Fri Jun 28 17:01:31 2019 UTC ()
bind*: Remove privileges from SMF method script.

This inadvertently opened up the named process to more privileges than
necessary and could be considered a security risk.  This may affect chroot
support, adding back in support for that will need to be done carefully.

Bump PKGREVISIONs.


(jperkin)
diff -r1.10 -r1.11 pkgsrc/net/bind911/Makefile
diff -r1.3 -r1.4 pkgsrc/net/bind911/files/smf/named.sh
diff -r1.12 -r1.13 pkgsrc/net/bind912/Makefile
diff -r1.3 -r1.4 pkgsrc/net/bind912/files/smf/named.sh
diff -r1.6 -r1.7 pkgsrc/net/bind914/Makefile
diff -r1.2 -r1.3 pkgsrc/net/bind914/files/smf/named.sh
cvs diff -r1.10 -r1.11 pkgsrc/net/bind911/Attic/Makefile (switch to unified diff)

--- pkgsrc/net/bind911/Attic/Makefile 2019/06/20 02:13:58 1.10
+++ pkgsrc/net/bind911/Attic/Makefile 2019/06/28 17:01:30 1.11
@@ -1,78 +1,79 @@ @@ -1,78 +1,79 @@
1# $NetBSD: Makefile,v 1.10 2019/06/20 02:13:58 taca Exp $ 1# $NetBSD: Makefile,v 1.11 2019/06/28 17:01:30 jperkin Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
 5PKGREVISION= 1
5CATEGORIES= net 6CATEGORIES= net
6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 7MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
7 8
8MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.isc.org/software/bind/ 10HOMEPAGE= http://www.isc.org/software/bind/
10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.11 11COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.11
11LICENSE= mpl-2.0 12LICENSE= mpl-2.0
12 13
13CONFLICTS+= host-[0-9]* 14CONFLICTS+= host-[0-9]*
14 15
15MAKE_JOBS_SAFE= no 16MAKE_JOBS_SAFE= no
16 17
17BIND_VERSION= 9.11.8 18BIND_VERSION= 9.11.8
18 19
19.include "../../mk/bsd.prefs.mk" 20.include "../../mk/bsd.prefs.mk"
20 21
21BUILD_DEFS+= BIND_DIR VARBASE 22BUILD_DEFS+= BIND_DIR VARBASE
22 23
23.include "options.mk" 24.include "options.mk"
24 25
25USE_TOOLS+= pax perl 26USE_TOOLS+= pax perl
26USE_LIBTOOL= yes 27USE_LIBTOOL= yes
27GNU_CONFIGURE= yes 28GNU_CONFIGURE= yes
28 29
29CONFIGURE_ARGS+= --with-libtool 30CONFIGURE_ARGS+= --with-libtool
30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 31CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
31CONFIGURE_ARGS+= --localstatedir=${VARBASE} 32CONFIGURE_ARGS+= --localstatedir=${VARBASE}
32CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} 33CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
33CONFIGURE_ARGS+= --with-python=no 34CONFIGURE_ARGS+= --with-python=no
34.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ 35.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \
35 !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ 36 !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \
36 !empty(MACHINE_PLATFORM:MNetBSD-*-vax) 37 !empty(MACHINE_PLATFORM:MNetBSD-*-vax)
37CONFIGURE_ARGS+= --disable-atomic 38CONFIGURE_ARGS+= --disable-atomic
38.endif 39.endif
39.if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != "" 40.if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != ""
40CONFIGURE_ARGS+= --disable-threads 41CONFIGURE_ARGS+= --disable-threads
41.endif 42.endif
42CONFIGURE_ARGS.DragonFly+= --disable-kqueue 43CONFIGURE_ARGS.DragonFly+= --disable-kqueue
43 44
44PKG_GROUPS_VARS+= BIND_GROUP 45PKG_GROUPS_VARS+= BIND_GROUP
45PKG_USERS_VARS= BIND_USER 46PKG_USERS_VARS= BIND_USER
46 47
47PKG_GROUPS= ${BIND_GROUP} 48PKG_GROUPS= ${BIND_GROUP}
48PKG_USERS= ${BIND_USER}:${BIND_GROUP} 49PKG_USERS= ${BIND_USER}:${BIND_GROUP}
49 50
50PKG_GECOS.${BIND_USER}= Named pseudo-user 51PKG_GECOS.${BIND_USER}= Named pseudo-user
51PKG_HOME.${BIND_USER}= ${BIND_DIR} 52PKG_HOME.${BIND_USER}= ${BIND_DIR}
52 53
53DOCS= CHANGES HISTORY OPTIONS README 54DOCS= CHANGES HISTORY OPTIONS README
54 55
55FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ 56FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \
56 BIND_USER=${BIND_USER} PAX=${PAX:Q} \ 57 BIND_USER=${BIND_USER} PAX=${PAX:Q} \
57 SSLBASE=${SSLBASE} 58 SSLBASE=${SSLBASE}
58MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} 59MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER}
59 60
60DOCDIR= share/doc/bind9 61DOCDIR= share/doc/bind9
61 62
62RCD_SCRIPTS= lwresd named9 63RCD_SCRIPTS= lwresd named9
63SMF_METHODS= named 64SMF_METHODS= named
64 65
65INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 66INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9
66CONF_FILES+= share/examples/bind9/bind.keys \ 67CONF_FILES+= share/examples/bind9/bind.keys \
67 ${PKG_SYSCONFDIR}/bind.keys 68 ${PKG_SYSCONFDIR}/bind.keys
68 69
69INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm 70INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm
70 71
71post-install: 72post-install:
72.for f in ${DOCS} 73.for f in ${DOCS}
73 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} 74 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR}
74.endfor 75.endfor
75 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm 76 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm
76 77
77.include "../../security/openssl/buildlink3.mk" 78.include "../../security/openssl/buildlink3.mk"
78.include "../../mk/bsd.pkg.mk" 79.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.4 pkgsrc/net/bind911/files/smf/Attic/named.sh (switch to unified diff)

--- pkgsrc/net/bind911/files/smf/Attic/named.sh 2019/06/19 10:58:48 1.3
+++ pkgsrc/net/bind911/files/smf/Attic/named.sh 2019/06/28 17:01:30 1.4
@@ -1,262 +1,262 @@ @@ -1,262 +1,262 @@
1#!@SMF_METHOD_SHELL@ 1#!@SMF_METHOD_SHELL@
2# 2#
3# CDDL HEADER START 3# CDDL HEADER START
4# 4#
5# The contents of this file are subject to the terms of the 5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License"). 6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License. 7# You may not use this file except in compliance with the License.
8# 8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing. 10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions 11# See the License for the specific language governing permissions
12# and limitations under the License. 12# and limitations under the License.
13# 13#
14# When distributing Covered Code, include this CDDL HEADER in each 14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the 16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying 17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner] 18# information: Portions Copyright [yyyy] [name of copyright owner]
19# 19#
20# CDDL HEADER END 20# CDDL HEADER END
21# 21#
22# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 22# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23# Use is subject to license terms. 23# Use is subject to license terms.
24# 24#
25#pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" 25#pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI"
26 26
27# smf_method(5) start/stop script required for server DNS 27# smf_method(5) start/stop script required for server DNS
28 28
29. /lib/svc/share/smf_include.sh 29. /lib/svc/share/smf_include.sh
30 30
31mount_chroot () 31mount_chroot ()
32{ 32{
33 c=$1 33 c=$1
34 shift 34 shift
35 for f in $*; do 35 for f in $*; do
36 if [ -z "${f}" -o ! -f "${f}" -o \ 36 if [ -z "${f}" -o ! -f "${f}" -o \
37 -z "${c}" -o ! -d "${c}" ]; then 37 -z "${c}" -o ! -d "${c}" ]; then
38 exit ${SMF_EXIT_ERR_CONFIG} 38 exit ${SMF_EXIT_ERR_CONFIG}
39 fi 39 fi
40 40
41 umount ${c}/${f} >/dev/null 2>&1 41 umount ${c}/${f} >/dev/null 2>&1
42 mkdir -p `dirname ${c}/${f}` 42 mkdir -p `dirname ${c}/${f}`
43 touch ${c}/${f} 43 touch ${c}/${f}
44 mount -Flofs ${f} ${c}/${f} 44 mount -Flofs ${f} ${c}/${f}
45 done 45 done
46} 46}
47 47
48umount_chroot () 48umount_chroot ()
49{ 49{
50 c=$1 50 c=$1
51 shift 51 shift
52 for f in $*; do 52 for f in $*; do
53 umount ${c}/${f} >/dev/null 2>&1 53 umount ${c}/${f} >/dev/null 2>&1
54 done 54 done
55} 55}
56 56
57get_config () 57get_config ()
58{  58{
59 configuration_file=@PKG_SYSCONFDIR@/named.conf 59 configuration_file=@PKG_SYSCONFDIR@/named.conf
60 rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf 60 rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf
61 rndc_key_file=@PKG_SYSCONFDIR@/rndc.key 61 rndc_key_file=@PKG_SYSCONFDIR@/rndc.key
62 rndc_cmd_opts="-a" 62 rndc_cmd_opts="-a"
63 libraries="/usr/pkg/lib/engines/libgost.so" 63 libraries="/usr/pkg/lib/engines/libgost.so"
64 cmdopts="" 64 cmdopts=""
65 checkopts="" 65 checkopts=""
66 properties="debug_level ip_interfaces listen_on_port 66 properties="debug_level ip_interfaces listen_on_port
67 threads chroot_dir configuration_file server user" 67 threads chroot_dir configuration_file server user"
68 68
69 for prop in $properties 69 for prop in $properties
70 do 70 do
71 value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` 71 value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
72 if [ -z "${value}" -o "${value}" = '""' ]; then 72 if [ -z "${value}" -o "${value}" = '""' ]; then
73 continue; 73 continue;
74 fi 74 fi
75 75
76 case $prop in 76 case $prop in
77 'debug_level') 77 'debug_level')
78 if [ ${value} -gt 0 ]; then 78 if [ ${value} -gt 0 ]; then
79 cmdopts="${cmdopts} -d ${value}" 79 cmdopts="${cmdopts} -d ${value}"
80 fi 80 fi
81 ;; 81 ;;
82 'ip_interfaces') 82 'ip_interfaces')
83 case ${value} in 83 case ${value} in
84 'IPv4') 84 'IPv4')
85 cmdopts="${cmdopts} -4";; 85 cmdopts="${cmdopts} -4";;
86 'IPv6') 86 'IPv6')
87 cmdopts="${cmdopts} -6";; 87 cmdopts="${cmdopts} -6";;
88 'all') 88 'all')
89 : # Default is all, therefore ignore. 89 : # Default is all, therefore ignore.
90 ;; 90 ;;
91 *)  91 *)
92 echo "$I: Unrecognised value in service instance property" >&2 92 echo "$I: Unrecognised value in service instance property" >&2
93 echo "$I: options/${prop} : ${value}" >&2 93 echo "$I: options/${prop} : ${value}" >&2
94 ;; 94 ;;
95 esac 95 esac
96 ;; 96 ;;
97 'listen_on_port') 97 'listen_on_port')
98 if [ ${value} -gt 0 ]; then 98 if [ ${value} -gt 0 ]; then
99 cmdopts="${cmdopts} -p ${value}" 99 cmdopts="${cmdopts} -p ${value}"
100 fi 100 fi
101 ;; 101 ;;
102 'threads') 102 'threads')
103 if [ ${value} -gt 0 ]; then 103 if [ ${value} -gt 0 ]; then
104 cmdopts="${cmdopts} -n ${value}" 104 cmdopts="${cmdopts} -n ${value}"
105 fi 105 fi
106 ;; 106 ;;
107 'chroot_dir') 107 'chroot_dir')
108 cmdopts="${cmdopts} -t ${value}" 108 cmdopts="${cmdopts} -t ${value}"
109 checkopts="${checkopts} -t ${value}" 109 checkopts="${checkopts} -t ${value}"
110 chroot_dir=${value}; 110 chroot_dir=${value};
111 ;; 111 ;;
112 'configuration_file') 112 'configuration_file')
113 cmdopts="${cmdopts} -c ${value}" 113 cmdopts="${cmdopts} -c ${value}"
114 checkopts="${checkopts} ${value}" 114 checkopts="${checkopts} ${value}"
115 configuration_file=${value}; 115 configuration_file=${value};
116 ;; 116 ;;
117 'server') 117 'server')
118 set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` 118 set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'`
119 server=$@ 119 server=$@
120 ;; 120 ;;
121 'user') 121 'user')
122 cmdopts="${cmdopts} -u ${value}" 122 cmdopts="${cmdopts} -u ${value}"
123 cmduser=${value}; 123 cmduser=${value};
124 ;; 124 ;;
125 esac 125 esac
126 done 126 done
127 127
128 configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ 128 configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
129 ${configuration_file}) 129 ${configuration_file})
130 [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb 130 [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb
131 131
132 configuration_files=$(sed -n -e \ 132 configuration_files=$(sed -n -e \
133 "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ 133 "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
134 ${configuration_file} | sort -u) 134 ${configuration_file} | sort -u)
135 configuration_files="${configuration_files} ${configuration_file}"  135 configuration_files="${configuration_files} ${configuration_file}"
136} 136}
137 137
138result=${SMF_EXIT_OK} 138result=${SMF_EXIT_OK}
139 139
140# Read command line arguments 140# Read command line arguments
141method="$1" # %m 141method="$1" # %m
142instance="$2" # %i 142instance="$2" # %i
143contract="$3" # %{restarter/contract} 143contract="$3" # %{restarter/contract}
144 144
145# Set defaults; SMF_FMRI should have been set, but just in case. 145# Set defaults; SMF_FMRI should have been set, but just in case.
146if [ -z "$SMF_FMRI" ]; then 146if [ -z "$SMF_FMRI" ]; then
147 SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" 147 SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}"
148fi 148fi
149server="@PREFIX@/sbin/named" 149server="@PREFIX@/sbin/named"
150checkconf="@PREFIX@/sbin/named-checkconf" 150checkconf="@PREFIX@/sbin/named-checkconf"
151I=`/usr/bin/basename $0` 151I=`/usr/bin/basename $0`
152 152
153case "$method" in 153case "$method" in
154'start') 154'start')
155 get_config 155 get_config
156 156
157 # If chroot option is set, note zones(5) are preferred, then 157 # If chroot option is set, note zones(5) are preferred, then
158 # configuration file lives under chroot directory. 158 # configuration file lives under chroot directory.
159 if [ "${chroot_dir}" != "" ]; then 159 if [ "${chroot_dir}" != "" ]; then
160 if [ "${chroot_dir}" = "/" ]; then 160 if [ "${chroot_dir}" = "/" ]; then
161 msg="$I: chroot_dir must not be /" 161 msg="$I: chroot_dir must not be /"
162 echo ${msg} >&2 162 echo ${msg} >&2
163 /usr/bin/logger -p daemon.error ${msg} 163 /usr/bin/logger -p daemon.error ${msg}
164 # dns-server should be placed in maintenance state. 164 # dns-server should be placed in maintenance state.
165 exit ${SMF_EXIT_ERR_CONFIG} 165 exit ${SMF_EXIT_ERR_CONFIG}
166 fi 166 fi
167 167
168 server="env LD_NOLAZYLOAD=1 ${server}" 168 server="env LD_NOLAZYLOAD=1 ${server}"
169 checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" 169 checkconf="env LD_NOLAZYLOAD=1 ${checkconf}"
170 170
171 mkdir -p ${chroot_dir} 171 mkdir -p ${chroot_dir}
172 172
173 if [ "${SMF_ZONENAME}" = "global" ]; then 173 if [ "${SMF_ZONENAME}" = "global" ]; then
174 for dev in crypto log null poll random urandom; do 174 for dev in crypto log null poll random urandom; do
175 rm -f ${chroot_dir}/dev/${dev} 175 rm -f ${chroot_dir}/dev/${dev}
176 pax -rw -H -pe /dev/${dev} ${chroot_dir} 176 pax -rw -H -pe /dev/${dev} ${chroot_dir}
177 done 177 done
178 fi 178 fi
179 179
180 missing="" 180 missing=""
181 for dev in crypto null poll random urandom; do 181 for dev in crypto null poll random urandom; do
182 if [ ! -e "${chroot_dir}/dev/${dev}" ]; then 182 if [ ! -e "${chroot_dir}/dev/${dev}" ]; then
183 missing="${missing} ${dev}" 183 missing="${missing} ${dev}"
184 fi 184 fi
185 done 185 done
186 186
187 if [ ! -z "${missing}" ]; then 187 if [ ! -z "${missing}" ]; then
188 msg="$I: missing device nodes in ${chroot_dir}: ${missing}" 188 msg="$I: missing device nodes in ${chroot_dir}: ${missing}"
189 echo ${msg} >&2 189 echo ${msg} >&2
190 /usr/bin/logger -p daemon.err ${msg} 190 /usr/bin/logger -p daemon.err ${msg}
191 # dns-server should be placed in maintenance state. 191 # dns-server should be placed in maintenance state.
192 exit ${SMF_EXIT_ERR_CONFIG} 192 exit ${SMF_EXIT_ERR_CONFIG}
193 fi 193 fi
194 194
195 mount_chroot ${chroot_dir} ${configuration_files} ${libraries} 195 mount_chroot ${chroot_dir} ${configuration_files} ${libraries}
196 196
197 mkdir -p ${chroot_dir}/var/run/named 197 mkdir -p ${chroot_dir}/var/run/named
198 chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named 198 chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named
199 199
200 configuration_file=${chroot_dir}${configuration_file} 200 configuration_file=${chroot_dir}${configuration_file}
201 rndc_config_file=${chroot_dir}${rndc_config_file} 201 rndc_config_file=${chroot_dir}${rndc_config_file}
202 rndc_key_file=${chroot_dir}${rndc_key_file} 202 rndc_key_file=${chroot_dir}${rndc_key_file}
203 rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" 203 rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}"
204 else 204 else
205 mkdir -p -m 0770 @VARBASE@/run/named 205 mkdir -p -m 0770 @VARBASE@/run/named
206 chown ${cmduser}:${cmduser} @VARBASE@/run/named 206 chown ${cmduser}:${cmduser} @VARBASE@/run/named
207 fi 207 fi
208 208
209 # Check if the rndc config file exists. 209 # Check if the rndc config file exists.
210 if [ ! -f ${rndc_config_file} ]; then 210 if [ ! -f ${rndc_config_file} ]; then
211 # If not, check if the default rndc key file exists. 211 # If not, check if the default rndc key file exists.
212 if [ ! -f ${rndc_key_file} ]; then 212 if [ ! -f ${rndc_key_file} ]; then
213 echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 213 echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2
214 @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} 214 @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts}
215 if [ $? -ne 0 ]; then 215 if [ $? -ne 0 ]; then
216 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ 216 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \
217 "control 'named' may fail and 'named' may report further error" \ 217 "control 'named' may fail and 'named' may report further error" \
218 "messages to the system log. This is not fatal. For more" \ 218 "messages to the system log. This is not fatal. For more" \
219 "information see rndc(1M) and rndc-confgen(1M)." >&2 219 "information see rndc(1M) and rndc-confgen(1M)." >&2
220 fi 220 fi
221 fi 221 fi
222 fi 222 fi
223 223
224 if [ ${result} = ${SMF_EXIT_OK} ]; then 224 if [ ${result} = ${SMF_EXIT_OK} ]; then
225 ${checkconf} -z ${checkopts} 225 ${checkconf} -z ${checkopts}
226 result=$? 226 result=$?
227 if [ $result -ne 0 ]; then 227 if [ $result -ne 0 ]; then
228 msg="$I: named-checkconf failed to verify configuration" 228 msg="$I: named-checkconf failed to verify configuration"
229 echo ${msg} >&2 229 echo ${msg} >&2
230 /usr/bin/logger -p daemon.error ${msg} 230 /usr/bin/logger -p daemon.error ${msg}
231 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then 231 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
232 umount_chroot ${chroot_dir} ${configuration_files} ${libraries} 232 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
233 fi 233 fi
234 # dns-server should be placed in maintenance state. 234 # dns-server should be placed in maintenance state.
235 exit ${SMF_EXIT_ERR_CONFIG} 235 exit ${SMF_EXIT_ERR_CONFIG}
236 fi 236 fi
237 fi 237 fi
238 238
239 if [ ${result} = ${SMF_EXIT_OK} ]; then 239 if [ ${result} = ${SMF_EXIT_OK} ]; then
240 echo "$I: Executing: ${server} ${cmdopts}" 240 echo "$I: Executing: ${server} ${cmdopts}"
241 # Execute named(1M) with relevant command line options. 241 # Execute named(1M) with relevant command line options.
242 ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts} 242 ${server} ${cmdopts}
243 result=$? 243 result=$?
244 fi 244 fi
245 ;; 245 ;;
246'stop') 246'stop')
247 get_config 247 get_config
248 248
249 smf_kill_contract ${contract} TERM 1 249 smf_kill_contract ${contract} TERM 1
250 [ $? -ne 0 ] && exit 1 250 [ $? -ne 0 ] && exit 1
251 251
252 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then 252 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
253 umount_chroot ${chroot_dir} ${configuration_files} ${libraries} 253 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
254 fi 254 fi
255 255
256 ;; 256 ;;
257*) 257*)
258 echo "Usage: $I [stop|start] <instance>" >&2 258 echo "Usage: $I [stop|start] <instance>" >&2
259 exit 1 259 exit 1
260 ;; 260 ;;
261esac 261esac
262exit ${result} 262exit ${result}
cvs diff -r1.12 -r1.13 pkgsrc/net/bind912/Attic/Makefile (switch to unified diff)

--- pkgsrc/net/bind912/Attic/Makefile 2019/06/20 02:15:20 1.12
+++ pkgsrc/net/bind912/Attic/Makefile 2019/06/28 17:01:30 1.13
@@ -1,79 +1,80 @@ @@ -1,79 +1,80 @@
1# $NetBSD: Makefile,v 1.12 2019/06/20 02:15:20 taca Exp $ 1# $NetBSD: Makefile,v 1.13 2019/06/28 17:01:30 jperkin Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
 5PKGREVISION= 1
5CATEGORIES= net 6CATEGORIES= net
6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 7MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
7 8
8MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.isc.org/software/bind/ 10HOMEPAGE= http://www.isc.org/software/bind/
10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.12 11COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.12
11LICENSE= mpl-2.0 12LICENSE= mpl-2.0
12 13
13CONFLICTS+= host-[0-9]* 14CONFLICTS+= host-[0-9]*
14 15
15MAKE_JOBS_SAFE= no 16MAKE_JOBS_SAFE= no
16USE_CWRAPPERS= no 17USE_CWRAPPERS= no
17 18
18BIND_VERSION= 9.12.4-P2 19BIND_VERSION= 9.12.4-P2
19 20
20.include "../../mk/bsd.prefs.mk" 21.include "../../mk/bsd.prefs.mk"
21 22
22BUILD_DEFS+= BIND_DIR VARBASE 23BUILD_DEFS+= BIND_DIR VARBASE
23 24
24.include "options.mk" 25.include "options.mk"
25 26
26USE_TOOLS+= pax perl 27USE_TOOLS+= pax perl
27USE_LIBTOOL= yes 28USE_LIBTOOL= yes
28GNU_CONFIGURE= yes 29GNU_CONFIGURE= yes
29 30
30CONFIGURE_ARGS+= --with-libtool 31CONFIGURE_ARGS+= --with-libtool
31CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 32CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
32CONFIGURE_ARGS+= --localstatedir=${VARBASE} 33CONFIGURE_ARGS+= --localstatedir=${VARBASE}
33CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} 34CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
34CONFIGURE_ARGS+= --with-python=no 35CONFIGURE_ARGS+= --with-python=no
35.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ 36.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \
36 !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ 37 !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \
37 !empty(MACHINE_PLATFORM:MNetBSD-*-vax) 38 !empty(MACHINE_PLATFORM:MNetBSD-*-vax)
38CONFIGURE_ARGS+= --disable-atomic 39CONFIGURE_ARGS+= --disable-atomic
39.endif 40.endif
40.if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != "" 41.if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != ""
41CONFIGURE_ARGS+= --disable-threads 42CONFIGURE_ARGS+= --disable-threads
42.endif 43.endif
43CONFIGURE_ARGS.DragonFly+= --disable-kqueue 44CONFIGURE_ARGS.DragonFly+= --disable-kqueue
44 45
45PKG_GROUPS_VARS+= BIND_GROUP 46PKG_GROUPS_VARS+= BIND_GROUP
46PKG_USERS_VARS= BIND_USER 47PKG_USERS_VARS= BIND_USER
47 48
48PKG_GROUPS= ${BIND_GROUP} 49PKG_GROUPS= ${BIND_GROUP}
49PKG_USERS= ${BIND_USER}:${BIND_GROUP} 50PKG_USERS= ${BIND_USER}:${BIND_GROUP}
50 51
51PKG_GECOS.${BIND_USER}= Named pseudo-user 52PKG_GECOS.${BIND_USER}= Named pseudo-user
52PKG_HOME.${BIND_USER}= ${BIND_DIR} 53PKG_HOME.${BIND_USER}= ${BIND_DIR}
53 54
54DOCS= CHANGES HISTORY OPTIONS README 55DOCS= CHANGES HISTORY OPTIONS README
55 56
56FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ 57FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \
57 BIND_USER=${BIND_USER} PAX=${PAX:Q} \ 58 BIND_USER=${BIND_USER} PAX=${PAX:Q} \
58 SSLBASE=${SSLBASE} 59 SSLBASE=${SSLBASE}
59MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} 60MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER}
60 61
61DOCDIR= share/doc/bind9 62DOCDIR= share/doc/bind9
62 63
63RCD_SCRIPTS= named9 64RCD_SCRIPTS= named9
64SMF_METHODS= named 65SMF_METHODS= named
65 66
66INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 67INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9
67CONF_FILES+= share/examples/bind9/bind.keys \ 68CONF_FILES+= share/examples/bind9/bind.keys \
68 ${PKG_SYSCONFDIR}/bind.keys 69 ${PKG_SYSCONFDIR}/bind.keys
69 70
70INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm 71INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm
71 72
72post-install: 73post-install:
73.for f in ${DOCS} 74.for f in ${DOCS}
74 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} 75 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR}
75.endfor 76.endfor
76 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm 77 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm
77 78
78.include "../../security/openssl/buildlink3.mk" 79.include "../../security/openssl/buildlink3.mk"
79.include "../../mk/bsd.pkg.mk" 80.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.4 pkgsrc/net/bind912/files/smf/Attic/named.sh (switch to unified diff)

--- pkgsrc/net/bind912/files/smf/Attic/named.sh 2019/06/19 10:58:49 1.3
+++ pkgsrc/net/bind912/files/smf/Attic/named.sh 2019/06/28 17:01:30 1.4
@@ -1,262 +1,262 @@ @@ -1,262 +1,262 @@
1#!@SMF_METHOD_SHELL@ 1#!@SMF_METHOD_SHELL@
2# 2#
3# CDDL HEADER START 3# CDDL HEADER START
4# 4#
5# The contents of this file are subject to the terms of the 5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License"). 6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License. 7# You may not use this file except in compliance with the License.
8# 8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing. 10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions 11# See the License for the specific language governing permissions
12# and limitations under the License. 12# and limitations under the License.
13# 13#
14# When distributing Covered Code, include this CDDL HEADER in each 14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the 16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying 17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner] 18# information: Portions Copyright [yyyy] [name of copyright owner]
19# 19#
20# CDDL HEADER END 20# CDDL HEADER END
21# 21#
22# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 22# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23# Use is subject to license terms. 23# Use is subject to license terms.
24# 24#
25#pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" 25#pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI"
26 26
27# smf_method(5) start/stop script required for server DNS 27# smf_method(5) start/stop script required for server DNS
28 28
29. /lib/svc/share/smf_include.sh 29. /lib/svc/share/smf_include.sh
30 30
31mount_chroot () 31mount_chroot ()
32{ 32{
33 c=$1 33 c=$1
34 shift 34 shift
35 for f in $*; do 35 for f in $*; do
36 if [ -z "${f}" -o ! -f "${f}" -o \ 36 if [ -z "${f}" -o ! -f "${f}" -o \
37 -z "${c}" -o ! -d "${c}" ]; then 37 -z "${c}" -o ! -d "${c}" ]; then
38 exit ${SMF_EXIT_ERR_CONFIG} 38 exit ${SMF_EXIT_ERR_CONFIG}
39 fi 39 fi
40 40
41 umount ${c}/${f} >/dev/null 2>&1 41 umount ${c}/${f} >/dev/null 2>&1
42 mkdir -p `dirname ${c}/${f}` 42 mkdir -p `dirname ${c}/${f}`
43 touch ${c}/${f} 43 touch ${c}/${f}
44 mount -Flofs ${f} ${c}/${f} 44 mount -Flofs ${f} ${c}/${f}
45 done 45 done
46} 46}
47 47
48umount_chroot () 48umount_chroot ()
49{ 49{
50 c=$1 50 c=$1
51 shift 51 shift
52 for f in $*; do 52 for f in $*; do
53 umount ${c}/${f} >/dev/null 2>&1 53 umount ${c}/${f} >/dev/null 2>&1
54 done 54 done
55} 55}
56 56
57get_config () 57get_config ()
58{  58{
59 configuration_file=@PKG_SYSCONFDIR@/named.conf 59 configuration_file=@PKG_SYSCONFDIR@/named.conf
60 rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf 60 rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf
61 rndc_key_file=@PKG_SYSCONFDIR@/rndc.key 61 rndc_key_file=@PKG_SYSCONFDIR@/rndc.key
62 rndc_cmd_opts="-a" 62 rndc_cmd_opts="-a"
63 libraries="/usr/pkg/lib/engines/libgost.so" 63 libraries="/usr/pkg/lib/engines/libgost.so"
64 cmdopts="" 64 cmdopts=""
65 checkopts="" 65 checkopts=""
66 properties="debug_level ip_interfaces listen_on_port 66 properties="debug_level ip_interfaces listen_on_port
67 threads chroot_dir configuration_file server user" 67 threads chroot_dir configuration_file server user"
68 68
69 for prop in $properties 69 for prop in $properties
70 do 70 do
71 value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` 71 value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
72 if [ -z "${value}" -o "${value}" = '""' ]; then 72 if [ -z "${value}" -o "${value}" = '""' ]; then
73 continue; 73 continue;
74 fi 74 fi
75 75
76 case $prop in 76 case $prop in
77 'debug_level') 77 'debug_level')
78 if [ ${value} -gt 0 ]; then 78 if [ ${value} -gt 0 ]; then
79 cmdopts="${cmdopts} -d ${value}" 79 cmdopts="${cmdopts} -d ${value}"
80 fi 80 fi
81 ;; 81 ;;
82 'ip_interfaces') 82 'ip_interfaces')
83 case ${value} in 83 case ${value} in
84 'IPv4') 84 'IPv4')
85 cmdopts="${cmdopts} -4";; 85 cmdopts="${cmdopts} -4";;
86 'IPv6') 86 'IPv6')
87 cmdopts="${cmdopts} -6";; 87 cmdopts="${cmdopts} -6";;
88 'all') 88 'all')
89 : # Default is all, therefore ignore. 89 : # Default is all, therefore ignore.
90 ;; 90 ;;
91 *)  91 *)
92 echo "$I: Unrecognised value in service instance property" >&2 92 echo "$I: Unrecognised value in service instance property" >&2
93 echo "$I: options/${prop} : ${value}" >&2 93 echo "$I: options/${prop} : ${value}" >&2
94 ;; 94 ;;
95 esac 95 esac
96 ;; 96 ;;
97 'listen_on_port') 97 'listen_on_port')
98 if [ ${value} -gt 0 ]; then 98 if [ ${value} -gt 0 ]; then
99 cmdopts="${cmdopts} -p ${value}" 99 cmdopts="${cmdopts} -p ${value}"
100 fi 100 fi
101 ;; 101 ;;
102 'threads') 102 'threads')
103 if [ ${value} -gt 0 ]; then 103 if [ ${value} -gt 0 ]; then
104 cmdopts="${cmdopts} -n ${value}" 104 cmdopts="${cmdopts} -n ${value}"
105 fi 105 fi
106 ;; 106 ;;
107 'chroot_dir') 107 'chroot_dir')
108 cmdopts="${cmdopts} -t ${value}" 108 cmdopts="${cmdopts} -t ${value}"
109 checkopts="${checkopts} -t ${value}" 109 checkopts="${checkopts} -t ${value}"
110 chroot_dir=${value}; 110 chroot_dir=${value};
111 ;; 111 ;;
112 'configuration_file') 112 'configuration_file')
113 cmdopts="${cmdopts} -c ${value}" 113 cmdopts="${cmdopts} -c ${value}"
114 checkopts="${checkopts} ${value}" 114 checkopts="${checkopts} ${value}"
115 configuration_file=${value}; 115 configuration_file=${value};
116 ;; 116 ;;
117 'server') 117 'server')
118 set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` 118 set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'`
119 server=$@ 119 server=$@
120 ;; 120 ;;
121 'user') 121 'user')
122 cmdopts="${cmdopts} -u ${value}" 122 cmdopts="${cmdopts} -u ${value}"
123 cmduser=${value}; 123 cmduser=${value};
124 ;; 124 ;;
125 esac 125 esac
126 done 126 done
127 127
128 configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ 128 configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
129 ${configuration_file}) 129 ${configuration_file})
130 [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb 130 [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb
131 131
132 configuration_files=$(sed -n -e \ 132 configuration_files=$(sed -n -e \
133 "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ 133 "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
134 ${configuration_file} | sort -u) 134 ${configuration_file} | sort -u)
135 configuration_files="${configuration_files} ${configuration_file}"  135 configuration_files="${configuration_files} ${configuration_file}"
136} 136}
137 137
138result=${SMF_EXIT_OK} 138result=${SMF_EXIT_OK}
139 139
140# Read command line arguments 140# Read command line arguments
141method="$1" # %m 141method="$1" # %m
142instance="$2" # %i 142instance="$2" # %i
143contract="$3" # %{restarter/contract} 143contract="$3" # %{restarter/contract}
144 144
145# Set defaults; SMF_FMRI should have been set, but just in case. 145# Set defaults; SMF_FMRI should have been set, but just in case.
146if [ -z "$SMF_FMRI" ]; then 146if [ -z "$SMF_FMRI" ]; then
147 SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" 147 SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}"
148fi 148fi
149server="@PREFIX@/sbin/named" 149server="@PREFIX@/sbin/named"
150checkconf="@PREFIX@/sbin/named-checkconf" 150checkconf="@PREFIX@/sbin/named-checkconf"
151I=`/usr/bin/basename $0` 151I=`/usr/bin/basename $0`
152 152
153case "$method" in 153case "$method" in
154'start') 154'start')
155 get_config 155 get_config
156 156
157 # If chroot option is set, note zones(5) are preferred, then 157 # If chroot option is set, note zones(5) are preferred, then
158 # configuration file lives under chroot directory. 158 # configuration file lives under chroot directory.
159 if [ "${chroot_dir}" != "" ]; then 159 if [ "${chroot_dir}" != "" ]; then
160 if [ "${chroot_dir}" = "/" ]; then 160 if [ "${chroot_dir}" = "/" ]; then
161 msg="$I: chroot_dir must not be /" 161 msg="$I: chroot_dir must not be /"
162 echo ${msg} >&2 162 echo ${msg} >&2
163 /usr/bin/logger -p daemon.error ${msg} 163 /usr/bin/logger -p daemon.error ${msg}
164 # dns-server should be placed in maintenance state. 164 # dns-server should be placed in maintenance state.
165 exit ${SMF_EXIT_ERR_CONFIG} 165 exit ${SMF_EXIT_ERR_CONFIG}
166 fi 166 fi
167 167
168 server="env LD_NOLAZYLOAD=1 ${server}" 168 server="env LD_NOLAZYLOAD=1 ${server}"
169 checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" 169 checkconf="env LD_NOLAZYLOAD=1 ${checkconf}"
170 170
171 mkdir -p ${chroot_dir} 171 mkdir -p ${chroot_dir}
172 172
173 if [ "${SMF_ZONENAME}" = "global" ]; then 173 if [ "${SMF_ZONENAME}" = "global" ]; then
174 for dev in crypto log null poll random urandom; do 174 for dev in crypto log null poll random urandom; do
175 rm -f ${chroot_dir}/dev/${dev} 175 rm -f ${chroot_dir}/dev/${dev}
176 pax -rw -H -pe /dev/${dev} ${chroot_dir} 176 pax -rw -H -pe /dev/${dev} ${chroot_dir}
177 done 177 done
178 fi 178 fi
179 179
180 missing="" 180 missing=""
181 for dev in crypto null poll random urandom; do 181 for dev in crypto null poll random urandom; do
182 if [ ! -e "${chroot_dir}/dev/${dev}" ]; then 182 if [ ! -e "${chroot_dir}/dev/${dev}" ]; then
183 missing="${missing} ${dev}" 183 missing="${missing} ${dev}"
184 fi 184 fi
185 done 185 done
186 186
187 if [ ! -z "${missing}" ]; then 187 if [ ! -z "${missing}" ]; then
188 msg="$I: missing device nodes in ${chroot_dir}: ${missing}" 188 msg="$I: missing device nodes in ${chroot_dir}: ${missing}"
189 echo ${msg} >&2 189 echo ${msg} >&2
190 /usr/bin/logger -p daemon.err ${msg} 190 /usr/bin/logger -p daemon.err ${msg}
191 # dns-server should be placed in maintenance state. 191 # dns-server should be placed in maintenance state.
192 exit ${SMF_EXIT_ERR_CONFIG} 192 exit ${SMF_EXIT_ERR_CONFIG}
193 fi 193 fi
194 194
195 mount_chroot ${chroot_dir} ${configuration_files} ${libraries} 195 mount_chroot ${chroot_dir} ${configuration_files} ${libraries}
196 196
197 mkdir -p ${chroot_dir}/var/run/named 197 mkdir -p ${chroot_dir}/var/run/named
198 chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named 198 chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named
199 199
200 configuration_file=${chroot_dir}${configuration_file} 200 configuration_file=${chroot_dir}${configuration_file}
201 rndc_config_file=${chroot_dir}${rndc_config_file} 201 rndc_config_file=${chroot_dir}${rndc_config_file}
202 rndc_key_file=${chroot_dir}${rndc_key_file} 202 rndc_key_file=${chroot_dir}${rndc_key_file}
203 rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" 203 rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}"
204 else 204 else
205 mkdir -p -m 0770 @VARBASE@/run/named 205 mkdir -p -m 0770 @VARBASE@/run/named
206 chown ${cmduser}:${cmduser} @VARBASE@/run/named 206 chown ${cmduser}:${cmduser} @VARBASE@/run/named
207 fi 207 fi
208 208
209 # Check if the rndc config file exists. 209 # Check if the rndc config file exists.
210 if [ ! -f ${rndc_config_file} ]; then 210 if [ ! -f ${rndc_config_file} ]; then
211 # If not, check if the default rndc key file exists. 211 # If not, check if the default rndc key file exists.
212 if [ ! -f ${rndc_key_file} ]; then 212 if [ ! -f ${rndc_key_file} ]; then
213 echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 213 echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2
214 @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} 214 @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts}
215 if [ $? -ne 0 ]; then 215 if [ $? -ne 0 ]; then
216 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ 216 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \
217 "control 'named' may fail and 'named' may report further error" \ 217 "control 'named' may fail and 'named' may report further error" \
218 "messages to the system log. This is not fatal. For more" \ 218 "messages to the system log. This is not fatal. For more" \
219 "information see rndc(1M) and rndc-confgen(1M)." >&2 219 "information see rndc(1M) and rndc-confgen(1M)." >&2
220 fi 220 fi
221 fi 221 fi
222 fi 222 fi
223 223
224 if [ ${result} = ${SMF_EXIT_OK} ]; then 224 if [ ${result} = ${SMF_EXIT_OK} ]; then
225 ${checkconf} -z ${checkopts} 225 ${checkconf} -z ${checkopts}
226 result=$? 226 result=$?
227 if [ $result -ne 0 ]; then 227 if [ $result -ne 0 ]; then
228 msg="$I: named-checkconf failed to verify configuration" 228 msg="$I: named-checkconf failed to verify configuration"
229 echo ${msg} >&2 229 echo ${msg} >&2
230 /usr/bin/logger -p daemon.error ${msg} 230 /usr/bin/logger -p daemon.error ${msg}
231 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then 231 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
232 umount_chroot ${chroot_dir} ${configuration_files} ${libraries} 232 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
233 fi 233 fi
234 # dns-server should be placed in maintenance state. 234 # dns-server should be placed in maintenance state.
235 exit ${SMF_EXIT_ERR_CONFIG} 235 exit ${SMF_EXIT_ERR_CONFIG}
236 fi 236 fi
237 fi 237 fi
238 238
239 if [ ${result} = ${SMF_EXIT_OK} ]; then 239 if [ ${result} = ${SMF_EXIT_OK} ]; then
240 echo "$I: Executing: ${server} ${cmdopts}" 240 echo "$I: Executing: ${server} ${cmdopts}"
241 # Execute named(1M) with relevant command line options. 241 # Execute named(1M) with relevant command line options.
242 ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts} 242 ${server} ${cmdopts}
243 result=$? 243 result=$?
244 fi 244 fi
245 ;; 245 ;;
246'stop') 246'stop')
247 get_config 247 get_config
248 248
249 smf_kill_contract ${contract} TERM 1 249 smf_kill_contract ${contract} TERM 1
250 [ $? -ne 0 ] && exit 1 250 [ $? -ne 0 ] && exit 1
251 251
252 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then 252 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
253 umount_chroot ${chroot_dir} ${configuration_files} ${libraries} 253 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
254 fi 254 fi
255 255
256 ;; 256 ;;
257*) 257*)
258 echo "Usage: $I [stop|start] <instance>" >&2 258 echo "Usage: $I [stop|start] <instance>" >&2
259 exit 1 259 exit 1
260 ;; 260 ;;
261esac 261esac
262exit ${result} 262exit ${result}
cvs diff -r1.6 -r1.7 pkgsrc/net/bind914/Attic/Makefile (switch to unified diff)

--- pkgsrc/net/bind914/Attic/Makefile 2019/06/20 02:16:53 1.6
+++ pkgsrc/net/bind914/Attic/Makefile 2019/06/28 17:01:30 1.7
@@ -1,75 +1,76 @@ @@ -1,75 +1,76 @@
1# $NetBSD: Makefile,v 1.6 2019/06/20 02:16:53 taca Exp $ 1# $NetBSD: Makefile,v 1.7 2019/06/28 17:01:30 jperkin Exp $
2 2
3DISTNAME= bind-${BIND_VERSION} 3DISTNAME= bind-${BIND_VERSION}
4PKGNAME= ${DISTNAME:S/-P/pl/} 4PKGNAME= ${DISTNAME:S/-P/pl/}
 5PKGREVISION= 1
5CATEGORIES= net 6CATEGORIES= net
6MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ 7MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
7 8
8MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.isc.org/software/bind/ 10HOMEPAGE= http://www.isc.org/software/bind/
10COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.14 11COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.14
11LICENSE= mpl-2.0 12LICENSE= mpl-2.0
12 13
13CONFLICTS+= host-[0-9]* 14CONFLICTS+= host-[0-9]*
14 15
15MAKE_JOBS_SAFE= no 16MAKE_JOBS_SAFE= no
16 17
17BIND_VERSION= 9.14.3 18BIND_VERSION= 9.14.3
18 19
19.include "../../mk/bsd.prefs.mk" 20.include "../../mk/bsd.prefs.mk"
20 21
21BUILD_DEFS+= BIND_DIR VARBASE 22BUILD_DEFS+= BIND_DIR VARBASE
22 23
23.include "options.mk" 24.include "options.mk"
24 25
25USE_TOOLS+= pax perl 26USE_TOOLS+= pax perl
26USE_LIBTOOL= yes 27USE_LIBTOOL= yes
27GNU_CONFIGURE= yes 28GNU_CONFIGURE= yes
28 29
29CONFIGURE_ARGS+= --with-libtool 30CONFIGURE_ARGS+= --with-libtool
30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 31CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
31CONFIGURE_ARGS+= --localstatedir=${VARBASE} 32CONFIGURE_ARGS+= --localstatedir=${VARBASE}
32CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} 33CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q}
33CONFIGURE_ARGS+= --with-python=no 34CONFIGURE_ARGS+= --with-python=no
34.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ 35.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \
35 !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ 36 !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \
36 !empty(MACHINE_PLATFORM:MNetBSD-*-vax) 37 !empty(MACHINE_PLATFORM:MNetBSD-*-vax)
37CONFIGURE_ARGS+= --disable-atomic 38CONFIGURE_ARGS+= --disable-atomic
38.endif 39.endif
39CONFIGURE_ARGS.DragonFly+= --disable-kqueue 40CONFIGURE_ARGS.DragonFly+= --disable-kqueue
40 41
41PKG_GROUPS_VARS+= BIND_GROUP 42PKG_GROUPS_VARS+= BIND_GROUP
42PKG_USERS_VARS= BIND_USER 43PKG_USERS_VARS= BIND_USER
43 44
44PKG_GROUPS= ${BIND_GROUP} 45PKG_GROUPS= ${BIND_GROUP}
45PKG_USERS= ${BIND_USER}:${BIND_GROUP} 46PKG_USERS= ${BIND_USER}:${BIND_GROUP}
46 47
47PKG_GECOS.${BIND_USER}= Named pseudo-user 48PKG_GECOS.${BIND_USER}= Named pseudo-user
48PKG_HOME.${BIND_USER}= ${BIND_DIR} 49PKG_HOME.${BIND_USER}= ${BIND_DIR}
49 50
50DOCS= CHANGES HISTORY OPTIONS README 51DOCS= CHANGES HISTORY OPTIONS README
51 52
52FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ 53FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \
53 BIND_USER=${BIND_USER} PAX=${PAX:Q} \ 54 BIND_USER=${BIND_USER} PAX=${PAX:Q} \
54 SSLBASE=${SSLBASE} 55 SSLBASE=${SSLBASE}
55MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} 56MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER}
56 57
57DOCDIR= share/doc/bind9 58DOCDIR= share/doc/bind9
58 59
59RCD_SCRIPTS= named9 60RCD_SCRIPTS= named9
60SMF_METHODS= named 61SMF_METHODS= named
61 62
62INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 63INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9
63CONF_FILES+= share/examples/bind9/bind.keys \ 64CONF_FILES+= share/examples/bind9/bind.keys \
64 ${PKG_SYSCONFDIR}/bind.keys 65 ${PKG_SYSCONFDIR}/bind.keys
65 66
66INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm 67INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm
67 68
68post-install: 69post-install:
69.for f in ${DOCS} 70.for f in ${DOCS}
70 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} 71 ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR}
71.endfor 72.endfor
72 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm 73 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm
73 74
74.include "../../security/openssl/buildlink3.mk" 75.include "../../security/openssl/buildlink3.mk"
75.include "../../mk/bsd.pkg.mk" 76.include "../../mk/bsd.pkg.mk"
cvs diff -r1.2 -r1.3 pkgsrc/net/bind914/files/smf/Attic/named.sh (switch to unified diff)

--- pkgsrc/net/bind914/files/smf/Attic/named.sh 2019/06/19 10:58:49 1.2
+++ pkgsrc/net/bind914/files/smf/Attic/named.sh 2019/06/28 17:01:30 1.3
@@ -1,262 +1,262 @@ @@ -1,262 +1,262 @@
1#!@SMF_METHOD_SHELL@ 1#!@SMF_METHOD_SHELL@
2# 2#
3# CDDL HEADER START 3# CDDL HEADER START
4# 4#
5# The contents of this file are subject to the terms of the 5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License"). 6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License. 7# You may not use this file except in compliance with the License.
8# 8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing. 10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions 11# See the License for the specific language governing permissions
12# and limitations under the License. 12# and limitations under the License.
13# 13#
14# When distributing Covered Code, include this CDDL HEADER in each 14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the 16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying 17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner] 18# information: Portions Copyright [yyyy] [name of copyright owner]
19# 19#
20# CDDL HEADER END 20# CDDL HEADER END
21# 21#
22# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 22# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23# Use is subject to license terms. 23# Use is subject to license terms.
24# 24#
25#pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" 25#pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI"
26 26
27# smf_method(5) start/stop script required for server DNS 27# smf_method(5) start/stop script required for server DNS
28 28
29. /lib/svc/share/smf_include.sh 29. /lib/svc/share/smf_include.sh
30 30
31mount_chroot () 31mount_chroot ()
32{ 32{
33 c=$1 33 c=$1
34 shift 34 shift
35 for f in $*; do 35 for f in $*; do
36 if [ -z "${f}" -o ! -f "${f}" -o \ 36 if [ -z "${f}" -o ! -f "${f}" -o \
37 -z "${c}" -o ! -d "${c}" ]; then 37 -z "${c}" -o ! -d "${c}" ]; then
38 exit ${SMF_EXIT_ERR_CONFIG} 38 exit ${SMF_EXIT_ERR_CONFIG}
39 fi 39 fi
40 40
41 umount ${c}/${f} >/dev/null 2>&1 41 umount ${c}/${f} >/dev/null 2>&1
42 mkdir -p `dirname ${c}/${f}` 42 mkdir -p `dirname ${c}/${f}`
43 touch ${c}/${f} 43 touch ${c}/${f}
44 mount -Flofs ${f} ${c}/${f} 44 mount -Flofs ${f} ${c}/${f}
45 done 45 done
46} 46}
47 47
48umount_chroot () 48umount_chroot ()
49{ 49{
50 c=$1 50 c=$1
51 shift 51 shift
52 for f in $*; do 52 for f in $*; do
53 umount ${c}/${f} >/dev/null 2>&1 53 umount ${c}/${f} >/dev/null 2>&1
54 done 54 done
55} 55}
56 56
57get_config () 57get_config ()
58{  58{
59 configuration_file=@PKG_SYSCONFDIR@/named.conf 59 configuration_file=@PKG_SYSCONFDIR@/named.conf
60 rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf 60 rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf
61 rndc_key_file=@PKG_SYSCONFDIR@/rndc.key 61 rndc_key_file=@PKG_SYSCONFDIR@/rndc.key
62 rndc_cmd_opts="-a" 62 rndc_cmd_opts="-a"
63 libraries="/usr/pkg/lib/engines/libgost.so" 63 libraries="/usr/pkg/lib/engines/libgost.so"
64 cmdopts="" 64 cmdopts=""
65 checkopts="" 65 checkopts=""
66 properties="debug_level ip_interfaces listen_on_port 66 properties="debug_level ip_interfaces listen_on_port
67 threads chroot_dir configuration_file server user" 67 threads chroot_dir configuration_file server user"
68 68
69 for prop in $properties 69 for prop in $properties
70 do 70 do
71 value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` 71 value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
72 if [ -z "${value}" -o "${value}" = '""' ]; then 72 if [ -z "${value}" -o "${value}" = '""' ]; then
73 continue; 73 continue;
74 fi 74 fi
75 75
76 case $prop in 76 case $prop in
77 'debug_level') 77 'debug_level')
78 if [ ${value} -gt 0 ]; then 78 if [ ${value} -gt 0 ]; then
79 cmdopts="${cmdopts} -d ${value}" 79 cmdopts="${cmdopts} -d ${value}"
80 fi 80 fi
81 ;; 81 ;;
82 'ip_interfaces') 82 'ip_interfaces')
83 case ${value} in 83 case ${value} in
84 'IPv4') 84 'IPv4')
85 cmdopts="${cmdopts} -4";; 85 cmdopts="${cmdopts} -4";;
86 'IPv6') 86 'IPv6')
87 cmdopts="${cmdopts} -6";; 87 cmdopts="${cmdopts} -6";;
88 'all') 88 'all')
89 : # Default is all, therefore ignore. 89 : # Default is all, therefore ignore.
90 ;; 90 ;;
91 *)  91 *)
92 echo "$I: Unrecognised value in service instance property" >&2 92 echo "$I: Unrecognised value in service instance property" >&2
93 echo "$I: options/${prop} : ${value}" >&2 93 echo "$I: options/${prop} : ${value}" >&2
94 ;; 94 ;;
95 esac 95 esac
96 ;; 96 ;;
97 'listen_on_port') 97 'listen_on_port')
98 if [ ${value} -gt 0 ]; then 98 if [ ${value} -gt 0 ]; then
99 cmdopts="${cmdopts} -p ${value}" 99 cmdopts="${cmdopts} -p ${value}"
100 fi 100 fi
101 ;; 101 ;;
102 'threads') 102 'threads')
103 if [ ${value} -gt 0 ]; then 103 if [ ${value} -gt 0 ]; then
104 cmdopts="${cmdopts} -n ${value}" 104 cmdopts="${cmdopts} -n ${value}"
105 fi 105 fi
106 ;; 106 ;;
107 'chroot_dir') 107 'chroot_dir')
108 cmdopts="${cmdopts} -t ${value}" 108 cmdopts="${cmdopts} -t ${value}"
109 checkopts="${checkopts} -t ${value}" 109 checkopts="${checkopts} -t ${value}"
110 chroot_dir=${value}; 110 chroot_dir=${value};
111 ;; 111 ;;
112 'configuration_file') 112 'configuration_file')
113 cmdopts="${cmdopts} -c ${value}" 113 cmdopts="${cmdopts} -c ${value}"
114 checkopts="${checkopts} ${value}" 114 checkopts="${checkopts} ${value}"
115 configuration_file=${value}; 115 configuration_file=${value};
116 ;; 116 ;;
117 'server') 117 'server')
118 set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` 118 set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'`
119 server=$@ 119 server=$@
120 ;; 120 ;;
121 'user') 121 'user')
122 cmdopts="${cmdopts} -u ${value}" 122 cmdopts="${cmdopts} -u ${value}"
123 cmduser=${value}; 123 cmduser=${value};
124 ;; 124 ;;
125 esac 125 esac
126 done 126 done
127 127
128 configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ 128 configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
129 ${configuration_file}) 129 ${configuration_file})
130 [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb 130 [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb
131 131
132 configuration_files=$(sed -n -e \ 132 configuration_files=$(sed -n -e \
133 "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ 133 "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
134 ${configuration_file} | sort -u) 134 ${configuration_file} | sort -u)
135 configuration_files="${configuration_files} ${configuration_file}"  135 configuration_files="${configuration_files} ${configuration_file}"
136} 136}
137 137
138result=${SMF_EXIT_OK} 138result=${SMF_EXIT_OK}
139 139
140# Read command line arguments 140# Read command line arguments
141method="$1" # %m 141method="$1" # %m
142instance="$2" # %i 142instance="$2" # %i
143contract="$3" # %{restarter/contract} 143contract="$3" # %{restarter/contract}
144 144
145# Set defaults; SMF_FMRI should have been set, but just in case. 145# Set defaults; SMF_FMRI should have been set, but just in case.
146if [ -z "$SMF_FMRI" ]; then 146if [ -z "$SMF_FMRI" ]; then
147 SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" 147 SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}"
148fi 148fi
149server="@PREFIX@/sbin/named" 149server="@PREFIX@/sbin/named"
150checkconf="@PREFIX@/sbin/named-checkconf" 150checkconf="@PREFIX@/sbin/named-checkconf"
151I=`/usr/bin/basename $0` 151I=`/usr/bin/basename $0`
152 152
153case "$method" in 153case "$method" in
154'start') 154'start')
155 get_config 155 get_config
156 156
157 # If chroot option is set, note zones(5) are preferred, then 157 # If chroot option is set, note zones(5) are preferred, then
158 # configuration file lives under chroot directory. 158 # configuration file lives under chroot directory.
159 if [ "${chroot_dir}" != "" ]; then 159 if [ "${chroot_dir}" != "" ]; then
160 if [ "${chroot_dir}" = "/" ]; then 160 if [ "${chroot_dir}" = "/" ]; then
161 msg="$I: chroot_dir must not be /" 161 msg="$I: chroot_dir must not be /"
162 echo ${msg} >&2 162 echo ${msg} >&2
163 /usr/bin/logger -p daemon.error ${msg} 163 /usr/bin/logger -p daemon.error ${msg}
164 # dns-server should be placed in maintenance state. 164 # dns-server should be placed in maintenance state.
165 exit ${SMF_EXIT_ERR_CONFIG} 165 exit ${SMF_EXIT_ERR_CONFIG}
166 fi 166 fi
167 167
168 server="env LD_NOLAZYLOAD=1 ${server}" 168 server="env LD_NOLAZYLOAD=1 ${server}"
169 checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" 169 checkconf="env LD_NOLAZYLOAD=1 ${checkconf}"
170 170
171 mkdir -p ${chroot_dir} 171 mkdir -p ${chroot_dir}
172 172
173 if [ "${SMF_ZONENAME}" = "global" ]; then 173 if [ "${SMF_ZONENAME}" = "global" ]; then
174 for dev in crypto log null poll random urandom; do 174 for dev in crypto log null poll random urandom; do
175 rm -f ${chroot_dir}/dev/${dev} 175 rm -f ${chroot_dir}/dev/${dev}
176 pax -rw -H -pe /dev/${dev} ${chroot_dir} 176 pax -rw -H -pe /dev/${dev} ${chroot_dir}
177 done 177 done
178 fi 178 fi
179 179
180 missing="" 180 missing=""
181 for dev in crypto null poll random urandom; do 181 for dev in crypto null poll random urandom; do
182 if [ ! -e "${chroot_dir}/dev/${dev}" ]; then 182 if [ ! -e "${chroot_dir}/dev/${dev}" ]; then
183 missing="${missing} ${dev}" 183 missing="${missing} ${dev}"
184 fi 184 fi
185 done 185 done
186 186
187 if [ ! -z "${missing}" ]; then 187 if [ ! -z "${missing}" ]; then
188 msg="$I: missing device nodes in ${chroot_dir}: ${missing}" 188 msg="$I: missing device nodes in ${chroot_dir}: ${missing}"
189 echo ${msg} >&2 189 echo ${msg} >&2
190 /usr/bin/logger -p daemon.err ${msg} 190 /usr/bin/logger -p daemon.err ${msg}
191 # dns-server should be placed in maintenance state. 191 # dns-server should be placed in maintenance state.
192 exit ${SMF_EXIT_ERR_CONFIG} 192 exit ${SMF_EXIT_ERR_CONFIG}
193 fi 193 fi
194 194
195 mount_chroot ${chroot_dir} ${configuration_files} ${libraries} 195 mount_chroot ${chroot_dir} ${configuration_files} ${libraries}
196 196
197 mkdir -p ${chroot_dir}/var/run/named 197 mkdir -p ${chroot_dir}/var/run/named
198 chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named 198 chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named
199 199
200 configuration_file=${chroot_dir}${configuration_file} 200 configuration_file=${chroot_dir}${configuration_file}
201 rndc_config_file=${chroot_dir}${rndc_config_file} 201 rndc_config_file=${chroot_dir}${rndc_config_file}
202 rndc_key_file=${chroot_dir}${rndc_key_file} 202 rndc_key_file=${chroot_dir}${rndc_key_file}
203 rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" 203 rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}"
204 else 204 else
205 mkdir -p 0770 @VARBASE@/run/named 205 mkdir -p 0770 @VARBASE@/run/named
206 chown ${cmduser}:${cmduser} @VARBASE@/run/named 206 chown ${cmduser}:${cmduser} @VARBASE@/run/named
207 fi 207 fi
208 208
209 # Check if the rndc config file exists. 209 # Check if the rndc config file exists.
210 if [ ! -f ${rndc_config_file} ]; then 210 if [ ! -f ${rndc_config_file} ]; then
211 # If not, check if the default rndc key file exists. 211 # If not, check if the default rndc key file exists.
212 if [ ! -f ${rndc_key_file} ]; then 212 if [ ! -f ${rndc_key_file} ]; then
213 echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 213 echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2
214 @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} 214 @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts}
215 if [ $? -ne 0 ]; then 215 if [ $? -ne 0 ]; then
216 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ 216 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \
217 "control 'named' may fail and 'named' may report further error" \ 217 "control 'named' may fail and 'named' may report further error" \
218 "messages to the system log. This is not fatal. For more" \ 218 "messages to the system log. This is not fatal. For more" \
219 "information see rndc(1M) and rndc-confgen(1M)." >&2 219 "information see rndc(1M) and rndc-confgen(1M)." >&2
220 fi 220 fi
221 fi 221 fi
222 fi 222 fi
223 223
224 if [ ${result} = ${SMF_EXIT_OK} ]; then 224 if [ ${result} = ${SMF_EXIT_OK} ]; then
225 ${checkconf} -z ${checkopts} 225 ${checkconf} -z ${checkopts}
226 result=$? 226 result=$?
227 if [ $result -ne 0 ]; then 227 if [ $result -ne 0 ]; then
228 msg="$I: named-checkconf failed to verify configuration" 228 msg="$I: named-checkconf failed to verify configuration"
229 echo ${msg} >&2 229 echo ${msg} >&2
230 /usr/bin/logger -p daemon.error ${msg} 230 /usr/bin/logger -p daemon.error ${msg}
231 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then 231 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
232 umount_chroot ${chroot_dir} ${configuration_files} ${libraries} 232 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
233 fi 233 fi
234 # dns-server should be placed in maintenance state. 234 # dns-server should be placed in maintenance state.
235 exit ${SMF_EXIT_ERR_CONFIG} 235 exit ${SMF_EXIT_ERR_CONFIG}
236 fi 236 fi
237 fi 237 fi
238 238
239 if [ ${result} = ${SMF_EXIT_OK} ]; then 239 if [ ${result} = ${SMF_EXIT_OK} ]; then
240 echo "$I: Executing: ${server} ${cmdopts}" 240 echo "$I: Executing: ${server} ${cmdopts}"
241 # Execute named(1M) with relevant command line options. 241 # Execute named(1M) with relevant command line options.
242 ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts} 242 ${server} ${cmdopts}
243 result=$? 243 result=$?
244 fi 244 fi
245 ;; 245 ;;
246'stop') 246'stop')
247 get_config 247 get_config
248 248
249 smf_kill_contract ${contract} TERM 1 249 smf_kill_contract ${contract} TERM 1
250 [ $? -ne 0 ] && exit 1 250 [ $? -ne 0 ] && exit 1
251 251
252 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then 252 if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
253 umount_chroot ${chroot_dir} ${configuration_files} ${libraries} 253 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
254 fi 254 fi
255 255
256 ;; 256 ;;
257*) 257*)
258 echo "Usage: $I [stop|start] <instance>" >&2 258 echo "Usage: $I [stop|start] <instance>" >&2
259 exit 1 259 exit 1
260 ;; 260 ;;
261esac 261esac
262exit ${result} 262exit ${result}