Bug 196520

Summary:

[Patch] dns/bind910 rc.d/named auto-chroot reenable

Product:

Ports & Packages

Reporter:

Harald Schmalzbauer <bugzilla.freebsd>

Component:

Individual Port(s)

Assignee:

Mathieu Arnold <mat>

Status:

Closed FIXED

Severity:

Affects Many People

Flags:

bugzilla: maintainer-feedback? (mat)

Priority:

---

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
auto-chroot merged back from base, mtree follows separately	none
Provide BIND.chroot.dist for mtree-usage, needed for first patch to work	none
(fixed) auto-chroot merged back from base, mtree follows separately	none

Description Harald Schmalzbauer 2015-01-05 19:21:11 UTC

Created attachment 151361 [details]
auto-chroot merged back from base, mtree follows separately

There was a lot of rumor about auto-chrooting for bind because out-of-the-box chroot support was removed along with bind from base starting with FreeBSD-10, see https://lists.freebsd.org/pipermail/freebsd-stable/2013-December/076028.html

I share the opinion of the majority – it's a significant regression.
So I hacked a quick back-merge from what I appreciated having had in base.
It's meant to change as less as possible, and has been barely tested, but does work well in my environment.
It's most probably no long term solution, but a quick one for those looking for the old behaviour we were used up to FreeBSD-10.
All you have to add is
named_chrootdir="/var/named"
to your /etc/rc.conf and make sure the directory you define does exist.

I simply took the old rc.d-script and back-merged the routines with little matching.
Inside chroot, %%PREFIX%% will be stripped, so your config is in /var/named/etc/namedb e.g. (not in /var/named/usr/local/etc/namedb!!!)

Feel free to like/dislike/adapt/use/forget it ;-)

For easier reading, I made two patches, especially because I'm unsure if it's a good idea to install BIND.chroot.dist into %%PREFIX%%/etc/mtree. There are countless other ways to do it, but like I mentioned, I wanted to make this addition minimal-invasive in port's perspective.

Comment 1 Bugzilla Automation freebsd_committer

2015-01-05 19:21:11 UTC

Auto-assigned to maintainer mat@FreeBSD.org

Comment 2 Harald Schmalzbauer 2015-01-05 19:22:16 UTC

Created attachment 151362 [details]
Provide BIND.chroot.dist for mtree-usage, needed for first patch to work

Comment 3 Harald Schmalzbauer 2015-01-05 20:21:06 UTC

Created attachment 151363 [details]
(fixed) auto-chroot merged back from base, mtree follows separately

Unfortunately I havent noticed a logik error in the original config_check, which uses symlinked named.conf unconditionally, instead of appending "-t $named_chrootdir", so the test will take place inside chrootdir.
This patch replaces my first.

Comment 4 Mathieu Arnold freebsd_committer

2015-02-23 15:08:57 UTC

I haven't forgotten about this patch, I was not really happy about a few bits, and wanted to think about it a bit before working on it.

Comment 5 Mathieu Arnold freebsd_committer

2015-02-23 17:22:07 UTC

So, I started working on the dns/bind99 port, mostly because it's the one I was in when I started, and also because its support will last longer than dns/bind910.

I've started a code review at https://reviews.freebsd.org/D1952 and it's pretty wet behind the ears.

Comment 6 Mathieu Arnold freebsd_committer

2015-03-24 15:23:37 UTC

Support added back in r382109.