[FFe] [MIR] libnss-myhostname

Bug #1162478 reported by Jeremy Bicha on 2013-03-31
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
libnss-myhostname (Ubuntu)
Undecided
Dimitri John Ledkov

Bug Description

1. Availability: The latest version is available in Ubuntu 10.10 and newer
2. Rationale: Needed for proper hostnamed integration (and is recommended by the hostnamed developers), see bug 1162475 for more information. I think systemd-services should depend or recommend on libnss-myhostname for Raring.
3. Security: No known security vulnerability history
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libnss-myhostname
https://secunia.com/advisories/search/?search=libnss-myhostname
4. QA:
No outstanding Debian or Ubuntu bugs
http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libnss-myhostname
https://bugs.launchpad.net/ubuntu/+source/libnss-myhostname
5. UI standards: N/A
6. Dependencies: All in main
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/raring/libnss-myhostname/raring/view/head:/debian/control
7. Standards Compliance: 3.9.2
8. Maintenance: In sync with Debian, a LowNMU package
http://packages.qa.debian.org/libnss-myhostname
http://0pointer.de/lennart/projects/nss-myhostname/

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: libnss-myhostname (not installed)
ProcVersionSignature: Ubuntu 3.8.0-15.25-generic 3.8.4
Uname: Linux 3.8.0-15-generic x86_64
ApportVersion: 2.9.2-0ubuntu5
Architecture: amd64
Date: Sun Mar 31 09:09:11 2013
MarkForUpload: True
SourcePackage: libnss-myhostname
UpgradeStatus: No upgrade log present (probably fresh install)

Jeremy Bicha (jbicha) wrote :
description: updated
Jeremy Bicha (jbicha) on 2013-03-31
summary: - [mir] libnss-myhostname
+ [FFe] [MIR] libnss-myhostname
Michael Terry (mterry) wrote :

From a packaging, maintainability POV, this is fine. The package doesn't follow Debian policy for library package names. It should be libnss-hostname2. But I suppose that since this is not a library that other programs should link against, and since the first time it bumps SONAMEs, it could also bump the package name then, this isn't a huge problem.

It would be nice to see a bug subscriber.

I'll punt to the security team for a quick security check.

Changed in libnss-myhostname (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Changed in libnss-myhostname (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Seth Arnold (seth-arnold)
Seth Arnold (seth-arnold) wrote :

I reviewed libnss-myhostname version 0.3-4 from the Raring archives.

This shouldn't be considered a full security audit, rather an indicator of
maintainability.

- libnss-myhostname adds a new nss module that can be added to nsswitch to
  always provide local hostname<->IP lookups regardless the contents of
  /etc/hosts
- No encryption
- No off-machine networking; will change results of nss-based lookups
- Relies upon netlink to retrieve address information for interfaces
- Does not run as a daemon; it is linked into every process that performs
  nss lookups
- No PIE (library, fine), no Fortify (no functions used, fine), no
  immediate biding (as dynamicly loaded library with few deps, fine)
- Stack protection, read-only relocations
- No initscripts, no dbus services, no setuid, no sudo fragments
- No spawned processes
- Careful memory management
- Careful data handling
- Warnings in build from autotools
- Warnings in build from failed inlining

It'd be nice to have the warnings fixed at some point, but this does not
block main inclusion.

ACK

Changed in libnss-myhostname (Ubuntu):
assignee: Seth Arnold (seth-arnold) → MIR approval team (ubuntu-mir)
Michael Terry (mterry) on 2013-04-10
Changed in libnss-myhostname (Ubuntu):
status: New → Fix Committed
assignee: MIR approval team (ubuntu-mir) → nobody
Matthias Klose (doko) wrote :

Override component to main
libnss-myhostname 0.3-4 in raring: universe/admin -> main
libnss-myhostname 0.3-4 in raring amd64: universe/admin/extra -> main
libnss-myhostname 0.3-4 in raring armhf: universe/admin/extra -> main
libnss-myhostname 0.3-4 in raring i386: universe/admin/extra -> main
libnss-myhostname 0.3-4 in raring powerpc: universe/admin/extra -> main
5 publications overridden.

please seed it or add the dependency/recommendation.

Changed in libnss-myhostname (Ubuntu):
status: Fix Committed → Fix Released
Stéphane Graber (stgraber) wrote :

Moving status back to New, upload happened before release team approval.

Adding a default NSS module post feature freeze seems rather dangerous to me, especially one that potentially messes with the IP on which services will listen.

I'm not necessarily opposed to libnss-myhostname per say, but I'm opposed to it getting added by default at this point of the cycle.

This is a release team NACK, please revert your change and close the bug in the process.

Thanks

Changed in libnss-myhostname (Ubuntu):
status: Fix Released → Triaged
status: Triaged → New
Steve Langasek (vorlon) wrote :

> The package doesn't follow Debian policy for library package names. It should be libnss-hostname2.

No, it's an NSS module not a shared library - the soname shouldn't be part of the package name.

But as far as an FFe is concerned, I don't agree that libnss-myhostname is a technically sound approach, *period*; it works at cross-purposes to the existing Debian handling of the hostname being resolved to 127.0.1.1 via /etc/hosts. There should be a plan for aligning these, across *all* systems, not just desktop systems.

For my money, I believe the right answer is to ensure tools which update the system hostname also update /etc/hosts (via some common tool), and *not* add to the NSS overhead with this module.

Jeremy Bicha (jbicha) wrote :

Is the Release Team ok with me having ubuntu-gnome-desktop depend on libnss-myhostname in order for hostnamectl to work?

On Thu, Apr 11, 2013 at 06:46:22PM -0000, Jeremy Bicha wrote:
> Is the Release Team ok with me having ubuntu-gnome-desktop depend on
> libnss-myhostname in order for hostnamectl to work?

I reckon that as a flavor lead, it's your call which of the two imperfect
options you want (unusable hostnamectl tool vs. inconsistency across
flavors). In any case, I hope that in S you'll help us work toward a
solution that provides consistency across all Ubuntu installs.

Jeremy Bicha (jbicha) wrote :

Thanks, I don't really see how I can help for S though: I'm not a systemd developer nor do I have anywhere near the programming skills to code anything better.

I was just hoping that users would finally be able to benefit from a feature introduced in GNOME 3.2 and shipped by the other GNOME distros. I'd be happy to re-land this when S opens so that there's plenty of time to identify any actual issues but I guess we need the Foundations Team to approve that?

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnss-myhostname (Ubuntu):
status: New → Confirmed
Changed in libnss-myhostname (Ubuntu):
status: Confirmed → New
Iain Lane (laney) wrote :

Unsubscribing release team; I don't think there's anything for us to do here at this point.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnss-myhostname (Ubuntu):
status: New → Confirmed
Dimitri John Ledkov (xnox) wrote :

There is a conflict, libnss-myhostname has been moved into systemd source tree and this package should now be provided by src:systemd instead of separate source package.

Changed in libnss-myhostname (Ubuntu):
status: Confirmed → Invalid
assignee: nobody → Dimitri John Ledkov (xnox)
Dimitri John Ledkov (xnox) wrote :

And systemd is in main already I believe, thus no MIR required.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments