867124 – glibc upgrade overwrites configuration files (/etc/nsswitch.conf in particular)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 867124 - glibc upgrade overwrites configuration files (/etc/nsswitch.conf in particular)

Summary: glibc upgrade overwrites configuration files (/etc/nsswitch.conf in particular)

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	redhat-lsb
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Ondrej Vasik
QA Contact:	Karel Srot
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	867445 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-10-16 20:04 UTC by Matěj Cepl
Modified:	2014-06-18 05:27 UTC (History)
CC List:	15 users (show)
Fixed In Version:	redhat-lsb-4.1-22.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 09:30:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
List of all packages. (75.99 KB, text/plain) 2012-11-08 06:09 UTC, Matěj Cepl	no flags	Details
output of rpm -qa --scripts (311.27 KB, text/plain) 2012-11-08 06:09 UTC, Matěj Cepl	no flags	Details
list of the complete update originating the modification (3.96 KB, text/plain) 2013-04-05 15:57 UTC, Maurizio Paolini	no flags	Details
/var/log/yum.log with the whole "yum update" transaction (3.96 KB, text/plain) 2013-04-05 17:38 UTC, Maurizio Paolini	no flags	Details
stat of /etc/nsswitch.conf and other data (1.54 KB, text/plain) 2013-04-05 17:41 UTC, Maurizio Paolini	no flags	Details
View All

Description Matěj Cepl 2012-10-16 20:04:26 UTC

Description of problem:
Whenever I upgrade glibc, all changes in a configuration files (/etc/nsswitch.conf in particular) are overwritten, although it is marked as a configuration file.

Version-Release number of selected component (if applicable):
glibc-2.16-19.el7.x86_64

How reproducible:
100% (happened in the last two upgrades as well)

Steps to Reproduce:
1.yum upgrade when glibc upgrade is part of the transaction
2.
3.
  
Actual results:
All changes in configuration files, in my case particularly line

  hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

are overwritten. Neither *.rpmsave (nor *.rpmnew, which would be more appropriate here) are created.

Expected results:
/etc/nsswitch.conf.rpmnew is created.

Additional info:

Comment 1 Matěj Cepl 2012-10-16 20:06:02 UTC

Actually, thinking about it, it could be a bug in rpm, couldn't it? Who decides that *.rpm{save,old,new} copies are created?

Comment 2 Jeff Law 2012-10-17 15:05:57 UTC

*** Bug 867445 has been marked as a duplicate of this bug. ***

Comment 3 Stef Walter 2012-10-17 15:08:56 UTC

BTW, authconfig rewrites this file. Maybe worth investigating if 'authconfig --update --enablesssd' or something like that causes your changes to be lost.

Comment 4 John Ellson 2012-10-17 19:53:29 UTC

For me, "authconfig --update --enablesssd' did change the file (without making backup), but with the options you suggested it didn't break mdns.

# diff nsswitch.conf.bak nsswitch.conf
35,36c35,36
< group:      files
< initgroups: files
---
> group:      files sss
> #initgroups: files
40c40
< hosts:      files mdns4_minimal [NOTFOUND=return] dns mdns myhostname
---
> hosts:      files mdns4_minimal [NOTFOUND=return] dns
57c57
< services:   files
---
> services:   files sss
59c59
< netgroup:   nisplus
---
> netgroup:   files sss
63c63
< automount:  files nisplus
---
> automount:  files

Comment 5 Tomas Mraz 2012-10-18 06:58:52 UTC

I don't understand why is this assigned to authconfig. Its purpose is to update config files so updating nsswitch.conf is definitely not a bug. And when it updates them it makes a backup in /var/lib/authconfig.

BTW glibc calls authconfig --update in rpm %post? It probably shouldn't. There was an authconfig --update call in systemd %post, but that was already removed. I do not know of any other rpm package that would do it.

Comment 6 Matěj Cepl 2012-10-18 07:21:10 UTC

(In reply to comment #5)
> BTW glibc calls authconfig --update in rpm %post? It probably shouldn't.

I don't think it does:

wycliff:hesla (master) $ rpm -q --scripts glibc
preinstall scriptlet (using <lua>):
-- Check that the running kernel is new enough
required = '2.6.32'
rel = posix.uname("%r")
if rpm.vercmp(rel, required) < 0 then
  error("FATAL: kernel too old", 0)
end
postinstall program: /usr/sbin/glibc_post_upgrade.x86_64
postuninstall program: /sbin/ldconfig
preinstall scriptlet (using <lua>):
-- Check that the running kernel is new enough
required = '2.6.32'
rel = posix.uname("%r")
if rpm.vercmp(rel, required) < 0 then
  error("FATAL: kernel too old", 0)
end
postinstall program: /usr/sbin/glibc_post_upgrade.i686
postuninstall program: /sbin/ldconfig
wycliff:hesla (master) $ rpm -q --scripts glibc-common
postinstall scriptlet (using <lua>):
if posix.access("/etc/ld.so.cache") then
  if posix.stat("/usr/lib/locale/locale-archive.tmpl", "size") > 0 then
    pid = posix.fork()
    if pid == 0 then
      posix.exec("/usr/sbin/build-locale-archive")
    elseif pid > 0 then
      posix.wait(pid)
    end
  end
end

Comment 7 Tomas Mraz 2012-10-18 08:21:02 UTC

Back to glibc then.

Comment 8 Jeff Law 2012-11-08 03:41:01 UTC

Matěj,

Can you get me a list of all the rpms on the system where you saw this behaviour and the output from rpm -q --scripts ?

Most likely some other package is overwriting that file, so it's not a glibc problem.  But without knowing what package is the culprit, I don't know who to reassign this to.

Comment 9 Matěj Cepl 2012-11-08 06:09:03 UTC

Created attachment 640589 [details]
List of all packages.

Comment 10 Matěj Cepl 2012-11-08 06:09:29 UTC

Created attachment 640590 [details]
output of rpm -qa --scripts

Comment 13 Miroslav Franc 2012-11-13 00:13:44 UTC

This is redhat-lsb issue.

Comment 14 Miroslav Franc 2012-11-13 00:18:23 UTC

# grep mdns /etc/nsswitch.conf
hosts:      files mdns4_minimal [NOTFOUND=return] dns mdns4
# yum reinstall redhat-lsb
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package redhat-lsb.ppc64 0:4.1-5.el7 will be reinstalled
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================================================================================================
 Package                                             Arch                                           Version                                            Repository                                              Size
====================================================================================================================================================================================================================
Reinstalling:
 redhat-lsb                                          ppc64                                          4.1-5.el7                                          beaker-Server                                           22 k

Transaction Summary
====================================================================================================================================================================================================================
Reinstall  1 Package

Total download size: 22 k
Installed size: 0  
Is this ok [y/N]: y
Downloading Packages:
redhat-lsb-4.1-5.el7.ppc64.rpm                                                                                                                                                               |  22 kB  00:00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : redhat-lsb-4.1-5.el7.ppc64                                                                                                                                                                       1/1 
  Verifying  : redhat-lsb-4.1-5.el7.ppc64                                                                                                                                                                       1/1 

Installed:
  redhat-lsb.ppc64 0:4.1-5.el7                                                                                                                                                                                      

Complete!
# grep mdns /etc/nsswitch.conf
# 



---
# rpm -q --scripts redhat-lsb
preinstall scriptlet (using /bin/sh):
# remove the extra symlink /bin/mailx -> /bin/mail
if [ -e /bin/mailx ]; then
   if [ -L /bin/mailx ]; then
     rm -f /bin/mailx
   fi 
fi
postinstall scriptlet (using /bin/sh):
if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
     cat /etc/nsswitch.conf >/usr/share/lsb/nsswitch.conf.orig
     ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts:      files dns/
w
q
EOF
cat /etc/nsswitch.conf >/usr/share/lsb/nsswitch.conf
fi
preuninstall scriptlet (using /bin/sh):
if [ $1 -eq 0 ];then
    if [ -e /usr/share/lsb/nsswitch.conf -a -e  /usr/share/lsb/nsswitch.conf.orig ];then
        if cmp -s /usr/share/lsb/nsswitch.conf /etc/nsswitch.conf;then
            cat /usr/share/lsb/nsswitch.conf.orig >/etc/nsswitch.conf
        fi
        rm -f /usr/share/lsb/{nsswitch.conf,nsswitch.conf.orig}
    fi
fi

Comment 15 Jeff Law 2012-11-13 23:04:28 UTC

Thanks Miroslav.  I hadn't had the time to wander through the attachments yet.  I agree, this looks like a redhat-lsb package issue to me.

Comment 16 Ondrej Vasik 2012-11-19 18:04:52 UTC

Matej, do you think that the solution with .rpmnew file would be sufficient?

Comment 17 Matěj Cepl 2012-11-19 20:22:52 UTC

(In reply to comment #16)
> Matej, do you think that the solution with .rpmnew file would be sufficient?

Well, it would be better than the current situation, but why in the first place anything has a need to change my configuration file? If somebody needs to changing something there, they have as much sed as I have.

Comment 18 Ondrej Vasik 2012-11-19 20:42:27 UTC

Yes, this may be probably done better way with respect to user's modifications. Still, IMHO the change should not be silent (or there should be a file left after the change - either rpmnew or rpmsave) - as it modifies the configuration file (owned by other package). Reasons for these changes are in https://bugzilla.redhat.com/show_bug.cgi?id=825261 and https://bugzilla.redhat.com/show_bug.cgi?id=806190.

Comment 19 Matěj Cepl 2012-11-20 10:32:46 UTC

(In reply to comment #18)
> Still, IMHO the change should not be silent (or there should
> be a file left after the change - either rpmnew or rpmsave)

Quite certainly.

Comment 23 Maurizio Paolini 2013-04-05 15:57:19 UTC

Created attachment 731961 [details]
list of the complete update originating the modification

extract from /var/log/yum.log with all the updates that in the end resulted
in a modified /etc/nsswitch.conf

Comment 24 Maurizio Paolini 2013-04-05 16:05:15 UTC

As noted in the previous post I have the same problem, but redhat-lsb does not
seem to be the culprit.
I remember that the modification time of /etc/nsswitch.conf was something
like "Apr 05 13:10:10" which would place it in between the kernel Install and
the smokegen install:

[...]
Apr 05 13:09:23 Updated: 1:nfs-utils-1.2.7-5.fc18.i686
Apr 05 13:09:31 Installed: kernel-PAE-3.8.5-201.fc18.i686
Apr 05 13:12:15 Installed: smokegen-4.10.1-1.fc18.i686
[...]

I already re-modified /etc/nsswitch.conf, so that I cannot be completely 
sure of the modification time.

Comment 25 Maurizio Paolini 2013-04-05 17:38:30 UTC

Created attachment 731977 [details]
/var/log/yum.log with the whole "yum update" transaction

Comment 26 Maurizio Paolini 2013-04-05 17:39:57 UTC

Comment on attachment 731977 [details]
/var/log/yum.log with the whole "yum update" transaction

this the result of a "yum update" that resulted in a modification of the
"hosts:" entry in /etc/nsswitch.conf
More details in another attachment

Comment 27 Maurizio Paolini 2013-04-05 17:41:31 UTC

Created attachment 731978 [details]
stat of /etc/nsswitch.conf and other data

The result of "stat /etc/nsswitch.conf" suggests that the culprit is some
"posttransaction" scriptlet...

Comment 28 Maurizio Paolini 2013-04-05 18:15:24 UTC

Well, it could also be a pre- or postuninstall script, I guess.  Another
possibly important information:

in /usr/share/lsb I find:

# ls /usr/share/lsb/ -l                                                                                                         
total 12                                                                                                                                           
drwxr-xr-x 4 root root 4096 Jan 16 15:50 4.1                                                                                                       
-rw-r--r-- 1 root root 1714 Apr  5 18:28 nsswitch.conf                                                                                             
-rw-r--r-- 1 root root 1729 Apr  5 18:28 nsswitch.conf.orig

they actually coincide with the original and modified nsswitch.conf; and
the creation date is exactly the same as the modification time of /etc/nsswith.conf.  Definitely there is something related to lsb going on.

Comment 29 Maurizio Paolini 2013-04-05 18:30:34 UTC

Here is a strong hint on the problem: "redhat-lsb" contains a "trigger"
associated to the "glibc" package, which is invoked at every "uninstall" of glibc:

--- sniplet from redhat-lsb.spec ---
[...]
%triggerpostun -- glibc
if [ -x /usr/sbin/redhat_lsb_trigger.%{_target_cpu} ]; then
  /usr/sbin/redhat_lsb_trigger.%{_target_cpu}
fi

%ifnarch %{ix86}
  /sbin/sln %{ldso} /%{_lib}/%{lsbldso} || :
%else
  if [ -f /emul/ia32-linux/lib/%{ldso} ]; then
    for LSBVER in %{lsbsover}; do
      /sbin/sln /emul/ia32-linux/lib/%{ldso} /%{_lib}/%{lsbldso}.$LSBVER || :
    done
  else
    for LSBVER in %{lsbsover}; do
      /sbin/sln %{ldso} /%{_lib}/%{lsbldso}.$LSBVER || :
    done
  fi
%endif
if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
    cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig
    ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts:      files dns/
w
q
EOF
    cat /etc/nsswitch.conf > %{_datadir}/lsb/nsswitch.conf
fi
[...]
------------------------------------

*** no comment! ***

Comment 37 Maurizio Paolini 2013-11-25 19:20:26 UTC

The trigger script in the new redhat-lsb.spec is just the same, in particular:

%triggerpostun -- glibc
[...]
if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
    cat /etc/nsswitch.conf >%{_datadir}/lsb/nsswitch.conf.orig
    ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts:      files dns mdns4_minimal/
w
q
EOF

which means that whenever glibc gets updated AND the the /etc/nsswitch.conf
contains anything different from (essentially) "hosts: files dns" it gets
rewritten into "hosts: files dns mdns4_minimal".
In particular if "nis" is originally present, it disappears :-(

Comment 38 Ondrej Vasik 2013-11-26 11:55:07 UTC

In which version? Recently, in the latest builds in el7 I removed the black magic of nsswitch.conf at all - however, you have probably older version, as these builds are not yet public.
As the problem is in redhat-lsb %postun scriptlet as well, I can't fix this for released Fedoras - as the update will actually break the things again.

Comment 39 Maurizio Paolini 2013-11-26 12:08:57 UTC

Silly me... I just downloaded the latest rpm source from the standard fc19 repos, which happens to be redhat-lsb-4.1-14.fc19.src.rpm.  Sorry about the confusion.

(In reply to Ondrej Vasik from comment #38)
> In which version? Recently, in the latest builds in el7 I removed the black
> magic of nsswitch.conf at all - however, you have probably older version, as
> these builds are not yet public.
> As the problem is in redhat-lsb %postun scriptlet as well, I can't fix this
> for released Fedoras - as the update will actually break the things again.

You mean that removing the %postun scriptlet (the nsswitch.conf part) from redhat-lsb would not fix the problem?

Comment 41 Ludek Smid 2014-06-13 09:30:43 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.