FS#77057 - [github-cli] `gh auth login` fails with localhost DNS server

Attached to Project: Community Packages
Opened by Kian Kasad (kian) - Monday, 09 January 2023, 02:07 GMT
Last edited by Toolybird (Toolybird) - Monday, 09 January 2023, 20:15 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

I have a local DNS stub resolver listening on the localhost (`lo`) interface.
The command `gh auth login` fails because it cannot connect to the localhost DNS resolver.
Using Wireshark, I discovered that the problem is because the source IP for the DNS request packet is the IP address for my ethernet adapter, not the localhost address (127.0.0.1).

I've confirmed that this is a packaging problem because the login command works fine when `gh` is built from the upstream sources.

Additional info:

* package version(s): v2.20.0 through v2.21.2 (maybe further back too)

Steps to reproduce:

1. Set up systemd-resolved (or similar) listening on 127.0.0.53:53/udp
2. Ensure /etc/resolv.conf lists 127.0.0.53 as the only nameserver
3. Run `gh auth login` and select any options. All will fail.

Possible solution:

The problem disappears when line 33 in the PKGBUILD script is commented out:

# ...

export CGO_LDFLAGS="${LDFLAGS}"
# export CGO_ENABLED=0
export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw -ldflags=-linkmode=external"

# ...
This task depends upon

Closed by  Toolybird (Toolybird)
Monday, 09 January 2023, 20:15 GMT
Reason for closing:  Not a bug
Additional comments about closing:  See comments
Comment by Toolybird (Toolybird) - Monday, 09 January 2023, 07:59 GMT
Something seems off here.. IIUC, you have systemd-resolved configured in the recommended mode [1] with /etc/resolv.conf as a symlink pointing to /run/systemd/resolve/stub-resolv.conf ? Please clarify your DNS setup.

FWIW, I have systemd-resolved configured in the recommended mode and `gh auth login` works perfectly.

[1] https://wiki.archlinux.org/title/Systemd-resolved#DNS
Comment by Kian Kasad (kian) - Monday, 09 January 2023, 19:05 GMT
I am using systemd-resolved in the recommended mode. It turns out that the problem is caused by a certain firewall rule that unexpectedly changes the source IP for packets going to localhost.
Weirdly, it is also solved by enabling cgo in the build, but I think that's just because it can rely on libc's resolver functions rather than pure DNS.
Closing the issue...

Loading...