From 39b47dbaf1ebe59e71a0e4269a6bb62d3126ba7d Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Wed, 19 Nov 2008 15:39:16 +0000 Subject: [PATCH] - unbound-1.1.0-log_open.patch - make sure log is opened before chroot call - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 - removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot, not needed - don't mount files in chroot, it causes problems during updates - fixed typo in default config file - removed old 1.0.2 version from sources --- .cvsignore | 2 +- sources | 1 - unbound.conf | 2 +- unbound.init | 16 +------------ unbound.spec | 65 +++++++++++++++++++++++++++++++--------------------- 5 files changed, 42 insertions(+), 44 deletions(-) diff --git a/.cvsignore b/.cvsignore index db4a860..6143e07 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -unbound-1.0.2.tar.gz +unbound-1.1.0.tar.gz diff --git a/sources b/sources index ac97b5c..f69d41a 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -01b08a9c0d24be981de64b6e4e25ecbe unbound-1.0.2.tar.gz f1c8110ed62e3aa0423e24b6c0f3a9c4 unbound-1.1.0.tar.gz diff --git a/unbound.conf b/unbound.conf index 2645b21..b1adf13 100644 --- a/unbound.conf +++ b/unbound.conf @@ -345,7 +345,7 @@ remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. # reqiured for munin monitoring plugin - control-enable:yes + control-enable: yes # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. diff --git a/unbound.init b/unbound.init index 3ec8fe4..69fdbc7 100644 --- a/unbound.init +++ b/unbound.init @@ -43,15 +43,7 @@ start() { echo -n $"Starting unbound: " - if [ ! -e ${rootdir}/etc/resolv.conf ] || /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then - cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf - fi; - if [ ! -e ${rootdir}/etc/localtime ] || /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then - cp -fp /etc/localtime ${rootdir}/etc/localtime - fi; - mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; - mount --bind -n /var/run/unbound ${rootdir}/var/run/unbound >/dev/null 2>&1; + [ -s ${rootdir}/etc/localtime ] || cp -fp /etc/localtime ${rootdir}/etc/localtime # if not running, start it up here daemon $exec @@ -66,12 +58,6 @@ stop() { killproc -p $pidfile unbound retval=$? [ $retval -eq 0 ] && rm -f $lockfile - for mountfile in /dev/log /dev/random /etc/localtime /etc/resolv.conf /var/run/unbound - do - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}''${mountfile}'' /proc/mounts; then - umount ${rootdir}$mountfile >/dev/null 2>&1 - fi; - done echo } diff --git a/unbound.spec b/unbound.spec index 903decb..a67a225 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,7 +1,9 @@ +%define rootdir %{_localstatedir}/lib/%{name} + Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.1.0 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz @@ -20,6 +22,8 @@ Requires(pre): shadow-utils # Is this obsolete? #Provides: caching-nameserver +Patch0: unbound-1.1.0-log_open.patch + %description Unbound is a validating, recursive, and caching DNS(SEC) resolver. @@ -61,23 +65,25 @@ Contains libraries used by the unbound server and client applications %prep %setup -q +%patch0 -p1 -b .log_open + %build %configure --with-ldns= --with-libevent --with-pthreads --with-ssl \ --disable-rpath --enable-debug --disable-static \ - --with-run-dir=%{_localstatedir}/lib/%{name}\ - --with-conf-file=%{_localstatedir}/lib/%{name}/unbound.conf \ + --with-run-dir=%{rootdir} \ + --with-conf-file=%{rootdir}/unbound.conf \ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid %{__make} CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" QUIET=no %{?_smp_mflags} %install rm -rf %{buildroot} %{__make} DESTDIR=%{buildroot} install -install -d 0755 %{buildroot}%{_localstatedir}/lib/%{name} +install -d 0755 %{buildroot}%{rootdir} install -d 0755 %{buildroot}%{_initrddir} #install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound #overwrite stock unbound.conf with our own -install -m 0755 %{SOURCE2} %{buildroot}%{_localstatedir}/lib/%{name} +install -m 0755 %{SOURCE2} %{buildroot}%{rootdir} install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound install -d 0755 %{buildroot}%{_datadir}/munin/plugins/ @@ -85,19 +91,14 @@ install -m 0755 contrib/unbound_munin_ %{buildroot}%{_datadir}/munin/plugins/unb # add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf -( cd %{buildroot}%{_sysconfdir}/ ; ln -s ..%{_localstatedir}/lib/unbound/unbound.conf ) +( cd %{buildroot}%{_sysconfdir}/ ; ln -s ..%{rootdir}/unbound.conf ) # remove static library from install (fedora packaging guidelines) rm -rf %{buildroot}%{_libdir}/*.la -# The chroot needs /dev/log, /dev/random, /etc/resolv.conf and /etc/localtime +# The chroot needs /dev/random and /etc/localtime # but the init script uses mount --bind, so just create empty files -mkdir -p %{buildroot}%{_localstatedir}/lib/unbound/etc \ - %{buildroot}%{_localstatedir}/lib/unbound/dev -echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/etc/resolv.conf -echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/etc/localtime -echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/dev/log -echo "Used for mount --bind in initscript" > %{buildroot}%{_localstatedir}/lib/unbound/dev/random -mkdir -p %{buildroot}%{_localstatedir}/lib/unbound/var/run/unbound +mkdir -p %{buildroot}%{rootdir}/{dev,etc} +touch %{buildroot}%{rootdir}/{etc/localtime,dev/random} mkdir -p %{buildroot}%{_localstatedir}/run/unbound %clean @@ -107,18 +108,15 @@ rm -rf ${RPM_BUILD_ROOT} %defattr(-,root,root,-) %doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES %attr(0755,root,root) %{_initrddir}/%{name} -# the chroot env -%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name} %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name} -%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/dev -%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/etc -%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/var -%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/var/run -%attr(0755,root,root) %dir %{_localstatedir}/lib/%{name}/var/run/unbound %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/unbound.conf -%attr(0644,root,root) %config(noreplace) %{_localstatedir}/lib/%{name}/unbound.conf -%attr(0644,root,root) %{_localstatedir}/lib/%{name}/dev/* -%attr(0644,root,root) %{_localstatedir}/lib/%{name}/etc/* +# the chroot env +%attr(0755,root,root) %dir %{rootdir} +%attr(0755,root,root) %dir %{rootdir}/dev +%attr(0755,root,root) %dir %{rootdir}/etc +%attr(0644,root,root) %config(noreplace) %{rootdir}/unbound.conf +%attr(0644,root,root) %ghost %{rootdir}/dev/random +%attr(0644,root,root) %ghost %{rootdir}/etc/localtime %{_sbindir}/* %{_mandir}/*/* @@ -141,20 +139,26 @@ rm -rf ${RPM_BUILD_ROOT} %pre getent group unbound >/dev/null || groupadd -r unbound getent passwd unbound >/dev/null || \ -useradd -r -g unbound -d %{_localstatedir}/lib/%{name} -s /sbin/nologin \ +useradd -r -g unbound -d %{rootdir} -s /sbin/nologin \ -c "Unbound DNS resolver" unbound exit 0 %post /sbin/chkconfig --add %{name} +# Add chroot stuff +[ -e %{rootdir}/dev/random ] || /bin/mknod %{rootdir}/dev/random c 1 8 +[ -s %{rootdir}/etc/localtime ] || cp -fp {,%{rootdir}}/etc/localtime + %post libs -p /sbin/ldconfig %preun -if [ $1 -eq 0 ]; then +if [ "$1" -eq 0 ]; then /sbin/service %{name} stop >/dev/null 2>&1 /sbin/chkconfig --del %{name} + rm -f %{rootdir}/dev/random + rm -f %{rootdir}/etc/localtime fi %postun @@ -165,6 +169,15 @@ fi %postun libs -p /sbin/ldconfig %changelog +* Wed Nov 19 2008 Adam Tkac - 1.1.0-2 +- unbound-1.1.0-log_open.patch + - make sure log is opened before chroot call + - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 +- removed /dev/log and /var/run/unbound and /etc/resolv.conf from + chroot, not needed +- don't mount files in chroot, it causes problems during updates +- fixed typo in default config file + * Fri Nov 14 2008 Paul Wouters - 1.1.0-1 - Updated to version 1.1.0 - Updated unbound.conf's statistics options and remote-control