Description of problem: nss-mdns modifies /etc/nsswitch.conf in postinstall and preuninstall scripts. This conflicts with authselect which checks if /etc/nsswitch.conf is modified and refuses changes if it detects changes by other programs. The new concept of authselect is - if I had understand it right - that only authselect should modify these files that it was designed to configure. As a consequence, packages in Fedora 28 shouldn't change /etc/nsswitch.conf in there scriptslets. # rpm -q --scripts nss-mdns postinstall scriptlet (using /bin/sh): /sbin/ldconfig # sed-fu to add mdns4_minimal to the hosts line of /etc/nsswitch.conf if [ -f /etc/nsswitch.conf ] ; then sed -i.bak ' /^hosts:/ !b /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g ' /etc/nsswitch.conf fi preuninstall scriptlet (using /bin/sh): # sed-fu to remove mdns4_minimal from the hosts line of /etc/nsswitch.conf if [ "$1" -eq 0 -a -f /etc/nsswitch.conf ] ; then sed -i.bak ' /^hosts:/ !b s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g ' /etc/nsswitch.conf fi postuninstall program: /sbin/ldconfig authselect shows the following error # authselect check [error] [/etc/nsswitch.conf] is not a symbolic link! [error] [/etc/nsswitch.conf] was not created by authselect! Current configuration is not valid. It was probably modified outside authselect. ... and denies setting a configuration from profiles (without --force option) # authselect select sssd with-encryptfs [error] [/etc/nsswitch.conf] is not a symbolic link! [error] [/etc/nsswitch.conf] was not created by authselect! [error] Unexpected changes to the configuration were detected. [error] Refusing to activate profile unless those changes are removed or overwrite is requested. Some unexpected changes to the configuration were detected. Use --force parameter if you want to overwrite these changes. Version-Release number of selected component (if applicable): nss-mdns-0.14.1-1.fc28.x86_64 How reproducible: Always
The nss-mdns scriptlet is the most brittle part of the package. If there is any way we can get rid of it forever, I would love to do it.
I filed this upstream bug to investigate more: https://github.com/pbrezina/authselect/issues/51
I've encountered the inverse of this bug, where authselect clobbers the existing mdns modifications made to /etc/nsswitch.conf. I just recently did a clean install of Fedora 28 last Tuesday. nss-mdns and authselect are both installed. The contents of my nsswitch.conf file are: $ cat /etc/nsswitch.conf # Generated by authselect on Tue May 15 23:43:17 2018 # Do not modify this file manually. passwd: sss files systemd group: sss files systemd netgroup: sss files automount: sss files services: sss files sudoers: files sss shadow: files ethers: files netmasks: files networks: files protocols: files rpc: files hosts: files dns myhostname aliases: files nisplus bootparams: nisplus [NOTFOUND=return] files publickey: nisplus I am able to use avahi-resolve-host-name manually resolve local devices: $ avahi-resolve-host-name uwbts3.local uwbts3.local fe80::201:2eff:fe70:fabe But I am unable to ping local devices $ ping uwbts3.local ping: uwbts3.local: Name or service not known After manually reinstalling nss-mdns mdns resolution is restored, because of the modifications made to the /etc/nsswitch.conf file. (note the hosts: line) $ sudo dnf remove nss-mdns $ sudo dnf install nss-mdns $ cat /etc/nsswitch.conf # Generated by authselect on Tue May 15 23:43:17 2018 # Do not modify this file manually. passwd: sss files systemd group: sss files systemd netgroup: sss files automount: sss files services: sss files sudoers: files sss shadow: files ethers: files netmasks: files networks: files protocols: files rpc: files hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname aliases: files nisplus bootparams: nisplus [NOTFOUND=return] files publickey: nisplus
I, too, am here because Fedora 28 broke my existing nsswitch.conf. Furthermore, authselect doesn't seem to have any option to re-enable Avahi/Zeroconf. It seems from https://github.com/pbrezina/authselect/issues/51 that there's no easy fix, so for now I'm just patching nsswitch.conf because I need to be able to use my printer, etc.
This is still broken on a clean net-install pulling in all the latest packages. I just had to do a 'sudo dnf reinstall nss-mdss' to get functionality working. Interestingly this only affected my Desktop PC. My IoT boards running a build of ARM minimal server do not have this problem and can ping each other normally.
This message is a reminder that Fedora 28 is nearing its end of life. On 2019-May-28 Fedora will stop maintaining and issuing updates for Fedora 28. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '28'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 28 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
The problem still exists on Fedora 30. The package version is still the same as in Fedora 28, it was only rebuild for the current release. In the meantime there was many improvements in authselect, and I think the maintainer of authselect will provide additional functionality if neccessary, so I think it should be possible to find a better solution for nss-mds than using sed in package scripts! Upstream source on github is unchanged since a year.
Yes, I got stalled on trying to understand the authselect integration. Any contributions welcome.
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to '31'.
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31.
Created attachment 1637614 [details] proposed patch
Adam, I attached proposed spec file patch. It makes sure the changes are written for both authselect and non-authselect cases. It is the same as the one used by systemd.
Thanks, I'll take a look! If it's easier, you can also try sending a pull request at https://src.fedoraproject.org/rpms/nss-mdns
FEDORA-EPEL-2020-ea93165071 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea93165071
FEDORA-EPEL-2020-b5e1d863a8 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b5e1d863a8
FEDORA-2020-b2c8abab93 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b2c8abab93
FEDORA-2020-01fb095a03 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-01fb095a03
nss-mdns-0.14.1-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b5e1d863a8
nss-mdns-0.14.1-5.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ea93165071
nss-mdns-0.14.1-5.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b2c8abab93
nss-mdns-0.14.1-5.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-01fb095a03
nss-mdns-0.14.1-5.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
nss-mdns-0.14.1-5.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
nss-mdns-0.14.1-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
nss-mdns-0.14.1-5.el8 has been pushed to the Fedora EPEL 8 stable repository. If problems still persist, please make note of it in this bug report.
This is still broken, upgrades from Fedora 31 to Fedora 32 disabled the functionality on upgrade. Upgrade was done offline with PackageKit. $ dnf history info 267 | grep nss-mdns Upgrade nss-mdns-0.14.1-6.fc32.x86_64 @fedora Upgraded nss-mdns-0.14.1-5.fc31.x86_64 @@System
The F31 -> F32 upgrade problems are tracked in bug #1811935.