| 1 |
commit: 76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c |
| 2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Sep 14 22:00:12 2018 +0000 |
| 4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Sep 14 22:03:47 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76a0fe9a |
| 7 |
|
| 8 |
net-dns/unbound: runscript rewritten |
| 9 |
|
| 10 |
- "need net" changed to "use net". If you need to bind service to a specific |
| 11 |
interface or address add 'rc_need="<interface>"' in /etc/conf.d/<unbound>. |
| 12 |
|
| 13 |
- Use "/run" instead of "/var/run". |
| 14 |
|
| 15 |
- Verify daemon is really up and running. |
| 16 |
|
| 17 |
- It is now possible to pass any by start-stop-daemon supported arguments |
| 18 |
to start-stop-daemon. |
| 19 |
|
| 20 |
- It is now possible to preserve unbound's cache. [Bug 632644] |
| 21 |
|
| 22 |
Closes: https://bugs.gentoo.org/632644 |
| 23 |
Package-Manager: Portage-2.3.49, Repoman-2.3.10 |
| 24 |
|
| 25 |
net-dns/unbound/files/unbound-r1.confd | 36 +++++++++ |
| 26 |
net-dns/unbound/files/unbound-r1.initd | 137 ++++++++++++++++++++++++++++++++ |
| 27 |
net-dns/unbound/unbound-1.7.3-r1.ebuild | 6 +- |
| 28 |
net-dns/unbound/unbound-1.8.0-r1.ebuild | 11 ++- |
| 29 |
4 files changed, 184 insertions(+), 6 deletions(-) |
| 30 |
|
| 31 |
diff --git a/net-dns/unbound/files/unbound-r1.confd b/net-dns/unbound/files/unbound-r1.confd |
| 32 |
new file mode 100644 |
| 33 |
index 00000000000..c86c65c6496 |
| 34 |
--- /dev/null |
| 35 |
+++ b/net-dns/unbound/files/unbound-r1.confd |
| 36 |
@@ -0,0 +1,36 @@ |
| 37 |
+# /etc/conf.d/unbound |
| 38 |
+ |
| 39 |
+# Configuration file |
| 40 |
+#UNBOUND_CONFFILE="/etc/unbound/unbound.conf" |
| 41 |
+ |
| 42 |
+# PID file |
| 43 |
+# This is a fallback value which should NOT be changed. If you ever need |
| 44 |
+# to change PID file, please change value in configuration file instead! |
| 45 |
+#UNBOUND_PIDFILE="/run/unbound.pid" |
| 46 |
+ |
| 47 |
+# You can use this configuration option to pass additional options to the |
| 48 |
+# start-stop-daemon, see start-stop-daemon(8) for more details. |
| 49 |
+# Per default we wait 1000ms after we have started the service to ensure |
| 50 |
+# that the daemon is really up and running. |
| 51 |
+#UNBOUND_SSDARGS="--wait 1000" |
| 52 |
+ |
| 53 |
+# The termination timeout (start-stop-daemon parameter "retry") ensures |
| 54 |
+# that the service will be terminated within a given time (25 + 5 seconds |
| 55 |
+# per default) when you are stopping the service. |
| 56 |
+#UNBOUND_TERMTIMEOUT="TERM/25/KILL/5" |
| 57 |
+ |
| 58 |
+# Options to unbound |
| 59 |
+# See unbound(8) for more details |
| 60 |
+# Notes: |
| 61 |
+# * Do not specify another CONFIGFILE but use the variable above to change the location |
| 62 |
+#UNBOUND_OPTS="" |
| 63 |
+ |
| 64 |
+# If you want to preserve unbound's cache, set the following variable to |
| 65 |
+# a non-zero value. In this case unbound's cache will be dumped to disk |
| 66 |
+# before shutdown and loaded right after start. |
| 67 |
+# To be able to dump and load cache you have to set up keys (use `unbound-control-setup`) |
| 68 |
+# and need to set 'control-enable: yes' in your configuration! |
| 69 |
+# WARNING: If you don't know what you are doing you should NOT use this |
| 70 |
+# feature. Loading the cache with old or wrong data can result in |
| 71 |
+# old or wrong data being returned to clients. |
| 72 |
+#UNBOUND_PRESERVE_CACHE="" |
| 73 |
|
| 74 |
diff --git a/net-dns/unbound/files/unbound-r1.initd b/net-dns/unbound/files/unbound-r1.initd |
| 75 |
new file mode 100644 |
| 76 |
index 00000000000..54886d1f47a |
| 77 |
--- /dev/null |
| 78 |
+++ b/net-dns/unbound/files/unbound-r1.initd |
| 79 |
@@ -0,0 +1,137 @@ |
| 80 |
+#!/sbin/openrc-run |
| 81 |
+# Copyright 1999-2018 Gentoo Foundation |
| 82 |
+# Distributed under the terms of the GNU General Public License v2 |
| 83 |
+ |
| 84 |
+UNBOUND_BINARY=${UNBOUND_BINARY:-"/usr/sbin/unbound"} |
| 85 |
+UNBOUND_CACHEFILE=${UNBOUND_CACHEFILE:-"/var/lib/unbound/${SVCNAME}.cache"} |
| 86 |
+UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-"/usr/sbin/unbound-checkconf"} |
| 87 |
+UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-"/etc/unbound/${SVCNAME}.conf"} |
| 88 |
+UNBOUND_CONTROL=${UNBOUND_CONTROL:-"/usr/sbin/unbound-control"} |
| 89 |
+UNBOUND_PIDFILE=${UNBOUND_PIDFILE:-"/run/unbound.pid"} |
| 90 |
+UNBOUND_SSDARGS=${UNBOUND_SSDARGS:-"--wait 1000"} |
| 91 |
+UNBOUND_TERMTIMEOUT=${UNBOUND_TERMTIMEOUT:-"TERM/25/KILL/5"} |
| 92 |
+UNBOUND_OPTS=${UNBOUND_OPTS:-""} |
| 93 |
+UNBOUND_LOAD_CACHE_TIMEOUT=${UNBOUND_LOAD_CACHE_TIMEOUT:-"30"} |
| 94 |
+ |
| 95 |
+getconfig() { |
| 96 |
+ local key="$1" |
| 97 |
+ local value_default="$2" |
| 98 |
+ local value= |
| 99 |
+ |
| 100 |
+ if service_started ; then |
| 101 |
+ value="$(service_get_value "${key}")" |
| 102 |
+ fi |
| 103 |
+ |
| 104 |
+ if [ -z "${value}" ] && [ -n "${UNBOUND_CONFFILE}" ] && [ -r "${UNBOUND_CONFFILE}" ] ; then |
| 105 |
+ value=$("${UNBOUND_CHECKCONF}" -o ${key} "${UNBOUND_CONFFILE}") |
| 106 |
+ fi |
| 107 |
+ |
| 108 |
+ if [ -z "${value}" ] ; then |
| 109 |
+ # Value not explicitly set in the configfile or configfile does not exist |
| 110 |
+ # or is not readable |
| 111 |
+ echo "${value_default}" |
| 112 |
+ else |
| 113 |
+ echo "${value}" |
| 114 |
+ fi |
| 115 |
+ |
| 116 |
+ return 0 |
| 117 |
+} |
| 118 |
+ |
| 119 |
+command=${UNBOUND_BINARY} |
| 120 |
+command_args="${UNBOUND_OPTS} -c \"${UNBOUND_CONFFILE}\"" |
| 121 |
+start_stop_daemon_args="${UNBOUND_SSDARGS}" |
| 122 |
+pidfile="$(getconfig pidfile /run/unbound.pid)" |
| 123 |
+retry="${UNBOUND_TERMTIMEOUT}" |
| 124 |
+ |
| 125 |
+required_files="${UNBOUND_CONFFILE}" |
| 126 |
+ |
| 127 |
+name="unbound daemon" |
| 128 |
+extra_commands="configtest" |
| 129 |
+extra_started_commands="reload save_cache" |
| 130 |
+description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address." |
| 131 |
+description_configtest="Run syntax tests for configuration files only." |
| 132 |
+description_reload="Kills all children and reloads the configuration." |
| 133 |
+description_save_cache="Saves the current cache to disk." |
| 134 |
+ |
| 135 |
+depend() { |
| 136 |
+ use net logger |
| 137 |
+ provide dns |
| 138 |
+ after auth-dns |
| 139 |
+} |
| 140 |
+ |
| 141 |
+configtest() { |
| 142 |
+ local _config_status= |
| 143 |
+ |
| 144 |
+ ebegin "Checking ${SVCNAME} configuration" |
| 145 |
+ "${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" 1>/dev/null 2>&1 |
| 146 |
+ _config_status=$? |
| 147 |
+ |
| 148 |
+ if [ ${_config_status} -ne 0 ] ; then |
| 149 |
+ # Run command again but this time we will show the output |
| 150 |
+ # Ugly, but ... |
| 151 |
+ "${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" |
| 152 |
+ else |
| 153 |
+ if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then |
| 154 |
+ local _is_control_enabled=$(getconfig control-enable no) |
| 155 |
+ if [ "${_is_control_enabled}" != "yes" ] ; then |
| 156 |
+ eerror "Cannot preserve cache: control-enable is 'no' in the config file!" |
| 157 |
+ _config_status=2 |
| 158 |
+ fi |
| 159 |
+ fi |
| 160 |
+ fi |
| 161 |
+ |
| 162 |
+ eend ${_config_status} "failed, please correct errors above" |
| 163 |
+} |
| 164 |
+ |
| 165 |
+save_cache() { |
| 166 |
+ if [ "${RC_CMD}" != "restart" ] ; then |
| 167 |
+ UNBOUND_PRESERVE_CACHE=1 configtest || return 1 |
| 168 |
+ fi |
| 169 |
+ |
| 170 |
+ ebegin "Saving cache to '${UNBOUND_CACHEFILE}'" |
| 171 |
+ ${UNBOUND_CONTROL} -c "${UNBOUND_CONFFILE}" dump_cache > "${UNBOUND_CACHEFILE}" |
| 172 |
+ eend $? |
| 173 |
+} |
| 174 |
+ |
| 175 |
+start_pre() { |
| 176 |
+ if [ "${RC_CMD}" != "restart" ] ; then |
| 177 |
+ configtest || return 1 |
| 178 |
+ fi |
| 179 |
+} |
| 180 |
+ |
| 181 |
+start_post() { |
| 182 |
+ if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then |
| 183 |
+ if [ -s "${UNBOUND_CACHEFILE}" ] ; then |
| 184 |
+ ebegin "Loading cache from '${UNBOUND_CACHEFILE}'" |
| 185 |
+ # Loading cache can fail which would block this runscript. |
| 186 |
+ # Using `timeout` from coreutils will be our safeguard ... |
| 187 |
+ timeout -k 5 ${UNBOUND_LOAD_CACHE_TIMEOUT} ${UNBOUND_CONTROL} -q -c "${UNBOUND_CONFFILE}" load_cache < "${UNBOUND_CACHEFILE}" |
| 188 |
+ eend $? |
| 189 |
+ else |
| 190 |
+ ewarn "Loading cache from '${UNBOUND_CACHEFILE}' skipped: File does not exists or is empty!" |
| 191 |
+ fi |
| 192 |
+ fi |
| 193 |
+ |
| 194 |
+ # It is not a fatal error if preserved cache could not be loaded |
| 195 |
+ return 0 |
| 196 |
+} |
| 197 |
+ |
| 198 |
+stop_pre() { |
| 199 |
+ if [ "${RC_CMD}" = "restart" ] ; then |
| 200 |
+ configtest || return 1 |
| 201 |
+ fi |
| 202 |
+ |
| 203 |
+ if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then |
| 204 |
+ save_cache |
| 205 |
+ fi |
| 206 |
+ |
| 207 |
+ # It is not a fatal error if cache cannot be preserved |
| 208 |
+ return 0 |
| 209 |
+} |
| 210 |
+ |
| 211 |
+reload() { |
| 212 |
+ configtest || return 1 |
| 213 |
+ ebegin "Reloading ${SVCNAME}" |
| 214 |
+ start-stop-daemon --signal HUP --pidfile "${pidfile}" |
| 215 |
+ eend $? |
| 216 |
+} |
| 217 |
|
| 218 |
diff --git a/net-dns/unbound/unbound-1.7.3-r1.ebuild b/net-dns/unbound/unbound-1.7.3-r1.ebuild |
| 219 |
index d80538d81d7..ee301c92356 100644 |
| 220 |
--- a/net-dns/unbound/unbound-1.7.3-r1.ebuild |
| 221 |
+++ b/net-dns/unbound/unbound-1.7.3-r1.ebuild |
| 222 |
@@ -103,7 +103,7 @@ multilib_src_configure() { |
| 223 |
--disable-flto \ |
| 224 |
--disable-rpath \ |
| 225 |
--with-libevent="${EPREFIX%/}"/usr \ |
| 226 |
- --with-pidfile="${EPREFIX%/}"/var/run/unbound.pid \ |
| 227 |
+ --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
| 228 |
--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
| 229 |
--with-ssl="${EPREFIX%/}"/usr \ |
| 230 |
--with-libexpat="${EPREFIX%/}"/usr |
| 231 |
@@ -118,8 +118,8 @@ multilib_src_configure() { |
| 232 |
multilib_src_install_all() { |
| 233 |
use python && python_optimize |
| 234 |
|
| 235 |
- newinitd "${FILESDIR}"/unbound.initd unbound |
| 236 |
- newconfd "${FILESDIR}"/unbound.confd unbound |
| 237 |
+ newinitd "${FILESDIR}"/unbound-r1.initd unbound |
| 238 |
+ newconfd "${FILESDIR}"/unbound-r1.confd unbound |
| 239 |
|
| 240 |
systemd_dounit "${FILESDIR}"/unbound.service |
| 241 |
systemd_dounit "${FILESDIR}"/unbound.socket |
| 242 |
|
| 243 |
diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild |
| 244 |
index 6d9dee1cdfc..f294360a6d4 100644 |
| 245 |
--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild |
| 246 |
+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild |
| 247 |
@@ -110,7 +110,7 @@ multilib_src_configure() { |
| 248 |
--enable-tfo-server \ |
| 249 |
--with-libevent="${EPREFIX%/}"/usr \ |
| 250 |
$(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
| 251 |
- --with-pidfile="${EPREFIX%/}"/var/run/unbound.pid \ |
| 252 |
+ --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
| 253 |
--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
| 254 |
--with-ssl="${EPREFIX%/}"/usr \ |
| 255 |
--with-libexpat="${EPREFIX%/}"/usr |
| 256 |
@@ -125,8 +125,8 @@ multilib_src_configure() { |
| 257 |
multilib_src_install_all() { |
| 258 |
use python && python_optimize |
| 259 |
|
| 260 |
- newinitd "${FILESDIR}"/unbound.initd unbound |
| 261 |
- newconfd "${FILESDIR}"/unbound.confd unbound |
| 262 |
+ newinitd "${FILESDIR}"/unbound-r1.initd unbound |
| 263 |
+ newconfd "${FILESDIR}"/unbound-r1.confd unbound |
| 264 |
|
| 265 |
systemd_dounit "${FILESDIR}"/unbound.service |
| 266 |
systemd_dounit "${FILESDIR}"/unbound.socket |
| 267 |
@@ -152,6 +152,11 @@ multilib_src_install_all() { |
| 268 |
"${ED%/}/etc/unbound/unbound.conf" || \ |
| 269 |
die |
| 270 |
|
| 271 |
+ # Used to store cache data |
| 272 |
+ keepdir /var/lib/${PN} |
| 273 |
+ fowners root:unbound /var/lib/${PN} |
| 274 |
+ fperms 0750 /var/lib/${PN} |
| 275 |
+ |
| 276 |
find "${ED}" -name '*.la' -delete || die |
| 277 |
if ! use static-libs ; then |
| 278 |
find "${ED}" -name "*.a" -delete || die |
Archives