From owner-svn-src-all@FreeBSD.ORG Mon Jan 5 15:09:02 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 087EFEBA; Mon, 5 Jan 2015 15:09:02 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E757F6707B; Mon, 5 Jan 2015 15:09:01 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t05F91rJ064802; Mon, 5 Jan 2015 15:09:01 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t05F91xw064800; Mon, 5 Jan 2015 15:09:01 GMT (envelope-from des@FreeBSD.org) Message-Id: <201501051509.t05F91xw064800@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Mon, 5 Jan 2015 15:09:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r276702 - in head: . usr.sbin/unbound/local-setup X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jan 2015 15:09:02 -0000 Author: des Date: Mon Jan 5 15:09:00 2015 New Revision: 276702 URL: https://svnweb.freebsd.org/changeset/base/276702 Log: Enable remote control using a local socket in the default configuration. Modified: head/UPDATING head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Modified: head/UPDATING ============================================================================== --- head/UPDATING Mon Jan 5 15:04:17 2015 (r276701) +++ head/UPDATING Mon Jan 5 15:09:00 2015 (r276702) @@ -31,6 +31,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20150105: + The default Unbound configuration now enables remote control + using a local socket. Users who have already enabled the + local_unbound service should regenerate their configuration + by running "service local_unbound setup" as root. + 20150102: The GNU texinfo and GNU info pages have been removed. To be able to view GNU info pages please install texinfo from ports. Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh ============================================================================== --- head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Mon Jan 5 15:04:17 2015 (r276701) +++ head/usr.sbin/unbound/local-setup/local-unbound-setup.sh Mon Jan 5 15:09:00 2015 (r276702) @@ -34,6 +34,8 @@ user="" unbound_conf="" forward_conf="" lanzones_conf="" +control_conf="" +control_socket="" workdir="" confdir="" chrootdir="" @@ -61,6 +63,8 @@ set_defaults() { : ${unbound_conf:=${workdir}/unbound.conf} : ${forward_conf:=${workdir}/forward.conf} : ${lanzones_conf:=${workdir}/lan-zones.conf} + : ${control_conf:=${workdir}/control.conf} + : ${control_socket:=/var/run/local_unbound.ctl} : ${anchor:=${workdir}/root.key} : ${pidfile:=/var/run/local_unbound.pid} : ${resolv_conf:=/etc/resolv.conf} @@ -76,7 +80,7 @@ set_defaults() { set_chrootdir() { chrootdir="${workdir}" for file in "${unbound_conf}" "${forward_conf}" \ - "${lanzones_conf}" "${anchor}" ; do + "${lanzones_conf}" "${control_conf}" "${anchor}" ; do if [ "${file#${workdir%/}/}" = "${file}" ] ; then echo "warning: ${file} is outside ${workdir}" >&2 chrootdir="" @@ -153,6 +157,14 @@ gen_resolv_conf() { } # +# Boilerplate +# +do_not_edit() { + echo "# This file was generated by $self." + echo "# Modifications will be overwritten." +} + +# # Generate resolvconf.conf so it updates forward.conf in addition to # resolv.conf. Note "in addition to" rather than "instead of", # because we still want it to update the domain name and search path @@ -160,7 +172,7 @@ gen_resolv_conf() { # the libc resolver will try unbound first. # gen_resolvconf_conf() { - echo "# Generated by $self" + do_not_edit echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}" echo "unbound_conf=\"${forward_conf}\"" echo "unbound_pid=\"${pidfile}\"" @@ -173,8 +185,7 @@ gen_resolvconf_conf() { # Generate forward.conf # gen_forward_conf() { - echo "# Generated by $self" - echo "# Do not edit this file." + do_not_edit echo "forward-zone:" echo " name: ." for forwarder ; do @@ -190,8 +201,7 @@ gen_forward_conf() { # Generate lan-zones.conf # gen_lanzones_conf() { - echo "# Generated by $self" - echo "# Do not edit this file." + do_not_edit echo "server:" echo " # Unblock reverse lookups for LAN addresses" echo " unblock-lan-zones: yes" @@ -223,10 +233,21 @@ gen_lanzones_conf() { } # +# Generate control.conf +# +gen_control_conf() { + do_not_edit + echo "remote-control:" + echo " control-enable: yes" + echo " control-interface: ${control_socket}" + echo " control-use-cert: no" +} + +# # Generate unbound.conf # gen_unbound_conf() { - echo "# Generated by $self" + do_not_edit echo "server:" echo " username: ${user}" echo " directory: ${workdir}" @@ -240,6 +261,9 @@ gen_unbound_conf() { if [ -f "${lanzones_conf}" ] ; then echo "include: ${lanzones_conf}" fi + if [ -f "${control_conf}" ] ; then + echo "include: ${control_conf}" + fi if [ -d "${confdir}" ] ; then echo "include: ${confdir}/*.conf" fi @@ -278,6 +302,8 @@ usage() { echo " -C path full path to additional configuration directory" echo " -c path full path to unbound configuration file" echo " -f path full path to forwarding configuration" + echo " -O path full path to remote control socket" + echo " -o path full path to remote control configuration" echo " -p path full path to pid file" echo " -R path full path to resolvconf.conf" echo " -r path full path to resolv.conf" @@ -296,7 +322,7 @@ main() { # # Parse and validate command-line options # - while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do + while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do case $option in a) anchor="$OPTARG" @@ -313,6 +339,12 @@ main() { n) start_unbound="no" ;; + O) + control_socket="$OPTARG" + ;; + o) + control_conf="$OPTARG" + ;; p) pidfile="$OPTARG" ;; @@ -361,7 +393,7 @@ main() { fi else local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX") - gen_forward_conf ${forwarders} >"${tmp_forward_conf}" + gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}" replace "${forward_conf}" "${tmp_forward_conf}" fi @@ -369,15 +401,22 @@ main() { # Generate lan-zones.conf. # local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") - gen_lanzones_conf >"${tmp_lanzones_conf}" + gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}" replace "${lanzones_conf}" "${tmp_lanzones_conf}" # + # Generate control.conf. + # + local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX") + gen_control_conf | unexpand >"${tmp_control_conf}" + replace "${control_conf}" "${tmp_control_conf}" + + # # Generate unbound.conf. # local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") set_chrootdir - gen_unbound_conf >"${tmp_unbound_conf}" + gen_unbound_conf | unexpand >"${tmp_unbound_conf}" replace "${unbound_conf}" "${tmp_unbound_conf}" # @@ -401,14 +440,14 @@ main() { # instead of resolv.conf. # local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX") - gen_resolvconf_conf >"${tmp_resolvconf_conf}" + gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}" replace "${resolvconf_conf}" "${tmp_resolvconf_conf}" # # Finally, rewrite resolv.conf. # local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX") - gen_resolv_conf <"${resolv_conf}" >"${tmp_resolv_conf}" + gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}" replace "${resolv_conf}" "${tmp_resolv_conf}" }