From nobody Wed Jan 18 17:02:55 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxsX35rrcz2sSF3; Wed, 18 Jan 2023 17:02:59 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4NxsX33m7Dz3hlD; Wed, 18 Jan 2023 17:02:59 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Authentication-Results: mx1.freebsd.org; none Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 30IH2u0P010891; Wed, 18 Jan 2023 09:02:56 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 30IH2toO010890; Wed, 18 Jan 2023 09:02:55 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <202301181702.30IH2toO010890@gndrsh.dnsmgr.net> Subject: Re: git: 1d577bedbae8 - main - unbound: Fix config file path In-Reply-To: <20230118164756.84556148@slippy.cwsent.com> To: Cy Schubert Date: Wed, 18 Jan 2023 09:02:55 -0800 (PST) CC: rgrimes@freebsd.org, Juraj Lutter , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Reply-To: rgrimes@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 4NxsX33m7Dz3hlD X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N > In message <202301181645.30IGj4Ra010783@gndrsh.dnsmgr.net>, "Rodney W. > Grimes" > writes: > > > > In message <202301181551.30IFpbRu010474@gndrsh.dnsmgr.net>, "Rodney W. > > > > Grimes" > > > > writes: > > > > > [ Charset UTF-8 unsupported, converting... ] > > > > > > > > > > > > > > > > > > > On 18 Jan 2023, at 16:34, Rodney W. Grimes > et> wr > > > > > ote: > > > > > > > > > > > > > > No, otis fixed it thus: > > > > > > > -#define CONFIGFILE "/usr/local/etc/unbound/unbound.conf" > > > > > > > +#define CONFIGFILE "/var/unbound/unbound.conf" > > > > > > > > > > > > > > > > > > > > > > > > > > I am suggesting that it should be > > > > > > > #define CONFIGFILE "/etc/unbound/unbound.conf" > > > > > > > > > > > > > > ALL base system configuration files *should* be relative to /etc, n > > ot /va > > > > > r. > > > > > > > > > > > > > > > > > > > Would this need any mtree changes or similar? > > > > > > > > > > No, /etc/unbound is a symbolic link already installed by the build syst > > em, > > > > > and /var/unbound is already a directory, again, installed by the build > > system > > > > > . > > > > > > > > > > This is a one line change that actually makes the /etc/unbound link wor > > k > > > > > correctly, without this change the binary has a hard coded path that ig > > nores > > > > > the > > > > > /etc/unbound symbolic link and requires a recompile if I want to move > > > > > things around, or maintanance of 2 symbolic links. > > > > > > > > > > Personally I dont see *why* unbound has a /var/unbound directory, can > > > > > someone tell me why that was done? Is this some attempt and maintainin > > g > > > > > read only root? Does unbound scribble in the config directory, or > > > > > is this simply mirroring some of the stuff that bind did? > > > > > > > > I see why it does this. Looking at usr.sbin/unbound/setup/local-unbound-s > > etu > > > > p.sh, it installs its config files in $workdir. Looking at git log > > > > 49cede74eecf4 (SVN r255809), the last paragraph in the commit log entry > > > > says: > > > > > > > > Note that these scripts place the unbound configuration files in > > > > /var/unbound rather than /etc/unbound. This is necessary so that > > > > unbound can reload its configuration while chrooted. We should > > > > probably provide symlinks in /etc. > > > > Hang on a second... where is unbound chrooted to? If it is chrooted > > to /var/unbound would it not then look for /var/unbound/var/unbound/unbound.c > > onf? > > > > I got a feeling something is not well thought out here... > > Probably and it needs someone to investigate and possibly fix. I can put > this on my todo list. I've read a few of the linux how to's on running unbound chrooted and it leads me to belive that /etc/unbound/unbound.conf is the correct value of the path to the config file. I'll also spend some ENOTIME idle cycles looking closer at what has happened here. My gut says that if unbound is running chroot to /var/unbound then the config file should live in /var/unbound/etc/unbound/unbound.conf This would mimic what I am seeing done with /var/lib/unbound on linux systems. Then the symlink at /etc would need to be updated to point to /etc/unbound -> ../var/unbound/etc/unbound -- Rod Grimes rgrimes@freebsd.org