Your message dated Sat, 29 Jun 2024 10:46:20 +0000
with message-id <e1snvb2-002biq...@coccia.debian.org>
and subject line Released with 12.6
has caused the Debian Bug report #1072716,
regarding bookworm-pu: package systemd/252.26-1~deb12u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072716
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: syst...@packages.debian.org
Control: affects -1 + src:systemd
I'd like to get the release team's approval for a proposed change to
bookworm's libnss-myhostname and libnss-mymachines packages, which are both
generated from src:systemd.
Note that since the systemd maintainers have already uploaded a new package
targeting bookworm 12.6, this change will likely get rolled up into whatever
their next planned upload is; I don't expect them to make an upload for this
change specifically. Per their request, I'm looking for signoff from the
stable release managers that this change would be accepted. Consequently,
the diff shown here does not include a changelog update, as this would be
generated by gbp.
Additional context, along with the details of the testing performed, is
available in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072380 and
https://people.debian.org/~noahm/bug-1072380-testing.html
The problem being addressed with this change is that the installation of
libnss-myhostname and libnss-mymachines packages inserts their entries in a
suboptimal order in /etc/nsswitch.conf. This results in unnecessary DNS
queries for names that can and should be handled locally by these NSS
modules. Impact includes leaking local container names to the DNS
infrastructure and potential delays while waiting for DNS answers that will
never come.
The issue was reported in the context of the bookworm cloud images, which
install libnss-myhostname by default, in bug #1072380. It is also the root
cause of #825438 and #851314. It was fixed in sid/trixie with
https://salsa.debian.org/systemd-team/systemd/-/merge_requests/162, uploaded
in systemd 256~rc3-3. The changes in this MR cherry-pick cleanly to the
bookworm packaging.
The proposed change only impacts fresh installations of the impacted
packages, not upgrades, which is consistent with how the packages in trixie
behave.
The complete set of proposed changes follows:
commit b2e84c688b1c50e87761c4a9d9e28cbb7c97a116 (HEAD -> bookworm-nss,
fork/bookworm-nss)
Author: Gioele Barabucci <gio...@svario.it>
Date: Wed Aug 10 16:35:58 2022 +0200
d/libnss-mymachines.nss: Install before `resolve` and `dns`
Installing `mymachines` before `dns` and `resolve` (whatever comes
first) is suggested in the manpage.
It also avoids leaking information about local machines to the DNS
resolver.
Closes: #825438
Closes: #851314
(cherry picked from commit 98b7abdc1fc9ae5ecaaeb3a1fad332522b19501b)
diff --git a/debian/libnss-mymachines.nss b/debian/libnss-mymachines.nss
index dd7e3a1745..ff7213d021 100644
--- a/debian/libnss-mymachines.nss
+++ b/debian/libnss-mymachines.nss
@@ -1 +1 @@
-hosts last mymachines
+hosts before=resolve,dns mymachines
commit 5e48855c2f2906e338d5c64bd0941c1eef6574af
Author: Gioele Barabucci <gio...@svario.it>
Date: Thu Aug 11 14:28:50 2022 +0200
d/libnss-myhostname.nss: Install after `files`
(cherry picked from commit a0e7eede9ba115500b0fbe79ce1107458683dc6c)
Closes: #1072380
diff --git a/debian/libnss-myhostname.nss b/debian/libnss-myhostname.nss
index 0ef4054806..9ed4b628e2 100644
--- a/debian/libnss-myhostname.nss
+++ b/debian/libnss-myhostname.nss
@@ -1 +1 @@
-hosts last myhostname
+hosts after=files myhostname
--- End Message ---
--- Begin Message ---
Version: 12.6
The upload requested in this bug has been released as part of 12.6.
--- End Message ---
