pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net
Module Name: pkgsrc
Committed By: fhajny
Date: Mon Feb 20 15:19:54 UTC 2017
Modified Files:
pkgsrc/net/bind910: Makefile
pkgsrc/net/bind910/files/smf: manifest.xml named.sh
pkgsrc/net/bind99: Makefile
pkgsrc/net/bind99/files/smf: manifest.xml named.sh
Log Message:
Change bind99 and bind910 package to use the standard PKG_SYSCONFDIR
for config files instead of the hardcoded /etc path. Sync SMF support
across the two packages. Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/bind910/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind910/files/smf/manifest.xml
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind910/files/smf/named.sh
cvs rdiff -u -r1.63 -r1.64 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind99/files/smf/manifest.xml
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind99/files/smf/named.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/bind910/Makefile
diff -u pkgsrc/net/bind910/Makefile:1.29 pkgsrc/net/bind910/Makefile:1.30
--- pkgsrc/net/bind910/Makefile:1.29 Thu Feb 9 00:48:59 2017
+++ pkgsrc/net/bind910/Makefile Mon Feb 20 15:19:54 2017
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2017/02/09 00:48:59 taca Exp $
+# $NetBSD: Makefile,v 1.30 2017/02/20 15:19:54 fhajny Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -27,7 +28,7 @@ GNU_CONFIGURE= yes
#CONFIG_SHELL= sh -x
CONFIGURE_ARGS+= --with-libtool
-CONFIGURE_ARGS+= --sysconfdir=/etc
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
CONFIGURE_ARGS+= --disable-openssl-version-check
CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
Index: pkgsrc/net/bind910/files/smf/manifest.xml
diff -u pkgsrc/net/bind910/files/smf/manifest.xml:1.4 pkgsrc/net/bind910/files/smf/manifest.xml:1.5
--- pkgsrc/net/bind910/files/smf/manifest.xml:1.4 Fri Dec 16 15:37:28 2016
+++ pkgsrc/net/bind910/files/smf/manifest.xml Mon Feb 20 15:19:54 2017
@@ -39,7 +39,7 @@ CDDL HEADER END
<service_fmri value='svc:/milestone/network' />
</dependency>
<dependency name='config-files' grouping='require_any' restart_on='refresh' type='path'>
- <service_fmri value='file://localhost/etc/named.conf' />
+ <service_fmri value='file://localhost@PKG_SYSCONFDIR@/named.conf' />
</dependency>
<!--
In order to run multiple named(1M) processes with their own
Index: pkgsrc/net/bind910/files/smf/named.sh
diff -u pkgsrc/net/bind910/files/smf/named.sh:1.2 pkgsrc/net/bind910/files/smf/named.sh:1.3
--- pkgsrc/net/bind910/files/smf/named.sh:1.2 Fri Dec 16 15:37:28 2016
+++ pkgsrc/net/bind910/files/smf/named.sh Mon Feb 20 15:19:54 2017
@@ -56,9 +56,9 @@ umount_chroot ()
get_config ()
{
- configuration_file=/etc/named.conf
- rndc_config_file=/etc/rndc.conf
- rndc_key_file=/etc/rndc.key
+ configuration_file=@PKG_SYSCONFDIR@/named.conf
+ rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf
+ rndc_key_file=@PKG_SYSCONFDIR@/rndc.key
rndc_cmd_opts="-a"
libraries="/usr/pkg/lib/engines/libgost.so"
cmdopts=""
@@ -127,7 +127,7 @@ get_config ()
configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
${configuration_file})
- [ "${configuration_dir}" == "" ] && configuration_dir=/etc/namedb
+ [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb
configuration_files=$(sed -n -e \
"s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
Index: pkgsrc/net/bind99/Makefile
diff -u pkgsrc/net/bind99/Makefile:1.63 pkgsrc/net/bind99/Makefile:1.64
--- pkgsrc/net/bind99/Makefile:1.63 Thu Feb 9 00:50:15 2017
+++ pkgsrc/net/bind99/Makefile Mon Feb 20 15:19:54 2017
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.63 2017/02/09 00:50:15 taca Exp $
+# $NetBSD: Makefile,v 1.64 2017/02/20 15:19:54 fhajny Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
@@ -27,7 +28,7 @@ GNU_CONFIGURE= yes
#CONFIG_SHELL= sh -x
CONFIGURE_ARGS+= --with-libtool
-CONFIGURE_ARGS+= --sysconfdir=/etc
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
CONFIGURE_ARGS+= --disable-openssl-version-check
CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
Index: pkgsrc/net/bind99/files/smf/manifest.xml
diff -u pkgsrc/net/bind99/files/smf/manifest.xml:1.3 pkgsrc/net/bind99/files/smf/manifest.xml:1.4
--- pkgsrc/net/bind99/files/smf/manifest.xml:1.3 Wed Jun 8 10:16:53 2016
+++ pkgsrc/net/bind99/files/smf/manifest.xml Mon Feb 20 15:19:54 2017
@@ -41,7 +41,6 @@ CDDL HEADER END
<dependency name='config-files' grouping='require_any' restart_on='refresh' type='path'>
<service_fmri value='file://localhost@PKG_SYSCONFDIR@/named.conf' />
</dependency>
- <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
<!--
In order to run multiple named(1M) processes with their own
configuration file or properties each must have a unique
@@ -50,22 +49,15 @@ CDDL HEADER END
<instance name='default' enabled='false'>
<exec_method type='method' name='start' exec='@PREFIX@/@SMF_METHOD_FILE.named@ %m %i' timeout_seconds='60'>
<method_context>
- <!--
- privileges: (see privileges(5) and /etc/security/priv_names)
- file_dac_read, file_dac_search:
- Necessary for reading the configuration file
- even it is restricted by the file permission.
- net_privaddr:
- Bind to a privileged port number.
- sys_resource:
- Permit the setting of resource limits (eg. stack
- size).
- proc_chroot:
- Permit use of chroot(2).
- -->
- <method_credential user='root' group='root' privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot' />
+ <method_credential user='root' group='root' />
</method_context>
</exec_method>
+ <exec_method type='method' name='stop' exec='@PREFIX@/@SMF_METHOD_FILE.named@ %m %i %{restarter/contract}' timeout_seconds='60'>
+ <method_context>
+ <method_credential user='root' group='root' />
+ </method_context>
+
+ </exec_method>
<!--
SIGHUP causes named to reread its configuration file, but not any
of the properties below.
@@ -126,6 +118,12 @@ CDDL HEADER END
Equivalent command line option '-t <pathname>'.
-->
<propval name='chroot_dir' type='astring' value='' />
+ <!--
+ user: Change the user id after processing command line
+ arguments, but before reading the configuration file.
+ Equivalent command line option '-u <user>'.
+ -->
+ <propval name='user' type='astring' value='named' />
</property_group>
</instance>
<template>
Index: pkgsrc/net/bind99/files/smf/named.sh
diff -u pkgsrc/net/bind99/files/smf/named.sh:1.1 pkgsrc/net/bind99/files/smf/named.sh:1.2
--- pkgsrc/net/bind99/files/smf/named.sh:1.1 Tue Mar 11 14:34:38 2014
+++ pkgsrc/net/bind99/files/smf/named.sh Mon Feb 20 15:19:54 2017
@@ -28,90 +28,232 @@
. /lib/svc/share/smf_include.sh
+mount_chroot ()
+{
+ c=$1
+ shift
+ for f in $*; do
+ if [ -z "${f}" -o ! -f "${f}" -o \
+ -z "${c}" -o ! -d "${c}" ]; then
+ exit ${SMF_EXIT_ERR_CONFIG}
+ fi
+
+ umount ${c}/${f} >/dev/null 2>&1
+ mkdir -p `dirname ${c}/${f}`
+ touch ${c}/${f}
+ mount -Flofs ${f} ${c}/${f}
+ done
+}
+
+umount_chroot ()
+{
+ c=$1
+ shift
+ for f in $*; do
+ umount ${c}/${f} >/dev/null 2>&1
+ done
+}
+
+get_config ()
+{
+ configuration_file=@PKG_SYSCONFDIR@/named.conf
+ rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf
+ rndc_key_file=@PKG_SYSCONFDIR@/rndc.key
+ rndc_cmd_opts="-a"
+ libraries="/usr/pkg/lib/engines/libgost.so"
+ cmdopts=""
+ checkopts=""
+ properties="debug_level ip_interfaces listen_on_port
+ threads chroot_dir configuration_file server user"
+
+ for prop in $properties
+ do
+ value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
+ if [ -z "${value}" -o "${value}" = '""' ]; then
+ continue;
+ fi
+
+ case $prop in
+ 'debug_level')
+ if [ ${value} -gt 0 ]; then
+ cmdopts="${cmdopts} -d ${value}"
+ fi
+ ;;
+ 'ip_interfaces')
+ case ${value} in
+ 'IPv4')
+ cmdopts="${cmdopts} -4";;
+ 'IPv6')
+ cmdopts="${cmdopts} -6";;
+ 'all')
+ : # Default is all, therefore ignore.
+ ;;
+ *)
+ echo "$I: Unrecognised value in service instance property" >&2
+ echo "$I: options/${prop} : ${value}" >&2
+ ;;
+ esac
+ ;;
+ 'listen_on_port')
+ if [ ${value} -gt 0 ]; then
+ cmdopts="${cmdopts} -p ${value}"
+ fi
+ ;;
+ 'threads')
+ if [ ${value} -gt 0 ]; then
+ cmdopts="${cmdopts} -n ${value}"
+ fi
+ ;;
+ 'chroot_dir')
+ cmdopts="${cmdopts} -t ${value}"
+ checkopts="${checkopts} -t ${value}"
+ chroot_dir=${value};
+ ;;
+ 'configuration_file')
+ cmdopts="${cmdopts} -c ${value}"
+ checkopts="${checkopts} -t ${value}"
+ configuration_file=${value};
+ ;;
+ 'server')
+ set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'`
+ server=$@
+ ;;
+ 'user')
+ cmdopts="${cmdopts} -u ${value}"
+ cmduser=${value};
+ ;;
+ esac
+ done
+
+ configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
+ ${configuration_file})
+ [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb
+
+ configuration_files=$(sed -n -e \
+ "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
+ ${configuration_file} | sort -u)
+ configuration_files="${configuration_files} ${configuration_file}"
+}
+
result=${SMF_EXIT_OK}
# Read command line arguments
method="$1" # %m
instance="$2" # %i
+contract="$3" # %{restarter/contract}
# Set defaults; SMF_FMRI should have been set, but just in case.
if [ -z "$SMF_FMRI" ]; then
SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}"
fi
server="@PREFIX@/sbin/named"
+checkconf="@PREFIX@/sbin/named-checkconf"
I=`/usr/bin/basename $0`
case "$method" in
'start')
- cmdopts=""
- properties="debug_level ip_interfaces listen_on_port
- threads chroot_dir configuration_file server"
+ get_config
- for prop in $properties
- do
- value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
- if [ -z "${value}" -o "${value}" = '""' ]; then
- continue;
- fi
-
- case $prop in
- 'debug_level')
- if [ ${value} -gt 0 ]; then
- cmdopts="${cmdopts} -d ${value}"
+ # If chroot option is set, note zones(5) are preferred, then
+ # configuration file lives under chroot directory.
+ if [ "${chroot_dir}" != "" ]; then
+ if [ "${chroot_dir}" = "/" ]; then
+ msg="$I: chroot_dir must not be /"
+ echo ${msg} >&2
+ /usr/bin/logger -p daemon.error ${msg}
+ # dns-server should be placed in maintenance state.
+ exit ${SMF_EXIT_ERR_CONFIG}
+ fi
+
+ server="env LD_NOLAZYLOAD=1 ${server}"
+ checkconf="env LD_NOLAZYLOAD=1 ${checkconf}"
+
+ mkdir -p ${chroot_dir}
+
+ if [ "${SMF_ZONENAME}" = "global" ]; then
+ for dev in crypto log null poll random urandom; do
+ rm -f ${chroot_dir}/dev/${dev}
+ pax -rw -H -pe /dev/${dev} ${chroot_dir}
+ done
+ fi
+
+ missing=""
+ for dev in crypto null poll random urandom; do
+ if [ ! -e "${chroot_dir}/dev/${dev}" ]; then
+ missing="${missing} ${dev}"
fi
- ;;
- 'ip_interfaces')
- case ${value} in
- 'IPv4')
- cmdopts="${cmdopts} -4";;
- 'IPv6')
- cmdopts="${cmdopts} -6";;
- 'all')
- : # Default is all, therefore ignore.
- ;;
- *)
- echo "$I: Unrecognised value in service instance property" >&2
- echo "$I: options/${prop} : ${value}" >&2
- ;;
- esac
- ;;
- 'listen_on_port')
- if [ ${value} -gt 0 ]; then
- cmdopts="${cmdopts} -p ${value}"
- fi
- ;;
- 'threads')
- if [ ${value} -gt 0 ]; then
- cmdopts="${cmdopts} -n ${value}"
- fi
- ;;
- 'chroot_dir')
- cmdopts="${cmdopts} -t ${value}"
- ;;
- 'configuration_file')
- cmdopts="${cmdopts} -c ${value}"
- ;;
- 'server')
- set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'`
- server=$@
- ;;
- esac
- done
+ done
+
+ if [ ! -z "${missing}" ]; then
+ msg="$I: missing device nodes in ${chroot_dir}: ${missing}"
+ echo ${msg} >&2
+ /usr/bin/logger -p daemon.err ${msg}
+ # dns-server should be placed in maintenance state.
+ exit ${SMF_EXIT_ERR_CONFIG}
+ fi
+
+ mount_chroot ${chroot_dir} ${configuration_files} ${libraries}
+
+ mkdir -p ${chroot_dir}/var/run/named
+ chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named
+
+ configuration_file=${chroot_dir}${configuration_file}
+ rndc_config_file=${chroot_dir}${rndc_config_file}
+ rndc_key_file=${chroot_dir}${rndc_key_file}
+ rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}"
+ fi
+
+ # Check if the rndc config file exists.
+ if [ ! -f ${rndc_config_file} ]; then
+ # If not, check if the default rndc key file exists.
+ if [ ! -f ${rndc_key_file} ]; then
+ echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2
+ /usr/sbin/rndc-confgen ${rndc_cmd_opts}
+ if [ $? -ne 0 ]; then
+ echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \
+ "control 'named' may fail and 'named' may report further error" \
+ "messages to the system log. This is not fatal. For more" \
+ "information see rndc(1M) and rndc-confgen(1M)." >&2
+ fi
+ fi
+ fi
+
+ if [ ${result} = ${SMF_EXIT_OK} ]; then
+ ${checkconf} -z ${checkopts}
+ result=$?
+ if [ $result -ne 0 ]; then
+ msg="$I: named-checkconf failed to verify configuration"
+ echo ${msg} >&2
+ /usr/bin/logger -p daemon.error ${msg}
+ if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
+ umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
+ fi
+ # dns-server should be placed in maintenance state.
+ exit ${SMF_EXIT_ERR_CONFIG}
+ fi
+ fi
if [ ${result} = ${SMF_EXIT_OK} ]; then
echo "$I: Executing: ${server} ${cmdopts}"
# Execute named(1M) with relevant command line options.
- ${server} ${cmdopts}
+ ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
result=$?
fi
;;
'stop')
- smf_kill_contract ${contract} TERM 1
- [ $? -ne 0 ] && exit 1
- ;;
+ get_config
+
+ smf_kill_contract ${contract} TERM 1
+ [ $? -ne 0 ] && exit 1
+
+ if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
+ umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
+ fi
+
+ ;;
*)
- echo "Usage: $I [stop|start] <instance>" >&2
- exit 1
- ;;
+ echo "Usage: $I [stop|start] <instance>" >&2
+ exit 1
+ ;;
esac
exit ${result}
Home |
Main Index |
Thread Index |
Old Index