Bug 196520 - [Patch] dns/bind910 rc.d/named auto-chroot reenable
Summary: [Patch] dns/bind910 rc.d/named auto-chroot reenable
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mathieu Arnold
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-05 19:21 UTC by Harald Schmalzbauer
Modified: 2015-03-24 15:23 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (mat)


Attachments
auto-chroot merged back from base, mtree follows separately (6.62 KB, patch)
2015-01-05 19:21 UTC, Harald Schmalzbauer
no flags Details | Diff
Provide BIND.chroot.dist for mtree-usage, needed for first patch to work (1.99 KB, patch)
2015-01-05 19:22 UTC, Harald Schmalzbauer
no flags Details | Diff
(fixed) auto-chroot merged back from base, mtree follows separately (6.62 KB, patch)
2015-01-05 20:21 UTC, Harald Schmalzbauer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Harald Schmalzbauer 2015-01-05 19:21:11 UTC
Created attachment 151361 [details]
auto-chroot merged back from base, mtree follows separately

There was a lot of rumor about auto-chrooting for bind because out-of-the-box chroot support was removed along with bind from base starting with FreeBSD-10, see https://lists.freebsd.org/pipermail/freebsd-stable/2013-December/076028.html

I share the opinion of the majority – it's a significant regression.
So I hacked a quick back-merge from what I appreciated having had in base.
It's meant to change as less as possible, and has been barely tested, but does work well in my environment.
It's most probably no long term solution, but a quick one for those looking for the old behaviour we were used up to FreeBSD-10.
All you have to add is
named_chrootdir="/var/named"
to your /etc/rc.conf and make sure the directory you define does exist.

I simply took the old rc.d-script and back-merged the routines with little matching.
Inside chroot, %%PREFIX%% will be stripped, so your config is in /var/named/etc/namedb e.g. (not in /var/named/usr/local/etc/namedb!!!)

Feel free to like/dislike/adapt/use/forget it ;-)

For easier reading, I made two patches, especially because I'm unsure if it's a good idea to install BIND.chroot.dist into %%PREFIX%%/etc/mtree. There are countless other ways to do it, but like I mentioned, I wanted to make this addition minimal-invasive in port's perspective.
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2015-01-05 19:21:11 UTC
Auto-assigned to maintainer mat@FreeBSD.org
Comment 2 Harald Schmalzbauer 2015-01-05 19:22:16 UTC
Created attachment 151362 [details]
Provide BIND.chroot.dist for mtree-usage, needed for first patch to work
Comment 3 Harald Schmalzbauer 2015-01-05 20:21:06 UTC
Created attachment 151363 [details]
(fixed) auto-chroot merged back from base, mtree follows separately

Unfortunately I havent noticed a logik error in the original config_check, which uses symlinked named.conf unconditionally, instead of appending "-t $named_chrootdir", so the test will take place inside chrootdir.
This patch replaces my first.
Comment 4 Mathieu Arnold freebsd_committer freebsd_triage 2015-02-23 15:08:57 UTC
I haven't forgotten about this patch, I was not really happy about a few bits, and wanted to think about it a bit before working on it.
Comment 5 Mathieu Arnold freebsd_committer freebsd_triage 2015-02-23 17:22:07 UTC
So, I started working on the dns/bind99 port, mostly because it's the one I was in when I started, and also because its support will last longer than dns/bind910.

I've started a code review at https://reviews.freebsd.org/D1952 and it's pretty wet behind the ears.
Comment 6 Mathieu Arnold freebsd_committer freebsd_triage 2015-03-24 15:23:37 UTC
Support added back in r382109.