Red Hat Bugzilla – Bug 986728
postinstall and triggerpostun scriptlets destroy "hosts:" line in /etc/nsswitch.conf
Last modified: 2014-01-03 03:37:35 EST
Description of problem:
Package redhat-lsb replaces the "hosts:" line in /etc/nsswitch.conf by a fixed string.
This breaks previosly configured nameservices like nis or ldap for resolving hosts.
I think package redhat-lsb should not change /etc/nsswitch.conf at all.
It tries to add the service mdns4_minimal to the hosts line in /etc/nsswitch.conf but this is already done by the scriptlets in package nss-mdns.
I think package nss-mdns should be the _only_ package that add an entry for
mdns4_minimal to /etc/nsswitch.conf because only this package provides the files neccessary for this service.
And the scriptlets in package nss-mdns do the thing right: They just add the entry and don't replace the line by a fixed string.
I suggest to
- remove the complete postinstall scriptlet (because it only deals with /etc/nsswitch.conf)
- remove the complete preuninstall scriptlet (because it only deals with /etc/nsswitch.conf)
- remove the last part of triggerpostun which
deals with /etc/nsswitch.conf
from the package redhat-lsb to solve the problem.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Package redhat-lsb must not be installed.
2. Change file /etc/nsswitch.conf to contain a line like this:
hosts: files nis dns
3. Install package redhat-lsb.
/etc/nsswitch.conf contains the line
hosts: files dns mdns4_minimal
/etc/nsswitch.conf should be unchanged.
To see the scriptlets use the following commands:
rpm -q --scripts redhat-lsb
rpm -q --triggers redhat-lsb
rpm -q --scripts nss-mdns
Thanks for report, this change was requested by #915147. This initial breakage was introduced fix for # - see #806190 - http://pkgs.fedoraproject.org/cgit/redhat-lsb.git/commit/redhat-lsb.spec?id=b974bc468115f5e21755b61bb247d5288e13e2b0 (and later by http://pkgs.fedoraproject.org/cgit/redhat-lsb.git/commit/redhat-lsb.spec?id=d9bd2fe6cecf04f73c3424777edc839c069e9bb3 ) - and it is still not perfect. To me, it looks like the whole touching of nsswitch.conf and backups should be dropped, but I need to check the reasons for it.
redhat-lsb should never have been modified for bug 806190 because the bug turned out to be in the testcase (and partly because nss_myhostname is more strict than necessary about the length of the struct it's being asked to write into).
This "fix" is broken, because redhat-lsb upsets the hosts entry in nsswitch.conf every time glibc is updated (bug 867124). It is stated in bug 915147 that LSB requires nssswitch.conf to resolve host services in the order "files dns", but I have searched the LSB specs and can find no such reference.
if ! grep -s -q '^hosts: \+files \+dns *$' /etc/nsswitch.conf;then
cat /etc/nsswitch.conf >/usr/share/lsb/nsswitch.conf.orig
ed -s /etc/nsswitch.conf <<EOF
/^hosts: \+files \+/s/.*/hosts: files dns mdns4_minimal/
is broken because it's looking for a line that contains *only* files and dns, but it's adding a line that contains mdns4_minimal. Next time this trigger runs, it will nuke the backup it just made.
In addition, the install script of systemd edits nsswitch.conf to add myhostname to this line and it would be nice not to have two packages fighting for control of the name resolution service.
The situation would be mitigated somewhat if the script looked for a line *beginning with* files and dns, and allowed the sysadmin to add other items to the end. But really it seems that redhat-lsb shouldn't mess with nsswitch.conf at all.
Same here, I haven't found any evidence that this handling is required. I'll drop it in next update - as it is broken anyway.
*** Bug 915147 has been marked as a duplicate of this bug. ***
Removed in Rawhide - https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20131125/1149573.html , however, I'm not really sure I want to do an update for it - as the "nasty plays" are even in the %preun of the old package - so update will trigger other breakage (and I can't avoid that). Let's keep it as it is... closing RAWHIDE ( Ok, I can do the %posttrans "repair", but as the potential update brings no gain for fixed systems and doesn't fix the broken ones, let's keep it as it is and don't touch the nsswitch.conf again :) )
Thanks for the fix in the code!
I agree that doing an update just for solving this problem does not help anything and will set wrong values in nsswitch.conf again.
But please could you have an eye on packages that will be updated for other reasons and that trigger the problematic code again? If a package will go to repo updates that triggers this code then I think that package redhat-lsb should be updated at the same time to fix the code for a potential later update.
I think that the fix should also go to Fedora 20 before releaseing it.
redhat-lsb-4.1-21.fc20 has been submitted as an update for Fedora 20.
We'll see if it can get in anyway - as tomorrow is change deadline (and if this is not on final isos, it may only make things more broken)
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing redhat-lsb-4.1-21.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
redhat-lsb-4.1-21.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.