Update sed-foo to enable nss-systemd and add UNAVAIL fallback for resolve
Only fall back to "dns" if nss-resolve is not installed (for the architecture of the calling program). Once it is, we never want to fall back to "dns" as that breaks enforcing DNSSEC verification and also pointlessly retries NXDOMAIN failures. C.f. https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5e00954
This commit is contained in:
parent
12da227455
commit
da15385b06
31
systemd.spec
31
systemd.spec
@ -445,24 +445,36 @@ fi
|
|||||||
%post libs
|
%post libs
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
|
|
||||||
# sed-fu to add myhostanme to hosts line and remove mymachines
|
|
||||||
# from passwd and group lines of /etc/nsswitch.conf
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1284325
|
|
||||||
# https://meetbot.fedoraproject.org/fedora-meeting/2015-11-25/fesco.2015-11-25-18.00.html
|
|
||||||
# To avoid the removal, e.g. add a space at the end of the line.
|
|
||||||
if [ -f /etc/nsswitch.conf ] ; then
|
if [ -f /etc/nsswitch.conf ] ; then
|
||||||
|
# sed-fu to add myhostanme to hosts line
|
||||||
grep -v -E -q '^hosts:.* myhostname' /etc/nsswitch.conf &&
|
grep -v -E -q '^hosts:.* myhostname' /etc/nsswitch.conf &&
|
||||||
sed -i.bak -e '
|
sed -i.bak -e '
|
||||||
/^hosts:/ !b
|
/^hosts:/ !b
|
||||||
/\<myhostname\>/ b
|
/\<myhostname\>/ b
|
||||||
s/[[:blank:]]*$/ myhostname/
|
s/[[:blank:]]*$/ myhostname/
|
||||||
' /etc/nsswitch.conf >/dev/null 2>&1 || :
|
' /etc/nsswitch.conf &>/dev/null
|
||||||
|
|
||||||
|
# remove mymachines from passwd and group lines of /etc/nsswitch.conf
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1284325
|
||||||
|
# https://meetbot.fedoraproject.org/fedora-meeting/2015-11-25/fesco.2015-11-25-18.00.html
|
||||||
|
# To avoid the removal, e.g. add a space at the end of the line.
|
||||||
grep -E -q '^(passwd|group):.* mymachines$' /etc/nsswitch.conf &&
|
grep -E -q '^(passwd|group):.* mymachines$' /etc/nsswitch.conf &&
|
||||||
sed -i.bak -r -e '
|
sed -i.bak -r -e '
|
||||||
s/^(passwd:.*) mymachines$/\1/;
|
s/^(passwd:.*) mymachines$/\1/;
|
||||||
s/^(group:.*) mymachines$/\1/;
|
s/^(group:.*) mymachines$/\1/;
|
||||||
' /etc/nsswitch.conf >/dev/null 2>&1 || :
|
' /etc/nsswitch.conf &>/dev/null
|
||||||
|
|
||||||
|
# Add [!UNAVAIL=return] after resolve
|
||||||
|
grep -E -q '^hosts:.*resolve[[:space:]]*($|[[:alpha:]])' /etc/nsswitch.conf &&
|
||||||
|
sed -i.bak -e '
|
||||||
|
/^hosts:/ { s/resolve/& [!UNAVAIL=return]/}
|
||||||
|
' /etc/nsswitch.conf &>/dev/null
|
||||||
|
|
||||||
|
# Add nss-systemd to passwd and group
|
||||||
|
grep -E -q '^(passwd|group):.* systemd' /etc/nsswitch.conf ||
|
||||||
|
sed -i.bak -r -e '
|
||||||
|
s/^(passwd|group):(.*)/\1: \2 systemd/
|
||||||
|
' /etc/nsswitch.conf &>/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
@ -776,6 +788,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
|||||||
%files libs
|
%files libs
|
||||||
%{_libdir}/libnss_myhostname.so.2
|
%{_libdir}/libnss_myhostname.so.2
|
||||||
%{_libdir}/libnss_resolve.so.2
|
%{_libdir}/libnss_resolve.so.2
|
||||||
|
%{_libdir}/libnss_systemd.so.2
|
||||||
%{_libdir}/libudev.so.*
|
%{_libdir}/libudev.so.*
|
||||||
%{_libdir}/libsystemd.so.*
|
%{_libdir}/libsystemd.so.*
|
||||||
%license LICENSE.LGPL2.1
|
%license LICENSE.LGPL2.1
|
||||||
@ -937,10 +950,12 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
|||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-1
|
* Thu Nov 3 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 232-1
|
||||||
- Update to latest version
|
- Update to latest version (#998615, #1181922)
|
||||||
- Add %%{_isa} to Provides on arch-full packages (#1387912)
|
- Add %%{_isa} to Provides on arch-full packages (#1387912)
|
||||||
- Create systemd-coredump user in %%pre (#1348891)
|
- Create systemd-coredump user in %%pre (#1348891)
|
||||||
- Replace grubby patch with a short-circuiting install.d "plugin"
|
- Replace grubby patch with a short-circuiting install.d "plugin"
|
||||||
|
- Enable nss-systemd in the passwd, group lines in nsswith.conf
|
||||||
|
- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf
|
||||||
|
|
||||||
* Tue Oct 18 2016 Jan Synáček <jsynacek@redhat.com> - 231-11
|
* Tue Oct 18 2016 Jan Synáček <jsynacek@redhat.com> - 231-11
|
||||||
- SPC - Cannot restart host operating from container (#1384523)
|
- SPC - Cannot restart host operating from container (#1384523)
|
||||||
|
Loading…
Reference in New Issue
Block a user