From owner-svn-src-head@freebsd.org Wed Nov 20 23:56:22 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A8C551C5E6D; Wed, 20 Nov 2019 23:56:22 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JKN64Zqxz4Xcd; Wed, 20 Nov 2019 23:56:22 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7BC41284B; Wed, 20 Nov 2019 23:56:22 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xAKNuMTq045014; Wed, 20 Nov 2019 23:56:22 GMT (envelope-from pfg@FreeBSD.org) Received: (from pfg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id xAKNuKNO044999; Wed, 20 Nov 2019 23:56:20 GMT (envelope-from pfg@FreeBSD.org) Message-Id: <201911202356.xAKNuKNO044999@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pfg set sender to pfg@FreeBSD.org using -f From: "Pedro F. Giffuni" Date: Wed, 20 Nov 2019 23:56:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354924 - head/contrib/openresolv X-SVN-Group: head X-SVN-Commit-Author: pfg X-SVN-Commit-Paths: head/contrib/openresolv X-SVN-Commit-Revision: 354924 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 23:56:22 -0000 Author: pfg Date: Wed Nov 20 23:56:20 2019 New Revision: 354924 URL: https://svnweb.freebsd.org/changeset/base/354924 Log: MFV 354917, 354918, 354919 openresolv: update to version 3.9.2 MFC after: 3 weeks Added: head/contrib/openresolv/LICENSE - copied unchanged from r354917, vendor/openresolv/dist/LICENSE head/contrib/openresolv/README.md - copied unchanged from r354917, vendor/openresolv/dist/README.md Deleted: head/contrib/openresolv/README Modified: head/contrib/openresolv/Makefile head/contrib/openresolv/configure head/contrib/openresolv/dnsmasq.in head/contrib/openresolv/libc.in head/contrib/openresolv/named.in head/contrib/openresolv/pdns_recursor.in head/contrib/openresolv/pdnsd.in head/contrib/openresolv/resolvconf.conf head/contrib/openresolv/resolvconf.conf.5.in head/contrib/openresolv/resolvconf.in head/contrib/openresolv/unbound.in Directory Properties: head/contrib/openresolv/ (props changed) Copied: head/contrib/openresolv/LICENSE (from r354917, vendor/openresolv/dist/LICENSE) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/openresolv/LICENSE Wed Nov 20 23:56:20 2019 (r354924, copy of r354917, vendor/openresolv/dist/LICENSE) @@ -0,0 +1,23 @@ +Copyright (c) 2007-2019 Roy Marples +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. Modified: head/contrib/openresolv/Makefile ============================================================================== --- head/contrib/openresolv/Makefile Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/Makefile Wed Nov 20 23:56:20 2019 (r354924) @@ -10,6 +10,7 @@ SYSCONFDIR?= /etc LIBEXECDIR?= /libexec/resolvconf VARDIR?= /var/run/resolvconf +ECHO?= echo INSTALL?= install SED?= sed @@ -20,7 +21,7 @@ DOCMODE?= 0644 MANMODE?= 0444 RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5 -SUBSCRIBERS= libc dnsmasq named pdnsd unbound +SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound TARGET= ${RESOLVCONF} ${SUBSCRIBERS} SRCS= ${TARGET:C,$,.in,} # pmake SRCS:= ${TARGET:=.in} # gmake @@ -42,7 +43,7 @@ DISTINFOSIGN= ${DISTINFO}.asc CKSUM?= cksum -a SHA256 PGP?= netpgp -FOSSILID?= current +GITREF?= HEAD .SUFFIXES: .in @@ -79,15 +80,17 @@ maninstall: install: proginstall maninstall -import: +dist-git: + git archive --prefix=${DISTPREFIX}/ ${GITREF} | xz >${DISTFILE} + +dist-inst: + mkdir /tmp/${DISTPREFIX} + cp -RPp * /tmp/${DISTPREFIX} + (cd /tmp/${DISTPREFIX}; make clean) + tar -cvjpf ${DISTFILE} -C /tmp ${DISTPREFIX} rm -rf /tmp/${DISTPREFIX} - ${INSTALL} -d /tmp/${DISTPREFIX} - cp README ${SRCS} /tmp/${DISTPREFIX} -dist: - fossil tarball --name ${DISTPREFIX} ${FOSSILID} ${DISTFILEGZ} - gunzip -c ${DISTFILEGZ} | xz >${DISTFILE} - rm ${DISTFILEGZ} +dist: dist-git distinfo: dist rm -f ${DISTINFO} ${DISTINFOSIGN} @@ -96,3 +99,20 @@ distinfo: dist ${PGP} --clearsign --output=${DISTINFOSIGN} ${DISTINFO} chmod 644 ${DISTINFOSIGN} ls -l ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN} + +import: dist + rm -rf /tmp/${DISTPREFIX} + ${INSTALL} -d /tmp/${DISTPREFIX} + tar xvJpf ${DISTFILE} -C /tmp + +_import-src: + rm -rf ${DESTDIR}/* + ${INSTALL} -d ${DESTDIR} + cp LICENSE README.md ${SRCS} resolvconf.conf ${DESTDIR}; + cp resolvconf.8.in resolvconf.conf.5.in ${DESTDIR}; + @${ECHO} + @${ECHO} "=============================================================" + @${ECHO} "openresolv-${VERSION} imported to ${DESTDIR}" + +import-src: + ${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi` Copied: head/contrib/openresolv/README.md (from r354917, vendor/openresolv/dist/README.md) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/openresolv/README.md Wed Nov 20 23:56:20 2019 (r354924, copy of r354917, vendor/openresolv/dist/README.md) @@ -0,0 +1,64 @@ +# openresolv + +openresolv is a [resolvconf](https://en.wikipedia.org/wiki/Resolvconf) +implementation which manages `/etc/resolv.conf`. + +`/etc/resolv.conf` is a file that holds the configuration for the local +resolution of domain names. +Normally this file is either static or maintained by a local daemon, +normally a DHCP daemon. But what happens if more than one thing wants to +control the file? +Say you have wired and wireless interfaces to different subnets and run a VPN +or two on top of that, how do you say which one controls the file? +It's also not as easy as just adding and removing the nameservers each client +knows about as different clients could add the same nameservers. + +Enter resolvconf, the middleman between the network configuration services and +`/etc/resolv.conf`. +resolvconf itself is just a script that stores, removes and lists a full +`resolv.conf` generated for the interface. It then calls all the helper scripts +it knows about so it can configure the real `/etc/resolv.conf` and optionally +any local nameservers other than libc. + +## Reasons for using openresolv + +Why openresolv over the +[Debian implementation](http://qref.sourceforge.net/Debian/reference/ch-gateway.en.html#s-dns-resolvconf)? +Here's some reasons: + * Works with + [POSIX shell and userland](http://www.opengroup.org/onlinepubs/009695399) + * Does not need awk, grep or sed which means we can work without `/usr` + mounted + * Works with other init systems than Debians' out of the box + * Available as a 2 clause + [BSD license](http://www.freebsd.org/copyright/freebsd-license.html) + * Prefer configs via IF_METRIC for dynamic ordering + * Configures zones for local resolvers other than libc + +The last point is quite important, especially when running VPN systems. +Take the following resolv.conf files which have been generated by a +[DHCP client](../dhcpcd) and sent to resolvconf: + +``` +# resolv.conf from bge0 +search foo.com +nameserver 1.2.3.4 + +# resolv.conf from tap0 +domain bar.org +nameserver 5.6.7.8 +``` + +In this instance, queries for foo.com will go to 1.2.3.4 and queries for +bar.org will go to 5.6.7.8. +This does require the resolvers to be configured to pickup the resolvconf +generated configuration for them though. +openresolv ships with helpers for: + * [unbound](http://www.unbound.net/) + * [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) + * [ISC BIND](http://www.isc.org/software/bind) + * [PowerDNS Recursor](http://wiki.powerdns.com/trac) + +See the +[configuration section](https://roy.marples.name/projects/openresolv/config) +for more details. Modified: head/contrib/openresolv/configure ============================================================================== --- head/contrib/openresolv/configure Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/configure Wed Nov 20 23:56:20 2019 (r354924) @@ -44,42 +44,8 @@ for x do esac done -if [ -z "$LIBEXECDIR" ]; then - printf "Checking for directory /libexec ... " - if [ -d /libexec ]; then - echo "yes" - LIBEXECDIR=$PREFIX/libexec/resolvconf - else - echo "no" - LIBEXECDIR=$PREFIX/lib/resolvconf - fi -fi -if [ -z "$RUNDIR" ]; then - printf "Checking for directory /run ... " - if [ -d /run ]; then - echo "yes" - RUNDIR=/run - else - echo "no" - RUNDIR=/var/run - fi -fi - : ${SED:=sed} -: ${SYSCONFDIR:=$PREFIX/etc} -: ${SBINDIR:=$PREFIX/sbin} -: ${LIBEXECDIR:=$PREFIX/libexec/resolvconf} -: ${STATEDIR:=/var} -: ${RUNDIR:=$STATEDIR/run} -: ${MANDIR:=${PREFIX:-/usr}/share/man} - -eval SYSCONFDIR="$SYSCONFDIR" -eval SBINDIR="$SBINDIR" -eval LIBEXECDIR="$LIBEXECDIR" -eval VARDIR="$RUNDIR/resolvconf" -eval MANDIR="$MANDIR" - CONFIG_MK=config.mk if [ -z "$BUILD" ]; then @@ -121,7 +87,19 @@ rm -rf $CONFIG_MK echo "# $OS" >$CONFIG_MK case "$OS" in -freebsd*) +dragonfly*) + # This means /usr HAS to be mounted not via dhcpcd + : ${LIBEXECDIR:=${PREFIX:-/usr}/libexec/resolvconf} + ;; +linux*) + # cksum does't support -a and netpgp is rare + echo "CKSUM= sha256sum --tag" >>$CONFIG_MK + echo "PGP= gpg2" >>$CONFIG_MK + ;; +esac + +case "$OS" in +dragonfly*|freebsd*) # On FreeBSD, /etc/init.d/foo status returns 0 if foo is not enabled # regardless of if it's not running. # So we force onestatus to work around this silly bug. @@ -129,12 +107,42 @@ freebsd*) STATUSARG="onestatus" fi ;; -linux*) - # cksum does't support -a and netpgp is rare - echo "CKSUM= sha256sum --tag" >>$CONFIG_MK - echo "PGP= gpg2" >>$CONFIG_MK - ;; esac + + +if [ -z "$LIBEXECDIR" ]; then + printf "Checking for directory /libexec ... " + if [ -d /libexec ]; then + echo "yes" + LIBEXECDIR=$PREFIX/libexec/resolvconf + else + echo "no" + LIBEXECDIR=$PREFIX/lib/resolvconf + fi +fi +if [ -z "$RUNDIR" ]; then + printf "Checking for directory /run ... " + if [ -d /run ]; then + echo "yes" + RUNDIR=/run + else + echo "no" + RUNDIR=/var/run + fi +fi + +: ${SYSCONFDIR:=$PREFIX/etc} +: ${SBINDIR:=$PREFIX/sbin} +: ${LIBEXECDIR:=$PREFIX/libexec/resolvconf} +: ${STATEDIR:=/var} +: ${RUNDIR:=$STATEDIR/run} +: ${MANDIR:=${PREFIX:-/usr}/share/man} + +eval SYSCONFDIR="$SYSCONFDIR" +eval SBINDIR="$SBINDIR" +eval LIBEXECDIR="$LIBEXECDIR" +eval VARDIR="$RUNDIR/resolvconf" +eval MANDIR="$MANDIR" for x in SYSCONFDIR SBINDIR LIBEXECDIR VARDIR MANDIR RESTARTCMD RCDIR STATUSARG do Modified: head/contrib/openresolv/dnsmasq.in ============================================================================== --- head/contrib/openresolv/dnsmasq.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/dnsmasq.in Wed Nov 20 23:56:20 2019 (r354924) @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2007-2016 Roy Marples +# Copyright (c) 2007-2019 Roy Marples # All rights reserved # dnsmasq subscriber for resolvconf @@ -28,7 +28,7 @@ [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 -[ -z "$dnsmasq_conf" -a -z "$dnsmasq_resolv" ] && exit 0 +[ -z "${dnsmasq_conf}${dnsmasq_resolv}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " @@ -98,7 +98,7 @@ for d in $DOMAINS; do empty=false i=0 IFS=: set -- $n - while [ -n "$1" -o -n "$2" ]; do + while [ -n "$1" ] || [ -n "$2" ]; do addr="$1" shift if [ -z "$addr" ]; then @@ -184,7 +184,7 @@ if $changed; then eval $dnsmasq_restart elif [ -n "$RESTARTCMD" ]; then set -- ${dnsmasq_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${dnsmasq_service} fi @@ -206,4 +206,6 @@ if $dbus; then dbus-send --system --dest=uk.org.thekelleys.dnsmasq \ /uk/org/thekelleys/dnsmasq uk.org.thekelleys.$method \ $dbusdest + dbus-send --system --dest=uk.org.thekelleys.dnsmasq \ + /uk/org/thekelleys/dnsmasq uk.org.thekelleys.ClearCache fi Modified: head/contrib/openresolv/libc.in ============================================================================== --- head/contrib/openresolv/libc.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/libc.in Wed Nov 20 23:56:20 2019 (r354924) @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2007-2016 Roy Marples +# Copyright (c) 2007-2019 Roy Marples # All rights reserved # libc subscriber for resolvconf @@ -36,9 +36,9 @@ NL=" # sed may not be available, and this is faster on small files key_get_value() { - local key="$1" x= line= - + key="$1" shift + if [ $# -eq 0 ]; then while read -r line; do case "$line" in @@ -58,8 +58,6 @@ key_get_value() keys_remove() { - local key x line found - while read -r line; do found=false for key do @@ -79,7 +77,7 @@ local_nameservers="127.* 0.0.0.0 255.255.255.255 ::1" if [ -f "$SYSCONFDIR"/resolvconf.conf ]; then . "$SYSCONFDIR"/resolvconf.conf elif [ -d "$SYSCONFDIR"/resolvconf ]; then - SYSCONFDIR="$SYSCONFDIR/resolvconf/resolv.conf.d" + SYSCONFDIR="$SYSCONFDIR/resolvconf" base="$SYSCONFDIR/resolv.conf.d/base" if [ -f "$base" ]; then prepend_nameservers="$(key_get_value "nameserver " "$base")" @@ -98,10 +96,12 @@ fi : ${resolv_conf:=/etc/resolv.conf} : ${libc_service:=nscd} : ${list_resolv:=@SBINDIR@/resolvconf -l} -if [ "${resolv_conf_head-x}" = x -a -f "$SYSCONFDIR"/resolv.conf.head ]; then +if [ "${resolv_conf_head-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.head ] +then resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.head)" fi -if [ "${resolv_conf_tail-x}" = x -a -f "$SYSCONFDIR"/resolv.conf.tail ]; then +if [ "${resolv_conf_tail-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.tail ] +then resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.tail)" fi @@ -110,7 +110,7 @@ signature="# Generated by resolvconf" uniqify() { - local result= + result= while [ -n "$1" ]; do case " $result " in *" $1 "*);; @@ -126,7 +126,7 @@ case "${resolv_conf_passthrough:-NO}" in backup=false newest= for conf in "$IFACEDIR"/*; do - if [ -z "$newest" -o "$conf" -nt "$newest" ]; then + if [ -z "$newest" ] || [ "$conf" -nt "$newest" ]; then newest="$conf" fi done @@ -178,7 +178,7 @@ case "${resolv_conf_passthrough:-NO}" in fi [ -n "$domain" ] && newconf="${newconf}domain $domain$NL" - if [ -n "$newsearch" -a "$newsearch" != "$domain" ]; then + if [ -n "$newsearch" ] && [ "$newsearch" != "$domain" ]; then newconf="${newconf}search $newsearch$NL" fi for n in $newns; do @@ -232,7 +232,7 @@ if [ -n "$libc_restart" ]; then eval $libc_restart elif [ -n "$RESTARTCMD" ]; then set -- ${libc_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${libc_service} fi Modified: head/contrib/openresolv/named.in ============================================================================== --- head/contrib/openresolv/named.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/named.in Wed Nov 20 23:56:20 2019 (r354924) @@ -28,14 +28,14 @@ [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 -[ -z "$named_zones" -a -z "$named_options" ] && exit 0 +[ -z "${named_zones}${named_options}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " # Platform specific kludges -if [ -z "$named_service" -a -z "$named_restart" -a \ - -d "$RCDIR" -a ! -x "$RCDIR"/named ] +if [ -z "${named_service}${named_restart}" ] && + [ -d "$RCDIR" ] && ! [ -x "$RCDIR"/named ] then if [ -x "$RCDIR"/bind9 ]; then # Debian and derivatives @@ -111,7 +111,7 @@ if $changed; then eval $named_restart elif [ -n "$RESTARTCMD" ]; then set -- ${named_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${named_service} fi Modified: head/contrib/openresolv/pdns_recursor.in ============================================================================== --- head/contrib/openresolv/pdns_recursor.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/pdns_recursor.in Wed Nov 20 23:56:20 2019 (r354924) @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2009-2011 Roy Marples +# Copyright (c) 2009-2019 Roy Marples # All rights reserved # PowerDNS Recursor subscriber for resolvconf @@ -33,17 +33,14 @@ NL=" " -: ${pdns_service:=pdns_recursor} +: ${pdns_service:=pdns-recursor} newzones= -# pds_recursor does not present support global forward servers, which -# does limit it's usefulness somewhat. -# If it did, the below code can be enabled, or something like it. -#for n in $NAMESERVERS; do -# newzones="$newzones${newzones:+,}$n" -#done -#[ -n "$newzones" ] && newzones=".=$newzones$NL" +for n in $NAMESERVERS; do + newzones="$newzones${newzones:+,}$n" +done +[ -n "$newzones" ] && newzones="+.=$newzones$NL" for d in $DOMAINS; do newns= @@ -71,7 +68,7 @@ then eval $pdns_restart elif [ -n "$RESTARTCMD" ]; then set -- ${pdns_service} - eval $RESTARTCMD + eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${pdns_service} fi Modified: head/contrib/openresolv/pdnsd.in ============================================================================== --- head/contrib/openresolv/pdnsd.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/pdnsd.in Wed Nov 20 23:56:20 2019 (r354924) @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2010-2013 Roy Marples +# Copyright (c) 2010-2018 Roy Marples # All rights reserved # pdnsd subscriber for resolvconf @@ -28,7 +28,7 @@ [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 -[ -z "$pdnsd_conf" -a -z "$pdnsd_resolv" ] && exit 0 +[ -z "${pdnsd_conf}${pdnsd_resolv}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " @@ -41,14 +41,16 @@ signature_end="# End of resolvconf" # but sed may not always be available at the time. remove_markers() { - local m1="$1" m2="$2" x= line= in_marker=0 + m1="$1" + m2="$2" + in_marker=0 shift; shift if type sed >/dev/null 2>&1; then sed "/^$m1/,/^$m2/d" $@ else - for x; do - while read -r line; do + for x do + while read line; do case "$line" in "$m1"*) in_marker=1;; "$m2"*) in_marker=0;; Modified: head/contrib/openresolv/resolvconf.conf ============================================================================== --- head/contrib/openresolv/resolvconf.conf Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/resolvconf.conf Wed Nov 20 23:56:20 2019 (r354924) @@ -4,4 +4,4 @@ resolv_conf=/etc/resolv.conf # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. -#name_servers=127.0.0.1 \ No newline at end of file +#name_servers=127.0.0.1 Modified: head/contrib/openresolv/resolvconf.conf.5.in ============================================================================== --- head/contrib/openresolv/resolvconf.conf.5.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/resolvconf.conf.5.in Wed Nov 20 23:56:20 2019 (r354924) @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 29, 2016 +.Dd September 8, 2019 .Dt RESOLVCONF.CONF 5 .Os .Sh NAME @@ -64,19 +64,25 @@ Defaults to YES. .It Sy interface_order These interfaces will always be processed first. If unset, defaults to the following:- -.D1 lo lo[0-9]* +.Bd -compact -literal -offset indent +lo lo[0-9]* +.Ed .It Sy dynamic_order These interfaces will be processed next, unless they have a metric. If unset, defaults to the following:- -.D1 tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* +.Bd -compact -literal -offset indent +tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* +.Ed .It Sy inclusive_interfaces -Ignore any exlcusive marking for these interfaces. +Ignore any exclusive marking for these interfaces. This is handy when 3rd party integrations force the .Nm resolvconf -x option and you want to disable it easily. .It Sy local_nameservers If unset, defaults to the following:- -.D1 127.* 0.0.0.0 255.255.255.255 ::1 +.Bd -compact -literal -offset indent +127.* 0.0.0.0 255.255.255.255 ::1 +.Ed .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy search_domains_append @@ -118,16 +124,24 @@ The syntax is this: .Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement .Pp Example, given this resolv.conf: -.D1 domain foo.org -.D1 search foo.org dead.beef -.D1 nameserver 1.2.3.4 -.D1 nameserver 2.3.4.5 +.Bd -compact -literal -offset indent +domain foo.org +search foo.org dead.beef +nameserver 1.2.3.4 +nameserver 2.3.4.5 +.Ed and this configuaration: -.D1 replace="search/foo*/bar.com nameserver/1.2.3.4/5.6.7.8 nameserver/2.3.4.5/" +.Bd -compact -literal -offset indent +replace="search/foo*/bar.com" +replace="$replace nameserver/1.2.3.4/5.6.7.8" +replace="$replace nameserver/2.3.4.5/" +.Ed you would get this resolv.conf instead: -.D1 domain foo.org -.D1 search bar.com -.D1 nameserver 5.6.7.8 +.Bd -compact -literal -offset indent +domain foo.org +search bar.com +nameserver 5.6.7.8 +.Ed .It Sy replace_sub Works the same way as .Sy replace @@ -138,9 +152,11 @@ Using the same example resolv.conf and changing to .Sy replace_sub , you would get this resolv.conf instead: -.D1 domain foo.org -.D1 search bar.com dead.beef -.D1 nameserver 5.6.7.8 +.Bd -compact -literal -offset indent +domain foo.org +search bar.com dead.beef +nameserver 5.6.7.8 +.Ed .It Sy state_dir Override the default state directory of .Pa @VARDIR@ . @@ -195,7 +211,8 @@ Prepend search domains to the dynamically generated li openresolv ships with subscribers for the name servers .Xr dnsmasq 8 , .Xr named 8 , -.Xr pdnsd 8 +.Xr pdnsd 8 , +.Xr pdns_recursor 8 , and .Xr unbound 8 . Each subscriber can create configuration files which should be included in @@ -203,7 +220,9 @@ in the subscribers main configuration file. .Pp To disable a subscriber, simply set it's name to NO. For example, to disable the libc subscriber you would set: -.D1 libc=NO +.Bd -compact -literal -offset indent +libc=NO +.Ed .Bl -tag -width indent .It Sy dnsmasq_conf This file tells dnsmasq which name servers to use for specific domains. @@ -211,17 +230,21 @@ This file tells dnsmasq which name servers to use for This file tells dnsmasq which name servers to use for global lookups. .Pp Example resolvconf.conf for dnsmasq: -.D1 name_servers=127.0.0.1 -.D1 dnsmasq_conf=/etc/dnsmasq-conf.conf -.D1 dnsmasq_resolv=/etc/dnsmasq-resolv.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +dnsmasq_conf=/etc/dnsmasq-conf.conf +dnsmasq_resolv=/etc/dnsmasq-resolv.conf +.Ed .Pp Example dnsmasq.conf: -.D1 listen-address=127.0.0.1 -.D1 # If dnsmasq is compiled for DBus then we can take -.D1 # advantage of not having to restart dnsmasq. -.D1 enable-dbus -.D1 conf-file=/etc/dnsmasq-conf.conf -.D1 resolv-file=/etc/dnsmasq-resolv.conf +.Bd -compact -literal -offset indent +listen-address=127.0.0.1 +# If dnsmasq is compiled for DBus then we can take +# advantage of not having to restart dnsmasq. +enable-dbus +conf-file=/etc/dnsmasq-conf.conf +resolv-file=/etc/dnsmasq-resolv.conf +.Ed .It Sy named_options Include this file in the named options block. This file tells named which name servers to use for global lookups. @@ -230,16 +253,21 @@ Include this file in the named global scope, after the This file tells named which name servers to use for specific domains. .Pp Example resolvconf.conf for named: -.D1 name_servers=127.0.0.1 -.D1 named_options=/etc/named-options.conf -.D1 named_zones=/etc/named-zones.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +named_options=/etc/named-options.conf +named_zones=/etc/named-zones.conf +.Ed .Pp Example named.conf: -.D1 options { -.D1 listen-on { 127.0.0.1; }; -.D1 include "/etc/named-options.conf"; -.D1 }; -.D1 include "/etc/named-zones.conf"; +.Bd -compact -literal -offset indent +options { + listen-on { 127.0.0.1; }; + include "/etc/named-options.conf"; +}; + +include "/etc/named-zones.conf"; +.Ed .It Sy pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. @@ -253,32 +281,54 @@ If this variable is not set then it's written to .Pa pdnsd_conf . .Pp Example resolvconf.conf for pdnsd: -.D1 name_servers=127.0.0.1 -.D1 pdnsd_conf=/etc/pdnsd.conf -.D1 # pdnsd_resolv=/etc/pdnsd-resolv.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +pdnsd_conf=/etc/pdnsd.conf +# pdnsd_resolv=/etc/pdnsd-resolv.conf +.Ed .Pp Example pdnsd.conf: -.D1 global { -.D1 server_ip = 127.0.0.1; -.D1 status_ctl = on; -.D1 } -.D1 server { -.D1 # A server definition is required, even if emtpy. -.D1 label="empty"; -.D1 proxy_only=on; -.D1 # file="/etc/pdnsd-resolv.conf"; -.D1 } +.Bd -compact -literal -offset indent +global { + server_ip = 127.0.0.1; + status_ctl = on; +} +server { + # A server definition is required, even if empty. + label="empty"; + proxy_only=on; + # file="/etc/pdnsd-resolv.conf"; +} +.Ed +.It Sy pdns_zones +This file tells pdns_recursor about specific and global name servers. +.Pp +Example resolvconf.conf for pdns_recursor: +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +pdns_zones=/etc/pdns/recursor-zones.conf +.Ed +.Pp +Example recursor.conf: +.Bd -compact -literal -offset indent +allow-from=127.0.0.0/8, ::1/128 +forward-zones-file=/etc/pdns/recursor-zones.conf +.Ed .It Sy unbound_conf This file tells unbound about specific and global name servers. .It Sy unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. .Pp Example resolvconf.conf for unbound: -.D1 name_servers=127.0.0.1 -.D1 unbound_conf=/etc/unbound-resolvconf.conf +.Bd -compact -literal -offset indent +name_servers=127.0.0.1 +unbound_conf=/etc/unbound-resolvconf.conf +.Ed .Pp Example unbound.conf: -.D1 include: /etc/unbound-resolvconf.conf +.Bd -compact -literal -offset indent +include: /etc/unbound-resolvconf.conf +.Ed .El .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same @@ -292,7 +342,6 @@ Also, users could equally want to use a different vers installed by default, such as bind8 and bind9. To accommodate this, the subscribers have these files in configurable variables, documented below. -.Pp .Bl -tag -width indent .It Sy dnsmasq_service Name of the dnsmasq service. @@ -310,6 +359,10 @@ Name of the named service. Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. +.It Sy pdns_service +Command to restart the pdns_recursor service. +.It Sy pdns_restart +Command to restart the pdns_recursor service. .It Sy unbound_service Name of the unbound service. .It Sy unbound_restart Modified: head/contrib/openresolv/resolvconf.in ============================================================================== --- head/contrib/openresolv/resolvconf.in Wed Nov 20 23:49:47 2019 (r354923) +++ head/contrib/openresolv/resolvconf.in Wed Nov 20 23:56:20 2019 (r354924) @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2007-2016 Roy Marples +# Copyright (c) 2007-2019 Roy Marples # All rights reserved # Redistribution and use in source and binary forms, with or without @@ -25,7 +25,7 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. RESOLVCONF="$0" -OPENRESOLV_VERSION="3.9.0" +OPENRESOLV_VERSION="3.9.2" SYSCONFDIR=@SYSCONFDIR@ LIBEXECDIR=@LIBEXECDIR@ VARDIR=@VARDIR@ @@ -125,21 +125,22 @@ usage() # If you think otherwise, capture a DNS trace and you'll see libc # will strip it regardless. # This also solves setting up duplicate zones in our subscribers. -strip_trailing_dots() +# Also strip any comments denoted by #. +resolv_strip() { - local n= d= - - for n; do - printf "$d%s" "${n%.}" - d=" " + space= + for word; do + case "$word" in + \#*) break;; + esac + printf "%s%s" "$space${word%.}" + space=" " done printf "\n" } private_iface() { - local p - # Allow expansion cd "$IFACEDIR" @@ -168,12 +169,15 @@ private_iface() # for domain name servers, search name servers and global nameservers parse_resolv() { - local line= ns= ds= search= d= n= newns= - local new=true iface= private=false p= domain= l= islocal= - + domain= + new=true newns= + ns= + private=false + search= while read -r line; do + stripped_line="$(resolv_strip ${line#* })" case "$line" in "# resolv.conf from "*) if ${new}; then @@ -189,29 +193,32 @@ parse_resolv() "nameserver "*) islocal=false for l in $local_nameservers; do - case "${line#* }" in + case "$stripped_line" in $l) islocal=true - echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS ${line#* }\"" break ;; esac done - $islocal || ns="$ns${line#* } " + if $islocal; then + echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS $stripped_line\"" + else + ns="$ns$stripped_line " + fi ;; "domain "*) - search="$(strip_trailing_dots ${line#* })" + search="$stripped_line" if [ -z "$domain" ]; then domain="$search" echo "DOMAIN=\"$domain\"" fi ;; "search "*) - search="$(strip_trailing_dots ${line#* })" + search="$stripped_line" ;; *) [ -n "$line" ] && continue - if [ -n "$ns" -a -n "$search" ]; then + if [ -n "$ns" ] && [ -n "$search" ]; then newns= for n in $ns; do newns="$newns${newns:+,}$n" @@ -236,7 +243,7 @@ parse_resolv() uniqify() { - local result= + result= while [ -n "$1" ]; do case " $result " in *" $1 "*);; @@ -249,8 +256,8 @@ uniqify() dirname() { - local dir= OIFS="$IFS" - local IFS=/ + OIFS="$IFS" + IFS=/ set -- $@ IFS="$OIFS" if [ -n "$1" ]; then @@ -267,7 +274,7 @@ dirname() config_mkdirs() { - local e=0 f d + e=0 for f; do [ -n "$f" ] || continue d="$(dirname "$f")" @@ -295,66 +302,86 @@ detect_init() # Detect the running init system. # As systemd and OpenRC can be installed on top of legacy init # systems we try to detect them first. - local status="@STATUSARG@" + status="@STATUSARG@" : ${status:=status} - if [ -x /bin/systemctl -a -S /run/systemd/private ]; then - RESTARTCMD="if /bin/systemctl --quiet is-active \$1.service; then - /bin/systemctl restart \$1.service; -fi" - elif [ -x /usr/bin/systemctl -a -S /run/systemd/private ]; then - RESTARTCMD="if /usr/bin/systemctl --quiet is-active \$1.service; then - /usr/bin/systemctl restart \$1.service; -fi" - elif [ -x /sbin/rc-service -a \ - -s /libexec/rc/init.d/softlevel -o -s /run/openrc/softlevel ] + if [ -x /bin/systemctl ] && [ -S /run/systemd/private ]; then + RESTARTCMD=' + if /bin/systemctl --quiet is-active $1.service + then + /bin/systemctl restart $1.service + fi' + elif [ -x /usr/bin/systemctl ] && [ -S /run/systemd/private ]; then + RESTARTCMD=' + if /usr/bin/systemctl --quiet is-active $1.service + then + /usr/bin/systemctl restart $1.service + fi' + elif [ -x /sbin/rc-service ] && + { [ -s /libexec/rc/init.d/softlevel ] || + [ -s /run/openrc/softlevel ]; } then - RESTARTCMD="/sbin/rc-service -i \$1 -- -Ds restart" + RESTARTCMD='/sbin/rc-service -i $1 -- -Ds restart' elif [ -x /usr/sbin/invoke-rc.d ]; then RCDIR=/etc/init.d - RESTARTCMD="if /usr/sbin/invoke-rc.d --quiet \$1 status 1>/dev/null 2>&1; then - /usr/sbin/invoke-rc.d \$1 restart; -fi" + RESTARTCMD=' + if /usr/sbin/invoke-rc.d --quiet $1 status >/dev/null 2>&1 + then + /usr/sbin/invoke-rc.d $1 restart + fi' elif [ -x /sbin/service ]; then # Old RedHat RCDIR=/etc/init.d - RESTARTCMD="if /sbin/service \$1; then - /sbin/service \$1 restart; -fi" + RESTARTCMD=' + if /sbin/service $1; then + /sbin/service $1 restart + fi' elif [ -x /usr/sbin/service ]; then # Could be FreeBSD - RESTARTCMD="if /usr/sbin/service \$1 $status 1>/dev/null 2>&1; then - /usr/sbin/service \$1 restart; -fi" + RESTARTCMD=" + if /usr/sbin/service \$1 $status >/dev/null 2>&1 + then + /usr/sbin/service \$1 restart + fi" elif [ -x /bin/sv ]; then - RESTARTCMD="/bin/sv status \$1 >/dev/null 2>&1 && /bin/sv try-restart \$1" + RESTARTCMD='/bin/sv status $1 >/dev/null 2>&1 && + /bin/sv try-restart $1' elif [ -x /usr/bin/sv ]; then - RESTARTCMD="/usr/bin/sv status \$1 >/dev/null 2>&1 && /usr/bin/sv try-restart \$1" - elif [ -e /etc/arch-release -a -d /etc/rc.d ]; then *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***