svn commit: r503955 - in head/dns: bind9-devel bind9-devel/files bind914 bind914/files
Mathieu Arnold
mat at FreeBSD.org
Tue Jun 11 12:18:41 UTC 2019
Author: mat
Date: Tue Jun 11 12:18:36 2019
New Revision: 503955
URL: https://svnweb.freebsd.org/changeset/ports/503955
Log:
Fix named when using plugins and chroot.
BIND9 introduced plugins and migrated the filter-aaaa feature to a
plugin.
As it loads its plugins late in the startup process (read after chroot),
the plugins need to be available in the chroot.
Also, refactor the code now that a second directory need to be handled.
PR: 238011
Reported by: ryan at timewasted.me
MFH: 2019Q2
Modified:
head/dns/bind9-devel/Makefile (contents, props changed)
head/dns/bind9-devel/files/named.in
head/dns/bind914/Makefile (contents, props changed)
head/dns/bind914/files/named.in
Modified: head/dns/bind9-devel/Makefile
==============================================================================
--- head/dns/bind9-devel/Makefile Tue Jun 11 12:18:29 2019 (r503954)
+++ head/dns/bind9-devel/Makefile Tue Jun 11 12:18:36 2019 (r503955)
@@ -9,7 +9,7 @@ PORTREVISION= 0
.else
# XXX: correct version
# dns/bind9xx here
-PORTREVISION= 1
+PORTREVISION= 2
.endif
CATEGORIES= dns net ipv6
# XXX: put the ISC master_site
Modified: head/dns/bind9-devel/files/named.in
==============================================================================
--- head/dns/bind9-devel/files/named.in Tue Jun 11 12:18:29 2019 (r503954)
+++ head/dns/bind9-devel/files/named.in Tue Jun 11 12:18:36 2019 (r503955)
@@ -143,19 +143,10 @@ chroot_autoupdate()
fi
fi
- # The OpenSSL engines should be present in the chroot, named loads them
- # after chrooting.
- if [ -d ${_openssl_engines} ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
- if can_mount nullfs ; then
- mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
- else
- warn "named chroot: cannot nullfs mount OpenSSL" \
- "engines into the chroot, will copy the shared" \
- "libraries instead."
- cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
- fi
- fi
+ # The OpenSSL engines and BIND9 plugins should be present in the
+ # chroot, named loads them after chrooting.
+ null_mount_or_copy ${_openssl_engines}
+ null_mount_or_copy %%PREFIX%%/lib/named
# Copy and/or update key files to the chroot /etc
#
@@ -239,13 +230,8 @@ named_stop()
named_poststop()
{
if [ -n "${named_chrootdir}" ]; then
- # if using OpenSSL from ports, unmount OpenSSL engines, if they
- # were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} ]; then
- if can_mount nullfs; then
- umount ${named_chrootdir}${_openssl_engines}
- fi
- fi
+ null_umount %%PREFIX%%/lib/named
+ null_umount ${_openssl_engines}
if [ -c ${named_chrootdir}/dev/null ]; then
# unmount /dev
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
@@ -271,6 +257,36 @@ can_mount()
return 0
fi
return 1
+}
+
+null_mount_or_copy()
+{
+ local dir
+ dir=$1
+
+ if [ -d ${dir} ]; then
+ mkdir -p ${named_chrootdir}${dir}
+ if can_mount nullfs ; then
+ mount -t nullfs ${dir} ${named_chrootdir}${dir}
+ else
+ warn "named chroot: cannot nullfs mount OpenSSL" \
+ "engines into the chroot, will copy the shared" \
+ "libraries instead."
+ cp -f ${dir}/*.so ${named_chrootdir}${dir}
+ fi
+ fi
+}
+
+null_umount()
+{
+ local dir
+ dir=$1
+
+ if [ -d ${dir} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${dir}
+ fi
+ fi
}
create_file()
Modified: head/dns/bind914/Makefile
==============================================================================
--- head/dns/bind914/Makefile Tue Jun 11 12:18:29 2019 (r503954)
+++ head/dns/bind914/Makefile Tue Jun 11 12:18:36 2019 (r503955)
@@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc
PORTREVISION= 0
.else
# dns/bind914 here
-PORTREVISION= 1
+PORTREVISION= 2
.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
Modified: head/dns/bind914/files/named.in
==============================================================================
--- head/dns/bind914/files/named.in Tue Jun 11 12:18:29 2019 (r503954)
+++ head/dns/bind914/files/named.in Tue Jun 11 12:18:36 2019 (r503955)
@@ -143,19 +143,10 @@ chroot_autoupdate()
fi
fi
- # The OpenSSL engines should be present in the chroot, named loads them
- # after chrooting.
- if [ -d ${_openssl_engines} ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
- if can_mount nullfs ; then
- mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
- else
- warn "named chroot: cannot nullfs mount OpenSSL" \
- "engines into the chroot, will copy the shared" \
- "libraries instead."
- cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
- fi
- fi
+ # The OpenSSL engines and BIND9 plugins should be present in the
+ # chroot, named loads them after chrooting.
+ null_mount_or_copy ${_openssl_engines}
+ null_mount_or_copy %%PREFIX%%/lib/named
# Copy and/or update key files to the chroot /etc
#
@@ -239,13 +230,8 @@ named_stop()
named_poststop()
{
if [ -n "${named_chrootdir}" ]; then
- # if using OpenSSL from ports, unmount OpenSSL engines, if they
- # were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} ]; then
- if can_mount nullfs; then
- umount ${named_chrootdir}${_openssl_engines}
- fi
- fi
+ null_umount %%PREFIX%%/lib/named
+ null_umount ${_openssl_engines}
if [ -c ${named_chrootdir}/dev/null ]; then
# unmount /dev
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
@@ -271,6 +257,36 @@ can_mount()
return 0
fi
return 1
+}
+
+null_mount_or_copy()
+{
+ local dir
+ dir=$1
+
+ if [ -d ${dir} ]; then
+ mkdir -p ${named_chrootdir}${dir}
+ if can_mount nullfs ; then
+ mount -t nullfs ${dir} ${named_chrootdir}${dir}
+ else
+ warn "named chroot: cannot nullfs mount OpenSSL" \
+ "engines into the chroot, will copy the shared" \
+ "libraries instead."
+ cp -f ${dir}/*.so ${named_chrootdir}${dir}
+ fi
+ fi
+}
+
+null_umount()
+{
+ local dir
+ dir=$1
+
+ if [ -d ${dir} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${dir}
+ fi
+ fi
}
create_file()
More information about the svn-ports-all
mailing list