bind*: Remove privileges from SMF method script. This inadvertently opened up the named process to more privileges than necessary and could be considered a security risk. This may affect chroot support, adding back in support for that will need to be done carefully. Bump PKGREVISIONs.diff -r1.10 -r1.11 pkgsrc/net/bind911/Makefile
(jperkin)
@@ -1,78 +1,79 @@ | @@ -1,78 +1,79 @@ | |||
1 | # $NetBSD: Makefile,v 1.10 2019/06/20 02:13:58 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.11 2019/06/28 17:01:30 jperkin Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 6 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
7 | 8 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.isc.org/software/bind/ | 10 | HOMEPAGE= http://www.isc.org/software/bind/ | |
10 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.11 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.11 | |
11 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
12 | 13 | |||
13 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
14 | 15 | |||
15 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
16 | 17 | |||
17 | BIND_VERSION= 9.11.8 | 18 | BIND_VERSION= 9.11.8 | |
18 | 19 | |||
19 | .include "../../mk/bsd.prefs.mk" | 20 | .include "../../mk/bsd.prefs.mk" | |
20 | 21 | |||
21 | BUILD_DEFS+= BIND_DIR VARBASE | 22 | BUILD_DEFS+= BIND_DIR VARBASE | |
22 | 23 | |||
23 | .include "options.mk" | 24 | .include "options.mk" | |
24 | 25 | |||
25 | USE_TOOLS+= pax perl | 26 | USE_TOOLS+= pax perl | |
26 | USE_LIBTOOL= yes | 27 | USE_LIBTOOL= yes | |
27 | GNU_CONFIGURE= yes | 28 | GNU_CONFIGURE= yes | |
28 | 29 | |||
29 | CONFIGURE_ARGS+= --with-libtool | 30 | CONFIGURE_ARGS+= --with-libtool | |
30 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 31 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | |
31 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | 32 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | |
32 | CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} | 33 | CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} | |
33 | CONFIGURE_ARGS+= --with-python=no | 34 | CONFIGURE_ARGS+= --with-python=no | |
34 | .if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ | 35 | .if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ | |
35 | !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ | 36 | !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ | |
36 | !empty(MACHINE_PLATFORM:MNetBSD-*-vax) | 37 | !empty(MACHINE_PLATFORM:MNetBSD-*-vax) | |
37 | CONFIGURE_ARGS+= --disable-atomic | 38 | CONFIGURE_ARGS+= --disable-atomic | |
38 | .endif | 39 | .endif | |
39 | .if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != "" | 40 | .if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != "" | |
40 | CONFIGURE_ARGS+= --disable-threads | 41 | CONFIGURE_ARGS+= --disable-threads | |
41 | .endif | 42 | .endif | |
42 | CONFIGURE_ARGS.DragonFly+= --disable-kqueue | 43 | CONFIGURE_ARGS.DragonFly+= --disable-kqueue | |
43 | 44 | |||
44 | PKG_GROUPS_VARS+= BIND_GROUP | 45 | PKG_GROUPS_VARS+= BIND_GROUP | |
45 | PKG_USERS_VARS= BIND_USER | 46 | PKG_USERS_VARS= BIND_USER | |
46 | 47 | |||
47 | PKG_GROUPS= ${BIND_GROUP} | 48 | PKG_GROUPS= ${BIND_GROUP} | |
48 | PKG_USERS= ${BIND_USER}:${BIND_GROUP} | 49 | PKG_USERS= ${BIND_USER}:${BIND_GROUP} | |
49 | 50 | |||
50 | PKG_GECOS.${BIND_USER}= Named pseudo-user | 51 | PKG_GECOS.${BIND_USER}= Named pseudo-user | |
51 | PKG_HOME.${BIND_USER}= ${BIND_DIR} | 52 | PKG_HOME.${BIND_USER}= ${BIND_DIR} | |
52 | 53 | |||
53 | DOCS= CHANGES HISTORY OPTIONS README | 54 | DOCS= CHANGES HISTORY OPTIONS README | |
54 | 55 | |||
55 | FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ | 56 | FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ | |
56 | BIND_USER=${BIND_USER} PAX=${PAX:Q} \ | 57 | BIND_USER=${BIND_USER} PAX=${PAX:Q} \ | |
57 | SSLBASE=${SSLBASE} | 58 | SSLBASE=${SSLBASE} | |
58 | MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} | 59 | MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} | |
59 | 60 | |||
60 | DOCDIR= share/doc/bind9 | 61 | DOCDIR= share/doc/bind9 | |
61 | 62 | |||
62 | RCD_SCRIPTS= lwresd named9 | 63 | RCD_SCRIPTS= lwresd named9 | |
63 | SMF_METHODS= named | 64 | SMF_METHODS= named | |
64 | 65 | |||
65 | INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 | 66 | INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 | |
66 | CONF_FILES+= share/examples/bind9/bind.keys \ | 67 | CONF_FILES+= share/examples/bind9/bind.keys \ | |
67 | ${PKG_SYSCONFDIR}/bind.keys | 68 | ${PKG_SYSCONFDIR}/bind.keys | |
68 | 69 | |||
69 | INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm | 70 | INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm | |
70 | 71 | |||
71 | post-install: | 72 | post-install: | |
72 | .for f in ${DOCS} | 73 | .for f in ${DOCS} | |
73 | ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} | 74 | ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} | |
74 | .endfor | 75 | .endfor | |
75 | ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm | 76 | ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm | |
76 | 77 | |||
77 | .include "../../security/openssl/buildlink3.mk" | 78 | .include "../../security/openssl/buildlink3.mk" | |
78 | .include "../../mk/bsd.pkg.mk" | 79 | .include "../../mk/bsd.pkg.mk" |
@@ -1,262 +1,262 @@ | @@ -1,262 +1,262 @@ | |||
1 | #!@SMF_METHOD_SHELL@ | 1 | #!@SMF_METHOD_SHELL@ | |
2 | # | 2 | # | |
3 | # CDDL HEADER START | 3 | # CDDL HEADER START | |
4 | # | 4 | # | |
5 | # The contents of this file are subject to the terms of the | 5 | # The contents of this file are subject to the terms of the | |
6 | # Common Development and Distribution License (the "License"). | 6 | # Common Development and Distribution License (the "License"). | |
7 | # You may not use this file except in compliance with the License. | 7 | # You may not use this file except in compliance with the License. | |
8 | # | 8 | # | |
9 | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | 9 | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
10 | # or http://www.opensolaris.org/os/licensing. | 10 | # or http://www.opensolaris.org/os/licensing. | |
11 | # See the License for the specific language governing permissions | 11 | # See the License for the specific language governing permissions | |
12 | # and limitations under the License. | 12 | # and limitations under the License. | |
13 | # | 13 | # | |
14 | # When distributing Covered Code, include this CDDL HEADER in each | 14 | # When distributing Covered Code, include this CDDL HEADER in each | |
15 | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | 15 | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
16 | # If applicable, add the following below this CDDL HEADER, with the | 16 | # If applicable, add the following below this CDDL HEADER, with the | |
17 | # fields enclosed by brackets "[]" replaced with your own identifying | 17 | # fields enclosed by brackets "[]" replaced with your own identifying | |
18 | # information: Portions Copyright [yyyy] [name of copyright owner] | 18 | # information: Portions Copyright [yyyy] [name of copyright owner] | |
19 | # | 19 | # | |
20 | # CDDL HEADER END | 20 | # CDDL HEADER END | |
21 | # | 21 | # | |
22 | # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | 22 | # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | |
23 | # Use is subject to license terms. | 23 | # Use is subject to license terms. | |
24 | # | 24 | # | |
25 | #pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" | 25 | #pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" | |
26 | 26 | |||
27 | # smf_method(5) start/stop script required for server DNS | 27 | # smf_method(5) start/stop script required for server DNS | |
28 | 28 | |||
29 | . /lib/svc/share/smf_include.sh | 29 | . /lib/svc/share/smf_include.sh | |
30 | 30 | |||
31 | mount_chroot () | 31 | mount_chroot () | |
32 | { | 32 | { | |
33 | c=$1 | 33 | c=$1 | |
34 | shift | 34 | shift | |
35 | for f in $*; do | 35 | for f in $*; do | |
36 | if [ -z "${f}" -o ! -f "${f}" -o \ | 36 | if [ -z "${f}" -o ! -f "${f}" -o \ | |
37 | -z "${c}" -o ! -d "${c}" ]; then | 37 | -z "${c}" -o ! -d "${c}" ]; then | |
38 | exit ${SMF_EXIT_ERR_CONFIG} | 38 | exit ${SMF_EXIT_ERR_CONFIG} | |
39 | fi | 39 | fi | |
40 | 40 | |||
41 | umount ${c}/${f} >/dev/null 2>&1 | 41 | umount ${c}/${f} >/dev/null 2>&1 | |
42 | mkdir -p `dirname ${c}/${f}` | 42 | mkdir -p `dirname ${c}/${f}` | |
43 | touch ${c}/${f} | 43 | touch ${c}/${f} | |
44 | mount -Flofs ${f} ${c}/${f} | 44 | mount -Flofs ${f} ${c}/${f} | |
45 | done | 45 | done | |
46 | } | 46 | } | |
47 | 47 | |||
48 | umount_chroot () | 48 | umount_chroot () | |
49 | { | 49 | { | |
50 | c=$1 | 50 | c=$1 | |
51 | shift | 51 | shift | |
52 | for f in $*; do | 52 | for f in $*; do | |
53 | umount ${c}/${f} >/dev/null 2>&1 | 53 | umount ${c}/${f} >/dev/null 2>&1 | |
54 | done | 54 | done | |
55 | } | 55 | } | |
56 | 56 | |||
57 | get_config () | 57 | get_config () | |
58 | { | 58 | { | |
59 | configuration_file=@PKG_SYSCONFDIR@/named.conf | 59 | configuration_file=@PKG_SYSCONFDIR@/named.conf | |
60 | rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf | 60 | rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf | |
61 | rndc_key_file=@PKG_SYSCONFDIR@/rndc.key | 61 | rndc_key_file=@PKG_SYSCONFDIR@/rndc.key | |
62 | rndc_cmd_opts="-a" | 62 | rndc_cmd_opts="-a" | |
63 | libraries="/usr/pkg/lib/engines/libgost.so" | 63 | libraries="/usr/pkg/lib/engines/libgost.so" | |
64 | cmdopts="" | 64 | cmdopts="" | |
65 | checkopts="" | 65 | checkopts="" | |
66 | properties="debug_level ip_interfaces listen_on_port | 66 | properties="debug_level ip_interfaces listen_on_port | |
67 | threads chroot_dir configuration_file server user" | 67 | threads chroot_dir configuration_file server user" | |
68 | 68 | |||
69 | for prop in $properties | 69 | for prop in $properties | |
70 | do | 70 | do | |
71 | value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` | 71 | value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` | |
72 | if [ -z "${value}" -o "${value}" = '""' ]; then | 72 | if [ -z "${value}" -o "${value}" = '""' ]; then | |
73 | continue; | 73 | continue; | |
74 | fi | 74 | fi | |
75 | 75 | |||
76 | case $prop in | 76 | case $prop in | |
77 | 'debug_level') | 77 | 'debug_level') | |
78 | if [ ${value} -gt 0 ]; then | 78 | if [ ${value} -gt 0 ]; then | |
79 | cmdopts="${cmdopts} -d ${value}" | 79 | cmdopts="${cmdopts} -d ${value}" | |
80 | fi | 80 | fi | |
81 | ;; | 81 | ;; | |
82 | 'ip_interfaces') | 82 | 'ip_interfaces') | |
83 | case ${value} in | 83 | case ${value} in | |
84 | 'IPv4') | 84 | 'IPv4') | |
85 | cmdopts="${cmdopts} -4";; | 85 | cmdopts="${cmdopts} -4";; | |
86 | 'IPv6') | 86 | 'IPv6') | |
87 | cmdopts="${cmdopts} -6";; | 87 | cmdopts="${cmdopts} -6";; | |
88 | 'all') | 88 | 'all') | |
89 | : # Default is all, therefore ignore. | 89 | : # Default is all, therefore ignore. | |
90 | ;; | 90 | ;; | |
91 | *) | 91 | *) | |
92 | echo "$I: Unrecognised value in service instance property" >&2 | 92 | echo "$I: Unrecognised value in service instance property" >&2 | |
93 | echo "$I: options/${prop} : ${value}" >&2 | 93 | echo "$I: options/${prop} : ${value}" >&2 | |
94 | ;; | 94 | ;; | |
95 | esac | 95 | esac | |
96 | ;; | 96 | ;; | |
97 | 'listen_on_port') | 97 | 'listen_on_port') | |
98 | if [ ${value} -gt 0 ]; then | 98 | if [ ${value} -gt 0 ]; then | |
99 | cmdopts="${cmdopts} -p ${value}" | 99 | cmdopts="${cmdopts} -p ${value}" | |
100 | fi | 100 | fi | |
101 | ;; | 101 | ;; | |
102 | 'threads') | 102 | 'threads') | |
103 | if [ ${value} -gt 0 ]; then | 103 | if [ ${value} -gt 0 ]; then | |
104 | cmdopts="${cmdopts} -n ${value}" | 104 | cmdopts="${cmdopts} -n ${value}" | |
105 | fi | 105 | fi | |
106 | ;; | 106 | ;; | |
107 | 'chroot_dir') | 107 | 'chroot_dir') | |
108 | cmdopts="${cmdopts} -t ${value}" | 108 | cmdopts="${cmdopts} -t ${value}" | |
109 | checkopts="${checkopts} -t ${value}" | 109 | checkopts="${checkopts} -t ${value}" | |
110 | chroot_dir=${value}; | 110 | chroot_dir=${value}; | |
111 | ;; | 111 | ;; | |
112 | 'configuration_file') | 112 | 'configuration_file') | |
113 | cmdopts="${cmdopts} -c ${value}" | 113 | cmdopts="${cmdopts} -c ${value}" | |
114 | checkopts="${checkopts} ${value}" | 114 | checkopts="${checkopts} ${value}" | |
115 | configuration_file=${value}; | 115 | configuration_file=${value}; | |
116 | ;; | 116 | ;; | |
117 | 'server') | 117 | 'server') | |
118 | set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` | 118 | set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` | |
119 | server=$@ | 119 | server=$@ | |
120 | ;; | 120 | ;; | |
121 | 'user') | 121 | 'user') | |
122 | cmdopts="${cmdopts} -u ${value}" | 122 | cmdopts="${cmdopts} -u ${value}" | |
123 | cmduser=${value}; | 123 | cmduser=${value}; | |
124 | ;; | 124 | ;; | |
125 | esac | 125 | esac | |
126 | done | 126 | done | |
127 | 127 | |||
128 | configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ | 128 | configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ | |
129 | ${configuration_file}) | 129 | ${configuration_file}) | |
130 | [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb | 130 | [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb | |
131 | 131 | |||
132 | configuration_files=$(sed -n -e \ | 132 | configuration_files=$(sed -n -e \ | |
133 | "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ | 133 | "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ | |
134 | ${configuration_file} | sort -u) | 134 | ${configuration_file} | sort -u) | |
135 | configuration_files="${configuration_files} ${configuration_file}" | 135 | configuration_files="${configuration_files} ${configuration_file}" | |
136 | } | 136 | } | |
137 | 137 | |||
138 | result=${SMF_EXIT_OK} | 138 | result=${SMF_EXIT_OK} | |
139 | 139 | |||
140 | # Read command line arguments | 140 | # Read command line arguments | |
141 | method="$1" # %m | 141 | method="$1" # %m | |
142 | instance="$2" # %i | 142 | instance="$2" # %i | |
143 | contract="$3" # %{restarter/contract} | 143 | contract="$3" # %{restarter/contract} | |
144 | 144 | |||
145 | # Set defaults; SMF_FMRI should have been set, but just in case. | 145 | # Set defaults; SMF_FMRI should have been set, but just in case. | |
146 | if [ -z "$SMF_FMRI" ]; then | 146 | if [ -z "$SMF_FMRI" ]; then | |
147 | SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" | 147 | SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" | |
148 | fi | 148 | fi | |
149 | server="@PREFIX@/sbin/named" | 149 | server="@PREFIX@/sbin/named" | |
150 | checkconf="@PREFIX@/sbin/named-checkconf" | 150 | checkconf="@PREFIX@/sbin/named-checkconf" | |
151 | I=`/usr/bin/basename $0` | 151 | I=`/usr/bin/basename $0` | |
152 | 152 | |||
153 | case "$method" in | 153 | case "$method" in | |
154 | 'start') | 154 | 'start') | |
155 | get_config | 155 | get_config | |
156 | 156 | |||
157 | # If chroot option is set, note zones(5) are preferred, then | 157 | # If chroot option is set, note zones(5) are preferred, then | |
158 | # configuration file lives under chroot directory. | 158 | # configuration file lives under chroot directory. | |
159 | if [ "${chroot_dir}" != "" ]; then | 159 | if [ "${chroot_dir}" != "" ]; then | |
160 | if [ "${chroot_dir}" = "/" ]; then | 160 | if [ "${chroot_dir}" = "/" ]; then | |
161 | msg="$I: chroot_dir must not be /" | 161 | msg="$I: chroot_dir must not be /" | |
162 | echo ${msg} >&2 | 162 | echo ${msg} >&2 | |
163 | /usr/bin/logger -p daemon.error ${msg} | 163 | /usr/bin/logger -p daemon.error ${msg} | |
164 | # dns-server should be placed in maintenance state. | 164 | # dns-server should be placed in maintenance state. | |
165 | exit ${SMF_EXIT_ERR_CONFIG} | 165 | exit ${SMF_EXIT_ERR_CONFIG} | |
166 | fi | 166 | fi | |
167 | 167 | |||
168 | server="env LD_NOLAZYLOAD=1 ${server}" | 168 | server="env LD_NOLAZYLOAD=1 ${server}" | |
169 | checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" | 169 | checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" | |
170 | 170 | |||
171 | mkdir -p ${chroot_dir} | 171 | mkdir -p ${chroot_dir} | |
172 | 172 | |||
173 | if [ "${SMF_ZONENAME}" = "global" ]; then | 173 | if [ "${SMF_ZONENAME}" = "global" ]; then | |
174 | for dev in crypto log null poll random urandom; do | 174 | for dev in crypto log null poll random urandom; do | |
175 | rm -f ${chroot_dir}/dev/${dev} | 175 | rm -f ${chroot_dir}/dev/${dev} | |
176 | pax -rw -H -pe /dev/${dev} ${chroot_dir} | 176 | pax -rw -H -pe /dev/${dev} ${chroot_dir} | |
177 | done | 177 | done | |
178 | fi | 178 | fi | |
179 | 179 | |||
180 | missing="" | 180 | missing="" | |
181 | for dev in crypto null poll random urandom; do | 181 | for dev in crypto null poll random urandom; do | |
182 | if [ ! -e "${chroot_dir}/dev/${dev}" ]; then | 182 | if [ ! -e "${chroot_dir}/dev/${dev}" ]; then | |
183 | missing="${missing} ${dev}" | 183 | missing="${missing} ${dev}" | |
184 | fi | 184 | fi | |
185 | done | 185 | done | |
186 | 186 | |||
187 | if [ ! -z "${missing}" ]; then | 187 | if [ ! -z "${missing}" ]; then | |
188 | msg="$I: missing device nodes in ${chroot_dir}: ${missing}" | 188 | msg="$I: missing device nodes in ${chroot_dir}: ${missing}" | |
189 | echo ${msg} >&2 | 189 | echo ${msg} >&2 | |
190 | /usr/bin/logger -p daemon.err ${msg} | 190 | /usr/bin/logger -p daemon.err ${msg} | |
191 | # dns-server should be placed in maintenance state. | 191 | # dns-server should be placed in maintenance state. | |
192 | exit ${SMF_EXIT_ERR_CONFIG} | 192 | exit ${SMF_EXIT_ERR_CONFIG} | |
193 | fi | 193 | fi | |
194 | 194 | |||
195 | mount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 195 | mount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
196 | 196 | |||
197 | mkdir -p ${chroot_dir}/var/run/named | 197 | mkdir -p ${chroot_dir}/var/run/named | |
198 | chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named | 198 | chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named | |
199 | 199 | |||
200 | configuration_file=${chroot_dir}${configuration_file} | 200 | configuration_file=${chroot_dir}${configuration_file} | |
201 | rndc_config_file=${chroot_dir}${rndc_config_file} | 201 | rndc_config_file=${chroot_dir}${rndc_config_file} | |
202 | rndc_key_file=${chroot_dir}${rndc_key_file} | 202 | rndc_key_file=${chroot_dir}${rndc_key_file} | |
203 | rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" | 203 | rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" | |
204 | else | 204 | else | |
205 | mkdir -p -m 0770 @VARBASE@/run/named | 205 | mkdir -p -m 0770 @VARBASE@/run/named | |
206 | chown ${cmduser}:${cmduser} @VARBASE@/run/named | 206 | chown ${cmduser}:${cmduser} @VARBASE@/run/named | |
207 | fi | 207 | fi | |
208 | 208 | |||
209 | # Check if the rndc config file exists. | 209 | # Check if the rndc config file exists. | |
210 | if [ ! -f ${rndc_config_file} ]; then | 210 | if [ ! -f ${rndc_config_file} ]; then | |
211 | # If not, check if the default rndc key file exists. | 211 | # If not, check if the default rndc key file exists. | |
212 | if [ ! -f ${rndc_key_file} ]; then | 212 | if [ ! -f ${rndc_key_file} ]; then | |
213 | echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 | 213 | echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 | |
214 | @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} | 214 | @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} | |
215 | if [ $? -ne 0 ]; then | 215 | if [ $? -ne 0 ]; then | |
216 | echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ | 216 | echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ | |
217 | "control 'named' may fail and 'named' may report further error" \ | 217 | "control 'named' may fail and 'named' may report further error" \ | |
218 | "messages to the system log. This is not fatal. For more" \ | 218 | "messages to the system log. This is not fatal. For more" \ | |
219 | "information see rndc(1M) and rndc-confgen(1M)." >&2 | 219 | "information see rndc(1M) and rndc-confgen(1M)." >&2 | |
220 | fi | 220 | fi | |
221 | fi | 221 | fi | |
222 | fi | 222 | fi | |
223 | 223 | |||
224 | if [ ${result} = ${SMF_EXIT_OK} ]; then | 224 | if [ ${result} = ${SMF_EXIT_OK} ]; then | |
225 | ${checkconf} -z ${checkopts} | 225 | ${checkconf} -z ${checkopts} | |
226 | result=$? | 226 | result=$? | |
227 | if [ $result -ne 0 ]; then | 227 | if [ $result -ne 0 ]; then | |
228 | msg="$I: named-checkconf failed to verify configuration" | 228 | msg="$I: named-checkconf failed to verify configuration" | |
229 | echo ${msg} >&2 | 229 | echo ${msg} >&2 | |
230 | /usr/bin/logger -p daemon.error ${msg} | 230 | /usr/bin/logger -p daemon.error ${msg} | |
231 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | 231 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | |
232 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 232 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
233 | fi | 233 | fi | |
234 | # dns-server should be placed in maintenance state. | 234 | # dns-server should be placed in maintenance state. | |
235 | exit ${SMF_EXIT_ERR_CONFIG} | 235 | exit ${SMF_EXIT_ERR_CONFIG} | |
236 | fi | 236 | fi | |
237 | fi | 237 | fi | |
238 | 238 | |||
239 | if [ ${result} = ${SMF_EXIT_OK} ]; then | 239 | if [ ${result} = ${SMF_EXIT_OK} ]; then | |
240 | echo "$I: Executing: ${server} ${cmdopts}" | 240 | echo "$I: Executing: ${server} ${cmdopts}" | |
241 | # Execute named(1M) with relevant command line options. | 241 | # Execute named(1M) with relevant command line options. | |
242 | ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts} | 242 | ${server} ${cmdopts} | |
243 | result=$? | 243 | result=$? | |
244 | fi | 244 | fi | |
245 | ;; | 245 | ;; | |
246 | 'stop') | 246 | 'stop') | |
247 | get_config | 247 | get_config | |
248 | 248 | |||
249 | smf_kill_contract ${contract} TERM 1 | 249 | smf_kill_contract ${contract} TERM 1 | |
250 | [ $? -ne 0 ] && exit 1 | 250 | [ $? -ne 0 ] && exit 1 | |
251 | 251 | |||
252 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | 252 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | |
253 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 253 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
254 | fi | 254 | fi | |
255 | 255 | |||
256 | ;; | 256 | ;; | |
257 | *) | 257 | *) | |
258 | echo "Usage: $I [stop|start] <instance>" >&2 | 258 | echo "Usage: $I [stop|start] <instance>" >&2 | |
259 | exit 1 | 259 | exit 1 | |
260 | ;; | 260 | ;; | |
261 | esac | 261 | esac | |
262 | exit ${result} | 262 | exit ${result} |
@@ -1,79 +1,80 @@ | @@ -1,79 +1,80 @@ | |||
1 | # $NetBSD: Makefile,v 1.12 2019/06/20 02:15:20 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.13 2019/06/28 17:01:30 jperkin Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 6 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
7 | 8 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.isc.org/software/bind/ | 10 | HOMEPAGE= http://www.isc.org/software/bind/ | |
10 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.12 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.12 | |
11 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
12 | 13 | |||
13 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
14 | 15 | |||
15 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
16 | USE_CWRAPPERS= no | 17 | USE_CWRAPPERS= no | |
17 | 18 | |||
18 | BIND_VERSION= 9.12.4-P2 | 19 | BIND_VERSION= 9.12.4-P2 | |
19 | 20 | |||
20 | .include "../../mk/bsd.prefs.mk" | 21 | .include "../../mk/bsd.prefs.mk" | |
21 | 22 | |||
22 | BUILD_DEFS+= BIND_DIR VARBASE | 23 | BUILD_DEFS+= BIND_DIR VARBASE | |
23 | 24 | |||
24 | .include "options.mk" | 25 | .include "options.mk" | |
25 | 26 | |||
26 | USE_TOOLS+= pax perl | 27 | USE_TOOLS+= pax perl | |
27 | USE_LIBTOOL= yes | 28 | USE_LIBTOOL= yes | |
28 | GNU_CONFIGURE= yes | 29 | GNU_CONFIGURE= yes | |
29 | 30 | |||
30 | CONFIGURE_ARGS+= --with-libtool | 31 | CONFIGURE_ARGS+= --with-libtool | |
31 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 32 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | |
32 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | 33 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | |
33 | CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} | 34 | CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} | |
34 | CONFIGURE_ARGS+= --with-python=no | 35 | CONFIGURE_ARGS+= --with-python=no | |
35 | .if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ | 36 | .if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ | |
36 | !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ | 37 | !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ | |
37 | !empty(MACHINE_PLATFORM:MNetBSD-*-vax) | 38 | !empty(MACHINE_PLATFORM:MNetBSD-*-vax) | |
38 | CONFIGURE_ARGS+= --disable-atomic | 39 | CONFIGURE_ARGS+= --disable-atomic | |
39 | .endif | 40 | .endif | |
40 | .if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != "" | 41 | .if ${MACHINE_PLATFORM:MNetBSD-*-powerpc} != "" | |
41 | CONFIGURE_ARGS+= --disable-threads | 42 | CONFIGURE_ARGS+= --disable-threads | |
42 | .endif | 43 | .endif | |
43 | CONFIGURE_ARGS.DragonFly+= --disable-kqueue | 44 | CONFIGURE_ARGS.DragonFly+= --disable-kqueue | |
44 | 45 | |||
45 | PKG_GROUPS_VARS+= BIND_GROUP | 46 | PKG_GROUPS_VARS+= BIND_GROUP | |
46 | PKG_USERS_VARS= BIND_USER | 47 | PKG_USERS_VARS= BIND_USER | |
47 | 48 | |||
48 | PKG_GROUPS= ${BIND_GROUP} | 49 | PKG_GROUPS= ${BIND_GROUP} | |
49 | PKG_USERS= ${BIND_USER}:${BIND_GROUP} | 50 | PKG_USERS= ${BIND_USER}:${BIND_GROUP} | |
50 | 51 | |||
51 | PKG_GECOS.${BIND_USER}= Named pseudo-user | 52 | PKG_GECOS.${BIND_USER}= Named pseudo-user | |
52 | PKG_HOME.${BIND_USER}= ${BIND_DIR} | 53 | PKG_HOME.${BIND_USER}= ${BIND_DIR} | |
53 | 54 | |||
54 | DOCS= CHANGES HISTORY OPTIONS README | 55 | DOCS= CHANGES HISTORY OPTIONS README | |
55 | 56 | |||
56 | FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ | 57 | FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ | |
57 | BIND_USER=${BIND_USER} PAX=${PAX:Q} \ | 58 | BIND_USER=${BIND_USER} PAX=${PAX:Q} \ | |
58 | SSLBASE=${SSLBASE} | 59 | SSLBASE=${SSLBASE} | |
59 | MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} | 60 | MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} | |
60 | 61 | |||
61 | DOCDIR= share/doc/bind9 | 62 | DOCDIR= share/doc/bind9 | |
62 | 63 | |||
63 | RCD_SCRIPTS= named9 | 64 | RCD_SCRIPTS= named9 | |
64 | SMF_METHODS= named | 65 | SMF_METHODS= named | |
65 | 66 | |||
66 | INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 | 67 | INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 | |
67 | CONF_FILES+= share/examples/bind9/bind.keys \ | 68 | CONF_FILES+= share/examples/bind9/bind.keys \ | |
68 | ${PKG_SYSCONFDIR}/bind.keys | 69 | ${PKG_SYSCONFDIR}/bind.keys | |
69 | 70 | |||
70 | INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm | 71 | INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm | |
71 | 72 | |||
72 | post-install: | 73 | post-install: | |
73 | .for f in ${DOCS} | 74 | .for f in ${DOCS} | |
74 | ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} | 75 | ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} | |
75 | .endfor | 76 | .endfor | |
76 | ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm | 77 | ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm | |
77 | 78 | |||
78 | .include "../../security/openssl/buildlink3.mk" | 79 | .include "../../security/openssl/buildlink3.mk" | |
79 | .include "../../mk/bsd.pkg.mk" | 80 | .include "../../mk/bsd.pkg.mk" |
@@ -1,262 +1,262 @@ | @@ -1,262 +1,262 @@ | |||
1 | #!@SMF_METHOD_SHELL@ | 1 | #!@SMF_METHOD_SHELL@ | |
2 | # | 2 | # | |
3 | # CDDL HEADER START | 3 | # CDDL HEADER START | |
4 | # | 4 | # | |
5 | # The contents of this file are subject to the terms of the | 5 | # The contents of this file are subject to the terms of the | |
6 | # Common Development and Distribution License (the "License"). | 6 | # Common Development and Distribution License (the "License"). | |
7 | # You may not use this file except in compliance with the License. | 7 | # You may not use this file except in compliance with the License. | |
8 | # | 8 | # | |
9 | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | 9 | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
10 | # or http://www.opensolaris.org/os/licensing. | 10 | # or http://www.opensolaris.org/os/licensing. | |
11 | # See the License for the specific language governing permissions | 11 | # See the License for the specific language governing permissions | |
12 | # and limitations under the License. | 12 | # and limitations under the License. | |
13 | # | 13 | # | |
14 | # When distributing Covered Code, include this CDDL HEADER in each | 14 | # When distributing Covered Code, include this CDDL HEADER in each | |
15 | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | 15 | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
16 | # If applicable, add the following below this CDDL HEADER, with the | 16 | # If applicable, add the following below this CDDL HEADER, with the | |
17 | # fields enclosed by brackets "[]" replaced with your own identifying | 17 | # fields enclosed by brackets "[]" replaced with your own identifying | |
18 | # information: Portions Copyright [yyyy] [name of copyright owner] | 18 | # information: Portions Copyright [yyyy] [name of copyright owner] | |
19 | # | 19 | # | |
20 | # CDDL HEADER END | 20 | # CDDL HEADER END | |
21 | # | 21 | # | |
22 | # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | 22 | # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | |
23 | # Use is subject to license terms. | 23 | # Use is subject to license terms. | |
24 | # | 24 | # | |
25 | #pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" | 25 | #pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" | |
26 | 26 | |||
27 | # smf_method(5) start/stop script required for server DNS | 27 | # smf_method(5) start/stop script required for server DNS | |
28 | 28 | |||
29 | . /lib/svc/share/smf_include.sh | 29 | . /lib/svc/share/smf_include.sh | |
30 | 30 | |||
31 | mount_chroot () | 31 | mount_chroot () | |
32 | { | 32 | { | |
33 | c=$1 | 33 | c=$1 | |
34 | shift | 34 | shift | |
35 | for f in $*; do | 35 | for f in $*; do | |
36 | if [ -z "${f}" -o ! -f "${f}" -o \ | 36 | if [ -z "${f}" -o ! -f "${f}" -o \ | |
37 | -z "${c}" -o ! -d "${c}" ]; then | 37 | -z "${c}" -o ! -d "${c}" ]; then | |
38 | exit ${SMF_EXIT_ERR_CONFIG} | 38 | exit ${SMF_EXIT_ERR_CONFIG} | |
39 | fi | 39 | fi | |
40 | 40 | |||
41 | umount ${c}/${f} >/dev/null 2>&1 | 41 | umount ${c}/${f} >/dev/null 2>&1 | |
42 | mkdir -p `dirname ${c}/${f}` | 42 | mkdir -p `dirname ${c}/${f}` | |
43 | touch ${c}/${f} | 43 | touch ${c}/${f} | |
44 | mount -Flofs ${f} ${c}/${f} | 44 | mount -Flofs ${f} ${c}/${f} | |
45 | done | 45 | done | |
46 | } | 46 | } | |
47 | 47 | |||
48 | umount_chroot () | 48 | umount_chroot () | |
49 | { | 49 | { | |
50 | c=$1 | 50 | c=$1 | |
51 | shift | 51 | shift | |
52 | for f in $*; do | 52 | for f in $*; do | |
53 | umount ${c}/${f} >/dev/null 2>&1 | 53 | umount ${c}/${f} >/dev/null 2>&1 | |
54 | done | 54 | done | |
55 | } | 55 | } | |
56 | 56 | |||
57 | get_config () | 57 | get_config () | |
58 | { | 58 | { | |
59 | configuration_file=@PKG_SYSCONFDIR@/named.conf | 59 | configuration_file=@PKG_SYSCONFDIR@/named.conf | |
60 | rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf | 60 | rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf | |
61 | rndc_key_file=@PKG_SYSCONFDIR@/rndc.key | 61 | rndc_key_file=@PKG_SYSCONFDIR@/rndc.key | |
62 | rndc_cmd_opts="-a" | 62 | rndc_cmd_opts="-a" | |
63 | libraries="/usr/pkg/lib/engines/libgost.so" | 63 | libraries="/usr/pkg/lib/engines/libgost.so" | |
64 | cmdopts="" | 64 | cmdopts="" | |
65 | checkopts="" | 65 | checkopts="" | |
66 | properties="debug_level ip_interfaces listen_on_port | 66 | properties="debug_level ip_interfaces listen_on_port | |
67 | threads chroot_dir configuration_file server user" | 67 | threads chroot_dir configuration_file server user" | |
68 | 68 | |||
69 | for prop in $properties | 69 | for prop in $properties | |
70 | do | 70 | do | |
71 | value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` | 71 | value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` | |
72 | if [ -z "${value}" -o "${value}" = '""' ]; then | 72 | if [ -z "${value}" -o "${value}" = '""' ]; then | |
73 | continue; | 73 | continue; | |
74 | fi | 74 | fi | |
75 | 75 | |||
76 | case $prop in | 76 | case $prop in | |
77 | 'debug_level') | 77 | 'debug_level') | |
78 | if [ ${value} -gt 0 ]; then | 78 | if [ ${value} -gt 0 ]; then | |
79 | cmdopts="${cmdopts} -d ${value}" | 79 | cmdopts="${cmdopts} -d ${value}" | |
80 | fi | 80 | fi | |
81 | ;; | 81 | ;; | |
82 | 'ip_interfaces') | 82 | 'ip_interfaces') | |
83 | case ${value} in | 83 | case ${value} in | |
84 | 'IPv4') | 84 | 'IPv4') | |
85 | cmdopts="${cmdopts} -4";; | 85 | cmdopts="${cmdopts} -4";; | |
86 | 'IPv6') | 86 | 'IPv6') | |
87 | cmdopts="${cmdopts} -6";; | 87 | cmdopts="${cmdopts} -6";; | |
88 | 'all') | 88 | 'all') | |
89 | : # Default is all, therefore ignore. | 89 | : # Default is all, therefore ignore. | |
90 | ;; | 90 | ;; | |
91 | *) | 91 | *) | |
92 | echo "$I: Unrecognised value in service instance property" >&2 | 92 | echo "$I: Unrecognised value in service instance property" >&2 | |
93 | echo "$I: options/${prop} : ${value}" >&2 | 93 | echo "$I: options/${prop} : ${value}" >&2 | |
94 | ;; | 94 | ;; | |
95 | esac | 95 | esac | |
96 | ;; | 96 | ;; | |
97 | 'listen_on_port') | 97 | 'listen_on_port') | |
98 | if [ ${value} -gt 0 ]; then | 98 | if [ ${value} -gt 0 ]; then | |
99 | cmdopts="${cmdopts} -p ${value}" | 99 | cmdopts="${cmdopts} -p ${value}" | |
100 | fi | 100 | fi | |
101 | ;; | 101 | ;; | |
102 | 'threads') | 102 | 'threads') | |
103 | if [ ${value} -gt 0 ]; then | 103 | if [ ${value} -gt 0 ]; then | |
104 | cmdopts="${cmdopts} -n ${value}" | 104 | cmdopts="${cmdopts} -n ${value}" | |
105 | fi | 105 | fi | |
106 | ;; | 106 | ;; | |
107 | 'chroot_dir') | 107 | 'chroot_dir') | |
108 | cmdopts="${cmdopts} -t ${value}" | 108 | cmdopts="${cmdopts} -t ${value}" | |
109 | checkopts="${checkopts} -t ${value}" | 109 | checkopts="${checkopts} -t ${value}" | |
110 | chroot_dir=${value}; | 110 | chroot_dir=${value}; | |
111 | ;; | 111 | ;; | |
112 | 'configuration_file') | 112 | 'configuration_file') | |
113 | cmdopts="${cmdopts} -c ${value}" | 113 | cmdopts="${cmdopts} -c ${value}" | |
114 | checkopts="${checkopts} ${value}" | 114 | checkopts="${checkopts} ${value}" | |
115 | configuration_file=${value}; | 115 | configuration_file=${value}; | |
116 | ;; | 116 | ;; | |
117 | 'server') | 117 | 'server') | |
118 | set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` | 118 | set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` | |
119 | server=$@ | 119 | server=$@ | |
120 | ;; | 120 | ;; | |
121 | 'user') | 121 | 'user') | |
122 | cmdopts="${cmdopts} -u ${value}" | 122 | cmdopts="${cmdopts} -u ${value}" | |
123 | cmduser=${value}; | 123 | cmduser=${value}; | |
124 | ;; | 124 | ;; | |
125 | esac | 125 | esac | |
126 | done | 126 | done | |
127 | 127 | |||
128 | configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ | 128 | configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ | |
129 | ${configuration_file}) | 129 | ${configuration_file}) | |
130 | [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb | 130 | [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb | |
131 | 131 | |||
132 | configuration_files=$(sed -n -e \ | 132 | configuration_files=$(sed -n -e \ | |
133 | "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ | 133 | "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ | |
134 | ${configuration_file} | sort -u) | 134 | ${configuration_file} | sort -u) | |
135 | configuration_files="${configuration_files} ${configuration_file}" | 135 | configuration_files="${configuration_files} ${configuration_file}" | |
136 | } | 136 | } | |
137 | 137 | |||
138 | result=${SMF_EXIT_OK} | 138 | result=${SMF_EXIT_OK} | |
139 | 139 | |||
140 | # Read command line arguments | 140 | # Read command line arguments | |
141 | method="$1" # %m | 141 | method="$1" # %m | |
142 | instance="$2" # %i | 142 | instance="$2" # %i | |
143 | contract="$3" # %{restarter/contract} | 143 | contract="$3" # %{restarter/contract} | |
144 | 144 | |||
145 | # Set defaults; SMF_FMRI should have been set, but just in case. | 145 | # Set defaults; SMF_FMRI should have been set, but just in case. | |
146 | if [ -z "$SMF_FMRI" ]; then | 146 | if [ -z "$SMF_FMRI" ]; then | |
147 | SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" | 147 | SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" | |
148 | fi | 148 | fi | |
149 | server="@PREFIX@/sbin/named" | 149 | server="@PREFIX@/sbin/named" | |
150 | checkconf="@PREFIX@/sbin/named-checkconf" | 150 | checkconf="@PREFIX@/sbin/named-checkconf" | |
151 | I=`/usr/bin/basename $0` | 151 | I=`/usr/bin/basename $0` | |
152 | 152 | |||
153 | case "$method" in | 153 | case "$method" in | |
154 | 'start') | 154 | 'start') | |
155 | get_config | 155 | get_config | |
156 | 156 | |||
157 | # If chroot option is set, note zones(5) are preferred, then | 157 | # If chroot option is set, note zones(5) are preferred, then | |
158 | # configuration file lives under chroot directory. | 158 | # configuration file lives under chroot directory. | |
159 | if [ "${chroot_dir}" != "" ]; then | 159 | if [ "${chroot_dir}" != "" ]; then | |
160 | if [ "${chroot_dir}" = "/" ]; then | 160 | if [ "${chroot_dir}" = "/" ]; then | |
161 | msg="$I: chroot_dir must not be /" | 161 | msg="$I: chroot_dir must not be /" | |
162 | echo ${msg} >&2 | 162 | echo ${msg} >&2 | |
163 | /usr/bin/logger -p daemon.error ${msg} | 163 | /usr/bin/logger -p daemon.error ${msg} | |
164 | # dns-server should be placed in maintenance state. | 164 | # dns-server should be placed in maintenance state. | |
165 | exit ${SMF_EXIT_ERR_CONFIG} | 165 | exit ${SMF_EXIT_ERR_CONFIG} | |
166 | fi | 166 | fi | |
167 | 167 | |||
168 | server="env LD_NOLAZYLOAD=1 ${server}" | 168 | server="env LD_NOLAZYLOAD=1 ${server}" | |
169 | checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" | 169 | checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" | |
170 | 170 | |||
171 | mkdir -p ${chroot_dir} | 171 | mkdir -p ${chroot_dir} | |
172 | 172 | |||
173 | if [ "${SMF_ZONENAME}" = "global" ]; then | 173 | if [ "${SMF_ZONENAME}" = "global" ]; then | |
174 | for dev in crypto log null poll random urandom; do | 174 | for dev in crypto log null poll random urandom; do | |
175 | rm -f ${chroot_dir}/dev/${dev} | 175 | rm -f ${chroot_dir}/dev/${dev} | |
176 | pax -rw -H -pe /dev/${dev} ${chroot_dir} | 176 | pax -rw -H -pe /dev/${dev} ${chroot_dir} | |
177 | done | 177 | done | |
178 | fi | 178 | fi | |
179 | 179 | |||
180 | missing="" | 180 | missing="" | |
181 | for dev in crypto null poll random urandom; do | 181 | for dev in crypto null poll random urandom; do | |
182 | if [ ! -e "${chroot_dir}/dev/${dev}" ]; then | 182 | if [ ! -e "${chroot_dir}/dev/${dev}" ]; then | |
183 | missing="${missing} ${dev}" | 183 | missing="${missing} ${dev}" | |
184 | fi | 184 | fi | |
185 | done | 185 | done | |
186 | 186 | |||
187 | if [ ! -z "${missing}" ]; then | 187 | if [ ! -z "${missing}" ]; then | |
188 | msg="$I: missing device nodes in ${chroot_dir}: ${missing}" | 188 | msg="$I: missing device nodes in ${chroot_dir}: ${missing}" | |
189 | echo ${msg} >&2 | 189 | echo ${msg} >&2 | |
190 | /usr/bin/logger -p daemon.err ${msg} | 190 | /usr/bin/logger -p daemon.err ${msg} | |
191 | # dns-server should be placed in maintenance state. | 191 | # dns-server should be placed in maintenance state. | |
192 | exit ${SMF_EXIT_ERR_CONFIG} | 192 | exit ${SMF_EXIT_ERR_CONFIG} | |
193 | fi | 193 | fi | |
194 | 194 | |||
195 | mount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 195 | mount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
196 | 196 | |||
197 | mkdir -p ${chroot_dir}/var/run/named | 197 | mkdir -p ${chroot_dir}/var/run/named | |
198 | chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named | 198 | chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named | |
199 | 199 | |||
200 | configuration_file=${chroot_dir}${configuration_file} | 200 | configuration_file=${chroot_dir}${configuration_file} | |
201 | rndc_config_file=${chroot_dir}${rndc_config_file} | 201 | rndc_config_file=${chroot_dir}${rndc_config_file} | |
202 | rndc_key_file=${chroot_dir}${rndc_key_file} | 202 | rndc_key_file=${chroot_dir}${rndc_key_file} | |
203 | rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" | 203 | rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" | |
204 | else | 204 | else | |
205 | mkdir -p -m 0770 @VARBASE@/run/named | 205 | mkdir -p -m 0770 @VARBASE@/run/named | |
206 | chown ${cmduser}:${cmduser} @VARBASE@/run/named | 206 | chown ${cmduser}:${cmduser} @VARBASE@/run/named | |
207 | fi | 207 | fi | |
208 | 208 | |||
209 | # Check if the rndc config file exists. | 209 | # Check if the rndc config file exists. | |
210 | if [ ! -f ${rndc_config_file} ]; then | 210 | if [ ! -f ${rndc_config_file} ]; then | |
211 | # If not, check if the default rndc key file exists. | 211 | # If not, check if the default rndc key file exists. | |
212 | if [ ! -f ${rndc_key_file} ]; then | 212 | if [ ! -f ${rndc_key_file} ]; then | |
213 | echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 | 213 | echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 | |
214 | @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} | 214 | @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} | |
215 | if [ $? -ne 0 ]; then | 215 | if [ $? -ne 0 ]; then | |
216 | echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ | 216 | echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ | |
217 | "control 'named' may fail and 'named' may report further error" \ | 217 | "control 'named' may fail and 'named' may report further error" \ | |
218 | "messages to the system log. This is not fatal. For more" \ | 218 | "messages to the system log. This is not fatal. For more" \ | |
219 | "information see rndc(1M) and rndc-confgen(1M)." >&2 | 219 | "information see rndc(1M) and rndc-confgen(1M)." >&2 | |
220 | fi | 220 | fi | |
221 | fi | 221 | fi | |
222 | fi | 222 | fi | |
223 | 223 | |||
224 | if [ ${result} = ${SMF_EXIT_OK} ]; then | 224 | if [ ${result} = ${SMF_EXIT_OK} ]; then | |
225 | ${checkconf} -z ${checkopts} | 225 | ${checkconf} -z ${checkopts} | |
226 | result=$? | 226 | result=$? | |
227 | if [ $result -ne 0 ]; then | 227 | if [ $result -ne 0 ]; then | |
228 | msg="$I: named-checkconf failed to verify configuration" | 228 | msg="$I: named-checkconf failed to verify configuration" | |
229 | echo ${msg} >&2 | 229 | echo ${msg} >&2 | |
230 | /usr/bin/logger -p daemon.error ${msg} | 230 | /usr/bin/logger -p daemon.error ${msg} | |
231 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | 231 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | |
232 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 232 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
233 | fi | 233 | fi | |
234 | # dns-server should be placed in maintenance state. | 234 | # dns-server should be placed in maintenance state. | |
235 | exit ${SMF_EXIT_ERR_CONFIG} | 235 | exit ${SMF_EXIT_ERR_CONFIG} | |
236 | fi | 236 | fi | |
237 | fi | 237 | fi | |
238 | 238 | |||
239 | if [ ${result} = ${SMF_EXIT_OK} ]; then | 239 | if [ ${result} = ${SMF_EXIT_OK} ]; then | |
240 | echo "$I: Executing: ${server} ${cmdopts}" | 240 | echo "$I: Executing: ${server} ${cmdopts}" | |
241 | # Execute named(1M) with relevant command line options. | 241 | # Execute named(1M) with relevant command line options. | |
242 | ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts} | 242 | ${server} ${cmdopts} | |
243 | result=$? | 243 | result=$? | |
244 | fi | 244 | fi | |
245 | ;; | 245 | ;; | |
246 | 'stop') | 246 | 'stop') | |
247 | get_config | 247 | get_config | |
248 | 248 | |||
249 | smf_kill_contract ${contract} TERM 1 | 249 | smf_kill_contract ${contract} TERM 1 | |
250 | [ $? -ne 0 ] && exit 1 | 250 | [ $? -ne 0 ] && exit 1 | |
251 | 251 | |||
252 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | 252 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | |
253 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 253 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
254 | fi | 254 | fi | |
255 | 255 | |||
256 | ;; | 256 | ;; | |
257 | *) | 257 | *) | |
258 | echo "Usage: $I [stop|start] <instance>" >&2 | 258 | echo "Usage: $I [stop|start] <instance>" >&2 | |
259 | exit 1 | 259 | exit 1 | |
260 | ;; | 260 | ;; | |
261 | esac | 261 | esac | |
262 | exit ${result} | 262 | exit ${result} |
@@ -1,75 +1,76 @@ | @@ -1,75 +1,76 @@ | |||
1 | # $NetBSD: Makefile,v 1.6 2019/06/20 02:16:53 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.7 2019/06/28 17:01:30 jperkin Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 6 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
7 | 8 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.isc.org/software/bind/ | 10 | HOMEPAGE= http://www.isc.org/software/bind/ | |
10 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.14 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.14 | |
11 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
12 | 13 | |||
13 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
14 | 15 | |||
15 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
16 | 17 | |||
17 | BIND_VERSION= 9.14.3 | 18 | BIND_VERSION= 9.14.3 | |
18 | 19 | |||
19 | .include "../../mk/bsd.prefs.mk" | 20 | .include "../../mk/bsd.prefs.mk" | |
20 | 21 | |||
21 | BUILD_DEFS+= BIND_DIR VARBASE | 22 | BUILD_DEFS+= BIND_DIR VARBASE | |
22 | 23 | |||
23 | .include "options.mk" | 24 | .include "options.mk" | |
24 | 25 | |||
25 | USE_TOOLS+= pax perl | 26 | USE_TOOLS+= pax perl | |
26 | USE_LIBTOOL= yes | 27 | USE_LIBTOOL= yes | |
27 | GNU_CONFIGURE= yes | 28 | GNU_CONFIGURE= yes | |
28 | 29 | |||
29 | CONFIGURE_ARGS+= --with-libtool | 30 | CONFIGURE_ARGS+= --with-libtool | |
30 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 31 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | |
31 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | 32 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | |
32 | CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} | 33 | CONFIGURE_ARGS+= --with-openssl=${SSLBASE:Q} | |
33 | CONFIGURE_ARGS+= --with-python=no | 34 | CONFIGURE_ARGS+= --with-python=no | |
34 | .if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ | 35 | .if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \ | |
35 | !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ | 36 | !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \ | |
36 | !empty(MACHINE_PLATFORM:MNetBSD-*-vax) | 37 | !empty(MACHINE_PLATFORM:MNetBSD-*-vax) | |
37 | CONFIGURE_ARGS+= --disable-atomic | 38 | CONFIGURE_ARGS+= --disable-atomic | |
38 | .endif | 39 | .endif | |
39 | CONFIGURE_ARGS.DragonFly+= --disable-kqueue | 40 | CONFIGURE_ARGS.DragonFly+= --disable-kqueue | |
40 | 41 | |||
41 | PKG_GROUPS_VARS+= BIND_GROUP | 42 | PKG_GROUPS_VARS+= BIND_GROUP | |
42 | PKG_USERS_VARS= BIND_USER | 43 | PKG_USERS_VARS= BIND_USER | |
43 | 44 | |||
44 | PKG_GROUPS= ${BIND_GROUP} | 45 | PKG_GROUPS= ${BIND_GROUP} | |
45 | PKG_USERS= ${BIND_USER}:${BIND_GROUP} | 46 | PKG_USERS= ${BIND_USER}:${BIND_GROUP} | |
46 | 47 | |||
47 | PKG_GECOS.${BIND_USER}= Named pseudo-user | 48 | PKG_GECOS.${BIND_USER}= Named pseudo-user | |
48 | PKG_HOME.${BIND_USER}= ${BIND_DIR} | 49 | PKG_HOME.${BIND_USER}= ${BIND_DIR} | |
49 | 50 | |||
50 | DOCS= CHANGES HISTORY OPTIONS README | 51 | DOCS= CHANGES HISTORY OPTIONS README | |
51 | 52 | |||
52 | FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ | 53 | FILES_SUBST+= BIND_GROUP=${BIND_GROUP} \ | |
53 | BIND_USER=${BIND_USER} PAX=${PAX:Q} \ | 54 | BIND_USER=${BIND_USER} PAX=${PAX:Q} \ | |
54 | SSLBASE=${SSLBASE} | 55 | SSLBASE=${SSLBASE} | |
55 | MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} | 56 | MESSAGE_SUBST+= BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER} | |
56 | 57 | |||
57 | DOCDIR= share/doc/bind9 | 58 | DOCDIR= share/doc/bind9 | |
58 | 59 | |||
59 | RCD_SCRIPTS= named9 | 60 | RCD_SCRIPTS= named9 | |
60 | SMF_METHODS= named | 61 | SMF_METHODS= named | |
61 | 62 | |||
62 | INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 | 63 | INSTALL_MAKE_FLAGS+= sysconfdir=${PREFIX}/share/examples/bind9 | |
63 | CONF_FILES+= share/examples/bind9/bind.keys \ | 64 | CONF_FILES+= share/examples/bind9/bind.keys \ | |
64 | ${PKG_SYSCONFDIR}/bind.keys | 65 | ${PKG_SYSCONFDIR}/bind.keys | |
65 | 66 | |||
66 | INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm | 67 | INSTALLATION_DIRS+= ${DOCDIR} ${DOCDIR}/arm | |
67 | 68 | |||
68 | post-install: | 69 | post-install: | |
69 | .for f in ${DOCS} | 70 | .for f in ${DOCS} | |
70 | ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} | 71 | ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR} | |
71 | .endfor | 72 | .endfor | |
72 | ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm | 73 | ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm | |
73 | 74 | |||
74 | .include "../../security/openssl/buildlink3.mk" | 75 | .include "../../security/openssl/buildlink3.mk" | |
75 | .include "../../mk/bsd.pkg.mk" | 76 | .include "../../mk/bsd.pkg.mk" |
@@ -1,262 +1,262 @@ | @@ -1,262 +1,262 @@ | |||
1 | #!@SMF_METHOD_SHELL@ | 1 | #!@SMF_METHOD_SHELL@ | |
2 | # | 2 | # | |
3 | # CDDL HEADER START | 3 | # CDDL HEADER START | |
4 | # | 4 | # | |
5 | # The contents of this file are subject to the terms of the | 5 | # The contents of this file are subject to the terms of the | |
6 | # Common Development and Distribution License (the "License"). | 6 | # Common Development and Distribution License (the "License"). | |
7 | # You may not use this file except in compliance with the License. | 7 | # You may not use this file except in compliance with the License. | |
8 | # | 8 | # | |
9 | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | 9 | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
10 | # or http://www.opensolaris.org/os/licensing. | 10 | # or http://www.opensolaris.org/os/licensing. | |
11 | # See the License for the specific language governing permissions | 11 | # See the License for the specific language governing permissions | |
12 | # and limitations under the License. | 12 | # and limitations under the License. | |
13 | # | 13 | # | |
14 | # When distributing Covered Code, include this CDDL HEADER in each | 14 | # When distributing Covered Code, include this CDDL HEADER in each | |
15 | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | 15 | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
16 | # If applicable, add the following below this CDDL HEADER, with the | 16 | # If applicable, add the following below this CDDL HEADER, with the | |
17 | # fields enclosed by brackets "[]" replaced with your own identifying | 17 | # fields enclosed by brackets "[]" replaced with your own identifying | |
18 | # information: Portions Copyright [yyyy] [name of copyright owner] | 18 | # information: Portions Copyright [yyyy] [name of copyright owner] | |
19 | # | 19 | # | |
20 | # CDDL HEADER END | 20 | # CDDL HEADER END | |
21 | # | 21 | # | |
22 | # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | 22 | # Copyright 2007 Sun Microsystems, Inc. All rights reserved. | |
23 | # Use is subject to license terms. | 23 | # Use is subject to license terms. | |
24 | # | 24 | # | |
25 | #pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" | 25 | #pragma ident "@(#)dns-server.sh 1.1 07/03/26 SMI" | |
26 | 26 | |||
27 | # smf_method(5) start/stop script required for server DNS | 27 | # smf_method(5) start/stop script required for server DNS | |
28 | 28 | |||
29 | . /lib/svc/share/smf_include.sh | 29 | . /lib/svc/share/smf_include.sh | |
30 | 30 | |||
31 | mount_chroot () | 31 | mount_chroot () | |
32 | { | 32 | { | |
33 | c=$1 | 33 | c=$1 | |
34 | shift | 34 | shift | |
35 | for f in $*; do | 35 | for f in $*; do | |
36 | if [ -z "${f}" -o ! -f "${f}" -o \ | 36 | if [ -z "${f}" -o ! -f "${f}" -o \ | |
37 | -z "${c}" -o ! -d "${c}" ]; then | 37 | -z "${c}" -o ! -d "${c}" ]; then | |
38 | exit ${SMF_EXIT_ERR_CONFIG} | 38 | exit ${SMF_EXIT_ERR_CONFIG} | |
39 | fi | 39 | fi | |
40 | 40 | |||
41 | umount ${c}/${f} >/dev/null 2>&1 | 41 | umount ${c}/${f} >/dev/null 2>&1 | |
42 | mkdir -p `dirname ${c}/${f}` | 42 | mkdir -p `dirname ${c}/${f}` | |
43 | touch ${c}/${f} | 43 | touch ${c}/${f} | |
44 | mount -Flofs ${f} ${c}/${f} | 44 | mount -Flofs ${f} ${c}/${f} | |
45 | done | 45 | done | |
46 | } | 46 | } | |
47 | 47 | |||
48 | umount_chroot () | 48 | umount_chroot () | |
49 | { | 49 | { | |
50 | c=$1 | 50 | c=$1 | |
51 | shift | 51 | shift | |
52 | for f in $*; do | 52 | for f in $*; do | |
53 | umount ${c}/${f} >/dev/null 2>&1 | 53 | umount ${c}/${f} >/dev/null 2>&1 | |
54 | done | 54 | done | |
55 | } | 55 | } | |
56 | 56 | |||
57 | get_config () | 57 | get_config () | |
58 | { | 58 | { | |
59 | configuration_file=@PKG_SYSCONFDIR@/named.conf | 59 | configuration_file=@PKG_SYSCONFDIR@/named.conf | |
60 | rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf | 60 | rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf | |
61 | rndc_key_file=@PKG_SYSCONFDIR@/rndc.key | 61 | rndc_key_file=@PKG_SYSCONFDIR@/rndc.key | |
62 | rndc_cmd_opts="-a" | 62 | rndc_cmd_opts="-a" | |
63 | libraries="/usr/pkg/lib/engines/libgost.so" | 63 | libraries="/usr/pkg/lib/engines/libgost.so" | |
64 | cmdopts="" | 64 | cmdopts="" | |
65 | checkopts="" | 65 | checkopts="" | |
66 | properties="debug_level ip_interfaces listen_on_port | 66 | properties="debug_level ip_interfaces listen_on_port | |
67 | threads chroot_dir configuration_file server user" | 67 | threads chroot_dir configuration_file server user" | |
68 | 68 | |||
69 | for prop in $properties | 69 | for prop in $properties | |
70 | do | 70 | do | |
71 | value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` | 71 | value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}` | |
72 | if [ -z "${value}" -o "${value}" = '""' ]; then | 72 | if [ -z "${value}" -o "${value}" = '""' ]; then | |
73 | continue; | 73 | continue; | |
74 | fi | 74 | fi | |
75 | 75 | |||
76 | case $prop in | 76 | case $prop in | |
77 | 'debug_level') | 77 | 'debug_level') | |
78 | if [ ${value} -gt 0 ]; then | 78 | if [ ${value} -gt 0 ]; then | |
79 | cmdopts="${cmdopts} -d ${value}" | 79 | cmdopts="${cmdopts} -d ${value}" | |
80 | fi | 80 | fi | |
81 | ;; | 81 | ;; | |
82 | 'ip_interfaces') | 82 | 'ip_interfaces') | |
83 | case ${value} in | 83 | case ${value} in | |
84 | 'IPv4') | 84 | 'IPv4') | |
85 | cmdopts="${cmdopts} -4";; | 85 | cmdopts="${cmdopts} -4";; | |
86 | 'IPv6') | 86 | 'IPv6') | |
87 | cmdopts="${cmdopts} -6";; | 87 | cmdopts="${cmdopts} -6";; | |
88 | 'all') | 88 | 'all') | |
89 | : # Default is all, therefore ignore. | 89 | : # Default is all, therefore ignore. | |
90 | ;; | 90 | ;; | |
91 | *) | 91 | *) | |
92 | echo "$I: Unrecognised value in service instance property" >&2 | 92 | echo "$I: Unrecognised value in service instance property" >&2 | |
93 | echo "$I: options/${prop} : ${value}" >&2 | 93 | echo "$I: options/${prop} : ${value}" >&2 | |
94 | ;; | 94 | ;; | |
95 | esac | 95 | esac | |
96 | ;; | 96 | ;; | |
97 | 'listen_on_port') | 97 | 'listen_on_port') | |
98 | if [ ${value} -gt 0 ]; then | 98 | if [ ${value} -gt 0 ]; then | |
99 | cmdopts="${cmdopts} -p ${value}" | 99 | cmdopts="${cmdopts} -p ${value}" | |
100 | fi | 100 | fi | |
101 | ;; | 101 | ;; | |
102 | 'threads') | 102 | 'threads') | |
103 | if [ ${value} -gt 0 ]; then | 103 | if [ ${value} -gt 0 ]; then | |
104 | cmdopts="${cmdopts} -n ${value}" | 104 | cmdopts="${cmdopts} -n ${value}" | |
105 | fi | 105 | fi | |
106 | ;; | 106 | ;; | |
107 | 'chroot_dir') | 107 | 'chroot_dir') | |
108 | cmdopts="${cmdopts} -t ${value}" | 108 | cmdopts="${cmdopts} -t ${value}" | |
109 | checkopts="${checkopts} -t ${value}" | 109 | checkopts="${checkopts} -t ${value}" | |
110 | chroot_dir=${value}; | 110 | chroot_dir=${value}; | |
111 | ;; | 111 | ;; | |
112 | 'configuration_file') | 112 | 'configuration_file') | |
113 | cmdopts="${cmdopts} -c ${value}" | 113 | cmdopts="${cmdopts} -c ${value}" | |
114 | checkopts="${checkopts} ${value}" | 114 | checkopts="${checkopts} ${value}" | |
115 | configuration_file=${value}; | 115 | configuration_file=${value}; | |
116 | ;; | 116 | ;; | |
117 | 'server') | 117 | 'server') | |
118 | set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` | 118 | set -- `echo ${value} | /usr/bin/sed -e 's/\\\\//g'` | |
119 | server=$@ | 119 | server=$@ | |
120 | ;; | 120 | ;; | |
121 | 'user') | 121 | 'user') | |
122 | cmdopts="${cmdopts} -u ${value}" | 122 | cmdopts="${cmdopts} -u ${value}" | |
123 | cmduser=${value}; | 123 | cmduser=${value}; | |
124 | ;; | 124 | ;; | |
125 | esac | 125 | esac | |
126 | done | 126 | done | |
127 | 127 | |||
128 | configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ | 128 | configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \ | |
129 | ${configuration_file}) | 129 | ${configuration_file}) | |
130 | [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb | 130 | [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb | |
131 | 131 | |||
132 | configuration_files=$(sed -n -e \ | 132 | configuration_files=$(sed -n -e \ | |
133 | "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ | 133 | "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \ | |
134 | ${configuration_file} | sort -u) | 134 | ${configuration_file} | sort -u) | |
135 | configuration_files="${configuration_files} ${configuration_file}" | 135 | configuration_files="${configuration_files} ${configuration_file}" | |
136 | } | 136 | } | |
137 | 137 | |||
138 | result=${SMF_EXIT_OK} | 138 | result=${SMF_EXIT_OK} | |
139 | 139 | |||
140 | # Read command line arguments | 140 | # Read command line arguments | |
141 | method="$1" # %m | 141 | method="$1" # %m | |
142 | instance="$2" # %i | 142 | instance="$2" # %i | |
143 | contract="$3" # %{restarter/contract} | 143 | contract="$3" # %{restarter/contract} | |
144 | 144 | |||
145 | # Set defaults; SMF_FMRI should have been set, but just in case. | 145 | # Set defaults; SMF_FMRI should have been set, but just in case. | |
146 | if [ -z "$SMF_FMRI" ]; then | 146 | if [ -z "$SMF_FMRI" ]; then | |
147 | SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" | 147 | SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}" | |
148 | fi | 148 | fi | |
149 | server="@PREFIX@/sbin/named" | 149 | server="@PREFIX@/sbin/named" | |
150 | checkconf="@PREFIX@/sbin/named-checkconf" | 150 | checkconf="@PREFIX@/sbin/named-checkconf" | |
151 | I=`/usr/bin/basename $0` | 151 | I=`/usr/bin/basename $0` | |
152 | 152 | |||
153 | case "$method" in | 153 | case "$method" in | |
154 | 'start') | 154 | 'start') | |
155 | get_config | 155 | get_config | |
156 | 156 | |||
157 | # If chroot option is set, note zones(5) are preferred, then | 157 | # If chroot option is set, note zones(5) are preferred, then | |
158 | # configuration file lives under chroot directory. | 158 | # configuration file lives under chroot directory. | |
159 | if [ "${chroot_dir}" != "" ]; then | 159 | if [ "${chroot_dir}" != "" ]; then | |
160 | if [ "${chroot_dir}" = "/" ]; then | 160 | if [ "${chroot_dir}" = "/" ]; then | |
161 | msg="$I: chroot_dir must not be /" | 161 | msg="$I: chroot_dir must not be /" | |
162 | echo ${msg} >&2 | 162 | echo ${msg} >&2 | |
163 | /usr/bin/logger -p daemon.error ${msg} | 163 | /usr/bin/logger -p daemon.error ${msg} | |
164 | # dns-server should be placed in maintenance state. | 164 | # dns-server should be placed in maintenance state. | |
165 | exit ${SMF_EXIT_ERR_CONFIG} | 165 | exit ${SMF_EXIT_ERR_CONFIG} | |
166 | fi | 166 | fi | |
167 | 167 | |||
168 | server="env LD_NOLAZYLOAD=1 ${server}" | 168 | server="env LD_NOLAZYLOAD=1 ${server}" | |
169 | checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" | 169 | checkconf="env LD_NOLAZYLOAD=1 ${checkconf}" | |
170 | 170 | |||
171 | mkdir -p ${chroot_dir} | 171 | mkdir -p ${chroot_dir} | |
172 | 172 | |||
173 | if [ "${SMF_ZONENAME}" = "global" ]; then | 173 | if [ "${SMF_ZONENAME}" = "global" ]; then | |
174 | for dev in crypto log null poll random urandom; do | 174 | for dev in crypto log null poll random urandom; do | |
175 | rm -f ${chroot_dir}/dev/${dev} | 175 | rm -f ${chroot_dir}/dev/${dev} | |
176 | pax -rw -H -pe /dev/${dev} ${chroot_dir} | 176 | pax -rw -H -pe /dev/${dev} ${chroot_dir} | |
177 | done | 177 | done | |
178 | fi | 178 | fi | |
179 | 179 | |||
180 | missing="" | 180 | missing="" | |
181 | for dev in crypto null poll random urandom; do | 181 | for dev in crypto null poll random urandom; do | |
182 | if [ ! -e "${chroot_dir}/dev/${dev}" ]; then | 182 | if [ ! -e "${chroot_dir}/dev/${dev}" ]; then | |
183 | missing="${missing} ${dev}" | 183 | missing="${missing} ${dev}" | |
184 | fi | 184 | fi | |
185 | done | 185 | done | |
186 | 186 | |||
187 | if [ ! -z "${missing}" ]; then | 187 | if [ ! -z "${missing}" ]; then | |
188 | msg="$I: missing device nodes in ${chroot_dir}: ${missing}" | 188 | msg="$I: missing device nodes in ${chroot_dir}: ${missing}" | |
189 | echo ${msg} >&2 | 189 | echo ${msg} >&2 | |
190 | /usr/bin/logger -p daemon.err ${msg} | 190 | /usr/bin/logger -p daemon.err ${msg} | |
191 | # dns-server should be placed in maintenance state. | 191 | # dns-server should be placed in maintenance state. | |
192 | exit ${SMF_EXIT_ERR_CONFIG} | 192 | exit ${SMF_EXIT_ERR_CONFIG} | |
193 | fi | 193 | fi | |
194 | 194 | |||
195 | mount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 195 | mount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
196 | 196 | |||
197 | mkdir -p ${chroot_dir}/var/run/named | 197 | mkdir -p ${chroot_dir}/var/run/named | |
198 | chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named | 198 | chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named | |
199 | 199 | |||
200 | configuration_file=${chroot_dir}${configuration_file} | 200 | configuration_file=${chroot_dir}${configuration_file} | |
201 | rndc_config_file=${chroot_dir}${rndc_config_file} | 201 | rndc_config_file=${chroot_dir}${rndc_config_file} | |
202 | rndc_key_file=${chroot_dir}${rndc_key_file} | 202 | rndc_key_file=${chroot_dir}${rndc_key_file} | |
203 | rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" | 203 | rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}" | |
204 | else | 204 | else | |
205 | mkdir -p 0770 @VARBASE@/run/named | 205 | mkdir -p 0770 @VARBASE@/run/named | |
206 | chown ${cmduser}:${cmduser} @VARBASE@/run/named | 206 | chown ${cmduser}:${cmduser} @VARBASE@/run/named | |
207 | fi | 207 | fi | |
208 | 208 | |||
209 | # Check if the rndc config file exists. | 209 | # Check if the rndc config file exists. | |
210 | if [ ! -f ${rndc_config_file} ]; then | 210 | if [ ! -f ${rndc_config_file} ]; then | |
211 | # If not, check if the default rndc key file exists. | 211 | # If not, check if the default rndc key file exists. | |
212 | if [ ! -f ${rndc_key_file} ]; then | 212 | if [ ! -f ${rndc_key_file} ]; then | |
213 | echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 | 213 | echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2 | |
214 | @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} | 214 | @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts} | |
215 | if [ $? -ne 0 ]; then | 215 | if [ $? -ne 0 ]; then | |
216 | echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ | 216 | echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \ | |
217 | "control 'named' may fail and 'named' may report further error" \ | 217 | "control 'named' may fail and 'named' may report further error" \ | |
218 | "messages to the system log. This is not fatal. For more" \ | 218 | "messages to the system log. This is not fatal. For more" \ | |
219 | "information see rndc(1M) and rndc-confgen(1M)." >&2 | 219 | "information see rndc(1M) and rndc-confgen(1M)." >&2 | |
220 | fi | 220 | fi | |
221 | fi | 221 | fi | |
222 | fi | 222 | fi | |
223 | 223 | |||
224 | if [ ${result} = ${SMF_EXIT_OK} ]; then | 224 | if [ ${result} = ${SMF_EXIT_OK} ]; then | |
225 | ${checkconf} -z ${checkopts} | 225 | ${checkconf} -z ${checkopts} | |
226 | result=$? | 226 | result=$? | |
227 | if [ $result -ne 0 ]; then | 227 | if [ $result -ne 0 ]; then | |
228 | msg="$I: named-checkconf failed to verify configuration" | 228 | msg="$I: named-checkconf failed to verify configuration" | |
229 | echo ${msg} >&2 | 229 | echo ${msg} >&2 | |
230 | /usr/bin/logger -p daemon.error ${msg} | 230 | /usr/bin/logger -p daemon.error ${msg} | |
231 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | 231 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | |
232 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 232 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
233 | fi | 233 | fi | |
234 | # dns-server should be placed in maintenance state. | 234 | # dns-server should be placed in maintenance state. | |
235 | exit ${SMF_EXIT_ERR_CONFIG} | 235 | exit ${SMF_EXIT_ERR_CONFIG} | |
236 | fi | 236 | fi | |
237 | fi | 237 | fi | |
238 | 238 | |||
239 | if [ ${result} = ${SMF_EXIT_OK} ]; then | 239 | if [ ${result} = ${SMF_EXIT_OK} ]; then | |
240 | echo "$I: Executing: ${server} ${cmdopts}" | 240 | echo "$I: Executing: ${server} ${cmdopts}" | |
241 | # Execute named(1M) with relevant command line options. | 241 | # Execute named(1M) with relevant command line options. | |
242 | ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts} | 242 | ${server} ${cmdopts} | |
243 | result=$? | 243 | result=$? | |
244 | fi | 244 | fi | |
245 | ;; | 245 | ;; | |
246 | 'stop') | 246 | 'stop') | |
247 | get_config | 247 | get_config | |
248 | 248 | |||
249 | smf_kill_contract ${contract} TERM 1 | 249 | smf_kill_contract ${contract} TERM 1 | |
250 | [ $? -ne 0 ] && exit 1 | 250 | [ $? -ne 0 ] && exit 1 | |
251 | 251 | |||
252 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | 252 | if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then | |
253 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | 253 | umount_chroot ${chroot_dir} ${configuration_files} ${libraries} | |
254 | fi | 254 | fi | |
255 | 255 | |||
256 | ;; | 256 | ;; | |
257 | *) | 257 | *) | |
258 | echo "Usage: $I [stop|start] <instance>" >&2 | 258 | echo "Usage: $I [stop|start] <instance>" >&2 | |
259 | exit 1 | 259 | exit 1 | |
260 | ;; | 260 | ;; | |
261 | esac | 261 | esac | |
262 | exit ${result} | 262 | exit ${result} |