DevHeads.net

Heads up: nc replaced by nmap ncat

Dear list,

The old Fedora, heavily patched OpenBSD nc package was just
obsoleted by the nmap ncat implementation, available as the
nmap-ncat subpackage. Those are mostly compatible and this
change shouldn't cause much headache but please check your
netcat dependant scripts or apps.

Related bug: #226187

Thanks to Michal Hlavinka for this.

-P

Comments

Re: Heads up: nc replaced by nmap ncat

By Ian Pilcher at 01/01/2013 - 13:48

On 07/19/2012 05:12 AM, Petr Šabata wrote:
This appears to break freenx-server.

<a href="https://bugzilla.redhat.com/show_bug.cgi?id=891109" title="https://bugzilla.redhat.com/show_bug.cgi?id=891109">https://bugzilla.redhat.com/show_bug.cgi?id=891109</a>

Re: Heads up: nc replaced by nmap ncat

By Daniel P. Berrange at 07/19/2012 - 05:50

On Thu, Jul 19, 2012 at 12:12:16PM +0200, Petr Šabata wrote:
Arrrgggh no, please no, no, no :-(

The crux of the problem is the word 'mostly' here. The NMap
'ncat' program doesn't support connecting to UNIX domain sockets.
This functionality is *critical* for libvirt to connect to remote
servers via our SSH tunnel facility. You've now broken the ability
to connect to rawhide virt hosts :-(

$ virsh -c qemu+ssh:// ... at avocado dot XXXXX.com/system
error: End of file while reading data: 2012-07-19 10:49:00.415+0000: 10202: info : libvirt version: 0.9.13, package: 1.fc17 (Unknown, 2012-07-02-12:05:10, t500wlan.home.berrange.com)
nc: invalid option -- 'U'
Ncat: Try `--help' or man(1) ncat for more information, usage options and help. QUITTING.: Input/output error
error: failed to connect to the hypervisor

Libvirt needs to be able to run the following command

# nc -U /var/run/libvirt/libvirt-sock

Regards,
Daniel

Re: Heads up: nc replaced by nmap ncat

By Thomas Moschny at 07/19/2012 - 06:27

2012/7/19 Daniel P. Berrange < ... at redhat dot com>:
It could use socat:

# socat stdio /var/run/libvirt/libvirt-sock

- Thomas

Re: Heads up: nc replaced by nmap ncat

By Daniel P. Berrange at 07/19/2012 - 06:30

On Thu, Jul 19, 2012 at 01:27:14PM +0200, Thomas Moschny wrote:
This isn't something that can simply be fixed in libvirt in rawhide
because you need to consider cross-version compatibility. Every
existing deployed version of libvirt in every distro will be unable
to connect to rawhide, even if we changed libvirt in rawhide to use
socat.

Regards,
Daniel

Re: Heads up: nc replaced by nmap ncat

By Richard W.M. Jones at 07/19/2012 - 16:46

On Thu, Jul 19, 2012 at 12:30:35PM +0100, Daniel P. Berrange wrote:
To clarify what Dan means here (which I found a bit confusing
at first :-)

When a libvirt client connects to a remote machine, the libvirt client
sends the "nc -U ..." command over ssh. So every libvirt on any
distro that might connect to a Rawhide libvirtd must be changed to
send a "socat ..." command instead.

[Having said that, socat does look like a better alternative to the
various incompatible netcats, in the long run.]

Rich.

Re: Heads up: nc replaced by nmap ncat

By Przemek Klosowski at 07/20/2012 - 10:07

Alternatively, perhaps a compatibility script called 'nc' could execute
the appropriate socat command?

Re: Heads up: nc replaced by nmap ncat

By Petr Sabata at 07/23/2012 - 09:03

On Fri, Jul 20, 2012 at 11:07:30AM -0400, Przemek Klosowski wrote:
That sounds like an acceptable temporary solution until ncat
supports UNIX sockets too.

-P

Re: Heads up: nc replaced by nmap ncat

By Christophe Fergeau at 07/23/2012 - 11:00

Hey,

On Mon, Jul 23, 2012 at 04:03:00PM +0200, Petr Šabata wrote:
For what it's worth, I think this change broke GNOME Boxes build:
<a href="http://kojipkgs.fedoraproject.org//work/tasks/36/4270036/root.log" title="http://kojipkgs.fedoraproject.org//work/tasks/36/4270036/root.log">http://kojipkgs.fedoraproject.org//work/tasks/36/4270036/root.log</a>

DEBUG util.py:257: Error: Package: libvirt-client-0.9.13-1.fc18.i686 (build)
DEBUG util.py:257: Requires: nc

and I indeed get:
$ repoquery --releasever=rawhide --whatprovides nc
No package provides nc

libvirt.spec has:

%package client
# So remote clients can access libvirt over SSH tunnel
# (client invokes 'nc' against the UNIX socket on the server)
Requires: nc

Christophe

Re: Heads up: nc replaced by nmap ncat

By Petr Sabata at 07/24/2012 - 08:18

On Mon, Jul 23, 2012 at 06:00:46PM +0200, Christophe Fergeau wrote:
That was just a temporary issue (no nmap-6.01-2+ builds in the
repository while nc was dead). gnome-boxes builds fine now
(since July 20).

-P

Re: Heads up: nc replaced by nmap ncat

By Petr Sabata at 07/19/2012 - 06:58

On Thu, Jul 19, 2012 at 12:30:35PM +0100, Daniel P. Berrange wrote:
I believe using a tool that works the same on every system,
such as the suggested socat, would be the right thing to do in
the future libvirt releases.

About the current breakage -- I'd prefer adding UNIX sockets
support to ncat over reviving nc. I'll see what can be done
there.

-P