Hello Robert,
On 2016-01-30 10:26 PM, Robert Edmonds wrote:
> Simon Deziel wrote:
>> What do you think of the 2nd version of the proposed fixed
>> (unbound-fresh-chroot-2.patch)?
>
> This version of the patch will read from any *.conf file in
> /etc/unbound, which could easily not be part of the active config,
> e.g.:
>
> /etc/unbound/unbound-bad.conf
>
> /etc/unbound/unbound.conf.d.bak/chroot.conf
>
> Or the admin could simply delete the 'include' directive in the
> default /etc/unbound/unbound.conf file, in which case we shouldn't be
> looking at any /etc/unbound/unbound.conf.d/*.conf files at all.
>
> The awk/find/sed/etc. code that you use to try to find the chroot
> directory makes me uncomfortable. It seems that if we need to find
> the configured chroot directory, we should be fixing
> unbound-checkconf so that we can use the Unbound config parser itself
> to tell us where the chroot directory is, rather than trying to
> implement an ad hoc config parser in shell.
Turns out that unbound-checkconf has been fixed somewhere between 1.4.22
and 1.5.7. "unbound-checkconf -o chroot" just works now. Please see the
updated patch attached.
>> If we could resolve this chroot'ing problem, Ubuntu, that turns
>> off chroot by default, would be more comfortable to drop part of
>> their delta with Debian.
>
> What delta is there in Ubuntu? I'm looking at the unbound
> 1.5.7-1ubuntu1 source package and the only change I see is to
> disable dnstap support.
After I sent this patch, Ubuntu pulled 1.5.7-1 in and dropped most of
the delta.
Best regards,
Simon
--- /etc/init.d/unbound.orig 2015-12-12 15:08:27.0 -0500
+++ /etc/init.d/unbound 2016-02-15 17:45:11.838356275 -0500
@@ -21,7 +21,7 @@
UNBOUND_ENABLE=true
UNBOUND_CONF=/etc/unbound/unbound.conf
UNBOUND_BASE_DIR=$(dirname $UNBOUND_CONF)
-CHROOT_DIR=$(awk '{if ($1 ~ "^chroot" && $2 != "\"\"") print $2}' $UNBOUND_CONF|sed -e "s#\"##g")
+CHROOT_DIR="$(unbound-checkconf -o chroot)"
ROOT_TRUST_ANCHOR_UPDATE=false
ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
RESOLVCONF=false
@@ -93,8 +93,9 @@
do_chroot_setup() {
if [ -d "$CHROOT_DIR" -a "$CHROOT_DIR" != "$UNBOUND_BASE_DIR" ]; then
+rm -rf $CHROOT_DIR/$UNBOUND_BASE_DIR && mkdir -p $CHROOT_DIR/$UNBOUND_BASE_DIR
cd /
-tar --overwrite -cf - $(echo $UNBOUND_BASE_DIR | sed 's#^/##') | (cd $CHROOT_DIR && tar -xf -)
+tar -cf - $(echo $UNBOUND_BASE_DIR | sed 's/^\///') | (cd $CHROOT_DIR && tar -xf -)
fi
}
signature.asc
Description: OpenPGP digital signature