Summary: | [patch proposal] dns/bind911: Make rc.d/named session key aware in make_symlinks() for named_chrootdir!="" | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Harald Schmalzbauer <bugzilla.freebsd> | ||||
Component: | Individual Port(s) | Assignee: | Mathieu Arnold <mat> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | Flags: | bugzilla:
maintainer-feedback?
(mat) |
||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Comment on attachment 187699 [details]
Also symlink bind's session-keyfile when running in chrootdir.
Sorry, forgot to clean whitespace (style?) for get_sessionkeyfile_from_conf() in the attached patch. Copy'n'paste from rc.subr mutilated tab stops. No need to attach a replacing diff?
Is it not possible to use get_pidfile_from conf to get the session file ? It would probably be better rather than dupplicating all the code. Side question as I never used that file, in which version of BIND9 is it supported ? (To see which ports to apply this patch to.) I have 910 and 911 from ports and can confirm that both install nsupdate(1) with '-l' (session.key) capability. I found a older FreeBSD 9.3 setup, with bind/named(8) in base, which answers 'chaos version.bind txt' with 9.9.5 (config checked, seems unaltered answer, although I'd bet money that it would be bind 8...) Anyway, also this version of nsupdate(1) looks for a session key in -l (local) mode. Unfortunately I can't help finding a better solution than dumb code copy at the moment. Will come back to that topic maybe in some weeks, then I can see if get_pidfile_from is usable for session.key determination. This is not an urgent issue I think, most times fellows using nsupdate(1) might have rolled out individual keys and do their tasks remotely. It was just one special setup where I ever used '-l'. Just wanted to record this area of possible improvement. Thanks, -harry I removed the copy you did of get_pidfile_from_conf and used it for the session-keyfile line, it works just fine. A commit references this bug: Author: mat Date: Tue Nov 7 15:48:17 UTC 2017 New revision: 453667 URL: https://svnweb.freebsd.org/changeset/ports/453667 Log: Add a symlink to named's session-keyfile. Using nsupdate -l, and chroot was broken because nsupdate could not find the keyfile by itself. PR: 223403 Submitted by: Harald Schmalzbauer Sponsored by: Absolight Changes: head/dns/bind9-devel/Makefile head/dns/bind9-devel/files/named.in head/dns/bind910/Makefile head/dns/bind910/files/named.in head/dns/bind911/Makefile head/dns/bind911/files/named.in head/dns/bind912/Makefile head/dns/bind912/files/named.in head/dns/bind99/Makefile head/dns/bind99/files/named.in |
Created attachment 187699 [details] Also symlink bind's session-keyfile when running in chrootdir. While there's convinient 'rndc' usage out of the box, 'nsupdate -l' is only convinient if named_symlink_enable=NO (named_chrootdir=""). Attached diff handles session-keyfile config option and the resulting symlinking exactly the same way as rc.d/named and rc.subr do it for pid-file config option. this is not really the most elegant way, but I always prefer consistency over simplicity/beauty.