Date: Thu, 13 Dec 2018 09:06:51 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r487359 - in head/dns: bind9-devel bind9-devel/files bind911 bind911/files bind912 bind912/files bind913 bind913/files Message-ID: <201812130906.wBD96pPi056065@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Thu Dec 13 09:06:50 2018 New Revision: 487359 URL: https://svnweb.freebsd.org/changeset/ports/487359 Log: Update to 9.11.5-P1, 9.12.3-P1, 9.13.5. While there: - Don't disable symbol table generation when building WITH_DEBUG. - Try and make sure nullfs can really be used in a more robustt and centralized way. - Make sure all changes are sync'ed among all BIND9 ports. Modified: head/dns/bind9-devel/Makefile (contents, props changed) head/dns/bind9-devel/files/named.in head/dns/bind911/Makefile (contents, props changed) head/dns/bind911/distinfo (contents, props changed) head/dns/bind911/files/named.in head/dns/bind912/Makefile (contents, props changed) head/dns/bind912/distinfo (contents, props changed) head/dns/bind912/files/named.in head/dns/bind913/Makefile (contents, props changed) head/dns/bind913/distinfo (contents, props changed) head/dns/bind913/files/extrapatch-bind-min-override-ttl (contents, props changed) head/dns/bind913/files/named.in head/dns/bind913/files/patch-configure (contents, props changed) head/dns/bind913/pkg-plist (contents, props changed) Modified: head/dns/bind9-devel/Makefile ============================================================================== --- head/dns/bind9-devel/Makefile Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind9-devel/Makefile Thu Dec 13 09:06:50 2018 (r487359) @@ -9,7 +9,7 @@ PORTREVISION= 1 .else # XXX: correct version # dns/bind9xx here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 # XXX: put the ISC master_site @@ -54,7 +54,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ @@ -209,6 +208,18 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> + +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + +.if ${SSL_DEFAULT} == base +SUB_LIST+= ENGINES=/usr/lib/engines +.else +SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines +.endif # XXX: Remove post-extract: Modified: head/dns/bind9-devel/files/named.in ============================================================================== --- head/dns/bind9-devel/files/named.in Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind9-devel/files/named.in Thu Dec 13 09:06:50 2018 (r487359) @@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}" _named_confdirroot="${named_conf%/*}" _named_confdir="${named_chrootdir}${_named_confdirroot}" _named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%LOCALBASE%%/lib/engines" +_openssl_engines="%%ENGINES%%" # Needed if named.conf and rndc.conf are moved or if rndc.conf is used rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} @@ -143,19 +143,16 @@ chroot_autoupdate() fi fi - # If OpenSSL from ports, then the engines should be present in the - # chroot, named loads them after chrooting. + # The OpenSSL engines should be present in the chroot, named loads them + # after chrooting. if [ -d ${_openssl_engines} ]; then - # FIXME when 8.4 is gone see if - # security.jail.param.allow.mount.nullfs can be used. - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,20 +238,39 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 } create_file() Modified: head/dns/bind911/Makefile ============================================================================== --- head/dns/bind911/Makefile Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind911/Makefile Thu Dec 13 09:06:50 2018 (r487359) @@ -3,7 +3,7 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 1 +PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 911 @@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.5 +ISCVERSION= 9.11.5-P1 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -30,7 +30,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ @@ -191,6 +190,12 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> + +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif .if ${SSL_DEFAULT} == base SUB_LIST+= ENGINES=/usr/lib/engines Modified: head/dns/bind911/distinfo ============================================================================== --- head/dns/bind911/distinfo Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind911/distinfo Thu Dec 13 09:06:50 2018 (r487359) @@ -1,3 +1,3 @@ -TIMESTAMP = 1540325506 -SHA256 (bind-9.11.5.tar.gz) = a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 -SIZE (bind-9.11.5.tar.gz) = 8810710 +TIMESTAMP = 1544687911 +SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928 +SIZE (bind-9.11.5-P1.tar.gz) = 8814650 Modified: head/dns/bind911/files/named.in ============================================================================== --- head/dns/bind911/files/named.in Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind911/files/named.in Thu Dec 13 09:06:50 2018 (r487359) @@ -146,16 +146,13 @@ chroot_autoupdate() # The OpenSSL engines should be present in the chroot, named loads them # after chrooting. if [ -d ${_openssl_engines} ]; then - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || - [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || - [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,20 +238,39 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 } create_file() Modified: head/dns/bind912/Makefile ============================================================================== --- head/dns/bind912/Makefile Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind912/Makefile Thu Dec 13 09:06:50 2018 (r487359) @@ -5,10 +5,9 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} .if defined(BIND_TOOLS_SLAVE) # dns/bind-tools here -PORTREVISION= 1 +PORTREVISION= 0 .else -# dns/bind912 here -PORTREVISION= 2 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -33,7 +32,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= compiler:c11 cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.12.3 +ISCVERSION= 9.12.3-P1 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -43,7 +42,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ @@ -210,6 +208,12 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> + +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif .if ${SSL_DEFAULT} == base SUB_LIST+= ENGINES=/usr/lib/engines Modified: head/dns/bind912/distinfo ============================================================================== --- head/dns/bind912/distinfo Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind912/distinfo Thu Dec 13 09:06:50 2018 (r487359) @@ -1,3 +1,3 @@ -TIMESTAMP = 1540325569 -SHA256 (bind-9.12.3.tar.gz) = 0e80762631258e1c193552efa7c56c05ec5e8c2f98e4b2a3b91a61fd8d96b938 -SIZE (bind-9.12.3.tar.gz) = 8616664 +TIMESTAMP = 1544687855 +SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73 +SIZE (bind-9.12.3-P1.tar.gz) = 8625693 Modified: head/dns/bind912/files/named.in ============================================================================== --- head/dns/bind912/files/named.in Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind912/files/named.in Thu Dec 13 09:06:50 2018 (r487359) @@ -146,16 +146,13 @@ chroot_autoupdate() # The OpenSSL engines should be present in the chroot, named loads them # after chrooting. if [ -d ${_openssl_engines} ]; then - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || - [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || - [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,20 +238,39 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 } create_file() Modified: head/dns/bind913/Makefile ============================================================================== --- head/dns/bind913/Makefile Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind913/Makefile Thu Dec 13 09:06:50 2018 (r487359) @@ -5,10 +5,10 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} .if defined(BIND_TOOLS_SLAVE) # dns/bind-tools here -PORTREVISION= 1 +PORTREVISION= 0 .else # dns/bind913 here -PORTREVISION= 1 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= compiler:c11 cpe libedit ssl # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.13.4 +ISCVERSION= 9.13.5 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ @@ -198,6 +197,18 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> + +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + +.if ${SSL_DEFAULT} == base +SUB_LIST+= ENGINES=/usr/lib/engines +.else +SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines +.endif post-patch: .if defined(BIND_TOOLS_SLAVE) Modified: head/dns/bind913/distinfo ============================================================================== --- head/dns/bind913/distinfo Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind913/distinfo Thu Dec 13 09:06:50 2018 (r487359) @@ -1,3 +1,3 @@ -TIMESTAMP = 1542875991 -SHA256 (bind-9.13.4.tar.gz) = ea02107ae0b22a5b3df76d4c45bd44414f1d17731fffc07813d8e5b4ce05f95b -SIZE (bind-9.13.4.tar.gz) = 6274124 +TIMESTAMP = 1544687807 +SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b +SIZE (bind-9.13.5.tar.gz) = 6309308 Modified: head/dns/bind913/files/extrapatch-bind-min-override-ttl ============================================================================== --- head/dns/bind913/files/extrapatch-bind-min-override-ttl Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind913/files/extrapatch-bind-min-override-ttl Thu Dec 13 09:06:50 2018 (r487359) @@ -1,6 +1,6 @@ ---- bin/named/config.c.orig 2018-11-19 17:02:41 UTC +--- bin/named/config.c.orig 2018-12-07 18:44:21 UTC +++ bin/named/config.c -@@ -182,6 +182,7 @@ options {\n\ +@@ -179,6 +179,7 @@ options {\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ @@ -8,9 +8,9 @@ provide-ixfr true;\n\ qname-minimization relaxed;\n\ query-source address *;\n\ ---- bin/named/server.c.orig 2018-11-19 17:02:41 UTC +--- bin/named/server.c.orig 2018-12-07 18:44:21 UTC +++ bin/named/server.c -@@ -4116,6 +4116,11 @@ configure_view(dns_view_t *view, dns_vie +@@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; @@ -22,7 +22,7 @@ result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-11-19 17:02:41 UTC +--- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC +++ lib/dns/include/dns/view.h @@ -153,6 +153,7 @@ struct dns_view { bool requestnsid; @@ -32,7 +32,7 @@ dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2018-11-19 17:02:41 UTC +--- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC +++ lib/dns/resolver.c @@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t } @@ -47,9 +47,9 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-11-19 17:02:41 UTC +--- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC +++ lib/isccfg/namedconf.c -@@ -1921,6 +1921,7 @@ view_clauses[] = { +@@ -1900,6 +1900,7 @@ view_clauses[] = { { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, Modified: head/dns/bind913/files/named.in ============================================================================== --- head/dns/bind913/files/named.in Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind913/files/named.in Thu Dec 13 09:06:50 2018 (r487359) @@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}" _named_confdirroot="${named_conf%/*}" _named_confdir="${named_chrootdir}${_named_confdirroot}" _named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%LOCALBASE%%/lib/engines" +_openssl_engines="%%ENGINES%%" # Needed if named.conf and rndc.conf are moved or if rndc.conf is used rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} @@ -143,19 +143,16 @@ chroot_autoupdate() fi fi - # If OpenSSL from ports, then the engines should be present in the - # chroot, named loads them after chrooting. + # The OpenSSL engines should be present in the chroot, named loads them + # after chrooting. if [ -d ${_openssl_engines} ]; then - # FIXME when 8.4 is gone see if - # security.jail.param.allow.mount.nullfs can be used. - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,20 +238,39 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 } create_file() Modified: head/dns/bind913/files/patch-configure ============================================================================== --- head/dns/bind913/files/patch-configure Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind913/files/patch-configure Thu Dec 13 09:06:50 2018 (r487359) @@ -1,6 +1,6 @@ ---- configure.orig 2018-11-22 00:20:34 UTC +--- configure.orig 2018-12-07 18:44:21 UTC +++ configure -@@ -16386,27 +16386,9 @@ done +@@ -16296,27 +16296,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -16449,47 +16431,7 @@ $as_echo "no" >&6; } ;; +@@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -21015,7 +20957,7 @@ $as_echo "" >&6; } +@@ -20933,7 +20875,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). Modified: head/dns/bind913/pkg-plist ============================================================================== --- head/dns/bind913/pkg-plist Thu Dec 13 09:01:37 2018 (r487358) +++ head/dns/bind913/pkg-plist Thu Dec 13 09:06:50 2018 (r487359) @@ -250,6 +250,7 @@ include/isccfg/log.h include/isccfg/namedconf.h include/isccfg/version.h include/ns/client.h +include/ns/hooks.h include/ns/interfacemgr.h include/ns/lib.h include/ns/listenlist.h @@ -273,6 +274,7 @@ include/pkcs11/eddsa.h include/pkcs11/pkcs11.h include/pkcs11/pkcs11f.h include/pkcs11/pkcs11t.h +lib/filter-aaaa.so lib/libbind9.a lib/libdns.a lib/libirs.a @@ -306,6 +308,7 @@ man/man8/dnssec-revoke.8.gz man/man8/dnssec-settime.8.gz man/man8/dnssec-signzone.8.gz man/man8/dnssec-verify.8.gz +man/man8/filter-aaaa.8.gz man/man8/named-checkconf.8.gz man/man8/named-checkzone.8.gz man/man8/named-compilezone.8.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812130906.wBD96pPi056065>