From owner-freebsd-stable@FreeBSD.ORG Mon Jan 5 19:28:20 2015 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 289A6446; Mon, 5 Jan 2015 19:28:20 +0000 (UTC) Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 90D5566C40; Mon, 5 Jan 2015 19:28:19 +0000 (UTC) Received: from mh0.gentlemail.de (mh0.gentlemail.de [IPv6:2a00:e10:2800::a135]) by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id t05JSFTm013773; Mon, 5 Jan 2015 20:28:15 +0100 (CET) (envelope-from freebsd@omnilan.de) Received: from titan.inop.mo1.omnilan.net (titan.inop.mo1.omnilan.net [IPv6:2001:a60:f0bb:1::3:1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mh0.gentlemail.de (Postfix) with ESMTPSA id 0553F2FC; Mon, 5 Jan 2015 20:28:14 +0100 (CET) Message-ID: <54AAE5CE.7050408@omnilan.de> Date: Mon, 05 Jan 2015 20:28:14 +0100 From: Harry Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? References: <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> <20131205083044.GN29825@droso.dk> <20131209112232.GR29825@droso.dk> In-Reply-To: <20131209112232.GR29825@droso.dk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]); Mon, 05 Jan 2015 20:28:15 +0100 (CET) X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: ; Sender-helo: mh0.gentlemail.de; ) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jan 2015 19:28:20 -0000 Bezüglich Erwin Lansing's Nachricht vom 09.12.2013 12:22 (localtime): > On Thu, Dec 05, 2013 at 11:34:31AM -0600, Greg Rivers wrote: >> On Thu, 5 Dec 2013, Erwin Lansing wrote: >>> Thanks Greg, and thanks for the feedback. I did make sure that the >>> chroot still is supported on existing 8 and 9 systems, so the move will >>> be another part in the upgrade procedure to a new major release and >>> lessen the pain a bit. Let me have another look into reintroducing the >>> chroot bits in a less complicated way. It may not be exactly the same >>> as before but hopefully can be done in a backwards compatible way. >>> >> Thank you Erwin. Let me know if I can help in any way. >> > Sorry for the delay. I've spent too much time already on this. The > problem is that there are several assumption to how the paths are formed > in both the ports Makefile (and thus things like pkg-plist and used to > generate the configuration files) and the rc script that sets up the > chroot. Fixing one, breaks the other, so some more magic is required. > I hacked up the original chroot code enough that it sets up the chroot, > copies in the confiruation files, etc. but then ends up that the > configuration files were generated on the assumption that is was a > normal port prefix and thus expect things to be in > /var/named/usr/local/etc/named/... which is of course a fine chroot, but > not compatible with the pre-10 setup. > > I think a complete rewrite is needed to do this right, for which I don't > have time over the next few days. The net/isc-dhcp*-server ports might Unfortunately I don't have time too, but various other mentioned work-arrounds/replacements isn't what I need/want, personlly. So I spent some time reenabling auto-chroot, please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196520 It just works for me, haven't done much testing. Most of the routines are taken from former base rc.d/named with little tuning. I hope this helps for the moment. -Harry