name (underscore not valid except first character of label)

Fri, 08 Sep 2023 07:27:17 -0700 

Package: squid-deb-proxy
Severity: important

In investigating an mDNS SRV discovery issue with `systemd-resolved` I
hit a problem where `systemd-resolved` reports:

We have `squid-deb-proxy` and `apt-cacher-ng` (and others) that can advertise 
an mDNS SRV record `_apt_proxy._tcp`.

We have tools such as `auto-apt-proxy` and others that can (try to) discover 
the SRV record (it uses `apt-helper srv-lookup _apt_proxy._tcp.local`) BUT 
`systemd-resolved` considers `_apt_proxy` an illegal label because it contains 
an underscore after the first underscore and fails to resolve it with an error 
report:

`Resolve call failed: Invalid SRV service type '_apt_proxy._tcp'`.

I've seen this issue caused by `systemd-machined` in the context of using 
`mkosi` to build containers where mkosi can include an underscore in the 
machine name but `systemd-machined` treats it as illegal and won't allow it.

The solution is to advertise a legal SRV name as well and modify any tools that 
look-up the SRV record.

For `avahi-daemon`:
```
$ cat /etc/avahi/services/squid-deb-proxy.service 
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
        <name replace-wildcards="yes">Squid deb proxy on %h</name>
        <service protocol="ipv6">
                <type>_apt_proxy._tcp</type>
                <port>8000</port>
        </service>
        <service protocol="ipv4">
                <type>_apt_proxy._tcp</type>
                <port>8000</port>
        </service>
        <service protocol="ipv6">
                <type>_apt-proxy._tcp</type>
                <port>8000</port>
        </service>
        <service protocol="ipv4">
                <type>_apt-proxy._tcp</type>
                <port>8000</port>
        </service>
</service-group>
```
And for `systemd-resolved`:
```
$ cat /etc/systemd/dnssd/squid-deb-proxy.dnssd
[Service]
Name=Squid deb proxy on %H systemd
Type=_apt-proxy._tcp
Port=8000
```

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), 
(500, 'stable'), (100, 'proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.1+debian+tj (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply via email to