Bug#1017714: systemd-resolved: deletes /etc/resolv.conf after package removal

Fri Aug 19 12:09:08 BST 2022

Control: severity -1 wishlist
Control: tags -1 wontfix
Control: close -1

On Fri, 19 Aug 2022 13:01:36 +0200 =?UTF-8?Q?Rapha=c3=abl_Halimi?=
<raphael.halimi at gmail.com> wrote:
> Package: systemd-resolved
> Version: 251.3-2~exp1
> Severity: critical
> 
> (filing the bug as critical since it "makes unrelated software on the
> system (or the whole system) break", feel free to downgrade)
> 
> Dear developers,
> 
> The new systemd-resolved package takes over /etc/resolv.conf, and 
> unconditionally makes it a symlink it to 
> /run/systemd/resolve/stub-resolv.conf. Moreover, after the package is
> removed, the symlink is also removed, leaving the system with no 
> /etc/resolv.conf, and thus, a broken DNS resolution.
> 
> /etc/resolv.conf is not considered as a conffile since technically,
it 
> doesn't belong to any package (and is not listed as a conffile by 
> systemd-resolved, which treats it as a normal file), but if it's 
> considered as a configuration file (it's located in /etc after all),
I 
> believe this behavior severely transgresses Debian Policy 10.7.3 on
both 
> points ("local changes must be preserved during a package upgrade"
and 
> "configuration files must be preserved when the package is removed").
> 
> One (conservative) solution would be to not touch /etc/resolv.conf at
> all, leaving the users create the symlink to 
> /run/systemd/resolve/stub-resolv.conf (or 
> /run/systemd/resolve/resolv.conf) themselves. This would solve both 
> transgressions at once. One could argue that it wouldn't make sense
to 
> install systemd-resolved and not use it in /etc/resolv.conf, but the 
> service would still provide the bus and glibc APIs.
> 
> If /etc/resolv.conf is not considered a configuration file, and this
new 
> behavior does not transgresses the Debian Policy, then the package 
> should at least leave the system with a working /etc/resolv.conf file
> after removal, for example by copying the contents of 
> /run/systemd/resolve/resolv.conf (optionally stripping comments and 
> empty lines) in maintainers scripts.
> 
> Regards,
> 
> -- 
> Raphaël Halimi
> 

The description clearly says the package takes over /etc/resolv.conf,
plus the NEWS entry to give notice of it, so this is very much all
working as intended. If you don't want that behaviour, don't install
the optional package that implements it.
The fact that runtime configuration is driven by a file in /etc is an
unfortunate baggage that hopefully one day we'll be able to get rid of,
but not yet.

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20220819/21967e27/attachment-0001.sig>