dhcp: use included bind version

Submitted by Vyacheslav Yurkov on June 10, 2020, 2:35 p.m. | Patch ID: 173453

Details

Message ID 20200610143520.2727827-1-uvv.mail@gmail.com
State New
Headers show

Commit Message

Vyacheslav Yurkov June 10, 2020, 2:35 p.m.
From: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>

ISC DHCP should link against BIND9 libraries, which are tailored
specifically for DHCP. BIND9 package in Yocto core layer has different
configuraiton, in particular it has threads and epoll enabled.

ISC DHCP isn't a multi-threaded application, running it with bind9
libraries compiled in with threading enabled is not something ISC can
vouch for.

BIND9 libraries support a lot of options specifically geared towards
optimizing DNS operations, many of which do not play nicely with
ISC DHCP's "architecture".  It isn't necessarily practical to build
those libraries for both purposes.

If threading is enabled, then DHCP sporadically fails/crashes with
messages like:

lib/isc/unix/socket.c:1054: epoll_ctl(DEL), 6: Bad file descriptor
lib/isc/unix/socket.c:3332: INSIST(!sock->pending_send) failed.

Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
---
 meta/recipes-connectivity/dhcp/dhcp.inc       |  6 ++---
 .../0014-Use-static-version-of-libbind.patch  | 23 +++++++++++++++++++
 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |  1 +
 3 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/0014-Use-static-version-of-libbind.patch

Patch hide | download patch | download mbox

diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc
index d46130d49b..466cdf921a 100644
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -10,7 +10,7 @@  HOMEPAGE = "http://www.isc.org/"
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
 
-DEPENDS = "openssl bind"
+DEPENDS = "openssl zlib"
 
 SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
            file://init-relay file://default-relay \
@@ -50,9 +50,9 @@  EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
                 --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
                 --enable-paranoia --disable-static \
                 --with-randomdev=/dev/random \
-                --with-libbind=${STAGING_DIR_HOST} \
-		--enable-libtool \
+                --enable-libtool \
                "
+PARALLEL_MAKE = ""
 
 #Enable shared libs per dhcp README
 do_configure_prepend () {
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0014-Use-static-version-of-libbind.patch b/meta/recipes-connectivity/dhcp/dhcp/0014-Use-static-version-of-libbind.patch
new file mode 100644
index 0000000000..63c74b25a5
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0014-Use-static-version-of-libbind.patch
@@ -0,0 +1,23 @@ 
+From a96f65117d63bea4287f19e80595f7aab282410a Mon Sep 17 00:00:00 2001
+From: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
+Date: Wed, 10 Jun 2020 07:56:20 +0200
+Subject: [PATCH] Use static version of libbind
+
+Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
+---
+ bind/Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bind/Makefile.in b/bind/Makefile.in
+index 8fe8883..902fc3d 100644
+--- a/bind/Makefile.in
++++ b/bind/Makefile.in
+@@ -22,7 +22,7 @@ prefix = @prefix@
+ exec_prefix = @exec_prefix@
+ 
+ bindconfig = --without-openssl --without-libxml2 --without-libjson \
+-	--without-gssapi --disable-threads --without-lmdb \
++	--without-gssapi --disable-threads --without-lmdb --disable-shared \
+ 	--includedir=@includedir@ --libdir=@libdir@  --without-python\
+ 	@BINDLT@ @BINDIOMUX@ @BINDCONFIG@ --enable-full-report
+ 
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
index b56a204821..a322794e60 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
@@ -10,6 +10,7 @@  SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
             file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
             file://0013-fixup_use_libbind.patch \
             file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \
+            file://0014-Use-static-version-of-libbind.patch \
 "
 
 SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1"

Comments

Richard Purdie June 10, 2020, 3:05 p.m.
On Wed, 2020-06-10 at 16:35 +0200, Vyacheslav Yurkov wrote:
> From: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
> 
> ISC DHCP should link against BIND9 libraries, which are tailored
> specifically for DHCP. BIND9 package in Yocto core layer has
> different
> configuraiton, in particular it has threads and epoll enabled.
> 
> ISC DHCP isn't a multi-threaded application, running it with bind9
> libraries compiled in with threading enabled is not something ISC can
> vouch for.
> 
> BIND9 libraries support a lot of options specifically geared towards
> optimizing DNS operations, many of which do not play nicely with
> ISC DHCP's "architecture".  It isn't necessarily practical to build
> those libraries for both purposes.
> 
> If threading is enabled, then DHCP sporadically fails/crashes with
> messages like:
> 
> lib/isc/unix/socket.c:1054: epoll_ctl(DEL), 6: Bad file descriptor
> lib/isc/unix/socket.c:3332: INSIST(!sock->pending_send) failed.

You seem to disable parallel make yet no mention of that in the log?

Why doesn't dhcp build and link against a static libbind by default if
these issues are present the the dhcp authors don't want to work with
such libbinds?

Cheers,

Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139401): https://lists.openembedded.org/g/openembedded-core/message/139401
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Adrian Bunk June 10, 2020, 4:07 p.m.
On Wed, Jun 10, 2020 at 04:35:20PM +0200, Vyacheslav Yurkov wrote:
>...
> BIND9 libraries support a lot of options specifically geared towards
> optimizing DNS operations, many of which do not play nicely with
> ISC DHCP's "architecture".  It isn't necessarily practical to build
> those libraries for both purposes.
>...

Providing security support for several different copies of the BIND
code would be a nightmare.

cu
Adrian
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139402): https://lists.openembedded.org/g/openembedded-core/message/139402
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Vyacheslav Yurkov June 10, 2020, 4:31 p.m.
On 10.06.2020 18:07, Adrian Bunk wrote:
> On Wed, Jun 10, 2020 at 04:35:20PM +0200, Vyacheslav Yurkov wrote:
>> ...
>> BIND9 libraries support a lot of options specifically geared towards
>> optimizing DNS operations, many of which do not play nicely with
>> ISC DHCP's "architecture".  It isn't necessarily practical to build
>> those libraries for both purposes.
>> ...
> Providing security support for several different copies of the BIND
> code would be a nightmare.
>
> cu
> Adrian

Right, but I don't think there's a way to build two configurations out 
of one recipe, isn't it?

Vyacheslav
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139403): https://lists.openembedded.org/g/openembedded-core/message/139403
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Vyacheslav Yurkov June 10, 2020, 4:36 p.m.
On 10.06.2020 17:05, Richard Purdie wrote:
> You seem to disable parallel make yet no mention of that in the log?
Right, I forgot to mention that in the commit message. Building bind at 
'compile' stage breaks parallel make. I assume that can be addressed, 
but I'd need to take a look at how to set that dependency with autotools.
> Why doesn't dhcp build and link against a static libbind by default if
> these issues are present the the dhcp authors don't want to work with
> such libbinds?
That's a good question. I assume the alternative is disable threads in 
bind recipes then a shared library can be used by both, dhcp and named 
(DNS). Hopefully Thomas from ISC (in CC) could clarify this better than me.
>
> Cheers,
>
> Richard
>

Regards,
Vyacheslav
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139404): https://lists.openembedded.org/g/openembedded-core/message/139404
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Adrian Bunk June 10, 2020, 5:42 p.m.
On Wed, Jun 10, 2020 at 06:31:55PM +0200, Vyacheslav Yurkov wrote:
> On 10.06.2020 18:07, Adrian Bunk wrote:
> > On Wed, Jun 10, 2020 at 04:35:20PM +0200, Vyacheslav Yurkov wrote:
> > > ...
> > > BIND9 libraries support a lot of options specifically geared towards
> > > optimizing DNS operations, many of which do not play nicely with
> > > ISC DHCP's "architecture".  It isn't necessarily practical to build
> > > those libraries for both purposes.
> > > ...
> > Providing security support for several different copies of the BIND
> > code would be a nightmare.
> > 
> > cu
> > Adrian
> 
> Right, but I don't think there's a way to build two configurations out of
> one recipe, isn't it?

It is possible.
More common is sharing the sources between two (or more) recipes
with an .inc file.

Unrelated to that, I am a bit suprised why the current Yocto setup
is suddenly a problem. Other distributions like Debian/Ubuntu are
also sharing one build of the BIND libraries between BIND and dhcpd.

> Vyacheslav

cu
Adrian
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139405): https://lists.openembedded.org/g/openembedded-core/message/139405
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Vyacheslav Yurkov June 10, 2020, 6:40 p.m.
On 10.06.2020 19:42, Adrian Bunk wrote:
>> Right, but I don't think there's a way to build two configurations out of
>> one recipe, isn't it?
> It is possible.
> More common is sharing the sources between two (or more) recipes
> with an .inc file.
That's not really what I had in mind. That would result in two set of 
recipes anyway, perhaps with the same SRC_URI.
>
> Unrelated to that, I am a bit suprised why the current Yocto setup
> is suddenly a problem. Other distributions like Debian/Ubuntu are
> also sharing one build of the BIND libraries between BIND and dhcpd.
>
The thing is, they don't. This is the 'depends' output from my Ubuntu 
20.04 installation:
% sudo apt-cache depends isc-dhcp-server
...
   Depends: libdns-export1109
   Depends: libirs-export161
   Depends: libisc-export1105

% sudo apt-cache depends bind9
bind9
...
   Depends: bind9-libs

bind9-libs is bind-9.16.1, but export libraries are bind-9.11.16.

So answering Richard's question, having shared linking is also possible, 
but that would result in two sets of bind libraries.

> cu
> Adrian

Regards,
Vyacheslav
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139410): https://lists.openembedded.org/g/openembedded-core/message/139410
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Khem Raj June 13, 2020, 12:41 a.m.
On Wednesday, June 10, 2020 9:36:52 AM PDT Vyacheslav Yurkov wrote:
> On 10.06.2020 17:05, Richard Purdie wrote:
> > You seem to disable parallel make yet no mention of that in the log?
> 
> Right, I forgot to mention that in the commit message. Building bind at
> 'compile' stage breaks parallel make. I assume that can be addressed,
> but I'd need to take a look at how to set that dependency with autotools.
> 
> > Why doesn't dhcp build and link against a static libbind by default if
> > these issues are present the the dhcp authors don't want to work with
> > such libbinds?
> 
> That's a good question. I assume the alternative is disable threads in
> bind recipes then a shared library can be used by both, dhcp and named
> (DNS). Hopefully Thomas from ISC (in CC) could clarify this better than me.
> 

I think it would be good to share if we can. Shipping two versions of bind 
libraries is less than ideal, have you explored disabling threading in the 
bind recipe and see if named is happy with that ?

> > Cheers,
> > 
> > Richard
> 
> Regards,
> Vyacheslav
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139471): https://lists.openembedded.org/g/openembedded-core/message/139471
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Vyacheslav Yurkov June 13, 2020, 8:31 a.m.
On 13.06.2020 02:41, Khem Raj wrote:
> I think it would be good to share if we can. Shipping two versions of bind
> libraries is less than ideal, have you explored disabling threading in the
> bind recipe and see if named is happy with that ?
>
Yes, I have. It partially solves the issue. At least DHCP doesn't 
crash/fail anymore, but warnings from epoll enabled are still seen in 
the logs. The other question is do we have to strip down BIND 
functionality in order to make DHCP work?

I understand that maintenance effort is at stake and we are looking for 
the best possible solution here, but IMHO having one set of bind 
libraries for both BIND and DHCP servers is not one of them.

We could also go Ubuntu way here, by having two bind-9.11.x for DHCP and 
upgrading BIND server to the latest stable (9.16.x if I'm not mistaken). 
Then security support could be only done for 9.11.x version, the latest 
stable should have most of security patches included already.

Vyacheslav
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139474): https://lists.openembedded.org/g/openembedded-core/message/139474
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Alexander Kanavin June 17, 2020, 10:35 a.m.
This brings me to a question. Should we replace dhcp with kea?

https://www.isc.org/kea/

Alex

On Sat, 13 Jun 2020 at 10:31, Vyacheslav Yurkov <uvv.mail@gmail.com> wrote:

> On 13.06.2020 02:41, Khem Raj wrote:
> > I think it would be good to share if we can. Shipping two versions of
> bind
> > libraries is less than ideal, have you explored disabling threading in
> the
> > bind recipe and see if named is happy with that ?
> >
> Yes, I have. It partially solves the issue. At least DHCP doesn't
> crash/fail anymore, but warnings from epoll enabled are still seen in
> the logs. The other question is do we have to strip down BIND
> functionality in order to make DHCP work?
>
> I understand that maintenance effort is at stake and we are looking for
> the best possible solution here, but IMHO having one set of bind
> libraries for both BIND and DHCP servers is not one of them.
>
> We could also go Ubuntu way here, by having two bind-9.11.x for DHCP and
> upgrading BIND server to the latest stable (9.16.x if I'm not mistaken).
> Then security support could be only done for 9.11.x version, the latest
> stable should have most of security patches included already.
>
> Vyacheslav
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139595): https://lists.openembedded.org/g/openembedded-core/message/139595
Mute This Topic: https://lists.openembedded.org/mt/74797704/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-