Am 14.03.23 um 17:31 schrieb Luca Boccassi:
On Tue, 14 Mar 2023 18:03:53 +0200 =?utf-8?Q?Samuli_Suonp=C3=A4=C3=A4?= <suon...@diurnalis.fi> wrote:On 14. Mar 2023, at 17.34, Luca Boccassi <bl...@debian.org> wrote: Exactly, so the admin shouldn't install a package that in the description says: "Installing this package automatically overwrites /etc/resolv.confandswitches it to be managed by systemd-resolved." if that's not what they want to achieve. I agree that the /etc/resolv.conf interface is garbage, but there's nothing we candoabout it, that's just how it works. This is the only way read-only images can be supported sanely.Why exactly is it necessary to overwrite /etc/resolv.conf atpostinst, even ifthe service will not and can not be started? Wouldn’t it make more sense to make the symlink at a later stage? For Instance when the service is actually started?No, because at that point /etc might be part of a read-only filesystem and thus it's too late.There’s no point in having resolv.conf symlink to /run/systemd/resolve/stub-resolv.conf when systemd-resolved is notrunning. Don't install it if you don't want it to run. I might accept a patch that switches to using tmpfiles.d, as long as the default is still to enable on install, and that taking a copy of the existing resolv.conf is also done, and that it is proven to work on a read-only image. That way it's easier to override it with a drop-in. I am not going to write and test such patch though, someone else needs to do it and send a MR on Salsa.
A simple solution to this issue could be, to copy the existing /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf in postinst.
If systemd-resolved is started, it will be overwritten properly, if not, the original resolv.conf should continue to work.
This is how resolvconf does it and how the systemd-resolved package in Ubuntu does it:
https://salsa.debian.org/debian/resolvconf/-/blob/unstable/debian/postinst#L101 https://git.launchpad.net/ubuntu/+source/systemd/tree/debian/systemd-resolved.postinst#n31 Would be a simple, 2-line patch mkdir -p "${DPKG_ROOT}/run/systemd/resolve"cp "${DPKG_ROOT}/etc/resolv.conf" "${DPKG_ROOT}/run/systemd/resolve/stub-resolv.conf"
Regards, Michael
OpenPGP_signature
Description: OpenPGP digital signature
