Bug 825261
| Summary: | redhat-lsb scripts blow away my /etc/nsswitch.conf (also, output during upgrade that shouldn't be displayed) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jonathan Kamens <jik> | ||||
| Component: | redhat-lsb | Assignee: | Xibo Ning <xning> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 17 | CC: | eparis, hliu, llim, nsoranzo, pnemade, rkagan, rmarko, xning | ||||
| Target Milestone: | --- | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | redhat-lsb-4.1-5.fc17 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-07-18 13:19:52 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
redhat-lsb package got updated to 4.1 with the help of Xning who is also looking into the issues of fixing the test failures. He has done some testing and based on that submitted patch which was built in latest update in f17. xning, Can you please look into above reported issue and provide a fix here? Thanks. Same problem. Update completely blew away my nsswitch.conf. cp /etc/nsswitch.conf.bak /etc/nsswitch.conf rerun authconfig-gtk Now my box is functioning. If anyone else hits it and can give bad karma in: https://admin.fedoraproject.org/updates/FEDORA-2012-8300/redhat-lsb-4.1-3.fc17 We cna get this 'unpushed' from updates-testing package is unpushed from upstes-testing repo. Has sent fix to Paragan, please push and rebuild the package.
--- redhat-lsb.orig/redhat-lsb.spec 2012-05-26 14:37:40.079866383 +0800
+++ redhat-lsb/redhat-lsb.spec 2012-05-26 14:32:40.661004170 +0800
@@ -570,9 +570,7 @@
done
fi
%endif
-if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then
- true
-else
+if ! grep -s -q '^hosts: \+files \+dns$' /etc/nsswitch.conf;then
cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak
ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts: files dns/
@@ -590,9 +588,7 @@
done
fi
%endif
-if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then
- true
-else
+if ! grep -s -q '^hosts: \+files \+dns$' /etc/nsswitch.conf;then
cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak
ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts: files dns/
@@ -603,8 +599,10 @@
%preun
-cat %{_datadir}/lsb/nsswitch.conf.bak >/etc/nsswitch.conf
-rm -f %{_datadir}/lsb/nsswitch.conf.bak
+if [ -e %{_datadir}/lsb/nsswitch.conf.bak ];then
+ cat %{_datadir}/lsb/nsswitch.conf.bak >/etc/nsswitch.conf
+ rm -f %{_datadir}/lsb/nsswitch.conf.bak
+fi
%postun submod-security -p <lua>
os.remove("%{_datadir}/lsb/%{lsbrelver}/submodules")
What is the purpose of this change? It is still problematic. What if someone makes changes to /etc/nsswitch.conf? The %preun script will blow away those changes. Neither the %post nor the %preun script takes account of the possibility that the package is being upgraded, i.e., you're not checking $1 to find out how many instances of the package there are. There are various spec file tutorials and documents on the web which show the right way to do this. In short, I don't understand what this change is trying to accomplish, and even with the changes above, it's still broken. (In reply to comment #6) > What is the purpose of this change? > > It is still problematic. > > What if someone makes changes to /etc/nsswitch.conf? The %preun script will > blow away those changes. > > Neither the %post nor the %preun script takes account of the possibility > that the package is being upgraded, i.e., you're not checking $1 to find out > how many instances of the package there are. There are various spec file > tutorials and documents on the web which show the right way to do this. > > In short, I don't understand what this change is trying to accomplish, and > even with the changes above, it's still broken. LSB 4.1 dist tests requires 'gethostbyaddr' function to be configured to look for a host first in 'file', then in 'dns', so we need check and ensure /etc/nsswitch.conf to configured correctly. This patch resolves bug 806190. Please give some advice about how fix bug 806190. What about this patch, it works like this: %post checks and ensures /etc/nsswitch.conf is configured corectly, if need, we modify /etc/nsswitch.conf. Here we back up nsswitch.conf twice, one before we modify it, one after we modify it. The backup files are %{_datadir}/lsb/nsswitch.conf.orig and %{_datadir}/lsb/nsswitch.conf %preun will restore /etc/nsswitch.conf if only if both backup files exist and /etc/nsswitch.conf isn't modified since redhat-lsb be installed. 1 --- redhat-lsb.orig/redhat-lsb.spec 2012-05-26 14:37:40.079866383 +0800
2 +++ redhat-lsb/redhat-lsb.spec 2012-05-27 12:38:20.012520056 +0800
3 @@ -570,15 +570,14 @@
4 done
5 fi
6 %endif
7 -if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then
8 - true
9 -else
10 - cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak
11 +if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
12 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig
13 ed -s /etc/nsswitch.conf <<EOF
14 /^hosts: \+files \+/s/.*/hosts: files dns/
15 w
16 q
17 EOF
18 + cat /etc/nsswitch.conf > %{_datadir}/lsb/nsswitch.conf
19 fi
20
21 %post
22 @@ -590,21 +589,24 @@
23 done
24 fi
25 %endif
26 -if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then
27 - true
28 -else
29 - cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak
30 +if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
31 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig
32 ed -s /etc/nsswitch.conf <<EOF
33 /^hosts: \+files \+/s/.*/hosts: files dns/
34 w
35 q
36 EOF
37 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf
38 fi
39
40
41 %preun
42 -cat %{_datadir}/lsb/nsswitch.conf.bak >/etc/nsswitch.conf
43 -rm -f %{_datadir}/lsb/nsswitch.conf.bak
44 +if [ -e %{_datadir}/lsb/nsswitch.conf && -e %{_datadir}/lsb/nsswitch.conf.org ];then
45 + if cmp -s %{_datadir}/lsb/nsswitch.conf /etc/nsswitch;then
46 + cat %{_datadir}/lsb/nsswitch.conf.org >/etc/nsswitch.conf
47 + fi
48 + rm -f %{_datadir}/lsb/{nsswitch.conf,nsswitch.conf.org}
49 +fi
50
51 %postun submod-security -p <lua>
52 os.remove("%{_datadir}/lsb/%{lsbrelver}/submodules")
(In reply to comment #6) > What is the purpose of this change? > > It is still problematic. > > What if someone makes changes to /etc/nsswitch.conf? The %preun script will > blow away those changes. > Add 47~49 to check whether someone changes /etc/nsswitch.conf after we backup. > Neither the %post nor the %preun script takes account of the possibility > that the package is being upgraded, i.e., you're not checking $1 to find out > how many instances of the package there are. There are various spec file > tutorials and documents on the web which show the right way to do this. > Add checking $1 in %preun. %post scripts should always run to ensure /etc/nsswitch.conf be correctly configured. > In short, I don't understand what this change is trying to accomplish, and > even with the changes above, it's still broken. 1 --- redhat-lsb.orig/redhat-lsb.spec 2012-05-26 14:37:40.079866383 +0800 2 +++ redhat-lsb/redhat-lsb.spec 2012-05-27 14:35:08.668741133 +0800 3 @@ -570,15 +570,14 @@ 4 done 5 fi 6 %endif 7 -if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then 8 - true 9 -else 10 - cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak 11 +if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then 12 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig 13 ed -s /etc/nsswitch.conf <<EOF 14 /^hosts: \+files \+/s/.*/hosts: files dns/ 15 w 16 q 17 EOF 18 + cat /etc/nsswitch.conf > %{_datadir}/lsb/nsswitch.conf 19 fi 20 21 %post 22 @@ -590,21 +589,25 @@ 23 done 24 fi 25 %endif 26 -if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then 27 - true 28 -else 29 - cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak 30 - ed -s /etc/nsswitch.conf <<EOF 31 +if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then 32 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig 33 + ed -s /etc/nsswitch.conf <<EOF 34 /^hosts: \+files \+/s/.*/hosts: files dns/ 35 w 36 q 37 EOF 38 +cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf 39 fi 40 41 - 42 %preun 43 -cat %{_datadir}/lsb/nsswitch.conf.bak >/etc/nsswitch.conf 44 -rm -f %{_datadir}/lsb/nsswitch.conf.bak 45 +if [ $1 -eq 0 ];then 46 + if [ -e %{_datadir}/lsb/nsswitch.conf && -e %{_datadir}/lsb/nsswitch.conf.org ];then 47 + if cmp -s %{_datadir}/lsb/nsswitch.conf /etc/nsswitch;then 48 + cat %{_datadir}/lsb/nsswitch.conf.org >/etc/nsswitch.conf 49 + fi 50 + rm -f %{_datadir}/lsb/{nsswitch.conf,nsswitch.conf.org} 51 + fi 52 +fi 53 54 %postun submod-security -p <lua> 55 os.remove("%{_datadir}/lsb/%{lsbrelver}/submodules") (In reply to comment #6) > What is the purpose of this change? > > It is still problematic. > > What if someone makes changes to /etc/nsswitch.conf? The %preun script will > blow away those changes. > > Neither the %post nor the %preun script takes account of the possibility > that the package is being upgraded, i.e., you're not checking $1 to find out > how many instances of the package there are. There are various spec file > tutorials and documents on the web which show the right way to do this. > > In short, I don't understand what this change is trying to accomplish, and > even with the changes above, it's still broken. I test this patch, and it's works for freshinstall and remove, update and remove redhat-lsb-4.1. It also works when we changed /etc/nsswitch.conf. 1 --- redhat-lsb.orig/redhat-lsb.spec 2012-05-26 14:37:40.079866383 +0800 2 +++ redhat-lsb/redhat-lsb.spec 2012-05-27 16:57:16.086923253 +0800 3 @@ -570,15 +570,14 @@ 4 done 5 fi 6 %endif 7 -if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then 8 - true 9 -else 10 - cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak 11 +if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then 12 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig 13 ed -s /etc/nsswitch.conf <<EOF 14 /^hosts: \+files \+/s/.*/hosts: files dns/ 15 w 16 q 17 EOF 18 + cat /etc/nsswitch.conf > %{_datadir}/lsb/nsswitch.conf 19 fi 20 21 %post 22 @@ -590,21 +589,25 @@ 23 done 24 fi 25 %endif 26 -if grep '^hosts: \+files \+dns$' /etc/nsswitch.conf;then 27 - true 28 -else 29 - cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.bak 30 - ed -s /etc/nsswitch.conf <<EOF 31 +if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then 32 + cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig 33 + ed -s /etc/nsswitch.conf <<EOF 34 /^hosts: \+files \+/s/.*/hosts: files dns/ 35 w 36 q 37 EOF 38 +cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf 39 fi 40 41 - 42 %preun 43 -cat %{_datadir}/lsb/nsswitch.conf.bak >/etc/nsswitch.conf 44 -rm -f %{_datadir}/lsb/nsswitch.conf.bak 45 +if [ $1 -eq 0 ];then 46 + if [ -e %{_datadir}/lsb/nsswitch.conf -a -e %{_datadir}/lsb/nsswitch.conf.orig ];then 47 + if cmp -s %{_datadir}/lsb/nsswitch.conf /etc/nsswitch.conf;then 48 + cat %{_datadir}/lsb/nsswitch.conf.orig >/etc/nsswitch.conf 49 + fi 50 + rm -f %{_datadir}/lsb/{nsswitch.conf,nsswitch.conf.orig} 51 + fi 52 +fi 53 54 %postun submod-security -p <lua> 55 os.remove("%{_datadir}/lsb/%{lsbrelver}/submodules") Have tested and sent patch to Pargan. Thanks you three. I have yet not committed your patch and this bug is not a rawhide that once package built can be closed as NEXTRELEASE. For releases where bodhi exists, I prefer bug to be closed automatically. I will check it and accordingly commit it tomorrow. For reference I will attach your patch here. Created attachment 587402 [details]
spec file fix
Ok, thanks, Paragan. redhat-lsb-4.1-4.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/redhat-lsb-4.1-4.fc17 Package redhat-lsb-4.1-4.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing redhat-lsb-4.1-4.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8633/redhat-lsb-4.1-4.fc17 then log in and leave karma (feedback). Taking out of modified. On May 23 I updated to 4.1-2. Things were ok. On May 25 I updated to 4.1-3. This cleared my nsswitch.conf I restored my nsswitch.conf with authconfig-gtk On May 31 I updated to 4.1-4. This once AGAIN cleared my nsswitch.conf I once again restored with authconfig-gtk. PLEASE Stop blanking my nsswitch.conf! Let me rephrase one part of that comment. On May 23 I INSTALLED 4.1-2. That was not an update. It was my original installed version. Eric, if there was a line like this: 'hosts: file dns' in your nsswitch.conf file and then you installed/updated to redhat-lsb-4.1-3. After that, removing redhat-lsb-4.1-3 would blanked your nsswitch.conf. It is because that %preun scriptlets of redhat-lsb-4.1-3 always restores /etc/nsswitch.conf from backup nsswitch.conf.bak file when removing redhat-lsb-4.1-3, but the nsswitch.conf.bak file could be not existed. Package redhat-lsb-4.1-4 fixs this bug. Pls remove redhat-lsb-4.1-3, check nsswitch.conf, then install 4.1-4 or update to 4.1-4 to retest. Thanks a lot, Eric. redhat-lsb-4.1-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. This update breaks avahi (mdns) functionality:
# diff nsswitch.conf nsswitch.conf.bak
39c39
< hosts: files dns
---
> hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
Updated redhat-lsb-4.0-11.fc17.x86_64 @fedora
Update 4.1-4.fc17.x86_64 @updates
(In reply to comment #21) > This update breaks avahi (mdns) functionality: > > # diff nsswitch.conf nsswitch.conf.bak > 39c39 > < hosts: files dns > --- > > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname > > > Updated redhat-lsb-4.0-11.fc17.x86_64 @fedora > Update 4.1-4.fc17.x86_64 @updates Richard, that's because this bug: https://bugzilla.redhat.com/show_bug.cgi?id=806190 (In reply to comment #22) > (In reply to comment #21) > > This update breaks avahi (mdns) functionality: > > > > # diff nsswitch.conf nsswitch.conf.bak > > 39c39 > > < hosts: files dns > > --- > > > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname > > > > > > Updated redhat-lsb-4.0-11.fc17.x86_64 @fedora > > Update 4.1-4.fc17.x86_64 @updates > Richard, that's because this bug: > https://bugzilla.redhat.com/show_bug.cgi?id=806190 No that's because your %post unconditionally resets *any* setting for hosts database with "files dns". What's the point? In essense it conflicts with every NSS plugin which sticks itself in there (nss-mdns, nss-myhostname), and also defeats any user configuration. (In reply to comment #23) > (In reply to comment #22) > > (In reply to comment #21) > > > This update breaks avahi (mdns) functionality: > > > > > > # diff nsswitch.conf nsswitch.conf.bak > > > 39c39 > > > < hosts: files dns > > > --- > > > > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname > > > > > > > > > Updated redhat-lsb-4.0-11.fc17.x86_64 @fedora > > > Update 4.1-4.fc17.x86_64 @updates > > Richard, that's because this bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=806190 > > No that's because your %post unconditionally resets *any* setting for hosts > database with "files dns". To resolve bug 806190, we need gethostbyaddr to look up a host first in 'files', then 'DNS', if don't find host by address, immediately return. In Fedora 17, because of the default configuration of /etc/nsswitch.conf, the return value of gethostbyaddr is not right. You can reproduce bug 806190, the attachment of bug 806190 is a simple test c program. Yes, when install redhat-lsb-4.1, the %post script modify /etc/nsswitch.conf unconditionally. We can modify redhat-lsb.spec, so %post script modify /etc/nsswitch.conf only when the first time installing redhat-lsb-4.1. > > What's the point? In essense it conflicts with every NSS plugin which > sticks itself in there (nss-mdns, nss-myhostname), and also defeats any user > configuration. The resolution in bug 806190 is wrong, I posted comment 806190#6 there. Anyway redhat-lsb has no business in /etc/nsswitch.conf; even if nsswitch is misconfigured it's not redhat-lsb responsibility. IMO messing with nsswitch should be removed altogether from redhat-lsb pre/post scripts. Roman, I reopened bug 806190. |
Two problems in redhat-lsb, one critical and one minor cosmetic. First the critical: preuninstall script overwrites /etc/nsswitch.conf with /usr/share/lsb/nsswitch.conf.bak without regard for the fact that the latter might not exist, thus blowing away its contents and turning it into an empty file. Minor: The grep of /etc/nsswitch.conf in the postinstall script should use "grep -q -s" so as not to generate unnecessary output. While you're at it, the code there has a completely unnecessary block in the if statement. It should read: if ! grep -q -s '^hosts: \+files \+dns$' /etc/nsswitch.conf; then cat /etc/nsswitch.conf >/usr/share/lsb/nsswitch.conf.bak ed -s /etc/nsswitch.conf <<EOF /^hosts: \+files \+/s/.*/hosts: files dns/ w q EOF fi