[Touch-packages] [Bug 1862764] Re: add-apt-repository should use signed-by
Can confirm all of the above. https://fostips.com/apt-key-deprecated-right-way-add-repository https://www.north-47.com/knowledge-base/how-to-securely-install-apps-on-debian-based-linux-distros/ With apt-key being deprecated and a transition to more secure (better) restriction of repository trust via "signed-by", we definitely need add- apt-repository to support this ASAP. After Ubuntu 20.04 apt-key will no longer be present and well before the next LTS we need tooling/documentation to leverage the new recommended approach. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1862764 Title: add-apt-repository should use signed-by Status in software-properties package in Ubuntu: Confirmed Bug description: add-apt-repository should use signed-by apt sources.list syntax supports limiting which keys are used to sign a given repo. It would be nice for add-apt-repository to import the key somewhere else but trusted.gpg.d and then specify path to it, using the "signed- by" field. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: software-properties-common 0.98.6 ProcVersionSignature: Ubuntu 5.4.0-1002.4-oem 5.4.8 Uname: Linux 5.4.0-1002-oem x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Feb 11 12:01:49 2020 InstallationDate: Installed on 2016-01-26 (1477 days ago) InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160125) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: software-properties UpgradeStatus: Upgraded to focal on 2019-01-15 (391 days ago) modified.conffile..etc.default.apport: [modified] mtime.conffile..etc.default.apport: 2020-01-10T16:24:15.968394 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1862764/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
> RE -W/w in `host` , correct -- even with timeout set, it blocks forever (I tested this several days ago in the dup'd ticket iirc) > RE timeout , good thoughts all - sure let's just stick with 5 seconds then > RE logic true/false (@Trent) , thanks yes! that'll do it; clarified now in my mind -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1752411 Title: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck Status in avahi package in Ubuntu: In Progress Status in bind9 package in Ubuntu: Confirmed Status in openconnect package in Ubuntu: Invalid Status in strongswan package in Ubuntu: Invalid Status in avahi source package in Bionic: Triaged Status in bind9 source package in Bionic: Confirmed Status in avahi source package in Cosmic: In Progress Status in bind9 source package in Cosmic: Confirmed Status in avahi package in Debian: New Bug description: [Impact] * Network connections for some users fail (in some cases a direct interface, in others when connecting a VPN) because the 'host' command to check for .local in DNS called by /usr/lib/avahi/avahi-daemon- check-dns.sh never times out like it should - leaving the script hanging indefinitely blocking interface up and start-up. This appears to be a bug in host caused in some circumstances however we implement a workaround to call it under 'timeout' as the issue with 'host' has not easily been identified, and in any case acts as a fall-back. [Test Case] * Multiple people have been unable to create a reproducer on a generic machine (e.g. it does not occur in a VM), I have a specific machine I can reproduce it on (a Skull Canyon NUC with Intel I219-LM) by simply "ifdown br0; ifup br0" and there are clearly 10s of other users affected in varying circumstances that all involve the same symptoms but no clear test case exists. Best I can suggest is that I test the patch on my system to ensure it works as expected, and the change is only 1 line which is fairly easily auditible and understandable. [Regression Potential] * The change is a single line change to the shell script to call host with "timeout". When tested on working and non-working system this appears to function as expected. I believe the regression potential for this is subsequently low. * In attempt to anticipate possible issues, I checked that the timeout command is in the same path (/usr/bin) as the host command that is already called without a path, and the coreutils package (which contains timeout) is an Essential package. I also checked that timeout is not a built-in in bash, for those that have changed /bin/sh to bash (just in case). [Other Info] * N/A [Original Bug Description] On 18.04 Openconnect connects successfully to any of multiple VPN concentrators but network traffic does not flow across the VPN tunnel connection. When testing on 16.04 this works flawlessly. This also worked on this system when it was on 17.10. I have tried reducing the mtu of the tun0 network device but this has not resulted in me being able to successfully ping the IP address. Example showing ping attempt to the IP of DNS server: ~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 172.29.88.11 nameserver 127.0.0.53 liam@liam-lat:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0 wlp2s0 105.27.198.106 192.168.1.1 255.255.255.255 UGH 0 0 0 wlp2s0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 172.29.88.110.0.0.0 255.255.255.255 UH0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0 liam@liam-lat:~$ ping 172.29.88.11 PING 172.29.88.11 (172.29.88.11) 56(84) bytes of data. ^C --- 172.29.88.11 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3054ms ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openconnect 7.08-3 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Wed Feb 28 22:11:33 2018 InstallationDate: Installed on 2017-06-15 (258 days
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
We should also consider:
```
# CLEAN
fermulator@fermmy:~$ host -t soa local.
Host local. not found: 3(NXDOMAIN)
fermulator@fermmy:~$ echo $?
1
# BROKEN (host hangs)
fermulator@fermmy:~$ LC_ALL=C /usr/bin/timeout 1 host -t soa local. 2>&1
fermulator@fermmy:~$ echo $?
124
# timeout
fermulator@fermmy:~$ timeout 1 sleep 2
fermulator@fermmy:~$ echo $?
124
# no timeout
fermulator@fermmy:~$ timeout 5 sleep 1
fermulator@fermmy:~$ echo $?
0
```
Isn't the existing logic broken? (perhaps insufficient
comments/documentation in this method for me to conclude either way ...
the intention maybe is unclear)
```
if [ $? -eq 0 ] ; then
if echo "$OUT" | egrep -vq 'has no|not found'; then
return 0
fi
else
# Checking the dns servers failed. Assuming no .local unicast dns, but
# remove the nameserver cache so we recheck the next time we're triggered
rm -f ${NS_CACHE}
fi
```
later it's used only here
```
if dns_has_local ; then
# .local from dns server, disabling avahi
disable_avahi
else
# no .local from dns server, enabling avahi
enable_avahi
fi
```
When host call fails (even with timeout), it returns "1" claiming
"dns_has_local()=true".
{{{
fermulator@fermmy:~$ OUT="Host local. not found: 3(NXDOMAIN)"
fermulator@fermmy:~$ if echo "$OUT" | egrep -vq 'has no|not found'; then echo
"RETURN 0"; else echo "RETURN 1"; fi
RETURN 1
}}}
At least the additional wrapping of timeout (workaround) doesn't make it
any worse I suppose ...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1752411
Title:
bind9-host, avahi-daemon-check-dns.sh hang forever causes network
connections to get stuck
Status in avahi package in Ubuntu:
In Progress
Status in bind9 package in Ubuntu:
Confirmed
Status in openconnect package in Ubuntu:
Invalid
Status in strongswan package in Ubuntu:
Invalid
Status in avahi source package in Bionic:
Triaged
Status in bind9 source package in Bionic:
Confirmed
Status in avahi source package in Cosmic:
In Progress
Status in bind9 source package in Cosmic:
Confirmed
Status in avahi package in Debian:
New
Bug description:
[Impact]
* Network connections for some users fail (in some cases a direct
interface, in others when connecting a VPN) because the 'host' command
to check for .local in DNS called by /usr/lib/avahi/avahi-daemon-
check-dns.sh never times out like it should - leaving the script
hanging indefinitely blocking interface up and start-up. This appears
to be a bug in host caused in some circumstances however we implement
a workaround to call it under 'timeout' as the issue with 'host' has
not easily been identified, and in any case acts as a fall-back.
[Test Case]
* Multiple people have been unable to create a reproducer on a
generic machine (e.g. it does not occur in a VM), I have a specific
machine I can reproduce it on (a Skull Canyon NUC with Intel I219-LM)
by simply "ifdown br0; ifup br0" and there are clearly 10s of other
users affected in varying circumstances that all involve the same
symptoms but no clear test case exists. Best I can suggest is that I
test the patch on my system to ensure it works as expected, and the
change is only 1 line which is fairly easily auditible and
understandable.
[Regression Potential]
* The change is a single line change to the shell script to call host with
"timeout". When tested on working and non-working system this appears to
function as expected. I believe the regression potential for this is
subsequently low.
* In attempt to anticipate possible issues, I checked that the timeout
command is in the same path (/usr/bin) as the host command that is already
called without a path, and the coreutils package (which contains timeout) is an
Essential package. I also checked that timeout is not a built-in in bash, for
those that have changed /bin/sh to bash (just in case).
[Other Info]
* N/A
[Original Bug Description]
On 18.04 Openconnect connects successfully to any of multiple VPN
concentrators but network traffic does not flow across the VPN tunnel
connection. When testing on 16.04 this works flawlessly. This also
worked on this system when it was on 17.10.
I have tried reducing the mtu of the tun0 network device but this has
not resulted in me being able to successfully ping the IP address.
Example showing ping attempt to the IP of DNS server:
~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 172.29.88.11
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
PS: I've been running with a hacked /usr/lib/avahi/avahi-daemon-check-dns.sh for a few days with this code: ``` OUT=`LC_ALL=C /usr/bin/timeout 2 host -t soa local. 2>&1` ``` , works like a charm -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1752411 Title: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck Status in avahi package in Ubuntu: In Progress Status in bind9 package in Ubuntu: Confirmed Status in openconnect package in Ubuntu: Invalid Status in strongswan package in Ubuntu: Invalid Status in avahi source package in Bionic: Triaged Status in bind9 source package in Bionic: Confirmed Status in avahi source package in Cosmic: In Progress Status in bind9 source package in Cosmic: Confirmed Status in avahi package in Debian: New Bug description: [Impact] * Network connections for some users fail (in some cases a direct interface, in others when connecting a VPN) because the 'host' command to check for .local in DNS called by /usr/lib/avahi/avahi-daemon- check-dns.sh never times out like it should - leaving the script hanging indefinitely blocking interface up and start-up. This appears to be a bug in host caused in some circumstances however we implement a workaround to call it under 'timeout' as the issue with 'host' has not easily been identified, and in any case acts as a fall-back. [Test Case] * Multiple people have been unable to create a reproducer on a generic machine (e.g. it does not occur in a VM), I have a specific machine I can reproduce it on (a Skull Canyon NUC with Intel I219-LM) by simply "ifdown br0; ifup br0" and there are clearly 10s of other users affected in varying circumstances that all involve the same symptoms but no clear test case exists. Best I can suggest is that I test the patch on my system to ensure it works as expected, and the change is only 1 line which is fairly easily auditible and understandable. [Regression Potential] * The change is a single line change to the shell script to call host with "timeout". When tested on working and non-working system this appears to function as expected. I believe the regression potential for this is subsequently low. * In attempt to anticipate possible issues, I checked that the timeout command is in the same path (/usr/bin) as the host command that is already called without a path, and the coreutils package (which contains timeout) is an Essential package. I also checked that timeout is not a built-in in bash, for those that have changed /bin/sh to bash (just in case). [Other Info] * N/A [Original Bug Description] On 18.04 Openconnect connects successfully to any of multiple VPN concentrators but network traffic does not flow across the VPN tunnel connection. When testing on 16.04 this works flawlessly. This also worked on this system when it was on 17.10. I have tried reducing the mtu of the tun0 network device but this has not resulted in me being able to successfully ping the IP address. Example showing ping attempt to the IP of DNS server: ~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 172.29.88.11 nameserver 127.0.0.53 liam@liam-lat:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0 wlp2s0 105.27.198.106 192.168.1.1 255.255.255.255 UGH 0 0 0 wlp2s0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 172.29.88.110.0.0.0 255.255.255.255 UH0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0 liam@liam-lat:~$ ping 172.29.88.11 PING 172.29.88.11 (172.29.88.11) 56(84) bytes of data. ^C --- 172.29.88.11 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3054ms ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openconnect 7.08-3 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Wed Feb 28 22:11:33 2018 InstallationDate: Installed on 2017-06-15 (258 days ago) InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
Are we sure timeout of 5 seconds is appropriate? (it FEELS too long) My intuition says that if a DNS query takes longer than 1 second it took too long ... However (consider also the "wait" (-W) parameter for the host command itself) ``` -W wait Timeout: Wait for up to wait seconds for a reply. If wait is less than one, the wait interval is set to one second. By default, host will wait for 5 seconds for UDP responses and 10 seconds for TCP connections. These defaults can be overridden by the timeout option in /etc/resolv.conf. See also the -w option. ``` None-the-less, this is a _workaround_ for the issue -- (will the ticket remain open to fix the underlying issue, or a subsequent issue be submitted?) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1752411 Title: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck Status in avahi package in Ubuntu: In Progress Status in bind9 package in Ubuntu: Confirmed Status in openconnect package in Ubuntu: Invalid Status in strongswan package in Ubuntu: Invalid Status in avahi source package in Bionic: Triaged Status in bind9 source package in Bionic: Confirmed Status in avahi source package in Cosmic: In Progress Status in bind9 source package in Cosmic: Confirmed Status in avahi package in Debian: New Bug description: [Impact] * Network connections for some users fail (in some cases a direct interface, in others when connecting a VPN) because the 'host' command to check for .local in DNS called by /usr/lib/avahi/avahi-daemon- check-dns.sh never times out like it should - leaving the script hanging indefinitely blocking interface up and start-up. This appears to be a bug in host caused in some circumstances however we implement a workaround to call it under 'timeout' as the issue with 'host' has not easily been identified, and in any case acts as a fall-back. [Test Case] * Multiple people have been unable to create a reproducer on a generic machine (e.g. it does not occur in a VM), I have a specific machine I can reproduce it on (a Skull Canyon NUC with Intel I219-LM) by simply "ifdown br0; ifup br0" and there are clearly 10s of other users affected in varying circumstances that all involve the same symptoms but no clear test case exists. Best I can suggest is that I test the patch on my system to ensure it works as expected, and the change is only 1 line which is fairly easily auditible and understandable. [Regression Potential] * The change is a single line change to the shell script to call host with "timeout". When tested on working and non-working system this appears to function as expected. I believe the regression potential for this is subsequently low. * In attempt to anticipate possible issues, I checked that the timeout command is in the same path (/usr/bin) as the host command that is already called without a path, and the coreutils package (which contains timeout) is an Essential package. I also checked that timeout is not a built-in in bash, for those that have changed /bin/sh to bash (just in case). [Other Info] * N/A [Original Bug Description] On 18.04 Openconnect connects successfully to any of multiple VPN concentrators but network traffic does not flow across the VPN tunnel connection. When testing on 16.04 this works flawlessly. This also worked on this system when it was on 17.10. I have tried reducing the mtu of the tun0 network device but this has not resulted in me being able to successfully ping the IP address. Example showing ping attempt to the IP of DNS server: ~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 172.29.88.11 nameserver 127.0.0.53 liam@liam-lat:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0 wlp2s0 105.27.198.106 192.168.1.1 255.255.255.255 UGH 0 0 0 wlp2s0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 172.29.88.110.0.0.0 255.255.255.255 UH0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0 liam@liam-lat:~$ ping 172.29.88.11 PING 172.29.88.11
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
(this is currently in the "openconnect" path despite marked as "invalid" against that package, bug was submitted originally to that project -- can we move to avahi?) $ dpkg -S /usr/lib/avahi/avahi-daemon-check-dns.sh avahi-daemon: /usr/lib/avahi/avahi-daemon-check-dns.sh $ dpkg -s avahi-daemon Package: avahi-daemon Status: install ok installed Priority: optional Section: net Installed-Size: 278 Maintainer: Ubuntu Developers Architecture: amd64 Multi-Arch: foreign Source: avahi Version: 0.7-3.1ubuntu1 Depends: libavahi-common3 (>= 0.6.16), libavahi-core7 (>= 0.6.24), libc6 (>= 2.14), libcap2 (>= 1:2.10), libdaemon0 (>= 0.14), libdbus-1-3 (>= 1.9.14), libexpat1 (>= 2.0.1), adduser, dbus (>= 0.60), lsb-base (>= 3.0-6), bind9-host | host Recommends: libnss-mdns Suggests: avahi-autoipd Conffiles: /etc/avahi/avahi-daemon.conf 8d4be860ead4cacc2ba5f77e7fadb11d /etc/avahi/hosts 186990ae1edac95a88dbef6a36a07716 /etc/dbus-1/system.d/avahi-dbus.conf 4b8ff37c10615ae704b7827a438ff534 /etc/default/avahi-daemon 292bdbb95b392a71a0c363eb58b3a119 /etc/init.d/avahi-daemon 7e648c77846d70c4ef1b49c0c4f7cfad /etc/network/if-up.d/avahi-daemon 6dbf1a91ab420a99d1205972d6401e67 /etc/resolvconf/update-libc.d/avahi-daemon 2cf53ff5a00f9d1fed653a2913de5bc7 /etc/init/avahi-cups-reload.conf 56a60d600cd80a95f2e3b6909c3bda74 obsolete /etc/init/avahi-daemon.conf 0303b3961d5ffee8f05805b1dd06f475 obsolete Description: Avahi mDNS/DNS-SD daemon Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example you can plug into a network and instantly find printers to print to, files to look at and people to talk to. . This package contains the Avahi Daemon which represents your machine on the network and allows other applications to publish and resolve mDNS/DNS-SD records. Homepage: http://avahi.org/ Original-Maintainer: Utopia Maintenance Team -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1752411 Title: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck Status in avahi package in Ubuntu: Confirmed Status in bind9 package in Ubuntu: Confirmed Status in openconnect package in Ubuntu: Invalid Status in strongswan package in Ubuntu: New Status in avahi package in Debian: New Bug description: On 18.04 Openconnect connects successfully to any of multiple VPN concentrators but network traffic does not flow across the VPN tunnel connection. When testing on 16.04 this works flawlessly. This also worked on this system when it was on 17.10. I have tried reducing the mtu of the tun0 network device but this has not resulted in me being able to successfully ping the IP address. Example showing ping attempt to the IP of DNS server: ~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 172.29.88.11 nameserver 127.0.0.53 liam@liam-lat:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0 wlp2s0 105.27.198.106 192.168.1.1 255.255.255.255 UGH 0 0 0 wlp2s0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 172.29.88.110.0.0.0 255.255.255.255 UH0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0 liam@liam-lat:~$ ping 172.29.88.11 PING 172.29.88.11 (172.29.88.11) 56(84) bytes of data. ^C --- 172.29.88.11 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3054ms ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openconnect 7.08-3 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Wed Feb 28 22:11:33 2018 InstallationDate: Installed on 2017-06-15 (258 days ago) InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719) SourcePackage: openconnect UpgradeStatus: Upgraded to bionic on 2018-02-22 (6 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1752411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
(btw; while we're fixing that script ... fix/change backtics to POSIX compliant sub-shell'ing $() ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1752411 Title: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck Status in avahi package in Ubuntu: Confirmed Status in bind9 package in Ubuntu: Confirmed Status in openconnect package in Ubuntu: Invalid Status in strongswan package in Ubuntu: New Status in avahi package in Debian: New Bug description: On 18.04 Openconnect connects successfully to any of multiple VPN concentrators but network traffic does not flow across the VPN tunnel connection. When testing on 16.04 this works flawlessly. This also worked on this system when it was on 17.10. I have tried reducing the mtu of the tun0 network device but this has not resulted in me being able to successfully ping the IP address. Example showing ping attempt to the IP of DNS server: ~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 172.29.88.11 nameserver 127.0.0.53 liam@liam-lat:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0 wlp2s0 105.27.198.106 192.168.1.1 255.255.255.255 UGH 0 0 0 wlp2s0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 172.29.88.110.0.0.0 255.255.255.255 UH0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0 liam@liam-lat:~$ ping 172.29.88.11 PING 172.29.88.11 (172.29.88.11) 56(84) bytes of data. ^C --- 172.29.88.11 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3054ms ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openconnect 7.08-3 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Wed Feb 28 22:11:33 2018 InstallationDate: Installed on 2017-06-15 (258 days ago) InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719) SourcePackage: openconnect UpgradeStatus: Upgraded to bionic on 2018-02-22 (6 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1752411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752411] Re: bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck
Notes;
when "things are working", host does either:
while on VPN:
{{{
$ LC_ALL=C host -t soa local.
Host local. not found: 3(NXDOMAIN)
$ LC_ALL=C dig -t soa local.
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> -t soa local.
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 7637
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e1ff5e7222ad62da (echoed)
;; QUESTION SECTION:
;local. IN SOA
;; Query time: 21 msec
;; SERVER: 192.168.194.20#53(192.168.194.20)
;; WHEN: Mon Aug 20 12:01:19 EDT 2018
;; MSG SIZE rcvd: 46
}}}
while off VPN:
{{{
$ LC_ALL=C host -t soa local.
Host local not found: 2(SERVFAIL)
$ LC_ALL=C dig -t soa local.
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> -t soa local.
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61619
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;local. IN SOA
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Aug 20 12:02:24 EDT 2018
;; MSG SIZE rcvd: 34
}}}
=
while in the broken/hung state:
^^^
=
{{{
$ LC_ALL=C host -t soa local.
:(
}}}
(even hangs w/ "-W 1") ...
dig command augmented returns!:
{{{
$ LC_ALL=C dig -t soa local.
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> -t soa local.
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16967
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;local. IN SOA
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Aug 20 11:56:58 EDT 2018
;; MSG SIZE rcvd: 34
}}}
(I am not familiar enough with SOAL local. lookups though to say if it
can replace the host invocation in this method)
/usr/lib/avahi/avahi-daemon-check-dns.sh
dns_has_local() {
# Some magic to do tests
if [ -n "${FAKE_HOST_RETURN}" ] ; then
if [ "${FAKE_HOST_RETURN}" = "true" ]; then
return 0;
else
return 1;
fi
fi
OUT=`LC_ALL=C host -t soa local. 2>&1`
if [ $? -eq 0 ] ; then
if echo "$OUT" | egrep -vq 'has no|not found'; then
return 0
fi
else
# Checking the dns servers failed. Assuming no .local unicast dns, but
# remove the nameserver cache so we recheck the next time we're triggered
rm -f ${NS_CACHE}
fi
return 1
}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1752411
Title:
bind9-host, avahi-daemon-check-dns.sh hang forever causes network
connections to get stuck
Status in avahi package in Ubuntu:
Confirmed
Status in bind9 package in Ubuntu:
Confirmed
Status in openconnect package in Ubuntu:
Invalid
Status in strongswan package in Ubuntu:
New
Status in avahi package in Debian:
New
Bug description:
On 18.04 Openconnect connects successfully to any of multiple VPN
concentrators but network traffic does not flow across the VPN tunnel
connection. When testing on 16.04 this works flawlessly. This also
worked on this system when it was on 17.10.
I have tried reducing the mtu of the tun0 network device but this has
not resulted in me being able to successfully ping the IP address.
Example showing ping attempt to the IP of DNS server:
~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 172.29.88.11
nameserver 127.0.0.53
liam@liam-lat:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG0 0 0
wlp2s0
105.27.198.106 192.168.1.1 255.255.255.255 UGH 0 0 0
wlp2s0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
docker0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0
docker0
172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
[Touch-packages] [Bug 1786261] Re: strongswan ipsec fails to finish connection (hangs after installing DNS server via resolvconf)
*** This bug is a duplicate of bug 1752411 ***
https://bugs.launchpad.net/bugs/1752411
**accepting duplication**
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1786261
Title:
strongswan ipsec fails to finish connection (hangs after installing
DNS server via resolvconf)
Status in strongSwan:
New
Status in bind9 package in Ubuntu:
New
Status in resolvconf package in Ubuntu:
New
Status in strongswan package in Ubuntu:
New
Bug description:
as a continuation of
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250 ...
(that bug can be focused on the apparmor profile issue in Ubuntu +
strongswan)
--
this bug report is for the stuck VPN connection issue
Used to work fine in Ubuntu 16.04 LTS, and Ubuntu 17.10.
ii strongswan 5.6.2-1ubuntu2 all IPsec VPN solution metapackage
A while ago I upgrade to 18.04 LTS and had consistent issues with
strongswan ipsec connectivity VPN.
```
sudo ipsec up
... all the goods happen ...
but near the end:
IKE_SA [1] established between
1.0.0.6[]...64.7.137.180[OU=Domain Control Validated,
CN=.com]
scheduling reauthentication in 56358s
maximum IKE_SA lifetime 56538s
installing DNS server 192.168.194.20 via resolvconf
installing DNS server 192.168.196.20 via resolvconf
<>
```
while in this state, we see:
```
sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic,
x86_64):
uptime: 6 minutes, since Aug 09 10:03:04 2018
malloc: sbrk 3403776, mmap 532480, used 1301456, free 2102320
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2
sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey
pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt
af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru
bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default
connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka
eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc
eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc
xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11
tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr
addrblock unity counters
Listening IP addresses:
1.0.0.6
192.168.130.9
192.168.140.17
192.168.130.14
192.168.140.2
192.168.130.13
192.168.130.15
192.168.130.16
192.168.130.8
172.17.0.1
192.168.122.1
Connections:
primary: %any...primary..com IKEv2,
dpddelay=30s
primary: local: [] uses EAP_MSCHAPV2
authentication
primary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
primary: child: 192.168.140.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
secondary: %any...secondary..com
IKEv2, dpddelay=30s
secondary: local: [] uses EAP_MSCHAPV2
authentication
secondary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
secondary: child: 192.168.130.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
Routed Connections:
secondary{2}: ROUTED, TUNNEL, reqid 2
secondary{2}: 192.168.130.0/24 === 10.0.0.0/8 172.16.0.0/12
192.168.128.0/17
primary{1}: ROUTED, TUNNEL, reqid 1
primary{1}: 192.168.140.0/24 === 10.0.0.0/8 172.16.0.0/12
192.168.128.0/17
Security Associations (0 up, 0 connecting):
none
```
here are the logs (post-restart of strongswan service)
journalctl --system -u strongswan
```
Aug 09 10:03:05 systemd[1]: Started strongSwan IPsec
IKEv1/IKEv2 daemon using ipsec.conf.
Aug 09 10:03:05 ipsec[10448]: Starting strongSwan 5.6.2
IPsec [starter]...
Aug 09 10:03:05 ipsec_starter[10448]: Starting strongSwan
5.6.2 IPsec [starter]...
Aug 09 10:03:05 charon[10474]: 00[DMN] Starting IKE charon
daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic, x86_64)
Aug 09 10:03:05 charon[10474]: 00[CFG] PKCS11 module
'' lacks library path
Aug 09 10:03:05 charon[10474]: 00[CFG] disabling
load-tester plugin, not configured
Aug 09 10:03:05 charon[10474]: 00[LIB] plugin
'load-tester': failed to load - load_tester_plugin_create returned NULL
Aug 09 10:03:05 charon[10474]: 00[KNL] unable to create
IPv4 routing table rule
Aug 09 10:03:05 charon[10474]: 00[KNL] unable to create
IPv6 routing table rule
Aug 09 10:03:05 charon[10474]: 00[CFG] dnscert plugin is
disabled
Aug 09 10:03:05 charon[10474]: 00[CFG] ipseckey plugin is
disabled
Aug 09 10:03:05 charon[10474]: 00[CFG] attr-sql plugin:
database URI not set
Aug 09 10:03:05 charon[10474]: 00[CFG] loading ca
certificates
[Touch-packages] [Bug 1786261] Re: strongswan ipsec fails to finish connection (hangs after installing DNS server via resolvconf)
*** This bug is a duplicate of bug 1752411 ***
https://bugs.launchpad.net/bugs/1752411
I also note;
I think this is (at least partially) due to strongswan leaving a
dangling duplicate DNS entry in resolve.conf.
It's 100% consistent, that after step #3 above, there is a dangling DNS
entry in resolve.conf, and this script hangs.
More :
1. fresh boot
2. script checks:
- "/usr/lib/avahi/avahi-daemon-check-dns.sh" is fine
- "host -t soa local." returns
3. activate strongswan connection = SUCCESS
{{{
fermulator@fermmy:~$ sudo /usr/lib/avahi/avahi-daemon-check-dns.sh
fermulator@fermmy:~$ LC_ALL=C host -t soa local.
Host local. not found: 3(NXDOMAIN)
resolv.conf contains:
nameserver 192.168.194.20
nameserver 192.168.196.20
nameserver 127.0.0.53
}}}
then;
4. disconnect VPN,
{{{
resolv.conf dangling:
nameserver 192.168.194.20
nameserver 127.0.0.53
}}}
5. script checks:
- "/usr/lib/avahi/avahi-daemon-check-dns.sh" HANGS
- "host -t soa local." HANGS
6. killall host
back to normal;
resolv.conf properly only has the local nameserver now (no more dangling DNS),
{{{
nameserver 127.0.0.53
}}}
7. script checks:
- "/usr/lib/avahi/avahi-daemon-check-dns.sh" works
- "host -t soa local." works
$ host -t soa local.
Host local not found: 2(SERVFAIL)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1786261
Title:
strongswan ipsec fails to finish connection (hangs after installing
DNS server via resolvconf)
Status in strongSwan:
New
Status in bind9 package in Ubuntu:
New
Status in resolvconf package in Ubuntu:
New
Status in strongswan package in Ubuntu:
New
Bug description:
as a continuation of
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250 ...
(that bug can be focused on the apparmor profile issue in Ubuntu +
strongswan)
--
this bug report is for the stuck VPN connection issue
Used to work fine in Ubuntu 16.04 LTS, and Ubuntu 17.10.
ii strongswan 5.6.2-1ubuntu2 all IPsec VPN solution metapackage
A while ago I upgrade to 18.04 LTS and had consistent issues with
strongswan ipsec connectivity VPN.
```
sudo ipsec up
... all the goods happen ...
but near the end:
IKE_SA [1] established between
1.0.0.6[]...64.7.137.180[OU=Domain Control Validated,
CN=.com]
scheduling reauthentication in 56358s
maximum IKE_SA lifetime 56538s
installing DNS server 192.168.194.20 via resolvconf
installing DNS server 192.168.196.20 via resolvconf
<>
```
while in this state, we see:
```
sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic,
x86_64):
uptime: 6 minutes, since Aug 09 10:03:04 2018
malloc: sbrk 3403776, mmap 532480, used 1301456, free 2102320
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2
sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey
pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt
af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru
bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default
connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka
eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc
eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc
xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11
tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr
addrblock unity counters
Listening IP addresses:
1.0.0.6
192.168.130.9
192.168.140.17
192.168.130.14
192.168.140.2
192.168.130.13
192.168.130.15
192.168.130.16
192.168.130.8
172.17.0.1
192.168.122.1
Connections:
primary: %any...primary..com IKEv2,
dpddelay=30s
primary: local: [] uses EAP_MSCHAPV2
authentication
primary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
primary: child: 192.168.140.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
secondary: %any...secondary..com
IKEv2, dpddelay=30s
secondary: local: [] uses EAP_MSCHAPV2
authentication
secondary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
secondary: child: 192.168.130.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
Routed Connections:
secondary{2}: ROUTED, TUNNEL, reqid 2
secondary{2}: 192.168.130.0/24 === 10.0.0.0/8 172.16.0.0/12
192.168.128.0/17
primary{1}: ROUTED, TUNNEL, reqid 1
primary{1}: 192.168.140.0/24 === 10.0.0.0/8 172.16.0.0/12
192.168.128.0/17
Security Associations (0 up, 0 connecting):
no
[Touch-packages] [Bug 1786261] Re: strongswan ipsec fails to finish connection (hangs after installing DNS server via resolvconf)
*** This bug is a duplicate of bug 1752411 ***
https://bugs.launchpad.net/bugs/1752411
$ dpkg --list | grep bind9
ii bind9-host
1:9.11.3+dfsg-1ubuntu1.1 amd64DNS lookup utility
(deprecated)
ii libbind9-160:amd64
1:9.11.3+dfsg-1ubuntu1.1 amd64BIND9 Shared Library
used by BIND
rc libbind9-80
1:9.8.1.dfsg.P1-4ubuntu0.9 amd64BIND9 Shared Library
used by BIND
rc libbind9-90
1:9.9.5.dfsg-3ubuntu0.8 amd64BIND9 Shared Library
used by BIND
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1786261
Title:
strongswan ipsec fails to finish connection (hangs after installing
DNS server via resolvconf)
Status in strongSwan:
New
Status in bind9 package in Ubuntu:
New
Status in resolvconf package in Ubuntu:
New
Status in strongswan package in Ubuntu:
New
Bug description:
as a continuation of
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250 ...
(that bug can be focused on the apparmor profile issue in Ubuntu +
strongswan)
--
this bug report is for the stuck VPN connection issue
Used to work fine in Ubuntu 16.04 LTS, and Ubuntu 17.10.
ii strongswan 5.6.2-1ubuntu2 all IPsec VPN solution metapackage
A while ago I upgrade to 18.04 LTS and had consistent issues with
strongswan ipsec connectivity VPN.
```
sudo ipsec up
... all the goods happen ...
but near the end:
IKE_SA [1] established between
1.0.0.6[]...64.7.137.180[OU=Domain Control Validated,
CN=.com]
scheduling reauthentication in 56358s
maximum IKE_SA lifetime 56538s
installing DNS server 192.168.194.20 via resolvconf
installing DNS server 192.168.196.20 via resolvconf
<>
```
while in this state, we see:
```
sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic,
x86_64):
uptime: 6 minutes, since Aug 09 10:03:04 2018
malloc: sbrk 3403776, mmap 532480, used 1301456, free 2102320
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2
sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey
pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt
af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru
bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default
connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka
eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc
eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc
xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11
tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr
addrblock unity counters
Listening IP addresses:
1.0.0.6
192.168.130.9
192.168.140.17
192.168.130.14
192.168.140.2
192.168.130.13
192.168.130.15
192.168.130.16
192.168.130.8
172.17.0.1
192.168.122.1
Connections:
primary: %any...primary..com IKEv2,
dpddelay=30s
primary: local: [] uses EAP_MSCHAPV2
authentication
primary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
primary: child: 192.168.140.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
secondary: %any...secondary..com
IKEv2, dpddelay=30s
secondary: local: [] uses EAP_MSCHAPV2
authentication
secondary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
secondary: child: 192.168.130.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
Routed Connections:
secondary{2}: ROUTED, TUNNEL, reqid 2
secondary{2}: 192.168.130.0/24 === 10.0.0.0/8 172.16.0.0/12
192.168.128.0/17
primary{1}: ROUTED, TUNNEL, reqid 1
primary{1}: 192.168.140.0/24 === 10.0.0.0/8 172.16.0.0/12
192.168.128.0/17
Security Associations (0 up, 0 connecting):
none
```
here are the logs (post-restart of strongswan service)
journalctl --system -u strongswan
```
Aug 09 10:03:05 systemd[1]: Started strongSwan IPsec
IKEv1/IKEv2 daemon using ipsec.conf.
Aug 09 10:03:05 ipsec[10448]: Starting strongSwan 5.6.2
IPsec [starter]...
Aug 09 10:03:05 ipsec_starter[10448]: Starting strongSwan
5.6.2 IPsec [starter]...
Aug 09 10:03:05 charon[10474]: 00[DMN] Starting IKE charon
daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic, x86_64)
Aug 09 10:03:05 charon[10474]: 00[CFG] PKCS11 module
'' lacks library path
Aug 09 10:03:05
[Touch-packages] [Bug 1786261] Re: strongswan ipsec fails to finish connection (hangs after installing DNS server via resolvconf)
*** This bug is a duplicate of bug 1752411 ***
https://bugs.launchpad.net/bugs/1752411
The relationship to LP #1752411 certainly feels valid.
(I think I agree to the duplication)
Check this out btw (perhaps better submitted to the other bug) -- but --
despite "host" claiming a default timeout of a few seconds, this NEVER returns!!
{{{
$ LC_ALL=C host -t soa local.
}}}
$ man host
{{{
-W wait
Timeout: Wait for up to wait seconds for a reply. If wait is less
than one, the wait interval is set to one second.
By default, host will wait for 5 seconds for UDP responses and 10
seconds for TCP connections. These defaults can be overridden by the timeout
option in
/etc/resolv.conf.
See also the -w option.
}}}
But I even tried to manually specify how long to wait, it isn't honoured
{{{
$ time LC_ALL=C host -W 1 -t soa local.
<>
}}}
--
we're talking about THIS method btw
/usr/lib/avahi/avahi-daemon-check-dns.sh
{{{
dns_has_local() {
# Some magic to do tests
if [ -n "${FAKE_HOST_RETURN}" ] ; then
if [ "${FAKE_HOST_RETURN}" = "true" ]; then
return 0;
else
return 1;
fi
fi
OUT=`LC_ALL=C host -t soa local. 2>&1`<<< HERE
if [ $? -eq 0 ] ; then
if echo "$OUT" | egrep -vq 'has no|not found'; then
return 0
fi
else
# Checking the dns servers failed. Assuming no .local unicast dns, but
# remove the nameserver cache so we recheck the next time we're triggered
rm -f ${NS_CACHE}
fi
return 1
}
}}}
---
Steps to reproduce:
1. fresh boot
2. run "host -t soa local." (works fine)
{{{
$ LC_ALL=C host -t soa local.
Host local. not found: 3(NXDOMAIN)
}}}
2. connect to strongswan vpn
3. disconnect the session
4. , now that command hangs forever
{{{
$ time LC_ALL=C host -t soa local.
}}}
(tried timing it ...)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1786261
Title:
strongswan ipsec fails to finish connection (hangs after installing
DNS server via resolvconf)
Status in strongSwan:
New
Status in bind9 package in Ubuntu:
New
Status in resolvconf package in Ubuntu:
New
Status in strongswan package in Ubuntu:
New
Bug description:
as a continuation of
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250 ...
(that bug can be focused on the apparmor profile issue in Ubuntu +
strongswan)
--
this bug report is for the stuck VPN connection issue
Used to work fine in Ubuntu 16.04 LTS, and Ubuntu 17.10.
ii strongswan 5.6.2-1ubuntu2 all IPsec VPN solution metapackage
A while ago I upgrade to 18.04 LTS and had consistent issues with
strongswan ipsec connectivity VPN.
```
sudo ipsec up
... all the goods happen ...
but near the end:
IKE_SA [1] established between
1.0.0.6[]...64.7.137.180[OU=Domain Control Validated,
CN=.com]
scheduling reauthentication in 56358s
maximum IKE_SA lifetime 56538s
installing DNS server 192.168.194.20 via resolvconf
installing DNS server 192.168.196.20 via resolvconf
<>
```
while in this state, we see:
```
sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic,
x86_64):
uptime: 6 minutes, since Aug 09 10:03:04 2018
malloc: sbrk 3403776, mmap 532480, used 1301456, free 2102320
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2
sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey
pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt
af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru
bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default
connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka
eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc
eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc
xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11
tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr
addrblock unity counters
Listening IP addresses:
1.0.0.6
192.168.130.9
192.168.140.17
192.168.130.14
192.168.140.2
192.168.130.13
192.168.130.15
192.168.130.16
192.168.130.8
172.17.0.1
192.168.122.1
Connections:
primary: %any...primary..com IKEv2,
dpddelay=30s
primary: local: [] uses EAP_MSCHAPV2
authentication
primary: remote: [OU=Domain Control Validated,
CN=.com] uses public key authentication
primary: child: 192.168.140.0/24 === 192.168.128.0/17
10.0.0.0/8 172.16.0.0/12 TUNNEL, dpdaction=clear
secondary: %any...secondary..com
IKEv2, dpddelay=30s
secondary: local: [] uses EAP_MSCHAPV2
authentication
[Touch-packages] [Bug 1542471] Re: Playing mp3 files causes: Problem occurred without error being set. This is a bug in Rhythmbox or GStreamer.
(had this tab open in a really old browser session ... doing some clean
up ...)
retested on Fedora 26, it works! (bug no longer present)
{{{
$ sudo zfs list | grep music
zstorage/music 7.40G 84.9G 7.40G /zstorage/music
}}}
rhythmbox opens, music library on that pool, music plays
{{{
4.14.14-200.fc26.x86_64, zfs-0.7.5-1.fc26.x86_64, rhythmbox-3.4.1-3.fc26.x86_64
}}}
** Attachment added: "rbox_zfs_pool_source.png"
https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/1542471/+attachment/5059243/+files/rbox_zfs_pool_source.png
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gstreamer1.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1542471
Title:
Playing mp3 files causes: Problem occurred without error being set.
This is a bug in Rhythmbox or GStreamer.
Status in gstreamer1.0 package in Ubuntu:
Confirmed
Status in rhythmbox package in Ubuntu:
Confirmed
Bug description:
I get the following error in the console when trying to play a mp3
file using Rhythmbox:
(21:23:27) [0x832a60] [rb_shell_player_error] rb-shell-player.c:2443:
playback error while playing: Problem occurred without error being
set. This is a bug in Rhythmbox or GStreamer.
I don't get the same error while trying to play the same file using
'Video's. I installed the required codec using the 'Video's
application as it told me to install a codec.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: libgstreamer1.0-0 1.7.1-1
ProcVersionSignature: Ubuntu 4.4.0-2.16-generic 4.4.0
Uname: Linux 4.4.0-2-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia zfs zunicode zcommon znvpair zavl
ApportVersion: 2.19.4-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Feb 5 21:24:05 2016
ExecutablePath: /usr/bin/rhythmbox
SourcePackage: gstreamer1.0
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/1542471/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1740967] Re: -u for "existing bug report" is not in help output of "ubuntu-bug"
Someone suggested that -u is deprecated, which means this might be a documentation fix ... That said, I still don't see why a user wouldn't be allowed to upload a bug report to an existing ticket if they own it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1740967 Title: -u for "existing bug report" is not in help output of "ubuntu-bug" Status in apport package in Ubuntu: New Bug description: $ ubuntu-bug --help Usage: ubuntu-bug [options] [symptom|pid|package|program path|.apport/.crash file] Options: -h, --helpshow this help message and exit -w, --window Click a window as a target for filing a problem report. --hanging The provided pd is a hanging application. --save=PATH In bug filing mode, save the collected information into a file instead of reporting it. This file can then be reported later on from a different machine. --tag=TAG Add an extra tag to the report. Can be specified multiple times. -v, --version Print the Apport version number. $ ubuntu-bug --version 2.20.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1740967/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1740967] Re: -u for "existing bug report" is not in help output of "ubuntu-bug"
Note that "-u" _is_ referenced in: https://help.ubuntu.com/community/ReportingBugs -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1740967 Title: -u for "existing bug report" is not in help output of "ubuntu-bug" Status in apport package in Ubuntu: New Bug description: $ ubuntu-bug --help Usage: ubuntu-bug [options] [symptom|pid|package|program path|.apport/.crash file] Options: -h, --helpshow this help message and exit -w, --window Click a window as a target for filing a problem report. --hanging The provided pd is a hanging application. --save=PATH In bug filing mode, save the collected information into a file instead of reporting it. This file can then be reported later on from a different machine. --tag=TAG Add an extra tag to the report. Can be specified multiple times. -v, --version Print the Apport version number. $ ubuntu-bug --version 2.20.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1740967/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1740967] [NEW] -u for "existing bug report" is not in help output of "ubuntu-bug"
Public bug reported: $ ubuntu-bug --help Usage: ubuntu-bug [options] [symptom|pid|package|program path|.apport/.crash file] Options: -h, --helpshow this help message and exit -w, --window Click a window as a target for filing a problem report. --hanging The provided pd is a hanging application. --save=PATH In bug filing mode, save the collected information into a file instead of reporting it. This file can then be reported later on from a different machine. --tag=TAG Add an extra tag to the report. Can be specified multiple times. -v, --version Print the Apport version number. $ ubuntu-bug --version 2.20.4 ** Affects: apport (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1740967 Title: -u for "existing bug report" is not in help output of "ubuntu-bug" Status in apport package in Ubuntu: New Bug description: $ ubuntu-bug --help Usage: ubuntu-bug [options] [symptom|pid|package|program path|.apport/.crash file] Options: -h, --helpshow this help message and exit -w, --window Click a window as a target for filing a problem report. --hanging The provided pd is a hanging application. --save=PATH In bug filing mode, save the collected information into a file instead of reporting it. This file can then be reported later on from a different machine. --tag=TAG Add an extra tag to the report. Can be specified multiple times. -v, --version Print the Apport version number. $ ubuntu-bug --version 2.20.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1740967/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1739532] [NEW] apport-collect SHOULD prune out /home/%USER/ from JournalErrors
Public bug reported:
During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.
I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!
However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.
The JournalErrors.txt should prune it.
Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]: WARNING:oneconf.hosts:Error
in loading other_hosts file: [Errno 2] No such file or directory:
'/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd90002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]: WARNING:oneconf.hosts:Error
in loading other_hosts file: [Errno 2] No such file or directory:
'/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd90002/other_hosts'
}}}
The suggestion here, is simply to also prune out usernames from ANY
"/home/%USER" or "~%USER" type regexes.
** Affects: apport (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport privacy
** Description changed:
During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.
I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!
However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.
The JournalErrors.txt should prune it.
Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]:
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file
or directory:
'/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd90002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]:
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file
or directory:
'/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd90002/other_hosts'
}}}
+
+ The suggestion here, is simply to also prune out usernames from ANY
+ "/home/%USER" or "~%USER" type regexes.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1739532
Title:
apport-collect SHOULD prune out /home/%USER/ from JournalErrors
Status in apport package in Ubuntu:
New
Bug description:
During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.
I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!
However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.
The JournalErrors.txt should prune it.
Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]:
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file
or directory:
'/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd90002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]:
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file
or directory:
'/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd90002/other_hosts'
}}}
The suggestion here, is simply to also prune out usernames from ANY
"/home/%USER" or "~%USER" type regexes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1739532/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1739531] [NEW] apport-collect SHOULD NOT collect gnome-shell command history and favorites
Public bug reported: In https://bugs.launchpad.net/ubuntu/+source/gnome- shell/+bug/1739525/comments/4, I ran apport-collect for that bug report. To my horror, it posted "org.gnome.shell command-history" and "favorites" in the "GsettingsChanges.txt"! https://launchpadlibrarian.net/349970997/GsettingsChanges.txt It's _completely_ reasonable to see: * enabled-extensions * org.gnome.shell.* diffs * org.gnome.desktop.* diffs But it is _NOT_ acceptable (privacy reasons) to automatically harvest a user's favorites in the gnome-shell, nor their command histories. _IF_ we must harvest for bug-data gathering, it MUST come in a secure mechanism that is private only to submitter + the assigned dev. ** Affects: apport (Ubuntu) Importance: Undecided Status: New ** Tags: apport privacy ** Description changed: In https://bugs.launchpad.net/ubuntu/+source/gnome- shell/+bug/1739525/comments/4, I ran apport-collect for that bug report. - To my horror, it posted "org.gnome.shell command-history" in the "GsettingsChanges.txt"! + To my horror, it posted "org.gnome.shell command-history" and "favorites" in the "GsettingsChanges.txt"! https://launchpadlibrarian.net/349970997/GsettingsChanges.txt It's _completely_ reasonable to see: - * enabled-extensions - * org.gnome.shell.* diffs - * org.gnome.desktop.* diffs + * enabled-extensions + * org.gnome.shell.* diffs + * org.gnome.desktop.* diffs But it is _NOT_ acceptable (privacy reasons) to automatically harvest a user's favorites in the gnome-shell, nor their command histories. _IF_ we must harvest for bug-data gathering, it MUST come in a secure mechanism that is private only to submitter + the assigned dev. ** Summary changed: - apport-collect SHOULD NOT collect gnome-shell command history + apport-collect SHOULD NOT collect gnome-shell command history and favorites -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1739531 Title: apport-collect SHOULD NOT collect gnome-shell command history and favorites Status in apport package in Ubuntu: New Bug description: In https://bugs.launchpad.net/ubuntu/+source/gnome- shell/+bug/1739525/comments/4, I ran apport-collect for that bug report. To my horror, it posted "org.gnome.shell command-history" and "favorites" in the "GsettingsChanges.txt"! https://launchpadlibrarian.net/349970997/GsettingsChanges.txt It's _completely_ reasonable to see: * enabled-extensions * org.gnome.shell.* diffs * org.gnome.desktop.* diffs But it is _NOT_ acceptable (privacy reasons) to automatically harvest a user's favorites in the gnome-shell, nor their command histories. _IF_ we must harvest for bug-data gathering, it MUST come in a secure mechanism that is private only to submitter + the assigned dev. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1739531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1547297] Re: No auto login in Ubuntu GNOME Xenial
What was the installer editing instead? (is there some dangling file
edits hanging around somewhere now?) -- I see from above that it was
editing "/etc/gdm/...", on my system fully updated though, there is no
dangling files in /etc/gdm/, so that's good.
This is what is actually needed (as we know):
{{{
$ cat /etc/gdm3/custom.conf | grep Auto
AutomaticLoginEnable = true
AutomaticLogin =
}}}
Even if we fixed the installer, what to do about all the existing
versions with the bug?
Will we have it auto-correct once the user runs patch updates? - or are
they just stuck with googling to find this bug report and then have to
fix it manually? :(
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to accountsservice in Ubuntu.
https://bugs.launchpad.net/bugs/1547297
Title:
No auto login in Ubuntu GNOME Xenial
Status in Ubuntu GNOME:
Fix Released
Status in accountsservice package in Ubuntu:
Fix Released
Status in gdm3 package in Ubuntu:
Invalid
Status in sddm package in Ubuntu:
Confirmed
Bug description:
Just installed Ubuntu GNOME Xenial 20160218 amd64 and selected to auto
login during installation, but once the installation was complete and
I booted into Ubuntu GNOME I was asked for my password. I looked in
the user UI and auto login was set to off, so I unlocked it, selected
auto login = on, clicked on lock again, and rebooted but was once
again asked for my password and the user UI once again showed auto
login = off.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gdm3 3.18.2-1ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1
Uname: Linux 4.4.0-6-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
CurrentDesktop: GNOME
Date: Thu Feb 18 20:26:14 2016
InstallationDate: Installed on 2016-02-19 (0 days ago)
InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64
(20160218)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-gnome/+bug/1547297/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1542471] Re: Playing mp3 files causes: Problem occurred without error being set. This is a bug in Rhythmbox or GStreamer.
Same issue here on Fedora22. The "touch trick" did not work for me. can't play MP3 files via Rhythmbox when the file source is a ZFS pool :( -- it works fine from a non-ZFS storage device. (Fedora 22, 4.4.13-200.fc22.x86_64, zfs = 0.6.5.7-1.fc22, rhythmbox = 3.2.1-1.fc22) -- anyone know of this issue? I'm wondering if there's some sort of "setting" which needs to applied to the pool. It's definitely a "rhythmbox integration" issue of some sort ... as playing through standard gnome-player works regardless of storage source. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gstreamer1.0 in Ubuntu. https://bugs.launchpad.net/bugs/1542471 Title: Playing mp3 files causes: Problem occurred without error being set. This is a bug in Rhythmbox or GStreamer. Status in gstreamer1.0 package in Ubuntu: New Status in rhythmbox package in Ubuntu: New Bug description: I get the following error in the console when trying to play a mp3 file using Rhythmbox: (21:23:27) [0x832a60] [rb_shell_player_error] rb-shell-player.c:2443: playback error while playing: Problem occurred without error being set. This is a bug in Rhythmbox or GStreamer. I don't get the same error while trying to play the same file using 'Video's. I installed the required codec using the 'Video's application as it told me to install a codec. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libgstreamer1.0-0 1.7.1-1 ProcVersionSignature: Ubuntu 4.4.0-2.16-generic 4.4.0 Uname: Linux 4.4.0-2-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia zfs zunicode zcommon znvpair zavl ApportVersion: 2.19.4-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Fri Feb 5 21:24:05 2016 ExecutablePath: /usr/bin/rhythmbox SourcePackage: gstreamer1.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/1542471/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1314486] Re: Flash videos disappears/underlays when using Fullscreen mode.
Please advise on any other information required to troubleshoot/analyze the issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1314486 Title: Flash videos disappears/underlays when using Fullscreen mode. Status in “xorg” package in Ubuntu: Confirmed Bug description: Flash videos (dailymotion, xnxx, etc.) disappears/underlays when using Fullscreen mode. In 13.10, the same would occur, but the workaround was to look for the underlayed fullscreen icon/fullscreen plugin container, in the activities bar. Now on 14.04, that workaround isn't even available. It looks like the issue lies somewhere in Gnome. The problem occured on UbuntuGnome14.04, so I decided to delete that and install Ubuntu 14.04. The problem is gone, but... I like Gnome, so I decided to install the Gnome shell on top of Ubuntu 14.04, and sure enough, after transitioning to Gnome shell, the same problem occurs. Can someone help me out please? ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: xorg 1:7.7+1ubuntu8 ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9 Uname: Linux 3.13.0-24-generic x86_64 NonfreeKernelModules: fglrx .tmp.unity.support.test.0: ApportVersion: 2.14.1-0ubuntu3 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: compiz CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0' CompositorUnredirectFSW: true CurrentDesktop: Unity Date: Tue Apr 29 23:14:37 2014 DistUpgraded: Fresh install DistroCodename: trusty DistroVariant: ubuntu DkmsStatus: fglrx-updates, 13.350.1, 3.13.0-24-generic, x86_64: installed ExtraDebuggingInterest: No GraphicsCard: Advanced Micro Devices, Inc. [AMD/ATI] BeaverCreek [Radeon HD 6530D] [1002:964a] (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:d000] InstallationDate: Installed on 2014-04-28 (1 days ago) InstallationMedia: It MachineType: Gigabyte Technology Co., Ltd. GA-A75M-D2H ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-24-generic root=UUID=210e604b-bbcd-432d-97d2-222bf82c99b1 ro nomodeset quiet splash vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/03/2011 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F5 dmi.board.name: GA-A75M-D2H dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF5:bd11/03/2011:svnGigabyteTechnologyCo.,Ltd.:pnGA-A75M-D2H:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-A75M-D2H:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-A75M-D2H dmi.sys.vendor: Gigabyte Technology Co., Ltd. version.compiz: compiz 1:0.9.11+14.04.20140409-0ubuntu1 version.fglrx-installer: fglrx-installer N/A version.ia32-libs: ia32-libs N/A version.libdrm2: libdrm2 2.4.52-1 version.libgl1-mesa-dri: libgl1-mesa-dri 10.1.0-4ubuntu5 version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A version.libgl1-mesa-glx: libgl1-mesa-glx 10.1.0-4ubuntu5 version.xserver-xorg-core: xserver-xorg-core 2:1.15.1-0ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.8.2-1ubuntu2 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.3.0-1ubuntu3 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.910-0ubuntu1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.10-1ubuntu2 xserver.bootTime: Tue Apr 29 21:25:06 2014 xserver.configfile: default xserver.devices: inputPower Button KEYBOARD, id 6 inputPower Button KEYBOARD, id 7 inputLogitech USB Receiver MOUSE, id 8 inputAT Translated Set 2 keyboard KEYBOARD, id 9 xserver.errors: open /dev/dri/card0: No such file or directory AIGLX error: failed to open /usr/X11R6/lib64/modules/dri/fglrx_dri.so, error[/usr/X11R6/lib64/modules/dri/fglrx_dri.so: cannot open shared object file: No such file or directory] AIGLX error: failed to open /usr/lib64/dri/fglrx_dri.so, error[/usr/lib64/dri/fglrx_dri.so: cannot open shared object file: No such file or directory] AIGLX error: failed to open /usr/X11R6/lib/modules/dri/fglrx_dri.so, error[/usr/X11R6/lib/modules/dri/fglrx_dri.so: cannot open shared object file: No such file or directory] xserver.logfile: /var/log/Xorg.0.log xserver.version: 2:1.15.1-0ubuntu2 xserver.video_driver: fglrx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1314486/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe :
[Touch-packages] [Bug 1314486] Re: Flash videos disappears/underlays when using Fullscreen mode.
Same issue in Ubunt 14.04 gnome-shell, fglrx drivermultimedia@fermmy-media:~$ uname -a Linux fermmy-media 3.13.0-33-generic #58-Ubuntu SMP Tue Jul 29 16:47:17 UTC 2014 i686 i686 i686 GNU/Linux multimedia@fermmy-media:~$ cat /etc/issue Ubuntu 14.04.1 LTS \n \l multimedia@fermmy-media:~$ dpkg --list | grep fglrx ii fglrx 2:14.100-0ubuntu1 i386 Video driver for the AMD graphics accelerators ii fglrx-amdcccle 2:14.100-0ubuntu1 i386 Catalyst Control Center for the AMD graphics accelerators ii fglrx-dev 2:14.100-0ubuntu1 i386 Video driver for the AMD graphics accelerators (devel files) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1314486 Title: Flash videos disappears/underlays when using Fullscreen mode. Status in “xorg” package in Ubuntu: Confirmed Bug description: Flash videos (dailymotion, xnxx, etc.) disappears/underlays when using Fullscreen mode. In 13.10, the same would occur, but the workaround was to look for the underlayed fullscreen icon/fullscreen plugin container, in the activities bar. Now on 14.04, that workaround isn't even available. It looks like the issue lies somewhere in Gnome. The problem occured on UbuntuGnome14.04, so I decided to delete that and install Ubuntu 14.04. The problem is gone, but... I like Gnome, so I decided to install the Gnome shell on top of Ubuntu 14.04, and sure enough, after transitioning to Gnome shell, the same problem occurs. Can someone help me out please? ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: xorg 1:7.7+1ubuntu8 ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9 Uname: Linux 3.13.0-24-generic x86_64 NonfreeKernelModules: fglrx .tmp.unity.support.test.0: ApportVersion: 2.14.1-0ubuntu3 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: compiz CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0' CompositorUnredirectFSW: true CurrentDesktop: Unity Date: Tue Apr 29 23:14:37 2014 DistUpgraded: Fresh install DistroCodename: trusty DistroVariant: ubuntu DkmsStatus: fglrx-updates, 13.350.1, 3.13.0-24-generic, x86_64: installed ExtraDebuggingInterest: No GraphicsCard: Advanced Micro Devices, Inc. [AMD/ATI] BeaverCreek [Radeon HD 6530D] [1002:964a] (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd Device [1458:d000] InstallationDate: Installed on 2014-04-28 (1 days ago) InstallationMedia: It MachineType: Gigabyte Technology Co., Ltd. GA-A75M-D2H ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-24-generic root=UUID=210e604b-bbcd-432d-97d2-222bf82c99b1 ro nomodeset quiet splash vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/03/2011 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F5 dmi.board.name: GA-A75M-D2H dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF5:bd11/03/2011:svnGigabyteTechnologyCo.,Ltd.:pnGA-A75M-D2H:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-A75M-D2H:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-A75M-D2H dmi.sys.vendor: Gigabyte Technology Co., Ltd. version.compiz: compiz 1:0.9.11+14.04.20140409-0ubuntu1 version.fglrx-installer: fglrx-installer N/A version.ia32-libs: ia32-libs N/A version.libdrm2: libdrm2 2.4.52-1 version.libgl1-mesa-dri: libgl1-mesa-dri 10.1.0-4ubuntu5 version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A version.libgl1-mesa-glx: libgl1-mesa-glx 10.1.0-4ubuntu5 version.xserver-xorg-core: xserver-xorg-core 2:1.15.1-0ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.8.2-1ubuntu2 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.3.0-1ubuntu3 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.910-0ubuntu1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.10-1ubuntu2 xserver.bootTime: Tue Apr 29 21:25:06 2014 xserver.configfile: default xserver.devices: inputPower Button KEYBOARD, id 6 inputPower Button KEYBOARD, id 7 inputLogitech USB Receiver MOUSE, id 8 inputAT Translated Set 2 keyboard KEYBOARD, id 9 xserver.errors: open /dev/dri/card0: No such file or directory AIGLX error: failed to open
