Am 04.12.2016 um 15:36 schrieb Alexander Kurtz: > Package: libnss-resolve > Version: 232-6 > Severity: serious > Justification: Breaks another package > > Hi! > > A freshly installed Debian Stretch system will have a > /etc/nsswitch.conf like this (see libc-bin's postinst and/or > /usr/share/libc-bin/nsswitch.conf): > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, > try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat > group: compat > shadow: compat > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > Installing libnss-resolve makes these changes: > > --- nsswitch.conf 2016-12-04 15:16:42.701978711 +0100 > +++ /etc/nsswitch.conf 2016-12-04 15:16:51.965961200 > +0100 > @@ -9,7 +9,7 @@ > shadow: compat > gshadow: files > > -hosts: files dns > +hosts: files resolve [!UNAVAIL=return] dns > networks: files > > protocols: db files > > If the user then installs for example the "gnome" meta package, > libnss-mdns and libnss-myhostname will be installed as well because of > these dependencies/recommendations: > > gnome -> avahi-daemon -> libnss-mdns > gnome -> gnome-core -> gnome-control-center -> libnss-myhostname > > This results in the following hosts line: > > hosts: files resolve [!UNAVAIL=return] mdns4_minimal > [NOTFOUND=return] dns myhostname > > However, because of the "[!UNAVAIL=return]" introduced with [0], > nothing after "resolve" will actually be tried. This is mostly > harmless, since "resolve" provides a superset of "dns" and > "myhostname", but it breaks mDNS as resolved currently does not resolve > mDNS names like "foo.local". > > Please note, that > > a) This bug depends on the order of package installations. Installing > libnss-resolve *AFTER* everything else will avoid the problem.
Installing libnss-mdns, then libnss-resolve leads to hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns Installing libnss-resolve, then libnss-mdns leads to hosts: files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return] dns So maybe the "obvious" fix is to change libnss-mdns to always insert itself before dns *and* resolve? On the other hand, it's quite ugly that mdns needs to be taught to cope with this new nss module. Martin, Simon, what's your take on this? With multiple packages mangling nsswitch.conf, this feels like it's becoming very brittle and maybe we need a proper API like pam-auth-update. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
