Bug 206887 - Unbound 1.5.7 has syntax errors in its support scripts.
Summary: Unbound 1.5.7 has syntax errors in its support scripts.
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Dag-Erling Smørgrav
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-02-03 18:14 UTC by Peter Wemm
Modified: 2016-02-17 15:51 UTC (History)
3 users (show)

See Also:


Attachments
Typo fix (1.78 KB, patch)
2016-02-03 18:21 UTC, Peter Wemm
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Wemm freebsd_committer freebsd_triage 2016-02-03 18:14:29 UTC
/usr/sbin/unbound-control-setup changed a 
cat << EOF > request.cfg
.. things ...
EOF
construct into
echo "thing1\n" > request.cfg
echo "thing2\n" >> request.cfg
...

The problem is, this is echo, not printf.  This causes openssl to reject the request.cfg file.

Observe with "/usr/sbin/unbound-control-setup -d /tmp"  You will be rewarded with an openssl syntax error.  Remove the "\n" from both blocks of echo and it'll work.

This breaks the freebsd cluster node bootstrap process.

I note that the error appears to have been MFC'ed into 10-stable as well.
Comment 1 Peter Wemm freebsd_committer freebsd_triage 2016-02-03 18:21:52 UTC
Created attachment 166508 [details]
Typo fix
Comment 2 Jaap Akkerhuis 2016-02-15 09:27:52 UTC
The problem has been spotted by the upstream as well and will be fixed in the next release
Comment 3 Dag-Erling Smørgrav freebsd_committer 2016-02-17 11:56:29 UTC
The script has been removed from head and stable/10.  It is not needed since local-unbound-setup configures a local control socket, which does not require keys, instead of a TCP socket, which does.

Note that the purpose of having Unbound in base is solely to provide a local validating resolver; if you need to control Unbound on one machine from another, I assume that you are using it as more than just a local resolver, and you should install the port instead.