diff options
| author | Mathieu Arnold <mat@FreeBSD.org> | 2019-06-11 12:19:40 +0000 |
|---|---|---|
| committer | Mathieu Arnold <mat@FreeBSD.org> | 2019-06-11 12:19:40 +0000 |
| commit | ebf3b1076bbbffc200b0ec5d48c4ada685af7c30 (patch) | |
| tree | 4e695f8b5bbe0966694773495d265c1fc425d165 | |
| parent | 6be6ec9da1faac73a2f59d544719b8c8597f3863 (diff) | |
| download | ports-ebf3b1076bbbffc200b0ec5d48c4ada685af7c30.tar.gz ports-ebf3b1076bbbffc200b0ec5d48c4ada685af7c30.zip | |
MFH: r503955
Fix named when using plugins and chroot.
BIND9 introduced plugins and migrated the filter-aaaa feature to a
plugin.
As it loads its plugins late in the startup process (read after chroot),
the plugins need to be available in the chroot.
Also, refactor the code now that a second directory need to be handled.
PR: 238011
Reported by: ryan@timewasted.me
Notes
Notes:
svn path=/branches/2019Q2/; revision=503956
| -rw-r--r-- | dns/bind9-devel/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind9-devel/files/named.in | 56 | ||||
| -rw-r--r-- | dns/bind914/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind914/files/named.in | 56 |
4 files changed, 74 insertions, 42 deletions
diff --git a/dns/bind9-devel/Makefile b/dns/bind9-devel/Makefile index d5dff3ba120a..8861d98cba31 100644 --- a/dns/bind9-devel/Makefile +++ b/dns/bind9-devel/Makefile @@ -9,7 +9,7 @@ PORTREVISION= 0 .else # XXX: correct version # dns/bind9xx here -PORTREVISION= 0 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 # XXX: put the ISC master_site diff --git a/dns/bind9-devel/files/named.in b/dns/bind9-devel/files/named.in index a5a18660ac8c..d7fa64b121b2 100644 --- a/dns/bind9-devel/files/named.in +++ b/dns/bind9-devel/files/named.in @@ -143,19 +143,10 @@ chroot_autoupdate() fi fi - # The OpenSSL engines should be present in the chroot, named loads them - # after chrooting. - if [ -d ${_openssl_engines} ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} - if can_mount nullfs ; then - mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} - fi - fi + # The OpenSSL engines and BIND9 plugins should be present in the + # chroot, named loads them after chrooting. + null_mount_or_copy ${_openssl_engines} + null_mount_or_copy %%PREFIX%%/lib/named # Copy and/or update key files to the chroot /etc # @@ -239,13 +230,8 @@ named_stop() named_poststop() { if [ -n "${named_chrootdir}" ]; then - # if using OpenSSL from ports, unmount OpenSSL engines, if they - # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} ]; then - if can_mount nullfs; then - umount ${named_chrootdir}${_openssl_engines} - fi - fi + null_umount %%PREFIX%%/lib/named + null_umount ${_openssl_engines} if [ -c ${named_chrootdir}/dev/null ]; then # unmount /dev if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then @@ -273,6 +259,36 @@ can_mount() return 1 } +null_mount_or_copy() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + mkdir -p ${named_chrootdir}${dir} + if can_mount nullfs ; then + mount -t nullfs ${dir} ${named_chrootdir}${dir} + else + warn "named chroot: cannot nullfs mount OpenSSL" \ + "engines into the chroot, will copy the shared" \ + "libraries instead." + cp -f ${dir}/*.so ${named_chrootdir}${dir} + fi + fi +} + +null_umount() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${dir} + fi + fi +} + create_file() { if [ -e "$1" ]; then diff --git a/dns/bind914/Makefile b/dns/bind914/Makefile index 2d8fe91ee26a..3469d933a1b1 100644 --- a/dns/bind914/Makefile +++ b/dns/bind914/Makefile @@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTREVISION= 0 .else # dns/bind913 here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} diff --git a/dns/bind914/files/named.in b/dns/bind914/files/named.in index a5a18660ac8c..d7fa64b121b2 100644 --- a/dns/bind914/files/named.in +++ b/dns/bind914/files/named.in @@ -143,19 +143,10 @@ chroot_autoupdate() fi fi - # The OpenSSL engines should be present in the chroot, named loads them - # after chrooting. - if [ -d ${_openssl_engines} ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} - if can_mount nullfs ; then - mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} - fi - fi + # The OpenSSL engines and BIND9 plugins should be present in the + # chroot, named loads them after chrooting. + null_mount_or_copy ${_openssl_engines} + null_mount_or_copy %%PREFIX%%/lib/named # Copy and/or update key files to the chroot /etc # @@ -239,13 +230,8 @@ named_stop() named_poststop() { if [ -n "${named_chrootdir}" ]; then - # if using OpenSSL from ports, unmount OpenSSL engines, if they - # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} ]; then - if can_mount nullfs; then - umount ${named_chrootdir}${_openssl_engines} - fi - fi + null_umount %%PREFIX%%/lib/named + null_umount ${_openssl_engines} if [ -c ${named_chrootdir}/dev/null ]; then # unmount /dev if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then @@ -273,6 +259,36 @@ can_mount() return 1 } +null_mount_or_copy() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + mkdir -p ${named_chrootdir}${dir} + if can_mount nullfs ; then + mount -t nullfs ${dir} ${named_chrootdir}${dir} + else + warn "named chroot: cannot nullfs mount OpenSSL" \ + "engines into the chroot, will copy the shared" \ + "libraries instead." + cp -f ${dir}/*.so ${named_chrootdir}${dir} + fi + fi +} + +null_umount() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${dir} + fi + fi +} + create_file() { if [ -e "$1" ]; then |