Bug 986728 - postinstall and triggerpostun scriptlets destroy "hosts:" line in /etc/nsswitch.conf
postinstall and triggerpostun scriptlets destroy "hosts:" line in /etc/nsswit...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: redhat-lsb (Show other bugs)
19
Unspecified Linux
unspecified Severity low
: ---
: ---
Assigned To: Ondrej Vasik
Fedora Extras Quality Assurance
: Reopened
: 915147 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-21 19:51 EDT by Edgar Hoch
Modified: 2014-01-03 03:37 EST (History)
6 users (show)

See Also:
Fixed In Version: redhat-lsb-4.1-21.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-03 03:37:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Edgar Hoch 2013-07-21 19:51:24 EDT
Description of problem:

Package redhat-lsb replaces the "hosts:" line in /etc/nsswitch.conf by a fixed string.
This breaks previosly configured nameservices like nis or ldap for resolving hosts.

I think package redhat-lsb should not change /etc/nsswitch.conf at all.
It tries to add the service mdns4_minimal to the hosts line in /etc/nsswitch.conf but this is already done by the scriptlets in package nss-mdns.

I think package nss-mdns should be the _only_ package that add an entry for 
mdns4_minimal to /etc/nsswitch.conf because only this package provides the files neccessary for this service.
And the scriptlets in package nss-mdns do the thing right: They just add the entry and don't replace the line by a fixed string.

I suggest to

- remove the complete postinstall scriptlet (because it only deals with /etc/nsswitch.conf)
- remove the complete preuninstall scriptlet (because it only deals with /etc/nsswitch.conf)
- remove the last part of triggerpostun which 
deals with /etc/nsswitch.conf

from the package redhat-lsb to solve the problem.


Version-Release number of selected component (if applicable):
redhat-lsb-4.1-14.fc19.x86_64
nss-mdns-0.10-12.fc19.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Package redhat-lsb must not be installed.
2. Change file /etc/nsswitch.conf to contain a line like this:
hosts:      files nis dns
3. Install package redhat-lsb.

Actual results:
/etc/nsswitch.conf contains the line
hosts:      files dns mdns4_minimal

Expected results:
/etc/nsswitch.conf should be unchanged.

Additional info:
To see the scriptlets use the following commands:

rpm -q --scripts redhat-lsb
rpm -q --triggers redhat-lsb
rpm -q --scripts nss-mdns
Comment 1 Ondrej Vasik 2013-08-08 08:51:14 EDT
Thanks for report, this change was requested by #915147. This initial breakage was introduced fix for # - see #806190 - http://pkgs.fedoraproject.org/cgit/redhat-lsb.git/commit/redhat-lsb.spec?id=b974bc468115f5e21755b61bb247d5288e13e2b0 (and later by http://pkgs.fedoraproject.org/cgit/redhat-lsb.git/commit/redhat-lsb.spec?id=d9bd2fe6cecf04f73c3424777edc839c069e9bb3 ) - and it is still not perfect. To me, it looks like the whole touching of nsswitch.conf and backups should be dropped, but I need to check the reasons for it.
Comment 2 Ian Collier 2013-11-14 07:08:42 EST
redhat-lsb should never have been modified for bug 806190 because the bug turned out to be in the testcase (and partly because nss_myhostname is more strict than necessary about the length of the struct it's being asked to write into).

This "fix" is broken, because redhat-lsb upsets the hosts entry in nsswitch.conf every time glibc is updated (bug 867124).  It is stated in bug 915147 that LSB requires nssswitch.conf to resolve host services in the order "files dns", but I have searched the LSB specs and can find no such reference.

This:

if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
    cat /etc/nsswitch.conf >/usr/share/lsb/nsswitch.conf.orig
    ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts:      files dns mdns4_minimal/
w
q
EOF

is broken because it's looking for a line that contains *only* files and dns, but it's adding a line that contains mdns4_minimal.  Next time this trigger runs, it will nuke the backup it just made.

In addition, the install script of systemd edits nsswitch.conf to add myhostname to this line and it would be nice not to have two packages fighting for control of the name resolution service.

The situation would be mitigated somewhat if the script looked for a line *beginning with* files and dns, and allowed the sysadmin to add other items to the end.  But really it seems that redhat-lsb shouldn't mess with nsswitch.conf at all.
Comment 3 Ondrej Vasik 2013-11-15 12:00:10 EST
Same here, I haven't found any evidence that this handling is required. I'll drop it in next update - as it is broken anyway.
Comment 4 Ondrej Vasik 2013-11-25 12:23:14 EST
*** Bug 915147 has been marked as a duplicate of this bug. ***
Comment 5 Ondrej Vasik 2013-11-25 12:28:38 EST
Removed in Rawhide - https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20131125/1149573.html , however, I'm not really sure I want to do an update for it - as the "nasty plays" are even in the %preun of the old package - so update will trigger other breakage (and I can't avoid that). Let's keep it as it is... closing RAWHIDE ( Ok, I can do the %posttrans "repair", but as the potential update brings no gain for fixed systems and doesn't fix the broken ones, let's keep it as it is and don't touch the nsswitch.conf again :) )
Comment 6 Edgar Hoch 2013-11-25 12:40:40 EST
Thanks for the fix in the code!

I agree that doing an update just for solving this problem does not help anything and will set wrong values in nsswitch.conf again.

But please could you have an eye on packages that will be updated for other reasons and that trigger the problematic code again? If a package will go to repo updates that triggers this code then I think that package redhat-lsb should be updated at the same time to fix the code for a potential later update.

I think that the fix should also go to Fedora 20 before releaseing it.
Comment 7 Fedora Update System 2013-11-25 13:08:57 EST
redhat-lsb-4.1-21.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/redhat-lsb-4.1-21.fc20
Comment 8 Ondrej Vasik 2013-11-25 13:16:23 EST
We'll see if it can get in anyway - as tomorrow is change deadline (and if this is not on final isos, it may only make things more broken)
Comment 9 Fedora Update System 2013-11-26 12:58:35 EST
Package redhat-lsb-4.1-21.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing redhat-lsb-4.1-21.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-22150/redhat-lsb-4.1-21.fc20
then log in and leave karma (feedback).
Comment 10 Fedora Update System 2014-01-03 03:37:35 EST
redhat-lsb-4.1-21.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.