On Wed, Nov 06, 2013 at 02:59:15PM +0100, Erwin Lansing wrote:
> >> E> >
> >> E> > Erwin, can you please handle that?
> >> E>
> >> E> Things are much worse that this, the ports are completely written under 
> >> the assumption that there is a Bind in base, which of course would already 
> >> break with WITHOUT_BIND before Bind was completely removed.  It will be 
> >> hard to fix without breaking the installed base of 8 and 9.  Sigh.
> >> E>
> >> E> I'll try to work on it this week, but unfortunately have a full 
> >> schedule of meetings and travel as well.
> > 
> > Suggestion. An option to install the rc script would solve that problem. 
> >  
> If only it was that simple, it would have been done a long time ago.  As Gleb 
> points out, the ports are broken by design.  The rc script needs a complete 
> rewrite, and that's only after fixing all configuration files, setting up 
> chroot, etc etc and all that while not breaking the installed base on 8 and 
> 9.  I spent most of yesterday on this and if I'm lucky, I'm halfway through.  

Sorry about the delay, but I did finally update all three dns/bind9*
ports today.  I have dropped the complicated chroot, and related
symlinking, logic from the default rc script as I don't think that
is the right place to implement things.  I would recommend users
who want the extra security to use jail(8) instead of a mere chroot.

This change should not affect the installed base of FreeBSD 9.x and
earlier systems, but new installations there should note that the
symlink option is no longer turned on by default, but still supported.

I tested some default cases, but by no means can test every corner case,
so please let me know how this works out.


freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to