Bug 1418968 - chrony-helper should escape domain for SRV records
Summary: chrony-helper should escape domain for SRV records
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: chrony
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: Karel Volný
Depends On:
TreeView+ depends on / blocked
Reported: 2017-02-03 10:07 UTC by Miroslav Lichvar
Modified: 2017-08-01 16:20 UTC (History)
2 users (show)

Fixed In Version: chrony-3.1-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1374767
Last Closed: 2017-08-01 16:20:39 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1908 0 normal SHIPPED_LIVE chrony bug fix and enhancement update 2017-08-01 17:54:45 UTC

Description Miroslav Lichvar 2017-02-03 10:07:19 UTC
+++ This bug was initially created as a clone of Bug #1374767 +++

Description of problem:
'chrony-helper enable-dnssrv _ntp._udp.DOMAIN' enables instance of a timer 'chrony-dnssrv@DOMAIN.timer'. systemd requires for '-' character to be escaped in unit names. (There are few more escaping rules, but for characters which are not used in domain names).

Therefore lines like this:
set_dnssrv_timer() {
    local timer=$dnssrv_timer_prefix$name.timer

have to be written as

    local timer=$dnssrv_timer_prefix$(systemd-escape $name).timer

'systemd-escape' is a helper program, part of systemd suite.

Version-Release number of selected component (if applicable):

Comment 2 Karel Volný 2017-03-08 16:54:14 UTC
is there some way to test this except for code review?

I see this is in local variable, so it cannot be queried, the only way would be to check whether systemctl enable/disable actions worked, but how do I know that it worked because of correct escaping or because some error tolerance?

- the original report doesn't mention any real world issue with that, and running the example

# /usr/libexec/chrony-helper enable-dnssrv _ntp._udp.DOMAIN

results in the same both with and without systemd-escape:

Created symlink from /etc/systemd/system/timers.target.wants/chrony-dnssrv@_ntp._udp.DOMAIN.timer to /usr/lib/systemd/system/chrony-dnssrv@.timer.

Comment 3 Miroslav Lichvar 2017-03-09 08:55:17 UTC
A domain with "-" should show make difference in the systemd unit name.

# /usr/libexec/chrony-helper enable-dnssrv _ntp._udp.a-b.example.com
Created symlink /etc/systemd/system/timers.target.wants/chrony-dnssrv@_ntp._udp.a\x2db.example.com.timer → /usr/lib/systemd/system/chrony-dnssrv@.timer.
# systemctl list-units | grep chrony-dnssrv

Comment 5 errata-xmlrpc 2017-08-01 16:20:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.