[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: correct definition of localhost?

Steve Langasek a écrit :
> Hi folks,
> I've run across an ipv4/ipv6 configuration issue which I think needs to have
> light cast on it so we can try to resolve this in time for lenny (whatever
> the right resolution actually is), in order to avoid a pile-up of
> /etc/hosts-related kludges as has been known to happen before...
> In response to bug #427067, the netbase maintainer made a change that adds
> localhost as an alias for ::1 on new installs.  In April of this year, the
> Debian Installer team followed suit, adding this line in the netcfg udeb.
> The result of these changes is that since July 2007, any new lenny or sid
> chroots have had two addresses listed for localhost, and since April of this
> year, any new installs of lenny done using d-i have had it as well.
> Now, the problem I ran into is that when I enabled the test suite in the
> openldap2.3 package, the build failed mysteriously on a seemingly random set
> of architectures.  The reason?  The test suite configures slapd to run on a
> particular port on localhost, and the glibc "files" NSS backend
> special-cases the ::1 IPv6 loopback address, so that when you request an
> IPv4 address, it will map any ::1 entries to for you.  But of
> course we already have an entry for localhost as, so now we end up
> with duplicate addresses returned, and slapd tries to bind twice to the same
> address and port!
> A test program showing this behavior is attached - compile and run it on a
> system with '::1 localhost' set in /etc/hosts, and you'll see
> returned twice.  An alternate test case, which also works on systems with
> older /etc/hosts and which I think shows the counterintuitiveness of the
> nss_files special-casing, is to run "getent ahostsv4 ip6-localhost".
> I don't think it's the responsibility of callers such as slapd to check that
> getaddrinfo() hasn't returned duplicate entries, so I see a couple of
> solutions here:
> - the ::1 address should *not* be special-cased by nss_files.  I really
>   can't perceive any reason why it should be special-cased in the first
>   place; i.e., why should the files backend behave differently than the DNS
>   backend, and why would we want names that were specifically assigned to
>   ::1, including names like "ip6-loopback", to be automatically mapped to
> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
>   at ::1, and let nss_files handle the mapping to automatically.
> Are there other solutions that should be considered?  Is one of these more
> acceptable than the other?  To me it seems obvious that the best choice is
> to not treat the files backend specially in the first place, but I don't
> know the rationale behind this special-casing either.

There is a bug upstream, but marked as invalid:


According to the upstream developer, there is a rationale for that, but
he never explained it, despite having been asked numerous times.

Somebody has published a patch, if it works as expected, it may be worth
to include it in Debian.


  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply to: