Date: Tue, 11 Jun 2019 12:18:36 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r503955 - in head/dns: bind9-devel bind9-devel/files bind914 bind914/files Message-ID: <201906111218.x5BCIaRI046317@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Tue Jun 11 12:18:36 2019 New Revision: 503955 URL: https://svnweb.freebsd.org/changeset/ports/503955 Log: Fix named when using plugins and chroot. BIND9 introduced plugins and migrated the filter-aaaa feature to a plugin. As it loads its plugins late in the startup process (read after chroot), the plugins need to be available in the chroot. Also, refactor the code now that a second directory need to be handled. PR: 238011 Reported by: ryan@timewasted.me MFH: 2019Q2 Modified: head/dns/bind9-devel/Makefile (contents, props changed) head/dns/bind9-devel/files/named.in head/dns/bind914/Makefile (contents, props changed) head/dns/bind914/files/named.in Modified: head/dns/bind9-devel/Makefile ============================================================================== --- head/dns/bind9-devel/Makefile Tue Jun 11 12:18:29 2019 (r503954) +++ head/dns/bind9-devel/Makefile Tue Jun 11 12:18:36 2019 (r503955) @@ -9,7 +9,7 @@ PORTREVISION= 0 .else # XXX: correct version # dns/bind9xx here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 # XXX: put the ISC master_site Modified: head/dns/bind9-devel/files/named.in ============================================================================== --- head/dns/bind9-devel/files/named.in Tue Jun 11 12:18:29 2019 (r503954) +++ head/dns/bind9-devel/files/named.in Tue Jun 11 12:18:36 2019 (r503955) @@ -143,19 +143,10 @@ chroot_autoupdate() fi fi - # The OpenSSL engines should be present in the chroot, named loads them - # after chrooting. - if [ -d ${_openssl_engines} ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} - if can_mount nullfs ; then - mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} - fi - fi + # The OpenSSL engines and BIND9 plugins should be present in the + # chroot, named loads them after chrooting. + null_mount_or_copy ${_openssl_engines} + null_mount_or_copy %%PREFIX%%/lib/named # Copy and/or update key files to the chroot /etc # @@ -239,13 +230,8 @@ named_stop() named_poststop() { if [ -n "${named_chrootdir}" ]; then - # if using OpenSSL from ports, unmount OpenSSL engines, if they - # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} ]; then - if can_mount nullfs; then - umount ${named_chrootdir}${_openssl_engines} - fi - fi + null_umount %%PREFIX%%/lib/named + null_umount ${_openssl_engines} if [ -c ${named_chrootdir}/dev/null ]; then # unmount /dev if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then @@ -271,6 +257,36 @@ can_mount() return 0 fi return 1 +} + +null_mount_or_copy() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + mkdir -p ${named_chrootdir}${dir} + if can_mount nullfs ; then + mount -t nullfs ${dir} ${named_chrootdir}${dir} + else + warn "named chroot: cannot nullfs mount OpenSSL" \ + "engines into the chroot, will copy the shared" \ + "libraries instead." + cp -f ${dir}/*.so ${named_chrootdir}${dir} + fi + fi +} + +null_umount() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${dir} + fi + fi } create_file() Modified: head/dns/bind914/Makefile ============================================================================== --- head/dns/bind914/Makefile Tue Jun 11 12:18:29 2019 (r503954) +++ head/dns/bind914/Makefile Tue Jun 11 12:18:36 2019 (r503955) @@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc PORTREVISION= 0 .else # dns/bind914 here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} Modified: head/dns/bind914/files/named.in ============================================================================== --- head/dns/bind914/files/named.in Tue Jun 11 12:18:29 2019 (r503954) +++ head/dns/bind914/files/named.in Tue Jun 11 12:18:36 2019 (r503955) @@ -143,19 +143,10 @@ chroot_autoupdate() fi fi - # The OpenSSL engines should be present in the chroot, named loads them - # after chrooting. - if [ -d ${_openssl_engines} ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} - if can_mount nullfs ; then - mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} - fi - fi + # The OpenSSL engines and BIND9 plugins should be present in the + # chroot, named loads them after chrooting. + null_mount_or_copy ${_openssl_engines} + null_mount_or_copy %%PREFIX%%/lib/named # Copy and/or update key files to the chroot /etc # @@ -239,13 +230,8 @@ named_stop() named_poststop() { if [ -n "${named_chrootdir}" ]; then - # if using OpenSSL from ports, unmount OpenSSL engines, if they - # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} ]; then - if can_mount nullfs; then - umount ${named_chrootdir}${_openssl_engines} - fi - fi + null_umount %%PREFIX%%/lib/named + null_umount ${_openssl_engines} if [ -c ${named_chrootdir}/dev/null ]; then # unmount /dev if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then @@ -271,6 +257,36 @@ can_mount() return 0 fi return 1 +} + +null_mount_or_copy() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + mkdir -p ${named_chrootdir}${dir} + if can_mount nullfs ; then + mount -t nullfs ${dir} ${named_chrootdir}${dir} + else + warn "named chroot: cannot nullfs mount OpenSSL" \ + "engines into the chroot, will copy the shared" \ + "libraries instead." + cp -f ${dir}/*.so ${named_chrootdir}${dir} + fi + fi +} + +null_umount() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${dir} + fi + fi } create_file()
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906111218.x5BCIaRI046317>