Bug#867187: update chroot script to mount bind systemd notify socket

[Simon Deziel]

Package: unbound
Version: 1.6.4-1

With the new systemd service using Type=notify, the chroot setup needs
to mount bind the systemd notify socket in the chroot and umount it on
service stop. Please find a patch that does that.

Regards,
Simon

commit e4ae81cbf04194cea140ce4966b701449b5f823a
Author: Simon Deziel <si...@sdeziel.info>
Date:   Tue Jul 4 04:39:23 2017 +0000

    systemd: add/remove notify socket inside chroot

diff --git a/debian/package-helper b/debian/package-helper
index 5b4264f..0b3ba37 100755
--- a/debian/package-helper
+++ b/debian/package-helper
@@ -60,6 +60,17 @@ do_chroot_setup() {
         rm -rf $CHROOT_DIR/$UNBOUND_BASE_DIR && mkdir -p $CHROOT_DIR/$UNBOUND_BASE_DIR
         cd /
         tar -cf - $(echo $UNBOUND_BASE_DIR | sed 's/^\///') | (cd $CHROOT_DIR && tar -xf -)
+        if [ -S "/run/systemd/notify" ]; then
+            mkdir -p "$CHROOT_DIR/run/systemd"
+            touch "$CHROOT_DIR/run/systemd/notify"
+            mount --bind "/run/systemd/notify" "$CHROOT_DIR/run/systemd/notify"
+        fi
+    fi
+}
+
+do_chroot_teardown() {
+    if [ -d "$CHROOT_DIR" ] && mountpoint -q "$CHROOT_DIR/run/systemd/notify"; then
+        umount "$CHROOT_DIR/run/systemd/notify"
     fi
 }
 
@@ -93,15 +104,20 @@ case "$1" in
         ;;
 
     chroot_setup)
+        do_chroot_teardown
         do_chroot_setup
         ;;
 
+    chroot_teardown)
+        do_chroot_teardown
+        ;;
+
     root_trust_anchor_update)
         do_root_trust_anchor_update
         ;;
 
     *)
-        echo "Usage: $0 {resolvconf_start|resolvconf_stop|chroot_setup|root_trust_anchor_update}" >&2
+        echo "Usage: $0 {resolvconf_start|resolvconf_stop|chroot_setup|chroot_teardown|root_trust_anchor_update}" >&2
         exit 1
         ;;
 esac
diff --git a/debian/unbound.init b/debian/unbound.init
index 5519daf..d6da999 100644
--- a/debian/unbound.init
+++ b/debian/unbound.init
@@ -44,6 +44,7 @@ case "$1" in
         log_daemon_msg "Stopping $DESC" "$NAME"
         if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME --retry 5; then
             $HELPER resolvconf_stop
+            $HELPER chroot_teardown
             log_end_msg 0
         else
             log_end_msg 1
diff --git a/debian/unbound.service b/debian/unbound.service
index 2727f07..e20aa56 100644
--- a/debian/unbound.service
+++ b/debian/unbound.service
@@ -12,6 +12,7 @@ EnvironmentFile=-/etc/default/unbound
 ExecStartPre=-/usr/lib/unbound/package-helper chroot_setup
 ExecStartPre=-/usr/lib/unbound/package-helper root_trust_anchor_update
 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS
+ExecStopPost=-/usr/lib/unbound/package-helper chroot_teardown
 ExecReload=/usr/sbin/unbound-control reload
 
 [Install]

signature.asc
Description: OpenPGP digital signature