commit: 76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Fri Sep 14 22:00:12 2018 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Fri Sep 14 22:03:47 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76a0fe9a
net-dns/unbound: runscript rewritten - "need net" changed to "use net". If you need to bind service to a specific interface or address add 'rc_need="<interface>"' in /etc/conf.d/<unbound>. - Use "/run" instead of "/var/run". - Verify daemon is really up and running. - It is now possible to pass any by start-stop-daemon supported arguments to start-stop-daemon. - It is now possible to preserve unbound's cache. [Bug 632644] Closes: https://bugs.gentoo.org/632644 Package-Manager: Portage-2.3.49, Repoman-2.3.10 net-dns/unbound/files/unbound-r1.confd | 36 +++++++++ net-dns/unbound/files/unbound-r1.initd | 137 ++++++++++++++++++++++++++++++++ net-dns/unbound/unbound-1.7.3-r1.ebuild | 6 +- net-dns/unbound/unbound-1.8.0-r1.ebuild | 11 ++- 4 files changed, 184 insertions(+), 6 deletions(-) diff --git a/net-dns/unbound/files/unbound-r1.confd b/net-dns/unbound/files/unbound-r1.confd new file mode 100644 index 00000000000..c86c65c6496 --- /dev/null +++ b/net-dns/unbound/files/unbound-r1.confd @@ -0,0 +1,36 @@ +# /etc/conf.d/unbound + +# Configuration file +#UNBOUND_CONFFILE="/etc/unbound/unbound.conf" + +# PID file +# This is a fallback value which should NOT be changed. If you ever need +# to change PID file, please change value in configuration file instead! +#UNBOUND_PIDFILE="/run/unbound.pid" + +# You can use this configuration option to pass additional options to the +# start-stop-daemon, see start-stop-daemon(8) for more details. +# Per default we wait 1000ms after we have started the service to ensure +# that the daemon is really up and running. +#UNBOUND_SSDARGS="--wait 1000" + +# The termination timeout (start-stop-daemon parameter "retry") ensures +# that the service will be terminated within a given time (25 + 5 seconds +# per default) when you are stopping the service. +#UNBOUND_TERMTIMEOUT="TERM/25/KILL/5" + +# Options to unbound +# See unbound(8) for more details +# Notes: +# * Do not specify another CONFIGFILE but use the variable above to change the location +#UNBOUND_OPTS="" + +# If you want to preserve unbound's cache, set the following variable to +# a non-zero value. In this case unbound's cache will be dumped to disk +# before shutdown and loaded right after start. +# To be able to dump and load cache you have to set up keys (use `unbound-control-setup`) +# and need to set 'control-enable: yes' in your configuration! +# WARNING: If you don't know what you are doing you should NOT use this +# feature. Loading the cache with old or wrong data can result in +# old or wrong data being returned to clients. +#UNBOUND_PRESERVE_CACHE="" diff --git a/net-dns/unbound/files/unbound-r1.initd b/net-dns/unbound/files/unbound-r1.initd new file mode 100644 index 00000000000..54886d1f47a --- /dev/null +++ b/net-dns/unbound/files/unbound-r1.initd @@ -0,0 +1,137 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +UNBOUND_BINARY=${UNBOUND_BINARY:-"/usr/sbin/unbound"} +UNBOUND_CACHEFILE=${UNBOUND_CACHEFILE:-"/var/lib/unbound/${SVCNAME}.cache"} +UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-"/usr/sbin/unbound-checkconf"} +UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-"/etc/unbound/${SVCNAME}.conf"} +UNBOUND_CONTROL=${UNBOUND_CONTROL:-"/usr/sbin/unbound-control"} +UNBOUND_PIDFILE=${UNBOUND_PIDFILE:-"/run/unbound.pid"} +UNBOUND_SSDARGS=${UNBOUND_SSDARGS:-"--wait 1000"} +UNBOUND_TERMTIMEOUT=${UNBOUND_TERMTIMEOUT:-"TERM/25/KILL/5"} +UNBOUND_OPTS=${UNBOUND_OPTS:-""} +UNBOUND_LOAD_CACHE_TIMEOUT=${UNBOUND_LOAD_CACHE_TIMEOUT:-"30"} + +getconfig() { + local key="$1" + local value_default="$2" + local value= + + if service_started ; then + value="$(service_get_value "${key}")" + fi + + if [ -z "${value}" ] && [ -n "${UNBOUND_CONFFILE}" ] && [ -r "${UNBOUND_CONFFILE}" ] ; then + value=$("${UNBOUND_CHECKCONF}" -o ${key} "${UNBOUND_CONFFILE}") + fi + + if [ -z "${value}" ] ; then + # Value not explicitly set in the configfile or configfile does not exist + # or is not readable + echo "${value_default}" + else + echo "${value}" + fi + + return 0 +} + +command=${UNBOUND_BINARY} +command_args="${UNBOUND_OPTS} -c \"${UNBOUND_CONFFILE}\"" +start_stop_daemon_args="${UNBOUND_SSDARGS}" +pidfile="$(getconfig pidfile /run/unbound.pid)" +retry="${UNBOUND_TERMTIMEOUT}" + +required_files="${UNBOUND_CONFFILE}" + +name="unbound daemon" +extra_commands="configtest" +extra_started_commands="reload save_cache" +description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address." +description_configtest="Run syntax tests for configuration files only." +description_reload="Kills all children and reloads the configuration." +description_save_cache="Saves the current cache to disk." + +depend() { + use net logger + provide dns + after auth-dns +} + +configtest() { + local _config_status= + + ebegin "Checking ${SVCNAME} configuration" + "${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" 1>/dev/null 2>&1 + _config_status=$? + + if [ ${_config_status} -ne 0 ] ; then + # Run command again but this time we will show the output + # Ugly, but ... + "${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" + else + if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then + local _is_control_enabled=$(getconfig control-enable no) + if [ "${_is_control_enabled}" != "yes" ] ; then + eerror "Cannot preserve cache: control-enable is 'no' in the config file!" + _config_status=2 + fi + fi + fi + + eend ${_config_status} "failed, please correct errors above" +} + +save_cache() { + if [ "${RC_CMD}" != "restart" ] ; then + UNBOUND_PRESERVE_CACHE=1 configtest || return 1 + fi + + ebegin "Saving cache to '${UNBOUND_CACHEFILE}'" + ${UNBOUND_CONTROL} -c "${UNBOUND_CONFFILE}" dump_cache > "${UNBOUND_CACHEFILE}" + eend $? +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ] ; then + configtest || return 1 + fi +} + +start_post() { + if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then + if [ -s "${UNBOUND_CACHEFILE}" ] ; then + ebegin "Loading cache from '${UNBOUND_CACHEFILE}'" + # Loading cache can fail which would block this runscript. + # Using `timeout` from coreutils will be our safeguard ... + timeout -k 5 ${UNBOUND_LOAD_CACHE_TIMEOUT} ${UNBOUND_CONTROL} -q -c "${UNBOUND_CONFFILE}" load_cache < "${UNBOUND_CACHEFILE}" + eend $? + else + ewarn "Loading cache from '${UNBOUND_CACHEFILE}' skipped: File does not exists or is empty!" + fi + fi + + # It is not a fatal error if preserved cache could not be loaded + return 0 +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ] ; then + configtest || return 1 + fi + + if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then + save_cache + fi + + # It is not a fatal error if cache cannot be preserved + return 0 +} + +reload() { + configtest || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} diff --git a/net-dns/unbound/unbound-1.7.3-r1.ebuild b/net-dns/unbound/unbound-1.7.3-r1.ebuild index d80538d81d7..ee301c92356 100644 --- a/net-dns/unbound/unbound-1.7.3-r1.ebuild +++ b/net-dns/unbound/unbound-1.7.3-r1.ebuild @@ -103,7 +103,7 @@ multilib_src_configure() { --disable-flto \ --disable-rpath \ --with-libevent="${EPREFIX%/}"/usr \ - --with-pidfile="${EPREFIX%/}"/var/run/unbound.pid \ + --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ --with-ssl="${EPREFIX%/}"/usr \ --with-libexpat="${EPREFIX%/}"/usr @@ -118,8 +118,8 @@ multilib_src_configure() { multilib_src_install_all() { use python && python_optimize - newinitd "${FILESDIR}"/unbound.initd unbound - newconfd "${FILESDIR}"/unbound.confd unbound + newinitd "${FILESDIR}"/unbound-r1.initd unbound + newconfd "${FILESDIR}"/unbound-r1.confd unbound systemd_dounit "${FILESDIR}"/unbound.service systemd_dounit "${FILESDIR}"/unbound.socket diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild index 6d9dee1cdfc..f294360a6d4 100644 --- a/net-dns/unbound/unbound-1.8.0-r1.ebuild +++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild @@ -110,7 +110,7 @@ multilib_src_configure() { --enable-tfo-server \ --with-libevent="${EPREFIX%/}"/usr \ $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ - --with-pidfile="${EPREFIX%/}"/var/run/unbound.pid \ + --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ --with-ssl="${EPREFIX%/}"/usr \ --with-libexpat="${EPREFIX%/}"/usr @@ -125,8 +125,8 @@ multilib_src_configure() { multilib_src_install_all() { use python && python_optimize - newinitd "${FILESDIR}"/unbound.initd unbound - newconfd "${FILESDIR}"/unbound.confd unbound + newinitd "${FILESDIR}"/unbound-r1.initd unbound + newconfd "${FILESDIR}"/unbound-r1.confd unbound systemd_dounit "${FILESDIR}"/unbound.service systemd_dounit "${FILESDIR}"/unbound.socket @@ -152,6 +152,11 @@ multilib_src_install_all() { "${ED%/}/etc/unbound/unbound.conf" || \ die + # Used to store cache data + keepdir /var/lib/${PN} + fowners root:unbound /var/lib/${PN} + fperms 0750 /var/lib/${PN} + find "${ED}" -name '*.la' -delete || die if ! use static-libs ; then find "${ED}" -name "*.a" -delete || die
