On 2020/05/20 18:04, Jan Vlach wrote: > latest isc-bind on OpenBSD 6.7 caught me off-guard with upgrading, as > CWD now must be writeable or it doesn't start at all. (there's a note on > packge install, but I missed it on package upgrade)
I have a provisional diff for upgrade67.html for this. > clean isc-bind on clean new OpenBSD 6.7 install still doesn't come up, > as it has relative paths and now CWD is /tmp (in chroot). Patch for > stock named.conf below, also console log with steps to reproduce. I have been considering what to do, and think the best approach is to remove most of the sample files. The standard BIND distribution doesn't include them (for rationale see https://kb.isc.org/docs/aa-00290). Ours were inherited from the old version of BIND in OpenBSD's base system. Simple examples made sense while BIND was the default DNS server on the OS but now that BIND must be installed manually, people doing so are likely to have more complex needs, and it's fair to expect that they look a bit deeper at the docs to get started. I would like to keep an absolutely minimal file, more as a placeholder showing where the file needs to be than anything else (especially as the default isc_named_flags uses chroot by default). To compensate I can add the ARM to the package to make it easier to get at the docs :) So unless there are big objections this is what I plan to commit (plus remove the left-overs in files/). It will cause a slight bump for upgrading users if they have an existing configuration that references the default provided files, I'll add a note to current.html about that. Index: Makefile =================================================================== RCS file: /cvs/ports/net/isc-bind/Makefile,v retrieving revision 1.117 diff -u -p -r1.117 Makefile --- Makefile 19 May 2020 09:32:38 -0000 1.117 +++ Makefile 20 May 2020 19:31:41 -0000 @@ -8,6 +8,7 @@ V= 9.16.3 PORTROACH= limitw:1,even EXTRACT_SUFX= .tar.xz EPOCH= 0 +REVISION= 0 DISTNAME= bind-$V PKGNAME= isc-bind-${V:S/-P/pl/} @@ -33,9 +34,6 @@ PERMIT_PACKAGE= Yes WANTLIB += c crypto iconv idn2 json-c lzma m pthread unistring uv xml2 z MASTER_SITES= ${MASTER_SITE_ISC:=bind9/$V/} -#MASTER_SITES0= ${MASTER_SITES:=patches/} -#PATCHFILES= bind-v9.16.0-tcp_quota_fix.patch:0 -#PATCH_DIST_STRIP= -p1 MODULES= lang/python MODPY_VERSION= ${MODPY_DEFAULT_VERSION_3} @@ -100,10 +98,12 @@ post-test: cd ${WRKSRC}/bin/tests/system && ${SUDO} ./ifconfig.sh down post-install: - cd ${FILESDIR}; ${INSTALL_DATA} localhost loopback loopback6.arpa \ - named.conf root.hint ${PREFIX}/share/examples/bind9/ .for i in dig nslookup host ln -fs $i ${PREFIX}/bin/e$i; ln -fs $i.1 ${PREFIX}/man/man1/e$i.1 .endfor + ${INSTALL_DATA} ${FILESDIR}/named.conf ${PREFIX}/share/examples/bind9 + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/bind9 + cd ${WRKSRC}/doc/arm; ${INSTALL_DATA} Bv9ARM.pdf notes.pdf \ + notes.txt ${PREFIX}/share/doc/bind9/ .include <bsd.port.mk> Index: files/named.conf =================================================================== RCS file: /cvs/ports/net/isc-bind/files/named.conf,v retrieving revision 1.2 diff -u -p -r1.2 named.conf --- files/named.conf 18 Dec 2019 15:05:43 -0000 1.2 +++ files/named.conf 20 May 2020 19:31:41 -0000 @@ -1,21 +1,16 @@ // $OpenBSD: named.conf,v 1.2 2019/12/18 15:05:43 sthen Exp $ // -// Example file for a simple named configuration, processing both -// recursive and authoritative queries using one cache. +// Example file for a simple configuration of BIND, processing only +// recursive queries. Consult BIND's Administration and Reference Manual +// for more information. - -// Update this list to include only the networks for which you want -// to execute recursive queries. The default setting allows all hosts -// on any IPv4 networks for which the system has an interface, and -// the IPv6 localhost address. -// acl clients { localnets; ::1; }; options { - directory "/tmp"; // "working directory" inside the /var/named chroot + directory "/tmp"; // working directory, inside the /var/named chroot // - must be writable by _bind version ""; // remove this to allow version queries @@ -26,48 +21,3 @@ options { allow-recursion { clients; }; }; - -logging { - category lame-servers { null; }; -}; - -// Standard zones -// -zone "." { - type hint; - file "etc/root.hint"; -}; - -zone "localhost" { - type master; - file "standard/localhost"; - allow-transfer { localhost; }; -}; - -zone "127.in-addr.arpa" { - type master; - file "standard/loopback"; - allow-transfer { localhost; }; -}; - -zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { - type master; - file "standard/loopback6.arpa"; - allow-transfer { localhost; }; -}; - - -// Master zones -// -//zone "myzone.net" { -// type master; -// file "master/myzone.net"; -//}; - -// Slave zones -// -//zone "otherzone.net" { -// type slave; -// file "slave/otherzone.net"; -// masters { 192.0.2.1; [...;] }; -//}; Index: pkg/MESSAGE =================================================================== RCS file: pkg/MESSAGE diff -N pkg/MESSAGE --- pkg/MESSAGE 18 Dec 2019 15:05:43 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,3 +0,0 @@ -BIND: named 9.12+ insists that the "working directory" (inside the -/var/named chroot) is writable. Simplest fix if upgrading is probably -to add 'directory "/tmp";' to the options section of named.conf. Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/isc-bind/pkg/PLIST,v retrieving revision 1.22 diff -u -p -r1.22 PLIST --- pkg/PLIST 19 May 2020 09:32:38 -0000 1.22 +++ pkg/PLIST 20 May 2020 19:31:41 -0000 @@ -395,32 +395,22 @@ sbin/named-compilezone @bin sbin/rndc @bin sbin/rndc-confgen sbin/tsig-keygen -share/examples/bind9/ @sample ${LOCALSTATEDIR}/named/ -@sample ${LOCALSTATEDIR}/named/master/ -@sample ${LOCALSTATEDIR}/named/standard/ @mode 750 @group _bind @sample ${LOCALSTATEDIR}/named/etc/ @mode 775 -@sample ${LOCALSTATEDIR}/named/slave/ @sample ${LOCALSTATEDIR}/named/tmp/ @mode @group +share/doc/bind/ +share/doc/bind9/ +share/doc/bind9/Bv9ARM.pdf +share/doc/bind9/notes.pdf +share/doc/bind9/notes.txt +share/examples/bind9/ share/examples/bind9/bind.keys -@sample ${LOCALSTATEDIR}/named/etc/bind.keys -share/examples/bind9/localhost -@sample ${LOCALSTATEDIR}/named/standard/localhost -share/examples/bind9/loopback -@sample ${LOCALSTATEDIR}/named/standard/loopback -share/examples/bind9/loopback6.arpa -@sample ${LOCALSTATEDIR}/named/standard/loopback6.arpa share/examples/bind9/named.conf @mode 640 @group _bind @sample ${LOCALSTATEDIR}/named/etc/named.conf -@mode -@group -share/examples/bind9/root.hint -@group wheel -@sample ${LOCALSTATEDIR}/named/etc/root.hint
