subject:"unbound 1.5.2rc1"

Re: unbound 1.5.2rc1

2015-02-17 Thread Stuart Henderson

On 2015/02/17 01:01, Stuart Henderson wrote:
 This updates to the head of the unbound tree, adding Ilya Bakulin's code to
 support unbound-control over a unix domain socket rather than SSL. I don't
 see many standard cases needing the SSL socket any more, so I've removed
 the code from the rc.d script that automatically generates SSL keys when
 control-enable is used, if somebody wants to control from a remote machine
 they can always do this themselves.
 
 Any comments/OKs?

Brad suggested I split out the etc parts for this for separate discussion.

Rather than editing unbound.conf, another option might be to change the
code to allow using the unix socket by default. I'm reluctant to diverge
from upstream code as it's easier to miss during a merge, but perhaps we
could add an autoconf flag to allow setting this by default (which would
then be more palatable for inclusion in upstream code).


Index: etc/unbound.conf
===
RCS file: /cvs/src/etc/unbound.conf,v
retrieving revision 1.4
diff -u -p -r1.4 unbound.conf
--- etc/unbound.conf2 Apr 2014 21:43:30 -   1.4
+++ etc/unbound.conf17 Feb 2015 10:20:36 -
@@ -37,6 +37,11 @@ server:
#
#tcp-upstream: yes
 
+remote-control:
+   control-enable: yes
+   control-use-cert: no
+   control-interface: /var/run/unbound.sock
+
 # Use an upstream forwarder (recursive resolver) for specific zones.
 # Example addresses given below are public resolvers valid as of 2014/03.
 #
Index: etc/rc.d/unbound
===
RCS file: /cvs/src/etc/rc.d/unbound,v
retrieving revision 1.2
diff -u -p -r1.2 unbound
--- etc/rc.d/unbound29 Dec 2014 11:17:43 -  1.2
+++ etc/rc.d/unbound17 Feb 2015 10:20:36 -
@@ -8,16 +8,9 @@ daemon_flags=-c /var/unbound/etc/unboun
 . /etc/rc.d/rc.subr
 
 pexp=unbound${daemon_flags:+ ${daemon_flags}}
+rc_reload=NO
 
 rc_pre() {
-   if grep '^[[:space:]]*control-enable:[[:space:]]*yes' \
-   /var/unbound/etc/unbound.conf  /dev/null 21  \
-   ! [[ -f /var/unbound/etc/unbound_server.key ||
-   -f /var/unbound/etc/unbound_server.pem ||
-   -f /var/unbound/etc/unbound_control.key ||
-   -f /var/unbound/etc/unbound_control.pem ]]; then
-   /usr/sbin/unbound-control-setup 2 /dev/null
-   fi
if grep '^[[:space:]]*auto-trust-anchor-file:' \
 /var/unbound/etc/unbound.conf  /dev/null 21; then
/usr/sbin/unbound-anchor -v || true

unbound 1.5.2rc1

2015-02-16 Thread Stuart Henderson

This updates to the head of the unbound tree, adding Ilya Bakulin's code to
support unbound-control over a unix domain socket rather than SSL. I don't
see many standard cases needing the SSL socket any more, so I've removed
the code from the rc.d script that automatically generates SSL keys when
control-enable is used, if somebody wants to control from a remote machine
they can always do this themselves.

Any comments/OKs?

Index: etc/unbound.conf
===
RCS file: /cvs/src/etc/unbound.conf,v
retrieving revision 1.4
diff -u -p -r1.4 unbound.conf
--- etc/unbound.conf2 Apr 2014 21:43:30 -   1.4
+++ etc/unbound.conf17 Feb 2015 00:53:05 -
@@ -37,6 +37,11 @@ server:
#
#tcp-upstream: yes
 
+remote-control:
+   control-enable: yes
+   control-use-cert: no
+   control-interface: /var/run/unbound.sock
+
 # Use an upstream forwarder (recursive resolver) for specific zones.
 # Example addresses given below are public resolvers valid as of 2014/03.
 #
Index: etc/rc.d/unbound
===
RCS file: /cvs/src/etc/rc.d/unbound,v
retrieving revision 1.2
diff -u -p -r1.2 unbound
--- etc/rc.d/unbound29 Dec 2014 11:17:43 -  1.2
+++ etc/rc.d/unbound17 Feb 2015 00:53:05 -
@@ -8,16 +8,9 @@ daemon_flags=-c /var/unbound/etc/unboun
 . /etc/rc.d/rc.subr
 
 pexp=unbound${daemon_flags:+ ${daemon_flags}}
+rc_reload=NO
 
 rc_pre() {
-   if grep '^[[:space:]]*control-enable:[[:space:]]*yes' \
-   /var/unbound/etc/unbound.conf  /dev/null 21  \
-   ! [[ -f /var/unbound/etc/unbound_server.key ||
-   -f /var/unbound/etc/unbound_server.pem ||
-   -f /var/unbound/etc/unbound_control.key ||
-   -f /var/unbound/etc/unbound_control.pem ]]; then
-   /usr/sbin/unbound-control-setup 2 /dev/null
-   fi
if grep '^[[:space:]]*auto-trust-anchor-file:' \
 /var/unbound/etc/unbound.conf  /dev/null 21; then
/usr/sbin/unbound-anchor -v || true
Index: usr.sbin/unbound/Makefile.in
===
RCS file: /cvs/src/usr.sbin/unbound/Makefile.in,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile.in
--- usr.sbin/unbound/Makefile.in11 Dec 2014 16:26:58 -  1.13
+++ usr.sbin/unbound/Makefile.in17 Feb 2015 00:53:05 -
@@ -459,8 +459,8 @@ strip:
$(STRIP) unbound$(EXEEXT)
$(STRIP) unbound-checkconf$(EXEEXT)
$(STRIP) unbound-control$(EXEEXT)
-   $(STRIP) unbound-host$(EXEEXT)
-   $(STRIP) unbound-anchor$(EXEEXT)
+   $(STRIP) unbound-host$(EXEEXT) || $(STRIP) .libs/unbound-host$(EXEEXT)
+   $(STRIP) unbound-anchor$(EXEEXT) || $(STRIP) 
.libs/unbound-anchor$(EXEEXT)
 
 pythonmod-install:
$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
@@ -579,6 +579,7 @@ depend:
-e 
's?$$(srcdir)/util/configlexer.c?util/configlexer.c?g' \
-e 
's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \
-e 
's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \
+   -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \
-e 
's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \
 $(DEPEND_TMP)
@@ -692,13 +693,14 @@ iter_utils.lo iter_utils.o: $(srcdir)/it
  $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h 
$(srcdir)/ldns/sbuffer.h
 listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c 
config.h \
  $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h 
$(srcdir)/services/outside_network.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h 
$(srcdir)/util/net_help.h \
- $(srcdir)/ldns/sbuffer.h
+ $(srcdir)/util/rbtree.h  $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h
 localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h 
$(srcdir)/services/localzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h 
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \
  $(srcdir)/ldns/sbuffer.h $(srcdir)/util/regional.h 
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h 
$(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h 
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h 
$(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
 mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h 
$(srcdir)/util/rbtree.h \
  $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h 
$(srcdir)/util/storage/lruhash.h

Re: unbound 1.5.2rc1

unbound 1.5.2rc1

2 matches

Site Navigation

Mail list logo

Footer information