Ubuntu
kerberos-configs package

kerberos-configs fails to configure if dnsdomainname fails

Bug #296719 reported by Mattias Amnefelt
86
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kerberos-configs (Ubuntu)
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned
Jaunty
Fix Released
Undecided
Unassigned

Bug Description

When I upgraded from 8.04 to 8.10, installation of the package krb5-config broke. I previously had a /etc/krb5.conf which I may have done some changes to but unfortunately it got lost in the debugging process.

What I discovered was that my /etc/hostname didn't include the domainname part of my hostname. This lead
dnsdomainname to fail with the error "Unknown host". When I changed this to an fqdn the installation succeed.

The error output from my apt-get install is shown below.

===============================
mattiasa@host:~$ apt-get install krb5-config
Reading package lists... Done
Building dependency tree
Reading state information... Done
krb5-config is already the newest version.
krb5-config set to manually installed.
The following packages were automatically installed and are no longer required:
  libsl0-heimdal libotp0-heimdal
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up krb5-config (1.19) ...
dnsdomainname: Unknown host
dpkg: error processing krb5-config (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 krb5-config
E: Sub-process /usr/bin/dpkg returned an error code (1)

=============
mattiasa@host:~$ lsb_release -rd
Description: Ubuntu 8.10
Release: 8.10

=============
mattiasa@host:~$ apt-cache policy krb5-config
krb5-config:
  Installed: 1.19
  Candidate: 1.19
  Version table:
 *** 1.19 0
        500 http://se.archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

Revision history for this message
Russ Allbery (rra-debian) wrote : Re: [Bug 296719] [NEW] upgrade from 8.04 to 8.04 broke in krb5-config

Mattias Amnefelt <email address hidden> writes:

> Public bug reported:
>
> When I upgraded from 8.04 to 8.10, installation of the package
> krb5-config broke. I previously had a /etc/krb5.conf which I may have
> done some changes to but unfortunately it got lost in the debugging
> process.
>
> What I discovered was that my /etc/hostname didn't include the
> domainname part of my hostname. This lead dnsdomainname to fail with the
> error "Unknown host". When I changed this to an fqdn the installation
> succeed.

The following patch should fix this. It will be in the next release.

diff --git a/debian/changelog b/debian/changelog
index bfee20f..e4b31f6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+kerberos-configs (1.22) UNRELEASED; urgency=low
+
+ * Suppress errors from dnsdomainname when attempting to find a default
+ for the local realm. (LP: #296719)
+
+ -- Russ Allbery <email address hidden> Tue, 11 Nov 2008 12:47:01 -0800
+
 kerberos-configs (1.21) unstable; urgency=low

   * Translation updates:
diff --git a/debian/krb4-config.config b/debian/krb4-config.config
index c891da7..3bf1c26 100755
--- a/debian/krb4-config.config
+++ b/debian/krb4-config.config
@@ -10,7 +10,8 @@ if [ "x$RET" = "x" ] ; then
     if db_get krb5-config/default_realm && [ "x$RET" != "x" ] ; then
        db_set krb4-config/default_realm "$RET"
     else
- db_set krb4-config/default_realm `dnsdomainname | tr 'a-z' 'A-Z'`
+ domain=`dnsdomainname 2>/dev/null || true`
+ db_set krb4-config/default_realm `echo "$domain" | tr 'a-z' 'A-Z'`
     fi

 fi
diff --git a/debian/krb5-config.config b/debian/krb5-config.config
index cb717d8..f9a3b3e 100755
--- a/debian/krb5-config.config
+++ b/debian/krb5-config.config
@@ -10,7 +10,7 @@ if [ "x$RET" = "x" ] ; then
     if db_get krb4-config/default_realm && [ "x$RET" != "x" ] ; then
        db_set krb5-config/default_realm "$RET"
     else
- domain=`dnsdomainname`
+ domain=`dnsdomainname 2>/dev/null || true`

        # This is a hack, copied from krb5.conf, since we don't have any files
        # when the config script runs.

--
Russ Allbery (<email address hidden>) <http://www.eyrie.org/~eagle/>

Revision history for this message
Russ Allbery (rra-debian) wrote :

This bug is fixed in kerberos-configs 1.22, which is currently in Debian testing.

Changed in kerberos-configs:
status: New → Fix Committed
Revision history for this message
Mathias Gug (mathiaz) wrote :

Approving for intrepid. In order to get an update in intrepid, the StableReleaseUpdate process has to be followed: https://wiki.ubuntu.com/StableReleaseUpdates.

Once version 1.22 is synced in jaunty (as requested in bug 318975) (step 1 of the SRU process), step 2 can be undertaken:

2. Update the bug report description and make sure it contains the following information:

   1. A statement explaining the impact of the bug on users and justification for backporting the fix to the stable release
   2. An explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix.
   3. A minimal patch applicable to the stable version of the package. If preparing a patch is likely to be time-consuming, it may be preferable to get a general approval from the SRU team first.
   4. Detailed instructions how to reproduce the bug. These should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. Please mark this with a line "TEST CASE:".
   5. A discussion of the regression potential of the patch and how users could get inadvertently effected.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kerberos-configs - 1.22

---------------
kerberos-configs (1.22) unstable; urgency=low

  * Suppress errors from dnsdomainname when attempting to find a default
    for the local realm. (LP: #296719)
  * Set the default Kerberos v4 realm in the template to ATHENA.MIT.EDU
    instead of a bogus value, following the practice for krb5.conf.
    This setting is only used if determining the default realm during
    configure fails.
  * Translation updates:
    - Italian, thanks Luca Monducci. (Closes: #508191)

 -- Mathias Gug <email address hidden> Wed, 21 Jan 2009 11:35:35 +0000

Changed in kerberos-configs:
status: Fix Committed → Fix Released
Revision history for this message
Russ Allbery (rra-debian) wrote :

1.22 has been synced to jaunty, so following the process for proposing an intrepid update:

This bug causes users who do not have a valid local hostname to fail to install krb5-config. krb5-config is a dependency of many other packages and recommendation for all Kerberos software packages. The fix is to handle failure of dnsdomainname. A minimum patch is included earlier in this bug.

TEST CASE: Change a system without krb5-config installed so that dnsdomainname exits with an error. This can be done by ensuring that the local hostname is not fully qualified and then breaking DNS lookups (such as by emptying /etc/resolv.conf). Then, try installing krb5-config.

The patch should cause no regressions. It just uses the default domain (ATHENA.MIT.EDU) for users who don't have working DNS and who don't answer the debconf prompt for their Kerberos realm.

Please note: I personally won't have time to prepare and upload the package for Ubuntu intrepid. I only watch Ubuntu bug reports because I'm one of the maintainers of the corresponding Debian package.

Revision history for this message
Mathias Gug (mathiaz) wrote :

I've uploaded a version of the package to intrepid-proposed with the patch posted above.

Note for the TEST CASE: in order to get dnsdomainname return an error, deleting the line in /etc/hosts that defines the fqdn of the system is enough:

127.0.1.1 hostname.domainname alias

Doing so should lead dnsdomainname to return an error:

  $ dnsdomainname
  dnsdomainname: Unknown host

Changed in kerberos-configs:
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Frank A. Toscano (vze287fa)
Changed in kerberos-configs:
assignee: nobody → frank
Steve Langasek (vorlon)
Changed in kerberos-configs:
assignee: frank → nobody
Revision history for this message
Andreas Olsson (andol) wrote :

I can confirm that krb5-config 1.19-0ubuntu0.1, from intrepid-proposed, install just fine even if dnsdomainname returns an error. It was on a configuration where krb5-config 1.19 failed similar to the original bug report.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kerberos-configs - 1.19-0ubuntu0.1

---------------
kerberos-configs (1.19-0ubuntu0.1) intrepid-proposed; urgency=low

  [ Russ Allbery ]
  * Suppress errors from dnsdomainname when attempting to find a default
    for the local realm. (LP: #296719)

 -- Mathias Gug <email address hidden> Thu, 22 Jan 2009 19:30:38 -0500

Changed in kerberos-configs (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in kerberos-configs (Ubuntu Jaunty):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.