Use new config named-chroot.files for chroot setup files (#1429656)
This commit is contained in:
parent
5c1f40d412
commit
41d69089c7
|
@ -45,7 +45,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||||
Name: bind
|
Name: bind
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
Version: 9.11.3
|
Version: 9.11.3
|
||||||
Release: 14%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
Release: 15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||||
Epoch: 32
|
Epoch: 32
|
||||||
Url: http://www.isc.org/products/BIND/
|
Url: http://www.isc.org/products/BIND/
|
||||||
#
|
#
|
||||||
|
@ -77,6 +77,7 @@ Source45: named-sdb-chroot-setup.service
|
||||||
Source46: named-setup-rndc.service
|
Source46: named-setup-rndc.service
|
||||||
Source47: named-pkcs11.service
|
Source47: named-pkcs11.service
|
||||||
Source48: setup-named-softhsm.sh
|
Source48: setup-named-softhsm.sh
|
||||||
|
Source49: named-chroot.files
|
||||||
|
|
||||||
# Common patches
|
# Common patches
|
||||||
Patch10: bind-9.5-PIE.patch
|
Patch10: bind-9.5-PIE.patch
|
||||||
|
@ -835,6 +836,7 @@ install -m 755 %{SOURCE48} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.s
|
||||||
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
|
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
|
||||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
|
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
|
||||||
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
|
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
|
||||||
|
install -m 644 %{SOURCE49} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
|
||||||
%if %{with SDB}
|
%if %{with SDB}
|
||||||
mkdir -p ${RPM_BUILD_ROOT}/etc/openldap/schema
|
mkdir -p ${RPM_BUILD_ROOT}/etc/openldap/schema
|
||||||
install -m 644 %{SOURCE8} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema
|
install -m 644 %{SOURCE8} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema
|
||||||
|
@ -1248,6 +1250,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||||
%{_includedir}/bind9/isccfg
|
%{_includedir}/bind9/isccfg
|
||||||
|
|
||||||
%files chroot
|
%files chroot
|
||||||
|
%config(noreplace) %{_sysconfdir}/named-chroot.files
|
||||||
%{_unitdir}/named-chroot.service
|
%{_unitdir}/named-chroot.service
|
||||||
%{_unitdir}/named-chroot-setup.service
|
%{_unitdir}/named-chroot-setup.service
|
||||||
%{_libexecdir}/setup-named-chroot.sh
|
%{_libexecdir}/setup-named-chroot.sh
|
||||||
|
@ -1281,6 +1284,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||||
|
|
||||||
%if %{with SDB}
|
%if %{with SDB}
|
||||||
%files sdb-chroot
|
%files sdb-chroot
|
||||||
|
%config(noreplace) %{_sysconfdir}/named-chroot.files
|
||||||
%{_unitdir}/named-sdb-chroot.service
|
%{_unitdir}/named-sdb-chroot.service
|
||||||
%{_unitdir}/named-sdb-chroot-setup.service
|
%{_unitdir}/named-sdb-chroot-setup.service
|
||||||
%{_libexecdir}/setup-named-chroot.sh
|
%{_libexecdir}/setup-named-chroot.sh
|
||||||
|
@ -1407,6 +1411,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-15
|
||||||
|
- Use new config file named-chroot.files for chroot setup (#1429656)
|
||||||
|
|
||||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.3-14
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.3-14
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
|
|
@ -8,5 +8,5 @@ After=named-setup-rndc.service
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=yes
|
RemainAfterExit=yes
|
||||||
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
|
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on /etc/named-chroot.files
|
||||||
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
|
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off /etc/named-chroot.files
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Configuration of files used in chroot
|
||||||
|
# Following files are made available after named-chroot.service start
|
||||||
|
# if they are missing or empty in target directory.
|
||||||
|
/etc/localtime
|
||||||
|
/etc/named.root.key
|
||||||
|
/etc/named.conf
|
||||||
|
/etc/named.rfc1912.zones
|
||||||
|
/etc/rndc.conf
|
||||||
|
/etc/rndc.key
|
||||||
|
/etc/named.iscdlv.key
|
||||||
|
/etc/crypto-policies/back-ends/bind.config
|
||||||
|
/etc/protocols
|
||||||
|
/etc/services
|
||||||
|
/etc/named.dnssec.keys
|
||||||
|
/etc/pki/dnssec-keys
|
||||||
|
/etc/named
|
||||||
|
/usr/lib64/bind
|
||||||
|
/usr/lib/bind
|
||||||
|
/run/named
|
||||||
|
# Warning: the order is important
|
||||||
|
# If a directory containing $ROOTDIR is listed here,
|
||||||
|
# it MUST be listed last. (/var/named contains /var/named/chroot)
|
||||||
|
/var/named
|
|
@ -8,5 +8,5 @@ After=named-setup-rndc.service
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=yes
|
RemainAfterExit=yes
|
||||||
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot_sdb on
|
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot_sdb on /etc/named-chroot.files
|
||||||
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot_sdb off
|
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot_sdb off /etc/named-chroot.files
|
||||||
|
|
|
@ -1,29 +1,21 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Warning: the order is important
|
|
||||||
# If a directory containing $ROOTDIR is listed here,
|
|
||||||
# it MUST be listed last. (/var/named contains /var/named/chroot)
|
|
||||||
ROOTDIR_MOUNT='/etc/localtime /etc/named.root.key /etc/named.conf
|
|
||||||
/etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /etc/named.iscdlv.key
|
|
||||||
/etc/crypto-policies/back-ends/bind.config /etc/protocols /etc/services
|
|
||||||
/etc/named.dnssec.keys /etc/pki/dnssec-keys
|
|
||||||
/etc/named /usr/lib64/bind /usr/lib/bind /run/named
|
|
||||||
/var/named'
|
|
||||||
|
|
||||||
usage()
|
usage()
|
||||||
{
|
{
|
||||||
echo
|
echo
|
||||||
echo 'This script setups chroot environment for BIND'
|
echo 'This script setups chroot environment for BIND'
|
||||||
echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]'
|
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> <config.files>'
|
||||||
}
|
}
|
||||||
|
|
||||||
if ! [ "$#" -eq 2 ]; then
|
if ! [ "$#" -eq 3 ]; then
|
||||||
echo 'Wrong number of arguments'
|
echo 'Wrong number of arguments'
|
||||||
usage
|
usage
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ROOTDIR="$1"
|
ROOTDIR="$1"
|
||||||
|
CONFIG_FILES="$3"
|
||||||
|
|
||||||
# Exit if ROOTDIR doesn't exist
|
# Exit if ROOTDIR doesn't exist
|
||||||
if ! [ -d "$ROOTDIR" ]; then
|
if ! [ -d "$ROOTDIR" ]; then
|
||||||
|
@ -32,10 +24,40 @@ if ! [ -d "$ROOTDIR" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
dev_create()
|
||||||
|
{
|
||||||
|
DEVNAME="$ROOTDIR/dev/$1"
|
||||||
|
MINOR="$2"
|
||||||
|
if ! [ -e "$DEVNAME" ]; then
|
||||||
|
/bin/mknod "$DEVNAME" c 1 $MINOR
|
||||||
|
fi
|
||||||
|
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
|
||||||
|
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
dev_chroot_prep()
|
||||||
|
{
|
||||||
|
dev_create random 8
|
||||||
|
dev_create zero 5
|
||||||
|
dev_create null 3
|
||||||
|
}
|
||||||
|
|
||||||
|
files_comment_filter()
|
||||||
|
{
|
||||||
|
if [ -d "$1" ]; then
|
||||||
|
grep -v '^[[:space:]]*#' "$1"/*.files
|
||||||
|
else
|
||||||
|
grep -v '^[[:space:]]*#' "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
mount_chroot_conf()
|
mount_chroot_conf()
|
||||||
{
|
{
|
||||||
if [ -n "$ROOTDIR" ]; then
|
if [ -n "$ROOTDIR" ]; then
|
||||||
for all in $ROOTDIR_MOUNT; do
|
# Check devices are prepared
|
||||||
|
dev_chroot_prep
|
||||||
|
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||||
# Skip nonexistant files
|
# Skip nonexistant files
|
||||||
[ -e "$all" ] || continue
|
[ -e "$all" ] || continue
|
||||||
|
|
||||||
|
@ -60,7 +82,7 @@ mount_chroot_conf()
|
||||||
umount_chroot_conf()
|
umount_chroot_conf()
|
||||||
{
|
{
|
||||||
if [ -n "$ROOTDIR" ]; then
|
if [ -n "$ROOTDIR" ]; then
|
||||||
for all in $ROOTDIR_MOUNT; do
|
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||||
# Check if file is mount target. Do not use /proc/mounts because detecting
|
# Check if file is mount target. Do not use /proc/mounts because detecting
|
||||||
# of modified mounted files can fail.
|
# of modified mounted files can fail.
|
||||||
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
||||||
|
|
Loading…
Reference in New Issue