[Resolvconf-devel] Bug#776778: Please play nicely with resolvconf

Thomas Hood jdthood at gmail.com
Thu Feb 5 20:28:44 UTC 2015 

On 5 February 2015 at 16:35, Axel Beckert <abe at debian.org> wrote:
> Ondřej Surý wrote:
>> There's already a unblock bug filled as well.

Great!


>> Then we need to come up with solution that doesn't break resolvconf when
>> installing it after dnssec-trigger is already installed.
>
> Just an idea, but what about resolvconf checking in its postinst if
> dnssec-triggerd is available and if so restarting it first? Then
> dnssec-triggerd would notice that resolvconf is installed (as
> /sbin/resolvconf already exists) and talks to resolvconf instead
> making /etc/resolv.conf immutable again.


Well, first, if resolvconf is installed then dnssec-trigger should
refrain from any further futzing with /etc/resolv.conf. Thus any code
in the dnssec-trigger package that futzes with /etc/resolv.conf should
be bracketed with the equivalent of "if ! [ -x /sbin/resolvconf ] ;
then futz ; fi". It shouldn't be necessary to restart dnssec-trigger
for it to behave according to the newfound presence of resolvconf.

Second, it might be simpler just for resolvconf to detect that
dnssec-triggerd is running and, in that case, to override the
immutability attribute when installing the symlink at
/etc/resolv.conf.

So when dnssec-trigger has been installed and resolvconf is
subsequently installed, (1) /sbin/resolvconf appears on the
filessystem causing dnssec-trigger to refrain from any further futzing
with /etc/resolv.conf; (2) resolvconf's postinst deimmutabilizes
/etc/resolv.conf and installs the symlink.

On installation, before the next reboot, resolvconf includes existing
nameserver information in its database, so the information about the
local "unbound" instance will not be lost. However, this information
may not be prioritized correctly. So (3) resolvconf should then cause
unbound to restart so that unbound notices resolvconf's presence and
registers its address with resolvconf. The way to do this is for the
unbound package to include a script
/usr/lib/resolvconf/dpkg-event.d/unbound which restarts unbound.
Resolvconf runs the script /usr/lib/resolvconf/dpkg-event.d/foo at
postinst time for each package foo (having such a script) that is
already installed at resolvconf preinst time. See dnsmasq for an
example of a package which has such a resolvconf packaging event hook
script.

I don't know dnssec-trigger very well. It it possible that it does
other things that conflict with what resolvconf does.
-- 
Thomas

More information about the Resolvconf-devel mailing list