Re: correct definition of localhost?
Steve Langasek a écrit :
> Hi folks,
> I've run across an ipv4/ipv6 configuration issue which I think needs to have
> light cast on it so we can try to resolve this in time for lenny (whatever
> the right resolution actually is), in order to avoid a pile-up of
> /etc/hosts-related kludges as has been known to happen before...
> In response to bug #427067, the netbase maintainer made a change that adds
> localhost as an alias for ::1 on new installs. In April of this year, the
> Debian Installer team followed suit, adding this line in the netcfg udeb.
> The result of these changes is that since July 2007, any new lenny or sid
> chroots have had two addresses listed for localhost, and since April of this
> year, any new installs of lenny done using d-i have had it as well.
> Now, the problem I ran into is that when I enabled the test suite in the
> openldap2.3 package, the build failed mysteriously on a seemingly random set
> of architectures. The reason? The test suite configures slapd to run on a
> particular port on localhost, and the glibc "files" NSS backend
> special-cases the ::1 IPv6 loopback address, so that when you request an
> IPv4 address, it will map any ::1 entries to 127.0.0.1 for you. But of
> course we already have an entry for localhost as 127.0.0.1, so now we end up
> with duplicate addresses returned, and slapd tries to bind twice to the same
> address and port!
> A test program showing this behavior is attached - compile and run it on a
> system with '::1 localhost' set in /etc/hosts, and you'll see 127.0.0.1
> returned twice. An alternate test case, which also works on systems with
> older /etc/hosts and which I think shows the counterintuitiveness of the
> nss_files special-casing, is to run "getent ahostsv4 ip6-localhost".
> I don't think it's the responsibility of callers such as slapd to check that
> getaddrinfo() hasn't returned duplicate entries, so I see a couple of
> solutions here:
> - the ::1 address should *not* be special-cased by nss_files. I really
> can't perceive any reason why it should be special-cased in the first
> place; i.e., why should the files backend behave differently than the DNS
> backend, and why would we want names that were specifically assigned to
> ::1, including names like "ip6-loopback", to be automatically mapped to
> - we should only set up a single 'localhost' entry in /etc/hosts, pointing
> at ::1, and let nss_files handle the mapping to 127.0.0.1 automatically.
> Are there other solutions that should be considered? Is one of these more
> acceptable than the other? To me it seems obvious that the best choice is
> to not treat the files backend specially in the first place, but I don't
> know the rationale behind this special-casing either.
There is a bug upstream, but marked as invalid:
According to the upstream developer, there is a rationale for that, but
he never explained it, despite having been asked numerous times.
Somebody has published a patch, if it works as expected, it may be worth
to include it in Debian.
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' email@example.com | firstname.lastname@example.org
`- people.debian.org/~aurel32 | www.aurel32.net