Steve Langasek a écrit : > Hi folks, > > I've run across an ipv4/ipv6 configuration issue which I think needs to have > light cast on it so we can try to resolve this in time for lenny (whatever > the right resolution actually is), in order to avoid a pile-up of > /etc/hosts-related kludges as has been known to happen before... > > In response to bug #427067, the netbase maintainer made a change that adds > localhost as an alias for ::1 on new installs. In April of this year, the > Debian Installer team followed suit, adding this line in the netcfg udeb. > > The result of these changes is that since July 2007, any new lenny or sid > chroots have had two addresses listed for localhost, and since April of this > year, any new installs of lenny done using d-i have had it as well. > > Now, the problem I ran into is that when I enabled the test suite in the > openldap2.3 package, the build failed mysteriously on a seemingly random set > of architectures. The reason? The test suite configures slapd to run on a > particular port on localhost, and the glibc "files" NSS backend > special-cases the ::1 IPv6 loopback address, so that when you request an > IPv4 address, it will map any ::1 entries to 127.0.0.1 for you. But of > course we already have an entry for localhost as 127.0.0.1, so now we end up > with duplicate addresses returned, and slapd tries to bind twice to the same > address and port! > > A test program showing this behavior is attached - compile and run it on a > system with '::1 localhost' set in /etc/hosts, and you'll see 127.0.0.1 > returned twice. An alternate test case, which also works on systems with > older /etc/hosts and which I think shows the counterintuitiveness of the > nss_files special-casing, is to run "getent ahostsv4 ip6-localhost". > > I don't think it's the responsibility of callers such as slapd to check that > getaddrinfo() hasn't returned duplicate entries, so I see a couple of > solutions here: > > - the ::1 address should *not* be special-cased by nss_files. I really > can't perceive any reason why it should be special-cased in the first > place; i.e., why should the files backend behave differently than the DNS > backend, and why would we want names that were specifically assigned to > ::1, including names like "ip6-loopback", to be automatically mapped to > 127.0.0.1? > > - we should only set up a single 'localhost' entry in /etc/hosts, pointing > at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically. > > Are there other solutions that should be considered? Is one of these more > acceptable than the other? To me it seems obvious that the best choice is > to not treat the files backend specially in the first place, but I don't > know the rationale behind this special-casing either.
There is a bug upstream, but marked as invalid: http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980 According to the upstream developer, there is a rationale for that, but he never explained it, despite having been asked numerous times. Somebody has published a patch, if it works as expected, it may be worth to include it in Debian. Cheers, Aurelien -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `- people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]