Bugzilla Bug 41217

Hi,

there are some bugs concerning the chrooted dhcp-server.

- init.d/dhcp stop doesn't work
- chroot/dhcp/etc/localtime is missing
- name resolution fails (I haven't checked out which libraries are needed, I assume libnss_* and resolv.conf

You're going to have to provide a bit more information. For starters, your
emerge --info screen.  What version are you doing this with?  What doesn't work
about chrooted stop?  dhcp uses UTC for it's timings and whatnot, so what is
/etc/localtime for? What is name resolution for?  Mind you, we dole out about
2000 addresses from this chrooted setup without a hitch.

I'm talking about dhcp-3.0_p2-r2, but I assume -r3 has the same failures.

etc/localtime is needed for correct timestamps in syslog.

/etc/init.d/dhcp stop doesn't work because no .pid file created at startup. So stop fails.

For the name resolution, try adding a router, host or domain server entry in dhcp.conf with a hostname (not an ip).

.pid file creation should be correct in -r3, at least I don't see anything
wrong with it.  name resolution libraries may not be that easy to set up. 
localtime is, I'll add that to the chroot setup.

hi,

'/etc/init.d/dhcp stop' doesnt work here either
'/chroot/etc/localtime' is missing too, but timestamps on console and /var/log/everything seem ok (metalog in case that matters)

$ echo; qpkg -I -v dhcp-; echo; emerge info

net-misc/dhcp-3.0_p2-r3 *

Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.6.0-test9-love4)
=================================================================
System uname: 2.6.0-test9-love4 i686 AMD Athlon(tm) XP 2200+
Gentoo Base System version 1.4.3.13
distcc 2.12.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.59-r3
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/sbin/consolelog.sh /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache distcc sandbox userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.linux.no/ http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X aalib acpi alsa avi berkdb crypt cups emacs encode fbcon foomaticdb freetype gdbm gif gpm gtk gtk2 imlib java jpeg libg++ libwww mad maildir mikmod motif moznocompose moznoirc moznomail mpeg mule mysql ncurses nls oggvorbis opengl pam pdflib perl png python quicktime readline sdl spell sse ssl tcltk tcpd truetype usb wmf x86 xml2 xmms xv zlib"


first i was a *little* bit wondering who wrote the rc script, cause the -pf switch was not mentioned in the man page ;)

Saying "me too" doesn't really help much.  It would be far more helpful to have
any errors you get posted here.  It works fine on my end:

zion root # ps -ef | grep dhcp
dhcp     10022     1  0 17:30 ?        00:00:00 /usr/sbin/dhcpd -pf
/var/run/dhcp/dhcpd.pid -q -user dhcp -group dhcp -chroot /var/lib/chroot/dhcp
eth1 eth2
zion root # /etc/init.d/dhcp restart
 * Stopping dhcpd...                                                      [ ok
]
 * Setting ownership on dhcpd.leases...                                   [ ok
]
 * Starting chrooted dhcpd...                                             [ ok
]
zion root # ps -ef | grep dhcp 
dhcp     10199     1  0 17:31 ?        00:00:00 /usr/sbin/dhcpd -pf
/var/run/dhcp/dhcpd.pid -q -user dhcp -group dhcp -chroot /var/lib/chroot/dhcp
eth1 eth2


As you can see, the PID changes after the restart and everything is fine.

Regarding localtime, like I said in comment #3, it will be in the next version
of the ebuild, when I get it tested thoroughly enough.

To answer your last question, I wrote the rc script.  -pf may not be in the
manual, but it certainly is in the code:

~line 311 of dhcpd.c:
                } else if (!strcmp (argv [i], "-pf")) {
                        if (++i == argc)
                                usage ();
                        path_dhcpd_pid = argv [i];
                        no_dhcpd_pid = 1;

ah well, i installed -r2 some days ago with the missing dchp subdir in
/chroot/dhcp/var/run and upgraded to -r3 later. another small notice in
pkg_postinst about that would have been helpful to my old blind eyes. They
didnt notice the missing dir when checking the chroot. An strace was required
because the dhcpd executable unfortunately didnt spit out any error messages at
all. (yes, i started the init script nonquiet).

regarding localtime i just wanted to point out that its seems to work fine for
me without.

the last question actually was just a comment about an outdated manual page
that should have gone to /dev/null or isc.org instead of wasting your time.
sorry

Created an attachment (id=28761) [edit]
New version of ebuild that seems to work with sandbox (see associated patches)

I have written a few more patches to the existing (broken) 2.02 ebuild. This
works on my x86 gentoo system with normal options. Two additional patches were
required.

Created an attachment (id=28762) [edit]
Module install fix to make sandbox work properly

This patch is one of the file required by my submitted ebuild. It fixes the
automake files so that the install stays within the boundaries of the sandbox.
I created this by reading the source of apxs2, since there was no command line
way of asking it to do it for you, which was what was breaking the sandbox.

Created an attachment (id=28763) [edit]
Turns off tests that are incompatible with portage

This is the second source patch I created to make the libapreq build work. It
turns off all "make test" targets, which do not seem to like running under
portage. Ideally, we would figure out how to make them work.

All I have to say is, the emerge now works cleanly on my system. YMMV.

Shoot. Sorry guys! I have two tabs open on Gentoo bugs, and I just posted this
series of fixes to the wrong one! I don't see a way for me to delete them, or I
would. If you have permission to drop the crap I just added, please do. I
apologize again.

It happens... :-)

*** Bug 51588 has been marked as a duplicate of this bug. ***

I used the default chroot setup obtained with:

ebuild /var/db/pkg/net-misc/dhcp-3.0.1/dhcp-3.0.1.ebuild config # see note below

I put my configuration in /chroot/dhcp/etc/dhcp/dhcpd.conf. Start the server, and test it with dhcping: No response. "unknown lease" in syslog.

Put the same config file in /etc/dhcp/dhcpd.conf (via symbolic link to the one in the chroot). Stop the server. Comment out CHROOT in /etc/conf.d/dhcp. Start the server, and test with dhcping: It works.

Here's the fix. I added this line to /etc/conf.d/dhcp:

export LD_PRELOAD="/usr/lib/libresolv.so /usr/lib/libnss_dns.so"

and then the chrooted version works. I'll leave some of my diagnostic data in below because it might still be useful (and you can see what I tried). In particular, /etc/resolv.conf and nsswitch.conf and maybe localtime are probably needed, and I think USE=static is broken.

-----

One of the files that the pkg_config() should probably copy into the chrooted directory is /etc/resolv.conf, as pointed out in comment #1. However, doing that  doesn't solve my problem. The name resolution is used by DHCP itself: All entries in dhcp.conf which can take an IP address can take a DNS name as well, and I use DNS names extensively.

/etc/localtime is still not copied, as suggested by comment #3. I'm not sure that it's really necessary, but then I am using syslog-ng and have use_time_recvd(yes) which ignores the client-sent time.

The start and stop parts of the init script work fine for me, so those have probably been fixed for awhile.

I tried testing with USE=static, but the /usr/sbin/dhcpd produced is still dynamically linked.

/usr/sbin/dhcpd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.0, dynamically linked (uses shared libs), stripped
        linux-gate.so.1 =>  (0xffffe000)
        libc.so.6 => /lib/libc.so.6 (0x4001d000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

-static shows up in the compiler flags when it builds, however.

Copying libresolv.so, libnss_*.so from /usr/lib into /chroot/dhcp/usr/lib has no effect (didn't really expect the to, based on above).

Copying /etc/nsswitch.conf into the chroot doesn't help either.

Additionally, the post install of the build says:

 * If you like to run dhcpd in chroot AND this is a new install OR
 * your dhcpd doesn't already run in chroot, simply run:
 *   ebuild /var/db/pkg/dhcp-3.0.1/dhcp-3.0.1/dhcp-3.0.1.ebuild config

Obviously this is the wrong path. The code reads:

        einfo "If you like to run dhcpd in chroot AND this is a new install OR"
        einfo "your dhcpd doesn't already run in chroot, simply run:"
        einfo "  ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"

So something is happening to ${CATEGORY}, but it must be in one of the eclasses or in portage itself. I've seen this on another package recently (www-apps/rt) too.

Portage 2.0.50-r11 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.8.1)
=================================================================
System uname: 2.6.8.1 i686 Pentium III (Coppermine)
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=pentium3 -fomit-frame-pointer -falign-labels=8 -falign-functions=32 -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium3 -fomit-frame-pointer -falign-labels=8 -falign-functions=32 -pipe"
DISTDIR="/var/cache/distfiles"
FEATURES="autoaddcvs buildpkg ccache distcc sandbox"
GENTOO_MIRRORS="http://gentoo.osuosl.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/var/cache/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/var/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
USE="apache2 apm arts avi berkdb bitmap-fonts crypt cups emacs encode f77 foomaticdb gd gdbm gif gpm gtk2 imlib innodb jpeg kerberos ldap libg++ libwww mad mikmod mpeg mssql mysql ncurses nls nptl odbc oggvorbis opengl oss pam pdflib perl png python quicktime readline samba sasl sdl slang snmp spell ssl svga tcpd truetype vhosts x86 xml xml2 xmms xprint xv zlib"

export LD_PRELOAD="/usr/lib/libresolv.so /usr/lib/libnss_dns.so"

in /etc/conf.d/dhcp fixes the name resolution problems. I don't know if this is a particularly great permanent solution, but it fixed my problems. Maybe a comment to this effect could be put in /etc/conf.d/dhcp, or else it could conditionally be done in the init script if chrooting.

Ok, lets go through these...

First, the message at the end of the merge works properly for me:
 * If you like to run dhcpd in chroot AND this is a new install OR
 * your dhcpd doesn't already run in chroot, simply run:
 *   ebuild /var/db/pkg/net-misc/dhcp-3.0.1-r1/dhcp-3.0.1-r1.ebuild config

Second, localtime is now copied when running the suggested command.

Third, the suggested export has been added to the conf.d/dhcp file, but commented out.

Fourth, moved the -q flag to the conf.d/dhcp file for easier debugging.

All this is in the upcoming (~arch masked for now) 3.0.1-r1.  Please try it (in about 30 minutes, when it propagates).