I have an adapted Portfile for net/unbound. This Portfile enables the launch of multiple unbound servers in parallel. This is for instance needed for rspamd (also from MacPorts) if your forwarder is one of the big ones such as Google’s 8.8.8.8 or Quad9’s 9.9.9.9 (which are blocked by some blacklist providers, making rspamd fail on certain actions). So, I am running two unbound daemons side by side, one om port 53 (the normal one, for all users) and one on port 1053 for rspamd. That last one does not forward, but resolves using the formal root servers path.
To be able to do that, I have two unbound configurations files: unbound.conf and unbound-noforwarders.conf. Launching unbound should launch both. So, I have adapted the Portfile: # # Start # Start() { ('/opt/local/sbin/unbound-anchor' -a '/opt/local/etc/unbound/root.key' 2>&1) \ || : && (chown unbound:unbound '/opt/local/etc/unbound/root.key' 2>&1) \ && (for i in '/opt/local/etc/unbound/unbound'*conf; \ do '/opt/local/sbin/unbound' -c "$i" 2>&1; done) } # # Stop # Stop() { (for i in '/opt/local/var/run/unbound/unbound'*pid; \ do /bin/kill -15 $(cat "$i") 2>&1; done) } And that works fine. port load unbound leads to these processes: 0 67637 1 0 20 0 4322368 5800 - Ss ?? 0:00.01 /opt/local/bin/daemondo --label=unbound --start-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper start ; --stop-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper stop ; --restart-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper restart ; --verbosity=1 --pid=fileclean --pidfile /opt/local/var/run/unbound/unbound.pid 500 67643 1 0 20 0 4330452 18200 - Ss ?? 0:00.22 /opt/local/sbin/unbound -c /opt/local/etc/unbound/unbound-noforwarders.conf 500 67645 1 0 20 0 4337620 17732 - Ss ?? 0:00.15 /opt/local/sbin/unbound -c /opt/local/etc/unbound/unbound.conf To get that I have adapted the Portfile: # Make it run on boot # Redirect stderr on launchd-started items because launchd redirects stderr to a black hole # Let macports (daemondo) manage the availability of process and pidfile as unbound fails to start at the first attempt # because unbound is unable to get port 53. Unbound starts successfully at second attempt. startupitem.create yes startupitem.name unbound startupitem.logfile /Library/Logs/unbound-startupitem.log startupitem.logevents yes # the following entries handle multiple instances running in parallel startupitem.start "(\'${prefix}/sbin/unbound-anchor\' -a \'${prefix}/etc/${name}/root.key\' 2>&1) \\"\ " || : && (chown ${unbounduser}:${unboundgroup} \'${prefix}/etc/${name}/root.key\' 2>&1) \\"\ " && (for i in \'${prefix}/etc/${name}/${name}\'*conf; \\"\ " do \'${prefix}/sbin/unbound\' -c \"\$i\" 2>&1; done)" startupitem.stop "(for i in \'${prefix}/var/run/${name}/${name}\'*pid; \\"\ " do /bin/kill -15 \$(cat \"\$i\") 2>&1; done)" # The following ignores any second process and pidfile startupitem.pidfile clean ${prefix}/var/run/${name}/${name}.pid notes-append \ "An example configuration is provided at ${prefix}/etc/${name}/${name}.conf-dist." \ "" \ "The startup item will start as many unbounds as there are ${prefix}/etc/${name}*conf files." \ "Make sure each of these has a server that doesn't conflict with any other. Especially, make" \ "sure that they do not try to listen on the same interface&port, do not write the same pid file," \ "and make sure they have different log files." \ " This setup enables the single management through macports of a set of unbound servers. The use" \ "of this is for instance for rspamd, which requires a DNS that does not forward to a public DNS" \ "server, while ordinary requests would benefit. Running one DNS resolver with forwarding on port 53," \ "while running another one without forwarding for rspamd on port 1053 is a typical use case." But, and here is my problem, when I install the upgraded unbound, I get the old/original wrapper. So, while the process ends with the notes shown above (so my adapted Portfile is actually used), the wrapper is incorrect after install. What is going wrong here? (I think I contributed the unbound fix a while back, but apparently it did not make it to the official port distribution) G