Bug#579622: better patch for init script to automatically setup the chroot directory

Thu, 25 Aug 2011 15:27:17 -0700 

In my previous patch I was excluding the unbound_control.* files from
being copied in the chroot but this disables the unbound-control tool.
This new patch copies the files to the chroot.

Simon

--- unbound.init.orig	2011-06-23 21:14:44.989657969 -0400
+++ unbound	2011-08-25 18:08:14.299334202 -0400
@@ -19,8 +19,10 @@
 . /lib/lsb/init-functions
 
 UNBOUND_ENABLE=true
+UNBOUND_CONF=/etc/unbound/unbound.conf
+UNBOUND_BASE_DIR=$(dirname $UNBOUND_CONF)
+CHROOT_DIR=$(awk '{if ($1 ~ "^chroot" && $2 != "\"\"") print $2}' $UNBOUND_CONF|sed -e "s#\"##g")
 ROOT_TRUST_ANCHOR_UPDATE=false
-ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
 RESOLVCONF=false
 RESOLVCONF_FORWARDERS=false
 
@@ -61,7 +63,7 @@
 do_resolvconf_start() {
     if $RESOLVCONF; then
         if [ -x /sbin/resolvconf ]; then
-            unbound-checkconf -o interface | (
+            unbound-checkconf $CHROOT_DIR/$UNBOUND_CONF -o interface | (
                 default=yes
                 while read interface; do
                     default=no
@@ -88,12 +90,23 @@
     fi
 }
 
+do_chroot_setup() {
+    if [ -d "$CHROOT_DIR" -a "$CHROOT_DIR" != "$UNBOUND_BASE_DIR" ]; then
+        cd /
+        tar --overwrite -cf - $(echo $UNBOUND_BASE_DIR | sed 's#^/##') | (cd $CHROOT_DIR && tar -xf -)
+    fi
+}
+
 case "$1" in
     start)
         if $UNBOUND_ENABLE; then
+            do_chroot_setup
             if $ROOT_TRUST_ANCHOR_UPDATE; then
-                unbound-anchor -a $ROOT_TRUST_ANCHOR_FILE -v 2>&1 | logger -p daemon.info -t unbound-anchor
-                chown unbound:unbound $ROOT_TRUST_ANCHOR_FILE
+                ROOT_TRUST_ANCHOR_FILE=$(unbound-checkconf $CHROOT_DIR/$UNBOUND_CONF -o auto-trust-anchor-file)
+                if [ -n "$ROOT_TRUST_ANCHOR_FILE" ]; then
+                    unbound-anchor -a $ROOT_TRUST_ANCHOR_FILE -v 2>&1 | logger -p daemon.info -t unbound-anchor
+                    chown unbound:unbound $ROOT_TRUST_ANCHOR_FILE
+                fi
             fi
             log_daemon_msg "Starting $DESC" "$NAME"
             if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then
@@ -125,6 +138,7 @@
             start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --retry 5
             do_resolvconf_stop
             if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then
+                do_chroot_setup
                 do_resolvconf_start
                 log_end_msg 0
             else
@@ -137,6 +151,7 @@
         if $UNBOUND_ENABLE; then
             log_daemon_msg "Reloading $DESC" "$NAME"
             if start-stop-daemon --stop --pidfile $PIDFILE --signal 1; then
+                do_chroot_setup
                 log_end_msg 0
             else
                 log_end_msg 1

Reply via email to