[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#859475: jessie-pu: package ndisc6/1.0.1-1+deb8u1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

the package rdnssd (from src:ndisc6) provides a daemon that listens to IPv6 RA
messages containing RDNSS (recursive DNS servers) information, and adds this
information to /etc/resolv.conf. It is automatically installed by d-i if this
information is found during installation.

If resolvconf is installed managing and merging of /etc/resolv.conf is handed
over to it. However, if it is not installed the version in Jessie simply
overwrites /etc/resolv.conf, which drops all search list information as well as
IPv4 nameservers. This often leads to severe breakage of the installed system.
This is tracked in Bug#767071

The proposed fix for Jessie will adjust the merge script to be the same as in
current upstream and Stretch.

The package builds a udeb, but the hook is only included in the "real" package.

Best Regards,
Bernhard

diffstat for ndisc6_1.0.1-1 ndisc6_1.0.1-1+deb8u1

 debian/changelog     |    7 +++++++
 rdnssd/merge-hook.in |   51 ++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 55 insertions(+), 3 deletions(-)

diff -u ndisc6-1.0.1/debian/changelog ndisc6-1.0.1/debian/changelog
--- ndisc6-1.0.1/debian/changelog
+++ ndisc6-1.0.1/debian/changelog
@@ -1,3 +1,10 @@
+ndisc6 (1.0.1-1+deb8u1) jessie; urgency=medium
+
+  * Use upstream default merge hook when resolvconf is not available
+    (Closes: #767071)
+
+ -- Bernhard Schmidt <berni@debian.org>  Tue, 04 Apr 2017 00:24:32 +0200
+
 ndisc6 (1.0.1-1) unstable; urgency=low
 
   * New upstream release:
diff -u ndisc6-1.0.1/rdnssd/merge-hook.in ndisc6-1.0.1/rdnssd/merge-hook.in
--- ndisc6-1.0.1/rdnssd/merge-hook.in
+++ ndisc6-1.0.1/rdnssd/merge-hook.in
@@ -20,9 +20,54 @@
-PATH=/sbin:/bin
 INPUT="/var/run/rdnssd/resolv.conf"
 
+# Debian modification, use resolvconf if available
 if [ -x /sbin/resolvconf ]; then
 	/sbin/resolvconf -a 000.rdnssd < "$INPUT"
-else
-	cat -- "$INPUT" > "/etc/resolv.conf"
+	exit 0
 fi
 
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+# Max number of nameserver options taken into account. Should be as
+# defined in <resolv.h>
+MAXNS=3
+
+# This script tries to share available nameserver slots with IPv4
+# entries, for example to allow fallback to IPv4 if IPv6 fails. If
+# there is not enough room for all IPv6 and IPv4 entries, this script
+# will limit the IPv6 entries it adds to $RDNSS_LIMIT only.
+RDNSS_LIMIT=$(($MAXNS - 1))
+
+sysconfdir='@SYSCONFDIR@'
+localstatedir='@LOCALSTATEDIR@'
+resolvconf="$sysconfdir/resolv.conf"
+myresolvconf="$localstatedir/run/rdnssd/resolv.conf"
+
+# These should be POSIX-compliant BREs
+RE_NSV4='^nameserver  *\([0-9]\{1,3\}\.\)\{3,3\}[0-9]\{1,3\} *$'
+RE_NSV4OR6='^nameserver  *[a-fA-F0-9:\.]\{1,46\}\(%[a-zA-Z0-9]\{1,\}\)\{,1\} *$'
+
+# Count how many IPv6 nameservers we can fit
+
+limit=$RDNSS_LIMIT
+
+nnsv4=`grep -c "$RE_NSV4" $resolvconf || [ $? -le 1 ]`
+room=$(($MAXNS - $nnsv4))
+
+if [ $limit -lt $room ]; then
+	limit=$room
+fi
+
+# Merge and write the result. Let rdnssd assume ownership of all IPv6
+# nameservers, and remove extraneous IPv6 entries as expired. However
+# DHCPv4 most often sets up search list entries, and rdnssd cannot
+# clobber these lest it causes counterintuitive breakage. There is no
+# easy way to properly merge and manage DNSSL entries here, so just drop
+# them.
+{
+	sed -e "/$RE_NSV4OR6/d" < $resolvconf
+	grep -m $limit "$RE_NSV4OR6" < $myresolvconf || [ $? -le 1 ]
+	sed -ne "/$RE_NSV4/p" < $resolvconf
+} > $resolvconf.tmp
+
+mv -f $resolvconf.tmp $resolvconf
+
Reply to: