From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Darrington <john@darrington.wattle.id.au>
Subject: Contents of /etc/hosts
Date: Wed, 5 Oct 2016 20:31:47 +0200
Message-ID: <20161005183147.GA32276@jocasta.intra>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60496)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1brqz5-0005Le-00
	for guix-devel@gnu.org; Wed, 05 Oct 2016 14:32:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1brqz0-0005XX-U7
	for guix-devel@gnu.org; Wed, 05 Oct 2016 14:32:02 -0400
Received: from de.cellform.com ([88.217.224.109]:57151 helo=jocasta.intra)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1brqz0-0005UP-MP
	for guix-devel@gnu.org; Wed, 05 Oct 2016 14:31:58 -0400
Received: from jocasta.intra (localhost [127.0.0.1])
	by jocasta.intra (8.14.4/8.14.4/Debian-8) with ESMTP id u95IVmMH032301
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT) for <guix-devel@gnu.org>; Wed, 5 Oct 2016 20:31:48 +0200
Received: (from john@localhost)
	by jocasta.intra (8.14.4/8.14.4/Submit) id u95IVl7P032300
	for guix-devel@gnu.org; Wed, 5 Oct 2016 20:31:47 +0200
Content-Disposition: inline
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Further to discussions on #guix earlier this week ...

Some of us are concerned about what we currently have in /etc/hosts viz:

127.0.0.1 localhost gambrinus
::1       localhost gambrinus

(my machine is called "gambrinus")


This is a problem becuase it means that "hostname -f" returns the wrong thi=
ng.

Further, the man page for hostname (from the net-tools package) says:

   The  recommended  method  of  setting  the  FQDN  is  to make the hostna=
me be
   an alias for the fully qualified name using /etc/hosts, DNS, or NIS.  For
   example, if the hostname was "ursula", one might have a line in /etc/hos=
ts
   which reads:

   127.0.1.1    ursula.example.com ursula

However I would recommend 127.0.0.2 instead of 127.0.1.1 because RFC 3330
mentions that 127.0.0.0/8 is reserved for loopback, but the rest of
127.0.0.0/16 subject to allocation.


Many systems also have a file called /etc/hostname and  according to the ho=
stname man page:

     /etc/hostname  Historically this file was supposed to only contain the
     hostname and not the full canonical FQDN.  Nowadays  most software is =
able
     to cope with a full FQDN here. This file is read at boot time by the s=
ystem
     initialization  scripts to set the hostname.


Guix of course uses /etc/config.scm so we don't need /etc/hostname but there
might be some rougue programs which rely on it so perhaps we should have on=
e.


When setting the name via the net-utils "hostname" utility,
HOST_NAME_MAX is the maximum length which can be passed to sethostname.
On Linux, this limit is 64


So security conscious programs (notably kerberos) will refuse to operate if
the forward and reverse DNS do not agree.


Some DHCP servers are configured to return the domain name which they
expect the host to use.

RFC 1034 \union 1123
stipulates that, labels may contain the characters [a-zA-Z0-9-] and \
may not start with -=20

In services/base.scm we have:

(define host-name-service-type
  (shepherd-service-type
   'host-name
   (lambda (name)
     (shepherd-service
      (documentation "Initialize the machine's host name.")
      (provision '(host-name))
      (start #~(lambda _
                 (sethostname #$name)))
      (respawn? #f)))))

This will fail if /etc/config.scm has is too long, or has invalid character=
s.
So we should check it in system reconfigure.


So ... my recommendations:

1. We change /etc/hosts to read


 127.0.0.1 localhost.localdomain localhost=20
 ::1       localhost.localdomain localhost

 127.0.0.2 gambrinus


2. We put some checks in guix system to ensure that the host-name field doe=
s not
 exceed 63 bytes (not characters) and that it conforms to the format of RFC=
1034


Any objections if I commit a patch to gnu/system.scm ??

J'

--=20
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3=20
fingerprint =3D 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlf1RxMACgkQimdxnC3oJ7OznQCeI72R7zUlxad5EcvZOSp4G4PR
vyIAn2ptHJQpfNSPjaeQ0E7ZdmevS/SX
=2h2M
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--