Your message dated Sun, 16 Jun 2024 20:33:56 +0000 with message-id <e1siwzy-00dpgp...@fasolo.debian.org> and subject line Bug#825438: fixed in systemd 252.26-1~deb12u2 has caused the Debian Bug report #825438, regarding libnss-mymachines should be ordered before resolve to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 825438: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825438 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libnss-resolve Version: 232-6 Severity: serious Justification: Breaks another package Hi! A freshly installed Debian Stretch system will have a /etc/nsswitch.conf like this (see libc-bin's postinst and/or /usr/share/libc-bin/nsswitch.conf): # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Installing libnss-resolve makes these changes: --- nsswitch.conf 2016-12-04 15:16:42.701978711 +0100 +++ /etc/nsswitch.conf 2016-12-04 15:16:51.965961200 +0100 @@ -9,7 +9,7 @@ shadow: compat gshadow: files -hosts: files dns +hosts: files resolve [!UNAVAIL=return] dns networks: files protocols: db files If the user then installs for example the "gnome" meta package, libnss-mdns and libnss-myhostname will be installed as well because of these dependencies/recommendations: gnome -> avahi-daemon -> libnss-mdns gnome -> gnome-core -> gnome-control-center -> libnss-myhostname This results in the following hosts line: hosts: files resolve [!UNAVAIL=return] mdns4_minimal [NOTFOUND=return] dns myhostname However, because of the "[!UNAVAIL=return]" introduced with [0], nothing after "resolve" will actually be tried. This is mostly harmless, since "resolve" provides a superset of "dns" and "myhostname", but it breaks mDNS as resolved currently does not resolve mDNS names like "foo.local". Please note, that a) This bug depends on the order of package installations. Installing libnss-resolve *AFTER* everything else will avoid the problem. b) I think the rationale for the change made in [0] is sound, so simply reverting the change is not a solution. IMHO the best solution would be to a) Activate the mDNS support in resolved [1] if possible. b) Talk to the GNOME/Avahi maintainers and make them recommend libnss- resolve instead of the others c) Eventually remove libnss-mdns and libnss-myhostname from Debian as both aren't really maintained anymore and have been superseded by libnss-resolve. Best regard Alexander Kurtz [0] https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5e0095416366eb86590d6e31242097ded5201b3a [1] https://github.com/systemd/systemd/blob/master/src/resolve/resolved-mdns.c
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 252.26-1~deb12u2 Done: Luca Boccassi <bl...@debian.org> We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 825...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luca Boccassi <bl...@debian.org> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Jun 2024 10:44:31 +0100 Source: systemd Architecture: source Version: 252.26-1~deb12u2 Distribution: bookworm Urgency: medium Maintainer: Debian systemd Maintainers <pkg-systemd-maintain...@lists.alioth.debian.org> Changed-By: Luca Boccassi <bl...@debian.org> Closes: 825438 851314 1072380 Changes: systemd (252.26-1~deb12u2) bookworm; urgency=medium . [ Gioele Barabucci ] * d/libnss-myhostname.nss: Install after `files` (Closes: #1072380) * d/libnss-mymachines.nss: Install before `resolve` and `dns` Installing `mymachines` before `dns` and `resolve` (whatever comes first) is suggested in the manpage. It also avoids leaking information about local machines to the DNS resolver. (Closes: #825438, #851314) Checksums-Sha1: 8f5c6ec661c2799fb977c91f90f695a128032108 6618 systemd_252.26-1~deb12u2.dsc 80206797d3537860341eb6ab04c9ba9d25e08d67 171184 systemd_252.26-1~deb12u2.debian.tar.xz b17d252f6e76bde84ac71b28adb975a5408b0e41 11785 systemd_252.26-1~deb12u2_source.buildinfo Checksums-Sha256: 3d392278d93e03561f0875c61dbd83f05c4e1082ea6572fc13248f7cc8d2232a 6618 systemd_252.26-1~deb12u2.dsc 099d888066d506a9625bbc04cffbaa5cbe483d8cbe33e19cae5f8ea3c165f59c 171184 systemd_252.26-1~deb12u2.debian.tar.xz 749ab2b0d598571a230f8774e1de100ef6dc07728ab4a80bc842a5bc09059ad5 11785 systemd_252.26-1~deb12u2_source.buildinfo Files: a8e1d437bc7a6e2d9c3b74dd76c307ec 6618 admin optional systemd_252.26-1~deb12u2.dsc eadc641c2c9838ca8fa6742736328f7f 171184 admin optional systemd_252.26-1~deb12u2.debian.tar.xz d9becf3badaad0535d3b7c280ade8331 11785 admin optional systemd_252.26-1~deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmZutFMRHGJsdWNhQGRl Ymlhbi5vcmcACgkQKGv37813JB5Ydg/9ERtEXYIuXw0AFY0ptkUMUzxcGvqyiJUU xWMY6SNuVT2JyzB/qnUA0JDiTjCnFh1GHZDYxPCKgCmz2wZQSkrQvtqwiKCdE4iY m0r8s/69Q0068Qy2EFmvOLRcwKx5MKXVWCcp03G9PE3i4H7INN+C+pBGyNCulDM6 np3AuXIpxFruNcHfu2Sgm2c4AjCc6pqeIdVMcriLz3wBLoQhDjFNOh5IqrsZsrVI qGFFTKBkAX0vELEbppiWfBIFN1NjRNNg8Du4eeLCM9GSrxuR/iAkMKyk/PcWIwjQ 1beN3ChDQHHPVfKZvzpiolXSx6KA1nJiMyDdagBiKJqSoFE3BUbJHpwUdhRxNGNP 7PZXaXQOMWUVh+nA3xqsEbvwR3ULWQ2v7upZM3MsgMTLSQ1YOHQGbKUldwF12SAE uhUQoFnuioSOByB5xZt5BWvcY8+bMhOsDb6zisv5RACh9faD4QsxbTTrxLRvhNkj gGHQPaHrUHrB3NcPy6dvOjjjrIQdbVU0XEd5Y1KB0pXMR6KX1Fb/P5g3BLZ6krAL JGEvlaZlxZOXEk+aUWJst8FVuWOTEHZX3cqT9jDmn31YKi9Hbln5u6sG8PMdRZA0 N3DvpUeE3p6Zrd1cimB8fAYzH5vPSngPaKU/8EduLtwe3YMD/S56IsCnMCBy03Kc nvTKVcycFL0= =9zzN -----END PGP SIGNATURE-----
Description: PGP signature
--- End Message ---
