[FFe] [MIR] libnss-myhostname

Bug #1162478 reported by Jeremy Bícha
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
libnss-myhostname (Ubuntu)
Invalid
Undecided
Dimitri John Ledkov

Bug Description

1. Availability: The latest version is available in Ubuntu 10.10 and newer
2. Rationale: Needed for proper hostnamed integration (and is recommended by the hostnamed developers), see bug 1162475 for more information. I think systemd-services should depend or recommend on libnss-myhostname for Raring.
3. Security: No known security vulnerability history
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libnss-myhostname
https://secunia.com/advisories/search/?search=libnss-myhostname
4. QA:
No outstanding Debian or Ubuntu bugs
http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libnss-myhostname
https://bugs.launchpad.net/ubuntu/+source/libnss-myhostname
5. UI standards: N/A
6. Dependencies: All in main
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/raring/libnss-myhostname/raring/view/head:/debian/control
7. Standards Compliance: 3.9.2
8. Maintenance: In sync with Debian, a LowNMU package
http://packages.qa.debian.org/libnss-myhostname
http://0pointer.de/lennart/projects/nss-myhostname/

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: libnss-myhostname (not installed)
ProcVersionSignature: Ubuntu 3.8.0-15.25-generic 3.8.4
Uname: Linux 3.8.0-15-generic x86_64
ApportVersion: 2.9.2-0ubuntu5
Architecture: amd64
Date: Sun Mar 31 09:09:11 2013
MarkForUpload: True
SourcePackage: libnss-myhostname
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Jeremy Bícha (jbicha) wrote :
description: updated
Jeremy Bícha (jbicha)
summary: - [mir] libnss-myhostname
+ [FFe] [MIR] libnss-myhostname
Revision history for this message
Michael Terry (mterry) wrote :

From a packaging, maintainability POV, this is fine. The package doesn't follow Debian policy for library package names. It should be libnss-hostname2. But I suppose that since this is not a library that other programs should link against, and since the first time it bumps SONAMEs, it could also bump the package name then, this isn't a huge problem.

It would be nice to see a bug subscriber.

I'll punt to the security team for a quick security check.

Changed in libnss-myhostname (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Changed in libnss-myhostname (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Seth Arnold (seth-arnold)
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I reviewed libnss-myhostname version 0.3-4 from the Raring archives.

This shouldn't be considered a full security audit, rather an indicator of
maintainability.

- libnss-myhostname adds a new nss module that can be added to nsswitch to
  always provide local hostname<->IP lookups regardless the contents of
  /etc/hosts
- No encryption
- No off-machine networking; will change results of nss-based lookups
- Relies upon netlink to retrieve address information for interfaces
- Does not run as a daemon; it is linked into every process that performs
  nss lookups
- No PIE (library, fine), no Fortify (no functions used, fine), no
  immediate biding (as dynamicly loaded library with few deps, fine)
- Stack protection, read-only relocations
- No initscripts, no dbus services, no setuid, no sudo fragments
- No spawned processes
- Careful memory management
- Careful data handling
- Warnings in build from autotools
- Warnings in build from failed inlining

It'd be nice to have the warnings fixed at some point, but this does not
block main inclusion.

ACK

Changed in libnss-myhostname (Ubuntu):
assignee: Seth Arnold (seth-arnold) → MIR approval team (ubuntu-mir)
Michael Terry (mterry)
Changed in libnss-myhostname (Ubuntu):
status: New → Fix Committed
assignee: MIR approval team (ubuntu-mir) → nobody
Revision history for this message
Matthias Klose (doko) wrote :

Override component to main
libnss-myhostname 0.3-4 in raring: universe/admin -> main
libnss-myhostname 0.3-4 in raring amd64: universe/admin/extra -> main
libnss-myhostname 0.3-4 in raring armhf: universe/admin/extra -> main
libnss-myhostname 0.3-4 in raring i386: universe/admin/extra -> main
libnss-myhostname 0.3-4 in raring powerpc: universe/admin/extra -> main
5 publications overridden.

please seed it or add the dependency/recommendation.

Changed in libnss-myhostname (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Stéphane Graber (stgraber) wrote :

Moving status back to New, upload happened before release team approval.

Adding a default NSS module post feature freeze seems rather dangerous to me, especially one that potentially messes with the IP on which services will listen.

I'm not necessarily opposed to libnss-myhostname per say, but I'm opposed to it getting added by default at this point of the cycle.

This is a release team NACK, please revert your change and close the bug in the process.

Thanks

Changed in libnss-myhostname (Ubuntu):
status: Fix Released → Triaged
status: Triaged → New
Revision history for this message
Steve Langasek (vorlon) wrote :

> The package doesn't follow Debian policy for library package names. It should be libnss-hostname2.

No, it's an NSS module not a shared library - the soname shouldn't be part of the package name.

But as far as an FFe is concerned, I don't agree that libnss-myhostname is a technically sound approach, *period*; it works at cross-purposes to the existing Debian handling of the hostname being resolved to 127.0.1.1 via /etc/hosts. There should be a plan for aligning these, across *all* systems, not just desktop systems.

For my money, I believe the right answer is to ensure tools which update the system hostname also update /etc/hosts (via some common tool), and *not* add to the NSS overhead with this module.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Is the Release Team ok with me having ubuntu-gnome-desktop depend on libnss-myhostname in order for hostnamectl to work?

Revision history for this message
Steve Langasek (vorlon) wrote : Re: [Bug 1162478] Re: [FFe] [MIR] libnss-myhostname

On Thu, Apr 11, 2013 at 06:46:22PM -0000, Jeremy Bicha wrote:
> Is the Release Team ok with me having ubuntu-gnome-desktop depend on
> libnss-myhostname in order for hostnamectl to work?

I reckon that as a flavor lead, it's your call which of the two imperfect
options you want (unusable hostnamectl tool vs. inconsistency across
flavors). In any case, I hope that in S you'll help us work toward a
solution that provides consistency across all Ubuntu installs.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Thanks, I don't really see how I can help for S though: I'm not a systemd developer nor do I have anywhere near the programming skills to code anything better.

I was just hoping that users would finally be able to benefit from a feature introduced in GNOME 3.2 and shipped by the other GNOME distros. I'd be happy to re-land this when S opens so that there's plenty of time to identify any actual issues but I guess we need the Foundations Team to approve that?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnss-myhostname (Ubuntu):
status: New → Confirmed
Changed in libnss-myhostname (Ubuntu):
status: Confirmed → New
Revision history for this message
Iain Lane (laney) wrote :

Unsubscribing release team; I don't think there's anything for us to do here at this point.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnss-myhostname (Ubuntu):
status: New → Confirmed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

There is a conflict, libnss-myhostname has been moved into systemd source tree and this package should now be provided by src:systemd instead of separate source package.

Changed in libnss-myhostname (Ubuntu):
status: Confirmed → Invalid
assignee: nobody → Dimitri John Ledkov (xnox)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

And systemd is in main already I believe, thus no MIR required.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.