MFH: r503955
Fix named when using plugins and chroot. BIND9 introduced plugins and migrated the filter-aaaa feature to a plugin. As it loads its plugins late in the startup process (read after chroot), the plugins need to be available in the chroot. Also, refactor the code now that a second directory need to be handled. PR: 238011 Reported by: ryan@timewasted.me
This commit is contained in:
Mathieu Arnold
parent
6be6ec9da1
commit
ebf3b1076b
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2019Q2/; revision=503956
@ -9,7 +9,7 @@ PORTREVISION= 0
|
||||
.else
|
||||
# XXX: correct version
|
||||
# dns/bind9xx here
|
||||
PORTREVISION= 0
|
||||
PORTREVISION= 2
|
||||
.endif
|
||||
CATEGORIES= dns net ipv6
|
||||
# XXX: put the ISC master_site
|
||||
|
||||
@ -143,19 +143,10 @@ chroot_autoupdate()
|
||||
fi
|
||||
fi
|
||||
|
||||
# The OpenSSL engines should be present in the chroot, named loads them
|
||||
# after chrooting.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
# The OpenSSL engines and BIND9 plugins should be present in the
|
||||
# chroot, named loads them after chrooting.
|
||||
null_mount_or_copy ${_openssl_engines}
|
||||
null_mount_or_copy %%PREFIX%%/lib/named
|
||||
|
||||
# Copy and/or update key files to the chroot /etc
|
||||
#
|
||||
@ -239,13 +230,8 @@ named_stop()
|
||||
named_poststop()
|
||||
{
|
||||
if [ -n "${named_chrootdir}" ]; then
|
||||
# if using OpenSSL from ports, unmount OpenSSL engines, if they
|
||||
# were not mounted but only copied, do nothing.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
null_umount %%PREFIX%%/lib/named
|
||||
null_umount ${_openssl_engines}
|
||||
if [ -c ${named_chrootdir}/dev/null ]; then
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
@ -273,6 +259,36 @@ can_mount()
|
||||
return 1
|
||||
}
|
||||
|
||||
null_mount_or_copy()
|
||||
{
|
||||
local dir
|
||||
dir=$1
|
||||
|
||||
if [ -d ${dir} ]; then
|
||||
mkdir -p ${named_chrootdir}${dir}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${dir} ${named_chrootdir}${dir}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
cp -f ${dir}/*.so ${named_chrootdir}${dir}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
null_umount()
|
||||
{
|
||||
local dir
|
||||
dir=$1
|
||||
|
||||
if [ -d ${dir} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${dir}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
create_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
|
||||
@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
|
||||
PORTREVISION= 0
|
||||
.else
|
||||
# dns/bind913 here
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
.endif
|
||||
CATEGORIES= dns net ipv6
|
||||
MASTER_SITES= ISC/bind9/${ISCVERSION}
|
||||
|
||||
@ -143,19 +143,10 @@ chroot_autoupdate()
|
||||
fi
|
||||
fi
|
||||
|
||||
# The OpenSSL engines should be present in the chroot, named loads them
|
||||
# after chrooting.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
# The OpenSSL engines and BIND9 plugins should be present in the
|
||||
# chroot, named loads them after chrooting.
|
||||
null_mount_or_copy ${_openssl_engines}
|
||||
null_mount_or_copy %%PREFIX%%/lib/named
|
||||
|
||||
# Copy and/or update key files to the chroot /etc
|
||||
#
|
||||
@ -239,13 +230,8 @@ named_stop()
|
||||
named_poststop()
|
||||
{
|
||||
if [ -n "${named_chrootdir}" ]; then
|
||||
# if using OpenSSL from ports, unmount OpenSSL engines, if they
|
||||
# were not mounted but only copied, do nothing.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
null_umount %%PREFIX%%/lib/named
|
||||
null_umount ${_openssl_engines}
|
||||
if [ -c ${named_chrootdir}/dev/null ]; then
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
@ -273,6 +259,36 @@ can_mount()
|
||||
return 1
|
||||
}
|
||||
|
||||
null_mount_or_copy()
|
||||
{
|
||||
local dir
|
||||
dir=$1
|
||||
|
||||
if [ -d ${dir} ]; then
|
||||
mkdir -p ${named_chrootdir}${dir}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${dir} ${named_chrootdir}${dir}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
cp -f ${dir}/*.so ${named_chrootdir}${dir}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
null_umount()
|
||||
{
|
||||
local dir
|
||||
dir=$1
|
||||
|
||||
if [ -d ${dir} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${dir}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
create_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user