Package: apt-cacher-ng Version: 3.7.4-1+b2 Severity: important In investigating an mDNS SRV discovery issue with `systemd-resolved` I hit a problem where `systemd-resolved` reports:
We have `squid-deb-proxy` and `apt-cacher-ng` (and others) that can advertise an mDNS SRV record `_apt_proxy._tcp`. We have tools such as `auto-apt-proxy` and others that can (try to) discover the SRV record (it uses `apt-helper srv-lookup _apt_proxy._tcp.local`) BUT `systemd-resolved` considers `_apt_proxy` an illegal label because it contains an underscore after the first underscore and fails to resolve it with an error report: `Resolve call failed: Invalid SRV service type '_apt_proxy._tcp'`. I've seen this issue caused by `systemd-machined` in the context of using `mkosi` to build containers where mkosi can include an underscore in the machine name but `systemd-machined` treats it as illegal and won't allow it. The solution is to advertise a legal SRV name as well and modify any tools that look-up the SRV record. For `avahi-daemon`: ``` $ cat /etc/avahi/services/apt-cacher-ng.service <?xml version="1.0" standalone='no'?> <!-- From: Lisandro Damián Nicanor Pérez Meyer <lisan...@debian.org> X-Source: http://blog.surgut.co.uk/2013/03/avahi-apt-cacher-ng-sbuild.html See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704790 for details. --> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">apt-cacher-ng proxy on %h</name> <service protocol="ipv6"> <type>_apt_proxy._tcp</type> <port>3142</port> </service> <service protocol="ipv4"> <type>_apt_proxy._tcp</type> <port>3142</port> </service> <service protocol="ipv6"> <type>_apt-proxy._tcp</type> <port>3142</port> </service> <service protocol="ipv4"> <type>_apt-proxy._tcp</type> <port>3142</port> </service> </service-group> ``` And for `systemd-resolved`: ``` $ cat /etc/systemd/dnssd/squid-deb-proxy.dnssd [Service] Name=apt-cacher-ng proxy on %H systemd Type=_apt-proxy._tcp Port=3142 ``` -- Package-specific info: -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable'), (100, 'proposed-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0+debian+tj (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apt-cacher-ng depends on: ii adduser 3.134 ii debconf [debconf-2.0] 1.5.82 ii dpkg 1.21.22 ii libbz2-1.0 1.0.8-5+b1 ii libc-ares2 1.18.1-3 ii libc6 2.36-9+deb12u1 ii libevent-2.1-7 2.1.12-stable-8 ii libevent-pthreads-2.1-7 2.1.12-stable-8 ii libfuse2 2.9.9-6+b1 ii libgcc-s1 12.2.0-14 ii liblzma5 5.4.1-0.2 ii libssl3 3.0.9-1 ii libstdc++6 12.2.0-14 ii libsystemd0 252.14-1~deb12u1 ii libwrap0 7.6.q-32 ii lsb-base 11.6 ii sysvinit-utils [lsb-base] 3.06-4 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages apt-cacher-ng recommends: ii ca-certificates 20230311 Versions of packages apt-cacher-ng suggests: ii avahi-daemon 0.8-10 pn doc-base <none> -- Configuration Files: /etc/apt-cacher-ng/security.conf [Errno 13] Permission denied: '/etc/apt-cacher-ng/security.conf' -- debconf information excluded
