Package: libnss-resolve Version: 232-6 Severity: serious Justification: Breaks another package
Hi!
A freshly installed Debian Stretch system will have a
/etc/nsswitch.conf like this (see libc-bin's postinst and/or
/usr/share/libc-bin/nsswitch.conf):
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Installing libnss-resolve makes these changes:
--- nsswitch.conf 2016-12-04 15:16:42.701978711 +0100
+++ /etc/nsswitch.conf 2016-12-04 15:16:51.965961200
+0100
@@ -9,7 +9,7 @@
shadow: compat
gshadow: files
-hosts: files dns
+hosts: files resolve [!UNAVAIL=return] dns
networks: files
protocols: db files
If the user then installs for example the "gnome" meta package,
libnss-mdns and libnss-myhostname will be installed as well because of
these dependencies/recommendations:
gnome -> avahi-daemon -> libnss-mdns
gnome -> gnome-core -> gnome-control-center -> libnss-myhostname
This results in the following hosts line:
hosts: files resolve [!UNAVAIL=return] mdns4_minimal
[NOTFOUND=return] dns myhostname
However, because of the "[!UNAVAIL=return]" introduced with [0],
nothing after "resolve" will actually be tried. This is mostly
harmless, since "resolve" provides a superset of "dns" and
"myhostname", but it breaks mDNS as resolved currently does not resolve
mDNS names like "foo.local".
Please note, that
a) This bug depends on the order of package installations. Installing
libnss-resolve *AFTER* everything else will avoid the problem.
b) I think the rationale for the change made in [0] is sound, so
simply reverting the change is not a solution.
IMHO the best solution would be to
a) Activate the mDNS support in resolved [1] if possible.
b) Talk to the GNOME/Avahi maintainers and make them recommend libnss-
resolve instead of the others
c) Eventually remove libnss-mdns and libnss-myhostname from Debian
as both aren't really maintained anymore and have been superseded
by libnss-resolve.
Best regard
Alexander Kurtz
[0]
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5e0095416366eb86590d6e31242097ded5201b3a
[1] https://github.com/systemd/systemd/blob/master/src/resolve/resolved-mdns.c
signature.asc
Description: This is a digitally signed message part
