Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org
I did not get any response from the systemd maintainers on the original
bug report (#1081633) for this within four months.
The Debian cloud images use systemd-networkd in combination with
netplan. Some of our users got problems with the default of
systemd-networkd of not using the provided domains for lookups by
default. It was reported from at least one cloud vendor (Microsoft
Azure) as a problem. But it is not configurable on the systemd side in
this version.
The other proposed solutions will require patching other packages with
Debian Bookworm-specific changes.
[ Impact ]
None, the default does not change and it needs to be flipped in the
config.
[ Tests ]
Upstream provides tests for this feature.
I tested it in the real environment this change is destined for.
Bastian
--
... bacteriological warfare ... hard to believe we were once foolish
enough to play around with that.
-- McCoy, "The Omega Glory", stardate unknown
diff --git a/debian/changelog b/debian/changelog
index 6deaa306729c42c98d9c281530c45cc8918da535..f3da58877e3391f4692cb6fcf53d3b517fcb0791 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+systemd (252.33-1~deb12u1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Backport PR#32194. (closes: #1081633)
+
+ -- Bastian Blank <wa...@debian.org> Tue, 17 Dec 2024 15:15:42 +0000
+
systemd (252.33-1~deb12u1) bookworm; urgency=medium
* New upstream version 252.33
diff --git a/debian/patches/pr32194.patch b/debian/patches/pr32194.patch
new file mode 100644
index 0000000000000000000000000000000000000000..85512c04a25ab676cf1f8ba678ef76ca839a43eb
--- /dev/null
+++ b/debian/patches/pr32194.patch
@@ -0,0 +1,203 @@
+From: Henry Li <l...@microsoft.com>
+Date: Tue Apr 9 17:40:42 2024 -0700
+Subject: Merge pull request #32194 from henryli001/lihl/add-defaultUseDomains-config
+ network: add mechanism to configure default UseDomains= setting
+
+diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml
+index 85b21ee7f9..f7a32c9798 100644
+--- a/man/networkd.conf.xml
++++ b/man/networkd.conf.xml
+@@ -182,6 +182,17 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00</programlisting>
+ </example>
+ </listitem>
+ </varlistentry>
++
++ <varlistentry>
++ <term><varname>UseDomains=</varname></term>
++ <listitem><para>Specifies the default value for per-network <varname>UseDomains=</varname>.
++ Takes a boolean. See for details in
++ <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
++ Defaults to <literal>no</literal>.</para>
++
++
++ </listitem>
++ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+@@ -202,7 +213,16 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00</programlisting>
+ <varlistentry>
+ <term><varname>DUIDType=</varname></term>
+ <term><varname>DUIDRawData=</varname></term>
+- <listitem><para>As in the [DHCPv4] section.</para></listitem>
++ <listitem><para>As in the [DHCPv4] section.</para>
++
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term><varname>UseDomains=</varname></term>
++ <listitem><para>As in the [DHCPv4] section.</para>
++
++ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index 8434247042..92f6e14bac 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -1988,7 +1988,9 @@ allow my_server_t localnet_peer_t:peer recv;</programlisting>
+ effect of the <option>Domains=</option> setting. If set to <option>route</option>, the domain name
+ received from the DHCP server will be used for routing DNS queries only, but not for searching,
+ similarly to the effect of the <option>Domains=</option> setting when the argument is prefixed with
+- <literal>~</literal>. Defaults to false.</para>
++ <literal>~</literal>. When unspecified, the value specified in the same setting in
++ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
++ which defaults to <literal>no</literal>, will be used.</para>
+
+ <para>It is recommended to enable this option only on trusted networks, as setting this
+ affects resolution of all hostnames, in particular of single-label names. It is generally
+diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c
+index 77d5e3a2f2..35981faa78 100644
+--- a/src/network/networkd-dhcp-common.c
++++ b/src/network/networkd-dhcp-common.c
+@@ -458,6 +458,8 @@ int config_parse_dhcp_use_domains(
+ return 0;
+ }
+
++DEFINE_CONFIG_PARSE_ENUM(config_parse_default_dhcp_use_domains, dhcp_use_domains, DHCPUseDomains, "Failed to parse UseDomains=")
++
+ int config_parse_dhcp_use_ntp(
+ const char* unit,
+ const char *filename,
+diff --git a/src/network/networkd-dhcp-common.h b/src/network/networkd-dhcp-common.h
+index c19bc10407..5a1d446a60 100644
+--- a/src/network/networkd-dhcp-common.h
++++ b/src/network/networkd-dhcp-common.h
+@@ -92,6 +92,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_or_ra_route_metric);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_dns);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_domains);
++CONFIG_PARSER_PROTOTYPE(config_parse_default_dhcp_use_domains);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_ntp);
+ CONFIG_PARSER_PROTOTYPE(config_parse_iaid);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_or_ra_route_table);
+diff --git a/src/network/networkd-gperf.gperf b/src/network/networkd-gperf.gperf
+index 8ed90f0e4b..2bdeec0b4c 100644
+--- a/src/network/networkd-gperf.gperf
++++ b/src/network/networkd-gperf.gperf
+@@ -26,8 +26,10 @@ Network.SpeedMeterIntervalSec, config_parse_sec,
+ Network.ManageForeignRoutingPolicyRules, config_parse_bool, 0, offsetof(Manager, manage_foreign_rules)
+ Network.ManageForeignRoutes, config_parse_bool, 0, offsetof(Manager, manage_foreign_routes)
+ Network.RouteTable, config_parse_route_table_names, 0, 0
++DHCPv4.UseDomains, config_parse_default_dhcp_use_domains, 0, offsetof(Manager, dhcp_use_domains)
+ DHCPv4.DUIDType, config_parse_duid_type, 0, offsetof(Manager, dhcp_duid)
+ DHCPv4.DUIDRawData, config_parse_duid_rawdata, 0, offsetof(Manager, dhcp_duid)
++DHCPv6.UseDomains, config_parse_default_dhcp_use_domains, 0, offsetof(Manager, dhcp6_use_domains)
+ DHCPv6.DUIDType, config_parse_duid_type, 0, offsetof(Manager, dhcp6_duid)
+ DHCPv6.DUIDRawData, config_parse_duid_rawdata, 0, offsetof(Manager, dhcp6_duid)
+ /* Deprecated */
+diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h
+index 2db92780a5..09c37b3f64 100644
+--- a/src/network/networkd-manager.h
++++ b/src/network/networkd-manager.h
+@@ -56,6 +56,9 @@ struct Manager {
+ OrderedSet *address_pools;
+ Set *dhcp_pd_subnet_ids;
+
++ DHCPUseDomains dhcp_use_domains;
++ DHCPUseDomains dhcp6_use_domains;
++
+ DUID dhcp_duid;
+ DUID dhcp6_duid;
+ DUID duid_product_uuid;
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 799da2d080..83a8e3d893 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -396,6 +396,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+ .dhcp_use_sip = true,
+ .dhcp_use_dns = true,
+ .dhcp_routes_to_dns = true,
++ .dhcp_use_domains = manager->dhcp_use_domains,
+ .dhcp_use_hostname = true,
+ .dhcp_use_routes = true,
+ .dhcp_use_gateway = -1,
+@@ -410,6 +411,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+ .dhcp6_use_address = true,
+ .dhcp6_use_pd_prefix = true,
+ .dhcp6_use_dns = true,
++ .dhcp6_use_domains = manager->dhcp6_use_domains,
+ .dhcp6_use_hostname = true,
+ .dhcp6_use_ntp = true,
+ .dhcp6_use_rapid_commit = true,
+diff --git a/src/network/networkd.conf b/src/network/networkd.conf
+index 38dc9f1f79..03c319ae04 100644
+--- a/src/network/networkd.conf
++++ b/src/network/networkd.conf
+@@ -22,7 +22,9 @@
+ [DHCPv4]
+ #DUIDType=vendor
+ #DUIDRawData=
++#UseDomains=no
+
+ [DHCPv6]
+ #DUIDType=vendor
+ #DUIDRawData=
++#UseDomains=no
+diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
+index d84350b70a..c9c4fc6f47 100755
+--- a/test/test-network/systemd-networkd-tests.py
++++ b/test/test-network/systemd-networkd-tests.py
+@@ -5070,6 +5070,50 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
+ check(self, True, False)
+ check(self, False, True)
+ check(self, False, False)
++
++ def test_dhcp_client_default_use_domains(self):
++ def check(self, ipv4, ipv6):
++ mkdir_p(networkd_conf_dropin_dir)
++ with open(os.path.join(networkd_conf_dropin_dir, 'default_use_domains.conf'), mode='w', encoding='utf-8') as f:
++ f.write('[DHCPv4]\nUseDomains=')
++ f.write('yes\n' if ipv4 else 'no\n')
++ f.write('[DHCPv6]\nUseDomains=')
++ f.write('yes\n' if ipv6 else 'no\n')
++
++ restart_networkd()
++ self.wait_online('veth-peer:carrier')
++ start_dnsmasq('--dhcp-option=option:dns-server,192.168.5.1',
++ '--dhcp-option=option6:dns-server,[2600::1]',
++ '--dhcp-option=option:domain-search,example.com',
++ '--dhcp-option=option6:domain-search,example.com')
++
++ self.wait_online('veth99:routable')
++
++ # link becomes 'routable' when at least one protocol provide an valid address. Hence, we need to explicitly wait for both addresses.
++ self.wait_address('veth99', r'inet 192.168.5.[0-9]*/24 metric 1024 brd 192.168.5.255 scope global dynamic', ipv='-4')
++ self.wait_address('veth99', r'inet6 2600::[0-9a-f]*/128 scope global (dynamic noprefixroute|noprefixroute dynamic)', ipv='-6')
++
++ for _ in range(20):
++ output = resolvectl('domain', 'veth99')
++ if ipv4 or ipv6:
++ if 'example.com' in output:
++ break
++ else:
++ if 'example.com' not in output:
++ break
++ time.sleep(0.5)
++ else:
++ print(output)
++ self.fail('unexpected domain setting in resolved...')
++
++ stop_dnsmasq()
++ remove_networkd_conf_dropin('default_use_domains.conf')
++
++ copy_network_unit('25-veth.netdev', '25-dhcp-server-veth-peer.network', '25-dhcp-client.network', copy_dropins=False)
++ check(self, True, True)
++ check(self, True, False)
++ check(self, False, True)
++ check(self, False, False)
+
+ class NetworkdDHCPPDTests(unittest.TestCase, Utilities):
+
diff --git a/debian/patches/series b/debian/patches/series
index 661f0c480a264cfdceb00182173bca921dfae870..b2bf168d16fe375690a9904e40eb3cd7df4445c6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,4 @@ debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch
debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch
debian/Downgrade-a-couple-of-warnings-to-debug.patch
debian/Skip-flaky-test_resolved_domain_restricted_dns-in-network.patch
+pr32194.patch
