pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/djbdns-run On rebooting a Xen VPS, dnscache said i...
details: https://anonhg.NetBSD.org/pkgsrc/rev/05e2516731a3
branches: trunk
changeset: 642869:05e2516731a3
user: schmonz <schmonz%pkgsrc.org@localhost>
date: Sat Dec 06 09:41:04 2014 +0000
description:
On rebooting a Xen VPS, dnscache said it started, but failed to
respond to queries and wrote nothing to the logs. This would have
been more fun to debug if my production system hadn't been relying
on it for name resolution. The problem was a blocking read from
/dev/random.
I'm the one who put that there, over 10 years ago. Do we need it?
>From my reading of <http://cr.yp.to/djbdns/dnscache-conf.html> and
dnscache-conf.c, the seed needn't consist of top-notch randomness.
A sysadmin following DJB to the letter (rather than using this
djbdns-run package) would run dnscache-conf once to configure a
dnscache instance. dnscache-conf would cook 128 bytes of randomness
-- without direct assistance from any kernel device -- and write
it to a file. dnscache would read the same file on every startup.
Therefore, we...
1. Generate a random seed iff it doesn't exist (not on every startup)
2. Generate it from /dev/urandom instead of /dev/random
...so that the configuration we generate more nearly matches that of
DJB's documented procedure, and the kind of problem I encountered
is much more difficult to trigger.
While here, add LICENSE (2-clause-bsd) and otherwise placate pkglint.
Bump version.
diffstat:
net/djbdns-run/Makefile | 6 ++++--
net/djbdns-run/files/dnscache.sh | 11 +++++++++--
2 files changed, 13 insertions(+), 4 deletions(-)
diffs (55 lines):
diff -r 07c62107cb36 -r 05e2516731a3 net/djbdns-run/Makefile
--- a/net/djbdns-run/Makefile Sat Dec 06 09:19:50 2014 +0000
+++ b/net/djbdns-run/Makefile Sat Dec 06 09:41:04 2014 +0000
@@ -1,13 +1,14 @@
-# $NetBSD: Makefile,v 1.23 2014/10/09 14:06:44 wiz Exp $
+# $NetBSD: Makefile,v 1.24 2014/12/06 09:41:04 schmonz Exp $
#
-DISTNAME= djbdns-run-20140415
+DISTNAME= djbdns-run-20141206
CATEGORIES= net
MASTER_SITES= # empty
DISTFILES= # empty
MAINTAINER= schmonz%NetBSD.org@localhost
COMMENT= Configures djbdns to cache and serve queries
+LICENSE= 2-clause-bsd
DEPENDS_DJBDNS= djbdns>=1.05nb5:../../net/djbdns
DEPENDS+= ${DEPENDS_DJBDNS}
@@ -16,6 +17,7 @@
WRKSRC= ${WRKDIR}
NO_BUILD= yes
+NO_CHECKSUM= yes
MAKE_DIRS+= ${PKG_SYSCONFDIR}/axfrdns
MAKE_DIRS+= ${PKG_SYSCONFDIR}/dnscache/ip
diff -r 07c62107cb36 -r 05e2516731a3 net/djbdns-run/files/dnscache.sh
--- a/net/djbdns-run/files/dnscache.sh Sat Dec 06 09:19:50 2014 +0000
+++ b/net/djbdns-run/files/dnscache.sh Sat Dec 06 09:41:04 2014 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: dnscache.sh,v 1.5 2014/04/15 23:07:21 schmonz Exp $
+# $NetBSD: dnscache.sh,v 1.6 2014/12/06 09:41:04 schmonz Exp $
#
# @PKGNAME@ script to control dnscache (caching DNS resolver)
#
@@ -36,7 +36,14 @@
if [ -f /etc/rc.subr ]; then
checkyesno dnscache_log || dnscache_logcmd=${dnscache_nologcmd}
fi
- command="@SETENV@ - ${dnscache_postenv} ROOT=@PKG_SYSCONFDIR@/dnscache IP=${dnscache_ip} IPSEND=${dnscache_ipsend} CACHESIZE=${dnscache_size} @LOCALBASE@/bin/envuidgid dnscache
@LOCALBASE@/bin/softlimit -o250 -d ${dnscache_datalimit} @LOCALBASE@/bin/dnscache </dev/random 2>&1 | @LOCALBASE@/bin/setuidgid dnslog ${dnscache_logcmd}"
+ if [ ! -f @PKG_SYSCONFDIR@/dnscache/seed ]; then
+ old_umask=$(umask)
+ umask 066
+ dd if=/dev/urandom bs=128 count=1 of=@PKG_SYSCONFDIR@/dnscache/seed
+ umask ${old_umask}
+ fi
+ required_files="${required_files} @PKG_SYSCONFDIR@/dnscache/seed"
+ command="@SETENV@ - ${dnscache_postenv} ROOT=@PKG_SYSCONFDIR@/dnscache IP=${dnscache_ip} IPSEND=${dnscache_ipsend} CACHESIZE=${dnscache_size} @LOCALBASE@/bin/envuidgid dnscache
@LOCALBASE@/bin/softlimit -o250 -d ${dnscache_datalimit} @LOCALBASE@/bin/dnscache <@PKG_SYSCONFDIR@/dnscache/seed 2>&1 | @LOCALBASE@/bin/setuidgid dnslog ${dnscache_logcmd}"
command_args="&"
rc_flags=""
}
Home |
Main Index |
Thread Index |
Old Index