Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2021-05-02 18:35:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.1947 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Sun May 2 18:35:13 2021 rev:163 rq:889528 version:9.16.12 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2021-04-08 21:01:57.597887315 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.1947/bind.changes 2021-05-02 18:35:21.321142290 +0200 @@ -1,0 +2,12 @@ +Thu Apr 8 09:23:22 UTC 2021 - Josef M??llers <[email protected]> + +- Rewrite of named service handling to better cope with systemd + protection (see change from Thu Jan 21) by introducing a + separate script "named.prep" which runs without restrictions + prior to starting named. + Removed all references to "lwresd" as "The lightweight resolver + daemon and library (lwresd and liblwres) have been removed." + (See CHANGES, item 4707) + [bind.spec, vendor-files.tar.bz2] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.3ZzQUw/_old 2021-05-02 18:35:21.849140041 +0200 +++ /var/tmp/diff_new_pack.3ZzQUw/_new 2021-05-02 18:35:21.853140024 +0200 @@ -58,8 +58,9 @@ Source9: ftp://ftp.internic.net/domain/named.root Source40: dnszone-schema.txt Source60: dlz-schema.txt -# configuation files for systemd-tmpfiles +# configuation file for systemd-tmpfiles Source70: bind.conf +# configuation file for systemd-sysusers Source72: named.conf Patch52: named-bootconf.diff Patch56: bind-ldapdump-use-valid-host.patch @@ -93,8 +94,6 @@ BuildRequires: sysuser-tools BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(systemd) -# named.init (systemd) calls start_daemon, so require it when using systemd -Requires: (/sbin/start_daemon if systemd) %{?systemd_ordering} %sysusers_requires %else @@ -164,7 +163,7 @@ -i "${file}" } pushd vendor-files -for file in docu/README* tools/createNamedConfInclude config/{README,named.conf} init/named system/named.init sysconfig/named-named; do +for file in docu/README* config/{README,named.conf} sysconfig/named-named; do replaceStrings ${file} done popd @@ -247,7 +246,7 @@ %if %{with_systemd} for file in named; do install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service - install -m 0755 vendor-files/system/${file}.init %{buildroot}/usr/sbin/${file}.init + install -m 0755 vendor-files/system/${file}.prep %{buildroot}/%{_libexecdir}/bind/${file}.prep ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file} done install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf @@ -262,7 +261,6 @@ %endif install -m 0644 ${RPM_SOURCE_DIR}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint mv vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_localstatedir}/lib/named -install -m 0754 vendor-files/tools/createNamedConfInclude %{buildroot}/%{_datadir}/bind install -m 0755 vendor-files/tools/bind.genDDNSkey %{buildroot}/%{_bindir}/genDDNSkey cp -a vendor-files/docu/BIND.desktop %{buildroot}/%{_datadir}/susehelp/meta/Administration/System cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema @@ -337,11 +335,6 @@ %{_bindir}/systemctl daemon-reload || : fi %endif -# Create the rndc.key and named.conf.include* files so they exist when named is started -[ -e /etc/rndc.key ] || /usr/sbin/rndc-confgen -a -b 512 -[ -e /etc/named.conf.include ] || touch /etc/named.conf.include -[ -e /etc/named.conf.include.BINDconfig ] || touch /etc/named.conf.include.BINDconfig -chown named: /etc/rndc.key /etc/named.conf.include* %postun %if %{with_systemd} @@ -361,7 +354,6 @@ %attr(0644,root,root) %config /%{_sysconfdir}/slp.reg.d/bind.reg %if %{with_systemd} %config %{_unitdir}/named.service -%{_sbindir}/named.init %{_prefix}/lib/tmpfiles.d/bind.conf %{_sysusersdir}/named.conf %{_datadir}/factory @@ -386,7 +378,6 @@ %{_mandir}/man8/named.8%{ext_man} %{_mandir}/man8/filter-aaaa.8%{ext_man} %dir %{_datadir}/bind -%{_datadir}/bind/createNamedConfInclude %{_datadir}/bind/ldapdump %ghost %{_rundir}/named %{_fillupdir}/sysconfig.named-named @@ -399,6 +390,7 @@ %config %{_var}/lib/named/localhost.zone %config %{_var}/lib/named/named.root.key %dir %{_libexecdir}/bind +%{_libexecdir}/bind/named.prep %files doc -f filelist-bind-doc %dir %doc %{_defaultdocdir}/bind ++++++ bind.conf ++++++ --- /var/tmp/diff_new_pack.3ZzQUw/_old 2021-05-02 18:35:21.889139871 +0200 +++ /var/tmp/diff_new_pack.3ZzQUw/_new 2021-05-02 18:35:21.889139871 +0200 @@ -1,10 +1,10 @@ -# See tmpfiles.d(5) for details -#Type Path Mode UID GID Age Argument -d /var/lib/named 1775 root named - - -d /var/lib/named/dyn 755 named named - - -d /var/lib/named/master 755 named named - - -d /var/lib/named/slave 755 named named - - -C /var/lib/named/127.0.0.zone - - - - - -C /var/lib/named/localhost.zone - - - - - -C /var/lib/named/named.root.key - - - - - -C /var/lib/named/root.hint - - - - - +#Type Path Mode UID GID Age Argument +d /run/named 1775 root named - - +d /var/lib/named 1775 root named - - +d /var/lib/named/dyn 755 named named - - +d /var/lib/named/master 755 root root - - +d /var/lib/named/slave 755 named named - - +C /var/lib/named/127.0.0.zone - - - - - +C /var/lib/named/localhost.zone - - - - - +C /var/lib/named/named.root.key - - - - - +C /var/lib/named/root.hint - - - - - ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/config/named.conf new/vendor-files/config/named.conf --- old/vendor-files/config/named.conf 2021-02-19 10:31:51.905165699 +0100 +++ new/vendor-files/config/named.conf 2021-04-14 15:28:02.114359768 +0200 @@ -150,14 +150,11 @@ file "127.0.0.zone"; }; +# Un-comment the following line if you want to limit rndc access to and from localhost only +# include "/etc/named.d/rndc-access.conf"; -# Include the meta include file generated by createNamedConfInclude. This -# includes all files as configured in NAMED_CONF_INCLUDE_FILES from -# /etc/sysconfig/named +# Un-comment the following if you still need "/etc/named.conf.include" included. +# include "/etc/named.conf.include"; -include "/etc/named.conf.include"; - -# You can insert further zone records for your own domains below or create -# single files in /etc/named.d/ and add the file names to -# NAMED_CONF_INCLUDE_FILES. +# You can insert further zone records for your own domains below # See /usr/share/doc/packages/__BIND_PACKAGE_NAME__/README.__VENDOR__ for more details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/docu/README new/vendor-files/docu/README --- old/vendor-files/docu/README 2021-01-21 14:21:51.170658873 +0100 +++ new/vendor-files/docu/README 2021-04-14 09:18:45.618751815 +0200 @@ -4,46 +4,18 @@ Documentation and packaging structure ------------------------------------- -The BIND documentation is in the sub package bind-doc. All shared libraries -are in the bind-libs package. All DNS utilities are in the bind-utils package. -Static libraries and header files are in bind-devel. +The main named daemon binary is in the bind main package. +The BIND documentation is in the sub package bind-doc. +All shared libraries and the DNS utilities are in the bind-utils package. +As all the bind (shared) libraries are for bind-internal use only, no +development package is provided. -createNamedConfInclude ----------------------- -Each configuration file snippet enumerated in NAMED_CONF_INCLUDE_FILES of -/etc/sysconfig/named is added by this script as a single include line -statement in the file /etc/named.conf.include, if it passes a test made with -named-checkconf and isn't already included direct in /etc/named.conf. This -meta file is included at the end of the main configuration file, -/etc/named.conf. - -To include files in this way might be usefull if you set -MODIFY_NAMED_CONF_DYNAMICALLY to "yes" in /etc/sysconfig/network/config. - -The directory config/ includes some example files to illustrate this -mechanism. - -/etc/named.d/ is thought as location for additional 'named' configuration -snippets. If you place a file here you could omit the leading '/etc/named.d/' -part of the filename while adding to NAMED_CONF_INCLUDE_FILES of -/etc/sysconfig/named. - -To disable this mechanism, remove createNamedConfInclude from -NAMED_INITIALIZE_SCRIPTS in /etc/sysconfig/named and remove or disable the -include statement of the meta file at the end of the main configuration file. - -Sysconfig settings are modified by the YaST sysconfig or any other editor. - - -The BIND init script +The BIND prep script -------------------- -The init script, /etc/init.d/named or rcnamed, checks if all configurations -files are available. On absence of /etc/rndc.key or /etc/named.conf.include, -they are are created. If one of the files from NAMED_CONF_INCLUDE_FILES is -missing, the script createNamedConfInclude is called to create a new -/etc/named.conf.include file without the missing configuration snippet. +The prep script, /usr/libexec/bind/named.prep, checks if all configuration +files are available. On absence of /etc/rndc.key it will be created. rndc access @@ -53,16 +25,15 @@ limit rndc access to and from localhost only. See this file even for a less restricted example. -You have to activate this by adding rndc-access.conf to -NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named with the YaST sysconfig or -any other editor. +You have to activate this by un-commenting the appropriate "include" +directive in /etc/named.conf using your editor of choice. File permissions ---------------- File access permissions/restrictions are defined by appropriated directives -in the "named.service" and "lwresd.service" systemd unit files. +in the "named.service" systemd unit files. The BIND package uses by default /var__NSD__/named/ to store its zone files. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/docu/README-bind.chrootenv new/vendor-files/docu/README-bind.chrootenv --- old/vendor-files/docu/README-bind.chrootenv 2021-01-25 15:24:09.051584908 +0100 +++ new/vendor-files/docu/README-bind.chrootenv 2021-04-09 15:03:52.602029416 +0200 @@ -5,7 +5,5 @@ * Writing is only permitted to - /var/lib/named - /var/run - - /etc/named.conf.include - - /etc/named.conf.include.BINDconfig For further restrictions/protection mechanisms refer to the -named.service and lwresd.service unit files. +named.service unit files. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/init/lwresd new/vendor-files/init/lwresd --- old/vendor-files/init/lwresd 2021-01-21 14:24:38.658651645 +0100 +++ new/vendor-files/init/lwresd 1970-01-01 01:00:00.000000000 +0100 @@ -1,161 +0,0 @@ -#! /bin/sh -# Copyright (c) 2004-2014 SUSE Linux GmbH, Nuernberg, Germany. -# All rights reserved. -# -# Author: Lars Mueller <[email protected]> -# -# /etc/init.d/lwresd -# and its symbolic link -# /(usr/)sbin/rclwresd -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -### BEGIN INIT INFO -# Provides: lwresd -# Required-Start: $network $syslog -# Required-Stop: $network $syslog -# Should-Start: named -# Should-Stop: $null -# Default-Start: 3 5 -# Default-Stop: 0 1 2 6 -# Short-Description: Lightweight resolver daemon -# Description: Lwresd is the daemon providing name lookup services to -# clients that use the BIND lightweight resolver library. -# It is essentially a stripped-down, caching-only name -# server that answers queries using the BIND lightweight -# resolver protocol rather than the DNS protocol. -### END INIT INFO - -. /etc/rc.status -rc_reset - -# Check for missing binaries -LWRESD_BIN="/usr/sbin/lwresd" -if [ "$1" != "stop" -a ! -x ${LWRESD_BIN} ]; then - echo -n "Lightweight resolver daemon binary, ${LWRESD_BIN} is not installed! " - rc_status -s - exit 5 -fi - -# Set and check for rndc -RNDC_BIN="/usr/sbin/rndc" -test -x ${RNDC_BIN} || RNDC_BIN="" - -# Check for existence of needed config file and read it -SYSCONFIG_FILE="/etc/sysconfig/named" -test -f ${SYSCONFIG_FILE} || \ - cp -a /var/adm/fillup-templates/sysconfig.named-common ${SYSCONFIG_FILE} -. ${SYSCONFIG_FILE} - -LWRESD_PID="var/run/named/lwresd.pid" - -function warnMessage() -{ - tput bold - echo -en "\nWarning: " - tput sgr0 - echo -e "$1 " -} - -# Check if all needed configuration files exist. -function checkConfigFiles -{ - test "${checkConfigFilesCalled}" = "yes" && return - # Handle known configuration files. - test -L /var/run/named && rm /var/run/named - if [ ! -d /var/run/named ]; then - mkdir -p /var/run/named - chown named: /var/run/named - fi - export checkConfigFilesCalled="yes" -} - -case "$1" in - start) - echo -n "Starting Lightweight resolver daemon " - checkConfigFiles - startproc ${LWRESD_BIN} ${NAMED_ARGS} -u named - rc_status -v - ;; - stop) - echo -n "Shutting down Lightweight resolver daemon " - killproc -p ${LWRESD_PID} -TERM ${LWRESD_BIN} - - # trying to start lwresd before it has terminated can leave - # us without a running lwresd... - info="no"; timeout=30; rc=0; startDate=$( date +%s) - while [ ${rc} -eq 0 ]; do - checkproc -p ${LWRESD_PID} ${LWRESD_BIN} - rc=$? - if [ ${rc} -ne 0 ]; then - test "${info}" = "yes" && rc_timer_off - break - elif [ ${info} = "no" ]; then - echo -n >&2 " waiting for named to shut down " - rc_timer_on ${timeout} 63 - info="yes" - fi - if [ $(( $( date +%s) - ${startDate} )) -gt $timeout ]; then - echo -en >&2 "\nLwresd still appears to be running after $timeout seconds, sending SIGTERM" - rc=1 - killproc -p ${LWRESD_PID} -TERM ${LWRESD_BIN} - else - sleep 2 - fi - done - - rc_status -v - ;; - try-restart|condrestart) - if test "$1" = "condrestart"; then - echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" - fi - $0 status - if test $? = 0; then - $0 restart - else - rc_reset - fi - rc_status - ;; - restart) - $0 stop - $0 start - - # Remember status and be quiet - rc_status - ;; - force-reload|reload) - echo -n "Reload service Lightweight resolver daemon " - checkConfigFiles - killproc -p ${LWRESD_PID} -HUP ${LWRESD_BIN} - rc_status -v - ;; - status) - echo -n "Checking for service Lightweight resolver daemon " - checkproc -p ${LWRESD_PID} ${LWRESD_BIN} - rc_status -v - ;; - probe) - test /etc/resolv.conf -nt ${LWRESD_PID} -o \ - /etc/lwresd.conf -nt ${LWRESD_PID} && \ - echo reload - ;; - *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" - exit 1 - ;; -esac -rc_exit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/init/named new/vendor-files/init/named --- old/vendor-files/init/named 2021-01-21 14:23:40.274654165 +0100 +++ new/vendor-files/init/named 2021-03-31 16:46:55.963679204 +0200 @@ -79,7 +79,6 @@ # Add include files from named.conf. NAMED_CONF_INCLUDE_LINES=$( grep -e '^[[:space:]]*include' "${NAMED_CONF}" | cut -f 2 -d '"') for file in ${NAMED_CONF_INCLUDE_LINES}; do - test "${file}" = "${NAMED_CONF_META_INCLUDE_FILE}" && continue case "${NAMED_CONF_INCLUDE_FILES}" in *${file}*) ;; *) NAMED_CONF_INCLUDE_FILES="${NAMED_CONF_INCLUDE_FILES} ${file}" ;; @@ -88,7 +87,6 @@ fi NAMED_CHECKCONF_BIN="/usr/sbin/named-checkconf" -NAMED_CONF_META_INCLUDE_FILE_SCRIPT="/usr/share/bind/createNamedConfInclude" NAMED_PID="/var/run/named/named.pid" RNDC_BIN="/usr/sbin/rndc" @@ -99,19 +97,6 @@ exit 5 fi -# Check for NAMED_CONF_META_INCLUDE_FILE or set it to our default if we use -# the NAMED_CONF_META_INCLUDE_FILE_SCRIPT script. -if [ -z "${NAMED_CONF_META_INCLUDE_FILE}" ]; then - BASENAME_NAMED_CONF_META_INCLUDE_FILE_SCRIPT=$( basename ${NAMED_CONF_META_INCLUDE_FILE_SCRIPT}) - for script in ${NAMED_INITIALIZE_SCRIPTS}; do - if [ "${script}" = "${BASENAME_NAMED_CONF_META_INCLUDE_FILE_SCRIPT}" -o \ - "${script}" = "${NAMED_CONF_META_INCLUDE_FILE_SCRIPT}" ]; then - NAMED_CONF_META_INCLUDE_FILE="/etc/named.conf.include" - break - fi - done -fi - function warnMessage() { echo -en "\nWarning: " @@ -171,9 +156,6 @@ case "$1" in start) echo -n "Starting name server BIND " - if [ ! -e /etc/named.conf.include ]; then - touch /etc/named.conf.include - fi if [ ! -e /etc/named.d/forwarders.conf ]; then touch /etc/named.d/forwarders.conf fi @@ -233,9 +215,6 @@ if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi - if [ ! -e /etc/named.conf.include ]; then - touch /etc/named.conf.include - fi if [ ! -e /etc/named.d/forwarders.conf ]; then touch /etc/named.d/forwarders.conf fi @@ -249,9 +228,6 @@ rc_status ;; restart) - if [ ! -e /etc/named.conf.include ]; then - touch /etc/named.conf.include - fi if [ ! -e /etc/named.d/forwarders.conf ]; then touch /etc/named.d/forwarders.conf fi @@ -297,7 +273,7 @@ ;; probe) rc=0 - for configfile in ${NAMED_CONF} /etc/{localtime,rndc.key} "${NAMED_CONF_META_INCLUDE_FILE}" ${NAMED_CONF_INCLUDE_FILES}; do + for configfile in ${NAMED_CONF} /etc/{localtime,rndc.key} ${NAMED_CONF_INCLUDE_FILES}; do if [ "${configfile}" -nt ${NAMED_PID} ]; then rc=1 break diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/sysconfig/named-common new/vendor-files/sysconfig/named-common --- old/vendor-files/sysconfig/named-common 2021-01-21 14:27:46.334643547 +0100 +++ new/vendor-files/sysconfig/named-common 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -## Path: Network/DNS/Name Server -## Description: Names server settings - -# "named" and "lwresd" are now protected/restricted by appropriate directives -# in the "named.service" and "lwresd.service" systemd unit files. -# As a consequence, the NAMED_RUN_CHROOTED variable is obsolete and has been removed. - -## Type: string -## Default: "" -## ServiceRestart: lwresd,named -# -# Additional arguments when starting the name daemon with the init script -# /etc/init.d/named or rcnamed. -# -# For example "-n 2" to use two CPUs if named is unable to determine the -# number of available CPUs. -# -# See man 8 named for all available commandline options. -# -# "-t /var__NSD__/named/var" is added if NAMED_RUN_CHROOTED is set to yes. -# -# "-u named" is used in any case by the init script to run the named daemon as -# user 'named' after completing privileged operations. -# -NAMED_ARGS="" - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/sysconfig/named-named new/vendor-files/sysconfig/named-named --- old/vendor-files/sysconfig/named-named 2021-01-21 14:25:53.326648423 +0100 +++ new/vendor-files/sysconfig/named-named 2021-04-09 15:02:46.022030594 +0200 @@ -1,9 +1,12 @@ -# NOTE: "named" and "lwresd" are now protected/resticted by directives -# in the "named.service" and "lwresd.service" systemd unit files. +## Type: string +## Default: "" +## ServiceReload: named +# NOTE: "named" are now protected/resticted by directives +# in the "named.service" systemd unit files. # Therefore the NAMED_CONF_INCLUDE_FILES variable has been made obsolete ## Type: string -## Default: "createNamedConfInclude" +## Default: "" ## ServiceReload: named # # Programms to be executed each time the DNS server 'named' is started or @@ -11,5 +14,28 @@ # # Filenames can be relative to /usr/share/bind/. # -NAMED_INITIALIZE_SCRIPTS="createNamedConfInclude" +NAMED_INITIALIZE_SCRIPTS="" + +## Type: string +## Default: "" +## ServiceRestart: named +# +# Additional arguments when starting the name daemon +# +# For example "-n 2" to use two CPUs if named is unable to determine the +# number of available CPUs. +# +# See man 8 named for all available commandline options. +# +# "-u named" is used in any case by the init script to run the named daemon as +# user 'named' after completing privileged operations. +# +NAMED_ARGS="" +## Type: numeric +## Default: 512 +## ServiceReload: named +# +# Keysize of rndc.key +# +RNDC_KEYSIZE=512 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/lwresd.init new/vendor-files/system/lwresd.init --- old/vendor-files/system/lwresd.init 2021-01-21 14:29:12.602639825 +0100 +++ new/vendor-files/system/lwresd.init 1970-01-01 01:00:00.000000000 +0100 @@ -1,65 +0,0 @@ -#! /bin/sh -# Copyright (c) 2004-2018 SUSE Linux GmbH, Nuernberg, Germany. -# All rights reserved. -# -# Author: Navin Kukreja <[email protected]> - -# Check for missing binaries -LWRESD_BIN="/usr/sbin/lwresd" -if [ "$1" != "stop" -a ! -x ${LWRESD_BIN} ]; then - echo -n "Lightweight resolver daemon binary, ${LWRESD_BIN} is not installed! " - exit 5 -fi - -# Set and check for rndc -RNDC_BIN="/usr/sbin/rndc" -test -x ${RNDC_BIN} || RNDC_BIN="" - -# Check for existence of needed config file and read it -SYSCONFIG_FILE="/etc/sysconfig/named" -test -f ${SYSCONFIG_FILE} || \ - cp -a /var/adm/fillup-templates/sysconfig.named-common ${SYSCONFIG_FILE} -. ${SYSCONFIG_FILE} - -LWRESD_PID="/var/run/named/lwresd.pid" - -function warnMessage() -{ - tput bold - echo -en "\nWarning: " - tput sgr0 - echo -e "$1 " -} - -# Check if all needed configuration files exist. -function checkConfigFiles -{ - test "${checkConfigFilesCalled}" = "yes" && return - # check for /etc/rndc.key - if [ ! -f /etc/rndc.key ]; then - warnMessage "File /etc/rndc.key not found. Creating it." - /usr/sbin/rndc-confgen -a -b 512 - chmod 0640 /etc/rndc.key - chown root:named /etc/rndc.key - fi - - # Handle known configuration files. - test -L /var/run/named && rm /var/run/named - if [ ! -d /var/run/named ]; then - mkdir -p /var/run/named - chown named: /var/run/named - fi - export checkConfigFilesCalled="yes" -} - -case "$1" in - start) - echo -n "Starting Lightweight resolver daemon " - checkConfigFiles - exec ${LWRESD_BIN} ${NAMED_ARGS} -u named - ;; - *) - echo "Usage: $0 {start}" - exit 1 - ;; -esac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/lwresd.service new/vendor-files/system/lwresd.service --- old/vendor-files/system/lwresd.service 2021-01-25 14:57:34.503653713 +0100 +++ new/vendor-files/system/lwresd.service 1970-01-01 01:00:00.000000000 +0100 @@ -1,25 +0,0 @@ -[Unit] -Description=Lightweight Resolver Daemon -After=network.target -After=time-set.target -Wants=nss-lookup.target -Wants=time-set.target - -[Service] -Type=forking -ExecStart=/usr/sbin/lwresd.init start -ProtectSystem=strict -ReadWritePaths=/var/lib/named /var/run /etc/named.conf.include /etc/named.conf.include.BINDconfig -PrivateDevices=yes -PrivateTmp=yes -ProtectHome=yes -ProtectHostname=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -ProtectKernelLogs=yes -RestrictNamespaces=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes - -[Install] -WantedBy=multi-user.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.init new/vendor-files/system/named.init --- old/vendor-files/system/named.init 2021-01-21 14:30:03.954637609 +0100 +++ new/vendor-files/system/named.init 1970-01-01 01:00:00.000000000 +0100 @@ -1,182 +0,0 @@ -#! /bin/sh -# Copyright (c) 1995-2018 SUSE Linux GmbH, Nuernberg, Germany -# All rights reserved. -# -# Author: Navin Kukreja <[email protected]> - -PATH="/sbin:/usr/sbin:/bin:/usr/bin" -SYSCONFIG_FILE="/etc/sysconfig/named" -NAMED_CONF="/etc/named.conf" -NAMED_BIN="/usr/sbin/named" - -if ! [ -x "$NAMED_BIN" ]; then - case $1 in - stop) ;; - *) echo -n >&2 "$0: \"$NAMED_BIN\" is not an executable file. Exiting." - case $1 in - status) exit 4 ;; - *) exit 5 ;; - esac - ;; - esac - exit -fi - -if [ "$1" != "stop" -a "$1" != "status" ]; then - for configfile in ${SYSCONFIG_FILE} ${NAMED_CONF}; do - if [ ! -f ${configfile} ]; then - echo -n "Name server configuration file ${configfile} does not exist. " - # Tell the user this has skipped - exit 6 - fi - done - . /etc/sysconfig/named - # Ensure to work always with absolut filenames. - temp_file_list="" - for configfile in ${NAMED_CONF_INCLUDE_FILES}; do - # prepend the default include directory if the filename is - # relative - test "${configfile:0:1}" = "/" || configfile="/etc/named.d/${configfile}" - temp_file_list="${temp_file_list} ${configfile}" - done - NAMED_CONF_INCLUDE_FILES=${temp_file_list} - # Add include files from named.conf. - NAMED_CONF_INCLUDE_LINES=$( grep -e '^[[:space:]]*include' "${NAMED_CONF}" | cut -f 2 -d '"') - for file in ${NAMED_CONF_INCLUDE_LINES}; do - test "${file}" = "${NAMED_CONF_META_INCLUDE_FILE}" && continue - case "${NAMED_CONF_INCLUDE_FILES}" in - *${file}*) ;; - *) NAMED_CONF_INCLUDE_FILES="${NAMED_CONF_INCLUDE_FILES} ${file}" ;; - esac - done -fi - -NAMED_CHECKCONF_BIN="/usr/sbin/named-checkconf" -NAMED_CONF_META_INCLUDE_FILE_SCRIPT="/usr/share/bind/createNamedConfInclude" -NAMED_PID="var/run/named/named.pid" -RNDC_BIN="/usr/sbin/rndc" - -if [ ! -x ${NAMED_BIN} -a "$1" != "stop" ] ; then - echo -n "Name server, ${NAMED_BIN} not installed! " - # Tell the user this has skipped - exit 5 -fi - -# Check for NAMED_CONF_META_INCLUDE_FILE or set it to our default if we use -# the NAMED_CONF_META_INCLUDE_FILE_SCRIPT script. -if [ -z "${NAMED_CONF_META_INCLUDE_FILE}" ]; then - BASENAME_NAMED_CONF_META_INCLUDE_FILE_SCRIPT=$( basename ${NAMED_CONF_META_INCLUDE_FILE_SCRIPT}) - for script in ${NAMED_INITIALIZE_SCRIPTS}; do - if [ "${script}" = "${BASENAME_NAMED_CONF_META_INCLUDE_FILE_SCRIPT}" -o \ - "${script}" = "${NAMED_CONF_META_INCLUDE_FILE_SCRIPT}" ]; then - NAMED_CONF_META_INCLUDE_FILE="/etc/named.conf.include" - break - fi - done -fi - -function warnMessage() -{ - echo -en "\nWarning: " - echo -e "$1 " -} - -function initializeNamed -{ - rc=0 - test "${initializeNamedCalled}" = "yes" && return - for script in ${NAMED_INITIALIZE_SCRIPTS}; do - test "${script:0:1}" = "/" || script="/usr/share/bind/${script}" - ${script} - test $? -ne 0 && rc=$? - done - # We want to start each script one time only - export initializeNamedCalled="yes" - return ${rc} -} - -# Check if all needed configuration files exist. -function checkConfigFiles -{ - test "${checkConfigFilesCalled}" = "yes" && return - # check for /etc/rndc.key - if [ ! -f /etc/rndc.key ]; then - warnMessage "File /etc/rndc.key not found. Creating it." - /usr/sbin/rndc-confgen -a -b 512 - chmod 0640 /etc/rndc.key - chown root:named /etc/rndc.key - fi - - # Handle known configuration files. - test -L /var/run/named && rm /var/run/named - if [ ! -d /var/run/named ]; then - mkdir -p /var/run/named - chown named: /var/run/named - fi - export checkConfigFilesCalled="yes" -} - -# Check the syntax of our 'named' configuration. -function namedCheckConf -{ - test "${namedConfChecked}" = "yes" && return - if ! ${NAMED_CHECKCONF_BIN} ${NAMED_CHECKCONF_ARGS} >/dev/null; then - checkConfigFiles - if ! ${NAMED_CHECKCONF_BIN} ${NAMED_CHECKCONF_ARGS}; then - exit 6 - fi - fi - export namedConfChecked="yes" -} - -case "$1" in - start) - echo -n "Starting name server BIND " - if [ ! -e /etc/named.conf.include ]; then - touch /etc/named.conf.include - fi - if [ ! -e /etc/named.d/forwarders.conf ]; then - touch /etc/named.d/forwarders.conf - fi - - initializeNamed - checkConfigFiles - namedCheckConf - start_daemon -p ${NAMED_PID} ${NAMED_BIN} ${NAMED_ARGS} -u named - ;; - stop) - echo -n "Shutting down name server BIND " - if ${RNDC_BIN} status &>/dev/null; then - ${RNDC_BIN} stop - else - killproc -p ${NAMED_PID} -TERM ${NAMED_BIN} - fi - - if [ -e "/var/lib/named/proc/meminfo" ] ; then - umount "/var/lib/named/proc" - fi; - exit - ;; - restart) - $0 stop - $0 start - ;; - reload) - echo -n "Reloading name server BIND " - checkConfigFiles - namedCheckConf - initializeNamed - ${RNDC_BIN} status &>/dev/null - if [ $? -ne 0 ]; then - killproc -p ${NAMED_PID} -HUP ${NAMED_BIN} - else - ${RNDC_BIN} reload - fi - rc=$? - ( exit ${rc} ) - ;; - *) - echo "Usage: $0 {start|stop|restart|reload}" - exit 1 - ;; -esac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.prep new/vendor-files/system/named.prep --- old/vendor-files/system/named.prep 1970-01-01 01:00:00.000000000 +0100 +++ new/vendor-files/system/named.prep 2021-04-09 15:00:15.466033258 +0200 @@ -0,0 +1,63 @@ +#! /bin/bash + +SYSCONFIG_FILE="/etc/sysconfig/named" + +rc=0 + +function warnMessage() +{ + logger "Warning: $1" +} + +for configfile in ${SYSCONFIG_FILE} ${NAMED_CONF}; do + if [ ! -f ${configfile} ]; then + echo -n "Name server configuration file ${configfile} does not exist. " + # Tell the user this has skipped + [ $rc != 0 ] || rc=6 + fi +done + +. $SYSCONFIG_FILE +: ${NAMED_CHECKCONF_BIN:=/usr/sbin/named-checkconf} +: ${NAMED_CHECKCONF_ARGS:=""} +: ${ETC_RNDC_KEY:=/etc/rndc.key} +: ${NEW_RNDC_KEY:=/var/lib/named/rndc.key} +: ${RNDC_KEYSIZE:=512} +: {RNDC_BIN:="/usr/sbin/rndc"} +: ${NAMED_CONF:="/etc/named.conf"} + +# Run all scripts defined in NAMED_INITIALIZE_SCRIPTS (/etc/sysconfig/named) +for script in ${NAMED_INITIALIZE_SCRIPTS}; do + test "${script:0:1}" = "/" || script="/usr/share/bind/${script}" + [ -x "$script" ] || warnMessage "\"$script\" does not exist or is not executable" + ${script} + test $? -ne 0 && rc=$? +done + +# If /etc/rndc.key is not a symbolic link, +# relocate any existing /etc/rndc.key to /var/lib/named +# and put a symbolic link /etc/rndc.key -> /var/lib/named/rndc.key +# Note that this will also satisfy any check for /etc/rndc.key being a plain file. +if [ ! -L "$ETC_RNDC_KEY" ]; then + [ -d /var/lib/named ] || mkdir /var/lib/named + chown named: /var/lib/named + [ -f "$ETC_RNDC_KEY" ] && mv "$ETC_RNDC_KEY" "$NEW_RNDC_KEY" + ln -s "$ETC_RNDC_KEY" "$NEW_RNDC_KEY" # This may create a dangling symlink +fi +# If rndc.key does not exist in the new directory, create it +if [ ! -f $NEW_RNDC_KEY ]; then + warnMessage "File $NEW_RNDC_KEY not found. Creating it." + /usr/sbin/rndc-confgen -a -b $RNDC_KEYSIZE -c $NEW_RNDC_KEY + chmod 640 $NEW_RNDC_KEY + chown root:named $NEW_RNDC_KEY +fi + +# Make sure /etc/named.d/forwarders.conf exists +[ -e /etc/named.d/forwarders.conf ] || touch /etc/named.d/forwarders.conf + +# Check the syntax of our 'named' configuration. +if ! ${NAMED_CHECKCONF_BIN} ${NAMED_CHECKCONF_ARGS} >/dev/null; then + [ $rc != 0 ] || rc=6 +fi + +exit $rc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.service new/vendor-files/system/named.service --- old/vendor-files/system/named.service 2021-01-25 14:57:39.263653508 +0100 +++ new/vendor-files/system/named.service 2021-04-13 15:14:43.655902696 +0200 @@ -7,11 +7,13 @@ [Service] Type=forking -ExecStart=/usr/sbin/named.init start -ExecReload=/usr/sbin/named.init reload -ExecStop=/usr/sbin/named.init stop +KillMode=process +EnvironmentFile=/etc/sysconfig/named +ExecStartPre=+/usr/libexec/bind/named.prep +ExecStart=/usr/sbin/named -u named $NAMED_ARGS +ExecReload=/sbin/kill -p $MAINPID -HUP ProtectSystem=strict -ReadWritePaths=/var/lib/named /var/run /etc/named.conf.include /etc/named.conf.include.BINDconfig +ReadWritePaths=/var/lib/named /run/named PrivateDevices=yes PrivateTmp=yes ProtectHome=yes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/tools/createNamedConfInclude new/vendor-files/tools/createNamedConfInclude --- old/vendor-files/tools/createNamedConfInclude 2014-12-05 22:53:02.766603671 +0100 +++ new/vendor-files/tools/createNamedConfInclude 1970-01-01 01:00:00.000000000 +0100 @@ -1,184 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2003-2014 SUSE Linux GmbH, Nuernberg, Germany. -# All rights reserved. -# -# Authors: Lars Mueller <[email protected]> -# - - -# -# check if we are started as root -# only one of UID and USER must be set correctly -# -[ -n "$UID" ] || UID="$(id -ru)" -if test "$UID" != 0 -a "$USER" != root; then - echo "You must be root to start $0." - exit 1 -fi - -BASENAME=$( basename $0) -NAMED_CHECKCONF_BIN="/usr/sbin/named-checkconf" - -warnMessage() -{ - tput bold - echo -n "Warning: " - tput sgr0 - echo $1 -} - -errorMessage() -{ - tput bold - echo -n "Error: " - tput sgr0 - echo $1 -} - -MD5DIR="/var/adm/bind/md5" -check_md5_and_move() # Usage: check_md5_and_move file_name-without.BINDconfig -{ - # This function checks the existence of a file (specified without the - # extension .BINDconfig and without "$r") and a corresponding md5 checksum - # and tests whether the time stamp of the file has changed. - # If it has, nothing further will happen. If not, the "file.BINDconfig" - # will be moved to "file". - - FILE=$1 - MD5DIR=/var/adm/bind - if test -n "$r" ; then - RELPATH=`echo $FILE | sed -e"s:^$r::"` - else - RELPATH=$FILE - fi - MD5FILE=$MD5DIR/$RELPATH - # - # make sure that the directory exists - mkdir -p `dirname $MD5FILE` - NEWMD5SUM="`cat $FILE.BINDconfig | grep -v "^#" | md5sum`" - if test ! -s $FILE ; then - touch $FILE - rm -f $MD5FILE - fi - if test "$FORCE_REPLACE" = true ; then - cp -p $FILE.BINDconfig $FILE - fi - USERMD5SUM="`cat $FILE | grep -v "^#" | md5sum`" - test -e $MD5FILE || echo "$USERMD5SUM" > $MD5FILE - OLDMD5SUM="`cat $MD5FILE`" - if test "$USERMD5SUM" != "$OLDMD5SUM" -a \ - "$USERMD5SUM" != "$NEWMD5SUM" ; then - echo - echo "ATTENTION: You have modified $RELPATH. Leaving it untouched..." - echo "You can find my version in $FILE.BINDconfig..." - echo - else - if test "$USERMD5SUM" != "$NEWMD5SUM" -o "$FORCE_REPLACE" = true ; then - echo "Installing new $RELPATH" - cp -p $FILE.BINDconfig $FILE - else - test "$VERBOSE" = false || echo "No changes for $RELPATH" - fi - rm -f $FILE.BINDconfig - fi - rm -f $MD5FILE - echo "$NEWMD5SUM" > $MD5FILE -} - -# -# check for named settings -# -if [ ! -f /etc/sysconfig/named ]; then - errorMessage "No /etc/sysconfig/named found! Exiting." - exit 1 -fi -. /etc/sysconfig/named - -# Check for NAMED_CONF_META_INCLUDE_FILE or set it to our default if we -# make use of this script. -if [ -z "${NAMED_CONF_META_INCLUDE_FILE}" ]; then - for script in ${NAMED_INITIALIZE_SCRIPTS}; do - if [ "${script}" = "${BASENAME}" -o \ - "${script}" = "/usr/share/bind/createNamedConfInclude" ]; then - NAMED_CONF_META_INCLUDE_FILE="/etc/named.conf.include" - break - fi - done - # If NAMED_CONF_META_INCLUDE_FILE is still empty skip silent. - test -z "${NAMED_CONF_META_INCLUDE_FILE}" && exit 0 -fi - -NEW_NAMEDCONFINCLUDE_FILE="${NAMED_CONF_META_INCLUDE_FILE}.BINDconfig" -if [ -f "${NAMED_CONF_META_INCLUDE_FILE}" -a \ - ! -f "${NEW_NAMEDCONFINCLUDE_FILE}" ]; then - touch "${NEW_NAMEDCONFINCLUDE_FILE}" - chmod --reference="${NAMED_CONF_META_INCLUDE_FILE}" "${NEW_NAMEDCONFINCLUDE_FILE}" - chown --reference="${NAMED_CONF_META_INCLUDE_FILE}" "${NEW_NAMEDCONFINCLUDE_FILE}" -fi -# -# find the next unused file descriptor -# -fd=3 -while [ -t ${fd} ]; do - fd=$(( ${fd} + 1 )) -done -eval "exec ${fd}> \"${NEW_NAMEDCONFINCLUDE_FILE}\"" - -DATE=$( LANG=POSIX date) -cat << EOF >&${fd} -# -# This file is autogenerated by /usr/share/bind/createNamedConfInclude -# on ${DATE}. Don't edit it manually. -# -# Add additional configuration files which should be added to /etc/named.conf -# by this mechanism to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named. This -# is possible with the YaST sysconfig or any other editor. -# -# See /usr/share/doc/packages/__BIND_PACKAGE_NAME__/README.__VENDOR__ section -# createNamedConfInclude for more details. -# - -EOF - -INCLUDE_LINES=$( grep -e '^[[:space:]]*include' "/etc/named.conf" | cut -f 2 -d '"') -includeUsed="no" -for file in ${NAMED_CONF_INCLUDE_FILES}; do - # prepend the default include directory if the filename is relative - case "$file" in - /*) ;; - *) file="/etc/named.d/${file}" ;; - esac - if [ ! -f "${file}" ]; then - warnMessage "File, ${file} to include not found! Skipping." - continue -# elif ! ${NAMED_CHECKCONF_BIN} "${file}"; then -# warnMessage "${file} is no valid named configuration part. Skipping." -# continue - fi - # FIXME Is the file readable by user 'named'? - echo "include \"${file}\";" >&${fd} - includeUsed="yes" -done -eval "exec ${fd}<&-" - -# -# only replace "${NAMED_CONF_META_INCLUDE_FILE}" if we need it -# -if [ "${includeUsed}" = 'yes' ]; then - test ! -f "${NAMED_CONF_META_INCLUDE_FILE}" && SET_PERMISSIONS="yes" - VERBOSE="false" - check_md5_and_move "${NAMED_CONF_META_INCLUDE_FILE}" -else - rm -f "${NEW_NAMEDCONFINCLUDE_FILE}" - touch "${NAMED_CONF_META_INCLUDE_FILE}" - SET_PERMISSIONS="yes" -fi - -if [ "yes" = "${SET_PERMISSIONS}" ]; then - chown root:named "${NAMED_CONF_META_INCLUDE_FILE}" - chmod 0644 "${NAMED_CONF_META_INCLUDE_FILE}" -fi - -exit 0 -
