From owner-freebsd-ports-bugs@freebsd.org Tue Oct 10 17:23:22 2017 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95AA6E38148 for ; Tue, 10 Oct 2017 17:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 82BF16502A for ; Tue, 10 Oct 2017 17:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9AHNM32015103 for ; Tue, 10 Oct 2017 17:23:22 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 222907] unbound-1.6.6 make install error line 77 plus problem with using service command Date: Tue, 10 Oct 2017 17:23:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: joeb1@a1poweruser.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 17:23:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222907 Bug ID: 222907 Summary: unbound-1.6.6 make install error line 77 plus problem with using service command Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: joeb1@a1poweruser.com Created attachment 187054 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D187054&action= =3Dedit sample quick-start file 1. Get error msg make: "/usr/ports/MK/Users/ssl.mk" line 77: You are using = an unsupported SSL provider openssl openssl is valid. This is an bug in your make file. The make structure hand= les this for you automatically. 2. The "service unbound restart" command is not working correctly. It leave= s my host in a compromised state. Getting entries in /var/log/auth.log about unsuccessfull ftp and ssh logins even though those inbound ports are blocke= d by firewall rules. When unbound started by using this console command=20 /usr/local/sbin/unbound -c /usr/local/etc/unbound/unbound.conf no longer having problems with unsuccessfull ftp and ssh login entries in /var/log/auth.log.=20=20 Local_unbound and unbound should be pretty much configured the same way. But comparing /usr/local/etc/rc.d/unbound to /etc/rc.d/local_unbound it's very easy to see their completely different. /usr/local/etc/rc.d/unbound should check the unbound.conf file looking for = the auto-trust-anchor-file parameter and if there then do the fetch anchor func= tion otherwise skip it. 3. This port is very user un-friendly. The ports system provides the files = to simply change this. A. Create a file named quick-start and populate with this text Quick unbound setup instructions=20=20=20=20=20=20=20=20=20 1. In the /etc/rc.conf file comment out this if it's there local_unbound_enable=3D"YES" add unbound_enable=3D"YES" The built-in local_unbound version can not co-exist with the port version of unbound. Select one or the other. You will need one host re-boot to enable unbound after completing the following steps 2. Delete the contents of the /etc/resolv.conf and add this line nameserver 127.0.0.1 Then make it immutable using "chflags -R schg /etc/resolv.conf" This makes it un-writable by anyone, Contents will never change. Use "ls -lo /etc/resolv.conf" to see its flags. Use "chflags -R noschg /etc/resolv.conf" to return to normal. This stops /etc/resolv.conf being refreshed at boot time with DNS information from your ISP over riding the nameserver 127.0.0.1 statement needed to drive host dns requests to unbound. 3. If you have a LAN behind this host and want those LAN device's DNS requests to also go through the hosts unbound server. Change the hosts DHCP server conf file DNS IP address to the LAN IP address assigned to the host network adapter the LAN is on. 4. unbound comes with a built-in "root zone" which negates the need=20 for a "forward-zone: section" all together. This built-in=20 "root zone" sends DNS requests to the up-stream public DSN servers. Verify that your host firewall doesn't have rules restricting port 53 to using only your ISP's DNS IP addresses.=20 5. Use service unbound restart command after making changes to the=20 content of your unbound.conf file. Note: Any unbound.conf content=20 errors causes the unbound server to not start. This means ALL DNS=20 requests go un-serviced, basically your host system and LAN users=20 are dead in the water until you fix things. The service unbound stop command results in the same thing.=20 6. Take note: The unbound man pages are not FreeBSD specific.=20 Unbound is open source software that runs on many different platforms. Some statements and ideas expressed are incorrect based on the FreeBSD way of doing things. 7. The /usr/local/etc/unbound/unbound.conf.sample file shows all the possible options available in the unbound.conf file. The defaults=20 are designed to create a running unbound server. In most all cases the following working unbound.conf file contains the default over rides necessary for a working unbound server.=20 Copy the following unbound.conf content to=20 /usr/local/etc/unbound/unbound.conf # Start of the working unbound.conf file. # Server config section. server: # For the unbound port/package version use this directory: /usr/local/etc/unbound chroot: "/usr/local/etc/unbound" chroot: "" # disable chroot pidfile: /usr/local/etc/unbound/unbound.pid # Specify the interfaces to answer queries from by ip-address. # The default is to listen to localhost (127.0.0.1 and ::1) only. # Specify 0.0.0.0 and ::0 to bind to all available interfaces. interface: ::0 # listen on all ipv6 interfaces interface: 0.0.0.0 # listen on all ipv4 interfaces # Control which clients are allowed to make (recursive) queries # to this server. Specify classless netblocks with /size and action. # By default everything is refused, except for localhost. # Example 10.0.0.0/8 is the ip address block assigned to the LAN. access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow=20 # Remote control config section. # Remote control must be enabled before the unbound-control(8) # command can be used to send commands to the running unbound server. # To enable security, execute the unbound-control-setup command=20 # to set up the keys and certificates. # This remote-control: section enables remote-control with # security disabled for use on this host only. remote-control: control-enable: yes control-interface: /var/run/unbound.ctl control-use-cert: no B. Change the Makefile to install the quick-start file into=20 /usr/local/share/doc/unbound/quick-start C. Add a pkg-message file to the make files containing this content: ######################################################################### For unbound quick setup instructions read; /usr/local/share/doc/unbound/quick-start ######################################################################### Item 3.A.7 above, you may want to just change the Make file to install that unbound.conf file directly into /usr/local/etc/unbound/unbound.conf --=20 You are receiving this mail because: You are the assignee for the bug.=