1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL

  • etc/resolvconf/update-libc.d/ equivalent for systemd-resolved

    From Scott Kitterman@21:1/5 to All on Wed Dec 29 23:00:01 2021
    The postfix package ships a script in /etc/resolvconf/update-libc.d/ to restart postfix when resolv.conf is updated. As far as I know, that still works if the resolvconf package is installed, but if not (i.e. Debian default), what's the equivalent? Does systemd-resolved have an equivalent? Should users that want this functionality install resolvconf?

    Thanks,

    Scott K


    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmHM1JoACgkQeNfe+5rV mvEKMw//f3nRIeDzjfMSr10sknsFH/G6OxiHQ04/EKFo5OT5v0u9StO8in7BkYqd ZwGS33YLIDVvMT7RHyNbxAXCYbtnmlWEZmH9/nGzgGniHgbNKmGlS8DzRnYHeMKH fewQtMkS7TETtsThAy57xqh5uQaqxGeEC6/AyMNO2wzEh6BvtHprEMDu46vcNwcm ipAQI0KygeMJcNRgCUTX3T0zx5qSWD4cgE67iYFlHg9x4TP8qHyisApj6qlfhJwh 8nlxSYyQCdg3cpsR7uHMP/0PXTq6fxWHKYunVDQ4Lx49wMuXYPvpyYnpqmCQ5BkU OsBvSn8ul5FN7GYAjQuDPnt3oy8RfawhOvoDx9fEaJXep0yHlXqwFHUFM+w+/3bP FwA/2H4JbF55XS1CAjqqL1MURwBlx0UOpQ7CwfCPb6OQOMe8uAO0t+DLNuF9eutq xjwHtPOUnQSgLr/NhiuFGcqEVUtlDh2YosGRSZZV91zCEUof2j+qMuHrmXBfjU/U ctaioKppG9/TQacFGcOSxSycMWQ7vQK3Qd/e0vxda9pl2FD71q2BYaG710ll8N3S Pk9Cp1ju6NImsEbcslkRXLiecVXue2UjVhwHyYWtE4cgGI/GVbmkDZYI1OhVNb5Z ep4PnI6MnLyMdhMKufNRvNT/EGTkEARASqFLVuNnLnYHWwIqCFs=
    =Lm+m
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Kitterman@21:1/5 to Adam Borowski on Thu Dec 30 03:10:01 2021
    On December 30, 2021 1:19:45 AM UTC, Adam Borowski <kilobyte@angband.pl> wrote: >On Wed, Dec 29, 2021 at 04:35:22PM -0500, Scott Kitterman wrote:
    The postfix package ships a script in /etc/resolvconf/update-libc.d/ to restart
    postfix when resolv.conf is updated. As far as I know, that still works if the
    resolvconf package is installed, but if not (i.e. Debian default), what's the
    equivalent? Does systemd-resolved have an equivalent? Should users that want
    this functionality install resolvconf?

    The whole point is resolvconf is to be a common interface between producers: >* ifup/ifdown
    * DHCP clients
    * PPP daemon
    * local name servers
    and consumers:
    * DNS caches
    * resolver libraries (including glibc)

    If systemd-resolved doesn't interface with resolvconf yet, then these tools >should be taught to pass data, instead of inventing a yet another
    user-facing interface.

    It does. My question is on the other end of the problem. Once resolv.conf is updated, how do I trigger an action for another package? In this case it's copy the updated resolv.conf into the chroot and restart postfix. I know how to do everything
    except for the trigger.

    Scott K

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam Borowski@21:1/5 to Scott Kitterman on Thu Dec 30 02:40:02 2021
    On Wed, Dec 29, 2021 at 04:35:22PM -0500, Scott Kitterman wrote:
    The postfix package ships a script in /etc/resolvconf/update-libc.d/ to restart
    postfix when resolv.conf is updated. As far as I know, that still works if the
    resolvconf package is installed, but if not (i.e. Debian default), what's the equivalent? Does systemd-resolved have an equivalent? Should users that want
    this functionality install resolvconf?

    The whole point is resolvconf is to be a common interface between producers:
    * ifup/ifdown
    * DHCP clients
    * PPP daemon
    * local name servers
    and consumers:
    * DNS caches
    * resolver libraries (including glibc)

    If systemd-resolved doesn't interface with resolvconf yet, then these tools should be taught to pass data, instead of inventing a yet another
    user-facing interface.


    Meow!
    --
    ⢀⣴⠾⠻⢶⣦⠀
    ⣾⠁⢠⠒⠀⣿⡁ No matter if fathered by Abdes Pantera or a deity, Jesus ⢿⡄⠘⠷⠚⠋⠀ was a bastard.
    ⠈⠳⣄⠀⠀⠀⠀

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bastian Blank@21:1/5 to Scott Kitterman on Thu Dec 30 09:00:02 2021
    On Thu, Dec 30, 2021 at 01:48:49AM +0000, Scott Kitterman wrote:
    It does. My question is on the other end of the problem. Once resolv.conf is updated, how do I trigger an action for another package? In this case it's copy the updated resolv.conf into the chroot and restart postfix. I know how to do everything
    except for the trigger.

    Maybe you should stop supporting the non-standard chroot configuration?

    Bastian

    --
    "... freedom ... is a worship word..."
    "It is our worship word too."
    -- Cloud William and Kirk, "The Omega Glory", stardate unknown

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Kitterman@21:1/5 to All on Thu Dec 30 14:40:01 2021
    On Thursday, December 30, 2021 2:35:56 AM EST Bastian Blank wrote:
    On Wed, Dec 29, 2021 at 04:35:22PM -0500, Scott Kitterman wrote:
    The postfix package ships a script in /etc/resolvconf/update-libc.d/ to restart postfix when resolv.conf is updated. As far as I know, that
    still works if the resolvconf package is installed, but if not (i.e.
    Debian default), what's the equivalent? Does systemd-resolved have an equivalent? Should users that want this functionality install
    resolvconf?

    Why do you need to restart services on resolv.conf changes? The libc resolver takes care of it by re-reading the file after it changed.

    Because postfix doesn't. Also, the copy of the file in the chroot needs to be updated.

    Scott K
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmHNsS8ACgkQeNfe+5rV mvHmiw//aTOSysTGWHN1TFkzjkCV4RtWzoo+e1j5kpSuKzjYUDvFRU7faHHJZckY Pmi8l/wx6zNKS89DxKy5rJaY2GaObUi2wcbLVIHIgIVDjsbwbYRM9HE96dsvXdig OI1QYRqS4TBYKXm//VIOzppDRZTKSWp3eRbsU8dBMdcdIq3m6yBDgMPgKXr4Bw3d Zquvu/I2qKJj1uSxkvTMecOGZF50+KPBu3ZXwlmm+Gp1Le6SFUQ9qTMQDYg4yJdA Knl0Pvi81jseV51FKax8wGBgK77qO/q2b2lSd/eelrrra/W2f1HcsBnMPcrMgiHo V81ymjJ/I7kmKzCp4tLWCkBf38Ry4F9wkiTOWnxVwG18VWZnfsIuUMczNEDDPqkD +JOCvqVS5cUzL3Ipuyl9hd5bTKWehAZ0WtnmHGfX21C8fogeYCZ8hypyNJzp30tR l0CIs2M9SCkxafAjicDGb19b8E87BsgOa49In+OXhG4X9L8wYn1ZLEOSbcm3ZT32 KbmKh4/I8LagrXJ65/UFeotO5ONqRw/YAnRtDyKsMlhH/T5fuAGoQGvX/Cns0BCB fGRPFss6qPSTgoI3Tmz9m0WJDVygs8GB9XpHn6YgeahqcwAwMVfhlB+MvTlMp2bE sybFZ+rBjQJQH0RwJik+VjPws/LcoZDpgRhfS5/+JB6oJyfKSz8=
    =1vMG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Kitterman@21:1/5 to All on Thu Dec 30 14:50:01 2021
    On Thursday, December 30, 2021 2:36:45 AM EST Bastian Blank wrote:
    On Thu, Dec 30, 2021 at 01:48:49AM +0000, Scott Kitterman wrote:
    It does. My question is on the other end of the problem. Once
    resolv.conf is updated, how do I trigger an action for another package?
    In this case it's copy the updated resolv.conf into the chroot and
    restart postfix. I know how to do everything except for the trigger.
    Maybe you should stop supporting the non-standard chroot configuration?

    What do you mean by non-standard? It's true that the upstream default is now not in the chroot, but it's totally a configuration supported by upstream.

    How would you suggest handling upgrades? I've no idea how to determine if an installation is chrooted because the administrator wanted it chrooted or if it's merely because that's been the default in Debian for over 20 years.

    I believe I can solve this problem by adding Recommends: resolvconf if that's the only way. I had hoped there would be some "modern" way to do it from within Debian's default package set.

    Scott K
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmHNs28ACgkQeNfe+5rV mvEEahAAoYnfpSXULMOutt/aGXuPFxVCs2/dR2gkFcaILoaGlZnLx/mEZfIKwilD XbZDFOpBS+Nq+6pA067CJ8tZrpWTPn3T9mZeAznpj1/9xtWrKVZgIGg8QhM2T8tP ErL3z3UoWcKDcEk2KuINcq9vUL3zvCggGKfNlFWB6lMLBW6qd7CphOYLT8oehIkF NJTusaE2fCtvCS5Qytkeag7TXcKiXwvdc7raLs1PGdx+kI36jFJL8k+K0n4rvdsM r5lby8aKyl389npQFWEhtjLAzUb2T5NPRwhls68ajlfPdh6taBSAWVqmuoRpvBA2 stjz6MKlm32mSuOStdf1jhWJrVPo4+5MOTqF8krdxUzjsMEPyP1Z/hFiWLbHocoV u2RNa2ToQH6jw7eBCMwYr0XfDtcyy1HC9JBOiVwCA1NNnz1igwZS9vZDL1+4w4rW JqLUnx6KxdVMI8jVdlv1ubk73xIiv/CMHh7c0/1gW29FjNTcVCtnKOTf2hNeYy5g G6vPC1cWgFCZcGbeN+7rxNp9/bAvCb0Io4UQ1aszDet50G8CCDNUX+aRxbZVZtAn l6658xiOnbatysuERlB4qvqT+T/CUwbYkmu5dWtlnF1waHzqzNIsj0DBczlYhWhk CMMdeJqWmthbu0l/9hS075PJqVmcCrfnMov635iURkN60NXulzY=
    =uirY
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?utf-8?Q?Bj=C3=B8rn_Mork?=@21:1/5 to Scott Kitterman on Thu Dec 30 15:10:02 2021
    Scott Kitterman <debian@kitterman.com> writes:

    I believe I can solve this problem by adding Recommends: resolvconf if that's the only way. I had hoped there would be some "modern" way to do it from within Debian's default package set.

    Funny. That seems to have been the solution to this bug almost 20 years
    ago too: https://bugs.debian.org/154669


    Bjørn

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Bremner@21:1/5 to Scott Kitterman on Thu Dec 30 15:30:02 2021
    Scott Kitterman <debian@kitterman.com> writes:

    I believe I can solve this problem by adding Recommends: resolvconf if that's the only way. I had hoped there would be some "modern" way to do it from within Debian's default package set.

    I hope that wouldn't interfere with an enabled systemd-resolved,
    otherwise that seems likely to cause some breakage.

    d

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Kitterman@21:1/5 to All on Thu Dec 30 15:50:01 2021
    On Thursday, December 30, 2021 8:50:48 AM EST Bjrn Mork wrote:
    Scott Kitterman <debian@kitterman.com> writes:
    I believe I can solve this problem by adding Recommends: resolvconf if that's the only way. I had hoped there would be some "modern" way to do
    it from within Debian's default package set.

    Funny. That seems to have been the solution to this bug almost 20 years
    ago too: https://bugs.debian.org/154669

    Yes. Exactly. I'm not sure where we lost it and I'll put it back if that's the most correct solution, but it seems suboptimal since another package is now managing resolv.conf in our default install.

    Scott K
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmHNwggACgkQeNfe+5rV mvGW4BAAmODlU5tLRVpp4rn1Y7189+goohjGgtk6GZoDRt7taqtQ+nm3uswI2Brr yUjBrRhAN6RoKx4k3fOfy8kRtpaI1Eu+8RvoGtR2sENXAGS5Ph8Ct8tx32oqSXI/ zPlCOzQLk2o+3fNYzJZ5ktwAJtmPWf4ik8vqGp9VuaBz0UGBVcGOwWGl0DLDI1KM wJQsADmExO4AqOMjTEP4Cel2WeOT+o3DKGVt3fpnuGdCPkfzS23vyVXjfmiP5Cxt ZjNEIl5a9VDZowPov9wxB9pNYCFtAWrF0KNkSUX+Nn5mE1IWyZAI3U9KNr7dRfcD 34ve0J24c5LTVL5l2DUngzJu0ipiXkfnp/lV7pY/aVy84oiM1XXJ0FzQvJMvkr3o R1yOeG1fsLAG6XdxU3ybxwuIxzqietaE6kAtV9eoGNw16Yh45+cUScIuNoYWbrOj TjMQxNxg/wKtPt0cdYiCh7O++QCyo4thsDJg9vPPU7Vet9SSnOH+4nbk21JZJcIO bEaGQOZ23tNUB5YiydPWX/OALFbGb0ZCLrhHozkiXcTX3VzHNjWZ5eqxyoxpk2lx Ugz8oyZbSwB6cVqrg3xm40jl0UGs2t6bJ2hNdJyRsnA/hxPky+boCy5v78hi3NSU wZbZoUsT1zwBx72Tghcai4ucscIosA4fdgCLpFtvJ9JtWsIPyDk=
    =2exe
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bastian Blank@21:1/5 to Scott Kitterman on Thu Dec 30 16:30:01 2021
    On Thu, Dec 30, 2021 at 08:26:07AM -0500, Scott Kitterman wrote:
    Maybe you should stop supporting the non-standard chroot configuration?
    What do you mean by non-standard? It's true that the upstream default is now not in the chroot, but it's totally a configuration supported by upstream.

    chroot is non-standard configuration in Postfix and was discuoraged for
    a lot of years before that. Exactly because of problems like that.

    How would you suggest handling upgrades? I've no idea how to determine if an installation is chrooted because the administrator wanted it chrooted or if it's merely because that's been the default in Debian for over 20 years.

    You error out if postconf -M show chroot enabled.

    I believe I can solve this problem by adding Recommends: resolvconf if that's the only way. I had hoped there would be some "modern" way to do it from within Debian's default package set.

    No, it can't be solved this way, as resolvconf and systemd-resolved do
    not communicate.

    Bastian

    --
    The more complex the mind, the greater the need for the simplicity of play.
    -- Kirk, "Shore Leave", stardate 3025.8

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Michael Biebl@21:1/5 to All on Thu Dec 30 20:20:01 2021
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------9cmHbb8kAkSSbTcvX4jY5Nji
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    T24gMjkuMTIuMjEgMjI6MzUsIFNjb3R0IEtpdHRlcm1hbiB3cm90ZToNCj4gVGhlIHBvc3Rm aXggcGFja2FnZSBzaGlwcyBhIHNjcmlwdCBpbiAvZXRjL3Jlc29sdmNvbmYvdXBkYXRlLWxp YmMuZC8gdG8gcmVzdGFydA0KPiBwb3N0Zml4IHdoZW4gcmVzb2x2LmNvbmYgaXMgdXBkYXRl ZC4NCg0KV2h5IGNvcHkgdGhlIGZpbGU/IENvdWxkbid0IHlvdSBiaW5kIG1vdW50IGl0IGlu dG8gdGhlIGNocm9vdCBzbyB5b3UgDQpkb24ndCBuZWVkIHRvIHVwZGF0ZSBpdCBldmVyeXRp bWUgdGhlIGhvc3QgL2V0Yy9yZXNvbHYuY29uZiBjaGFuZ2VzPw0KDQoNCg==

    --------------9cmHbb8kAkSSbTcvX4jY5Nji--

    -----BEGIN PGP SIGNATURE-----

    wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmHOAEgFAwAAAAAACgkQauHfDWCPItz+ dw/+NRyKOycFCb73MGiWVXnMONYJgSXNXfRXXN6GsSOQ23UPysN4DxRmBwJeRH2kOmv5RjUuEPSn YrHK+NvKKR7KksklI0+q0GdYlrsnyL9VcX7J2qxOsflqjOgM0RS0Db8YE2lWHpyjuqUMzXHzdl+l Lj0sB1XqXjdiA20J2lN0EXh0fti78i4f3/GytmgCw9fr6vzod4ToR9aIRztMVNXHAro+do8CNt2F VkD3Pzi7pSm9vdcwnLlsF9DdWzJDLFIqNendu06GphptzqEDjflr1bvzT3rcFS3UE4aOmDItt2cl zbSlMmxLIleMjzs7TnXiLpLbF65rE2EDuCEitaxc5mKk4SGQx7ErUy6ie/3kaA6ERUuzK+ETdpGS rljFdoY9Qk4oBSB/CsiLudxp5g3bxwlHkRP2KkkyOGe3qgVLN8V7+w8ZGlMPEwjQMY/i+/gYtcAE 3xPFY730NSPgr+pmkbSzbyUtTkBDf5dKOTteah3lY1LoPQ5EAEGUJ5sRqDioV62xkmA1gp4gtxNj NkUs8wqRukwCMBC5ceNR31ypEBSjn/w++FAf8wth+c+Qri7yJ3wKzXd0x3SVePoo/0oNYFeGwkK4 06LcnNXXpx0eM8pjfQImdsbYvjzbbaRrWqyvJTUDi0g5JKJYYHFQK0KkmNFdwgMRB1F+rpX8Q1cr 02k=
    =0yYI
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrej Shadura@21:1/5 to Michael Biebl on Thu Dec 30 21:10:01 2021
    Hi,

    On Thu, 30 Dec 2021, at 19:54, Michael Biebl wrote:
    On 29.12.21 22:35, Scott Kitterman wrote:
    The postfix package ships a script in /etc/resolvconf/update-libc.d/ to restart
    postfix when resolv.conf is updated.

    Why copy the file? Couldn't you bind mount it into the chroot so you
    don't need to update it everytime the host /etc/resolv.conf changes?

    As far as I remember, resolvconf replaces /etc/resolv.conf when it updates it, so the chroot will end up with an old version of the file.

    --
    Cheers,
    Andrej

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco d'Itri@21:1/5 to Scott Kitterman on Thu Dec 30 21:40:02 2021
    On Dec 30, Scott Kitterman <debian@kitterman.com> wrote:

    I would too. It would be nice if systemd-resolved had some mechanism to support this kind of functionality. If you're going to replace resolvconf, then you ought to actually replace it.
    systemd-resolved is supposed to forward queries to the upstream resolver
    and always be available on 127.0.0.53, so what does actually change in resolve.conf when using it?

    --
    ciao,
    Marco

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCYc4UVgAKCRDLPsM64d7X gUprAP9M6km8C7+Yw5Gc/8e5lvvwpG6QgUza2J60Ug6FZLHAyAD+MvzUoSKwBDQx apxjk25QGNhifz9tIIfOsweLix6a1gU=
    =PpaL
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bastian Blank@21:1/5 to Marco d'Itri on Thu Dec 30 22:40:01 2021
    On Thu, Dec 30, 2021 at 09:19:35PM +0100, Marco d'Itri wrote:
    systemd-resolved is supposed to forward queries to the upstream resolver
    and always be available on 127.0.0.53, so what does actually change in resolve.conf when using it?

    Only if you are using the stub resolver. systemd-resolved can also
    update a resolv.conf with the real resolver. Okay, you loose a lot of flexibility then, because resolv.conf can't redirect domains to
    different name servers, but you can do that.

    Bastian

    --
    ... bacteriological warfare ... hard to believe we were once foolish
    enough to play around with that.
    -- McCoy, "The Omega Glory", stardate unknown

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)