[kirkstone,22/23] dhcpcd: fix to work with systemd

Message ID	26c1338f5ad73488d80cdb97ae2efbf0652ee1ac.1669904703.git.steve@sakoman.com
State	Accepted, archived
Commit	26c1338f5ad73488d80cdb97ae2efbf0652ee1ac
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.52, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 22/23] dhcpcd: fix to work with systemd Date: Thu, 1 Dec 2022 04:27:16 -1000 Message-Id: <26c1338f5ad73488d80cdb97ae2efbf0652ee1ac.1669904703.git.steve@sakoman.com> In-Reply-To: <cover.1669904703.git.steve@sakoman.com> References: <cover.1669904703.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/23] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 \| expand [kirkstone,01/23] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 [kirkstone,02/23] tiff: refresh with devtool [kirkstone,03/23] tiff: fix a number of CVEs [kirkstone,04/23] tiff: Security fix for CVE-2022-3970 [kirkstone,05/23] tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch [kirkstone,06/23] curl: Fix CVE-2022-32221 [kirkstone,07/23] curl: Fix CVE-2022-42916 [kirkstone,08/23] curl: Fix CVE-2022-42915 [kirkstone,09/23] dropbear: fix CVE-2021-36369 [kirkstone,10/23] libpam: fix CVE-2022-28321 [kirkstone,11/23] dbus: upgrade 1.14.0 -> 1.14.4 [kirkstone,12/23] linux-yocto/5.15: update to v5.15.74 [kirkstone,13/23] linux-yocto/5.15: update to v5.15.76 [kirkstone,14/23] linux-yocto/5.15: update to v5.15.78 [kirkstone,15/23] linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings [kirkstone,16/23] kern-tools: integrate ZFS speedup patch [kirkstone,17/23] kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild [kirkstone,18/23] linux-firmware: upgrade 20221012 -> 20221109 [kirkstone,19/23] linux-firmware: add new fw file to ${PN}-qcom-adreno-a530 [kirkstone,20/23] sstatesig: emit more helpful error message when not finding sstate manifest [kirkstone,21/23] resolvconf: make it work [kirkstone,22/23] dhcpcd: fix to work with systemd [kirkstone,23/23] mirrors.bbclass: update CPAN_MIRROR

Message ID

26c1338f5ad73488d80cdb97ae2efbf0652ee1ac.1669904703.git.steve@sakoman.com

State

Accepted, archived

Commit

26c1338f5ad73488d80cdb97ae2efbf0652ee1ac

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 22/23] dhcpcd: fix to work with systemd
Date: Thu,  1 Dec 2022 04:27:16 -1000
Message-Id: 
 <26c1338f5ad73488d80cdb97ae2efbf0652ee1ac.1669904703.git.steve@sakoman.com>
In-Reply-To: <cover.1669904703.git.steve@sakoman.com>
References: <cover.1669904703.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/23] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775 | expand

Commit Message

Steve Sakoman Dec. 1, 2022, 2:27 p.m. UTC

From: Chen Qi <Qi.Chen@windriver.com>

Currently, dhcpcd does not work well with systemd. When using dhcpcd
to configure network, the /etc/resolv.conf contents are not correct.
This issue could easily be reproduced by using 'qemu + slirp' to
start a systemd based image and using dhcpcd to configure network.
The expected 'nameserver 10.0.2.3' is not in /etc/resolv.conf.

The root cause of this problem is that dhcpcd assumes the resolvconf
should recognize .protocol suffix[1]. But systemd's resolvconf (which
is a symlink to resolvectl) has a limited support for traditional
resolvconf interface[2], and "may not work with all clients"[3]. This
of cource includes the clients that use the .protocol suffix.

The current situation is:
1. systemd is not going to support the .protocol suffix in the foreseeable
   near future[4].
2. dhcpcd does not want to merge systemd specific patch and insists
   systemd needs to consider the .protocol suffix[5][6].

It's a normal thing that people have different opinions. As a build system
that supports such combination, however, we do need to come up with a
solution to fix this typical integration problem, making dhcpcd and systemd
work together.

This patch solves this integration problem by relying on dhcpcd's ability
to manage its own resolv.conf contents. But instead of letting it to write
to /etc/resolv.conf directly, we supply the generated contents to resolvconf.
In this way, the resolvconf still stands in the central place and dhcpcd remains
a supplier to it. And the /etc/resolv.conf can get the correct contents.
With this patch, dhcpcd could work with both sysvinit and systemd.

[1] https://man.archlinux.org/man/resolvconf.8.en
[2] https://man.archlinux.org/man/resolvectl.1#COMPATIBILITY_WITH_RESOLVCONF(8)
[3] https://wiki.archlinux.org/title/systemd-resolved
[4] https://github.com/systemd/systemd/issues/25032
[5] https://github.com/NetworkConfiguration/dhcpcd/pull/152
[6] https://github.com/NetworkConfiguration/dhcpcd/issues/146

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 935ae419f51d911c73f5dc7b4a2e5e9a7b206985)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dhcpcd/dhcpcd_9.4.1.bb                    |  1 +
 ...mprove-the-sitation-of-working-with-.patch | 82 +++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch

diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
index ab6ffe986c..1d03de09c8 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -13,6 +13,7 @@  UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/"
 
 SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
            file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
+           file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
            file://dhcpcd.service \
            file://dhcpcd@.service \
            "
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
new file mode 100644
index 0000000000..6f90c88249
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
@@ -0,0 +1,82 @@ 
+From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 9 Nov 2022 16:33:18 +0800
+Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd
+
+systemd's resolvconf implementation ignores the protocol part.
+See https://github.com/systemd/systemd/issues/25032.
+
+When using 'dhcp server + dns server + dhcpcd + systemd', we
+get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra',
+yet systemd's resolvconf treats it as eth0. This will delete the
+DNS information set by 'resolvconf -a eth0.dhcp'.
+
+Fortunately, 20-resolv.conf has the ability to build the resolv.conf
+file contents itself. We can just pass the generated contents to
+systemd's resolvconf. This way, the DNS information is not incorrectly
+deleted. Also, it does not cause behavior regression for dhcpcd
+in other cases.
+
+Upstream-Status: Inappropriate [OE Specific]
+This patch has been rejected by dhcpcd upstream.
+See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ hooks/20-resolv.conf | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf
+index 504a6c53..eb6e5845 100644
+--- a/hooks/20-resolv.conf
++++ b/hooks/20-resolv.conf
+@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming"
+ NL="
+ "
+ : ${resolvconf:=resolvconf}
++resolvconf_from_systemd=false
+ if type "$resolvconf" >/dev/null 2>&1; then
+ 	have_resolvconf=true
++	if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then
++		resolvconf_from_systemd=true
++	fi
+ else
+ 	have_resolvconf=false
+ fi
+@@ -69,8 +73,13 @@ build_resolv_conf()
+ 	else
+ 		echo "# /etc/resolv.conf.tail can replace this line" >> "$cf"
+ 	fi
+-	if change_file /etc/resolv.conf "$cf"; then
+-		chmod 644 /etc/resolv.conf
++	if $resolvconf_from_systemd; then
++		[ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
++		"$resolvconf" -a "$ifname" <"$cf"
++	else
++		if change_file /etc/resolv.conf "$cf"; then
++			chmod 644 /etc/resolv.conf
++		fi
+ 	fi
+ 	rm -f "$cf"
+ }
+@@ -170,7 +179,7 @@ add_resolv_conf()
+ 	for x in ${new_domain_name_servers}; do
+ 		conf="${conf}nameserver $x$NL"
+ 	done
+-	if $have_resolvconf; then
++	if $have_resolvconf && ! $resolvconf_from_systemd; then
+ 		[ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
+ 		printf %s "$conf" | "$resolvconf" -a "$ifname"
+ 		return $?
+@@ -186,7 +195,7 @@ add_resolv_conf()
+ 
+ remove_resolv_conf()
+ {
+-	if $have_resolvconf; then
++	if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then
+ 		"$resolvconf" -d "$ifname" -f
+ 	else
+ 		if [ -e "$resolv_conf_dir/$ifname" ]; then
+-- 
+2.17.1
+

[kirkstone,22/23] dhcpcd: fix to work with systemd

Commit Message

Patch