Bug#500176: set unbound does not run default by /etc/default/unbound (Re: Bug#500176: This bug is still around and release-critical
Hi all, On Mon, 10 Nov 2008 17:46:01 +0900 Hideki Yamane [EMAIL PROTECTED] wrote: I see no proper fix, except using an /etc/default file, which is ugly. Using /etc/default/unbound is reasonable, I think. Some of daemon packages (e.g. rsync) are not started by default because it is set in its /etc/default file. For lenny, it should be fixed to work on most of environment that is used, if it is ugly, though. I made a patch for this issue, please consider to apply it for the pacakge. # or anyone will fix it, please :-) Anyone? squash a bug! :) or use dh_installinit --init-script=unbound --no-start in debian/rules, just set not start daemon when it is installed. -- Regards, Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#500176: set unbound does not run default by /etc/default/unbound (Re: Bug#500176: This bug is still around and release-critical
Hi,
On Wed, 8 Oct 2008 12:16:53 +0900
Hideki Yamane [EMAIL PROTECTED] wrote:
I see no proper fix, except using an /etc/default file, which is ugly.
Using /etc/default/unbound is reasonable, I think. Some of daemon packages
(e.g. rsync) are not started by default because it is set in its /etc/default
file.
For lenny, it should be fixed to work on most of environment that is used,
if it is ugly, though. I made a patch for this issue, please consider to
apply it for the pacakge.
# or anyone will fix it, please :-)
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
diff -urN debian.orig/changelog debian/changelog
--- debian.orig/changelog 2008-10-08 11:56:40.0 +0900
+++ debian/changelog 2008-11-09 10:52:40.0 +0900
@@ -1,3 +1,14 @@
+unbound (1.0.2-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * debian/{unbound.init,unbound.default}
++ set not start by default, to avoid that port 53 blocking by other name
+ servers will cause install problems
+ * debian/unbound.prerm
++ fix lintian unbound: maintainer-script-hides-init-failure prerm:5 error
+
+ -- Hideki Yamane (Debian-JP) [EMAIL PROTECTED] Sun, 09 Nov 2008 10:52:13 +0900
+
unbound (1.0.2-1) unstable; urgency=low
* New upstream release;
diff -urN debian.orig/unbound.default debian/unbound.default
--- debian.orig/unbound.default 2008-10-08 11:56:40.0 +0900
+++ debian/unbound.default 2008-11-09 09:27:50.0 +0900
@@ -1,3 +1,11 @@
+# Do you want to start unbound?
+# only allowed values are true and false.
+# if you already use other DNS server, they would listen port 53,
+# so unbound fails to start. Please adjust, then set true.
+
+UNBOUND_ENABLE=false
+
+
# config file path
#DAEMON_OPTS=-c /etc/unbound/unbound.conf
diff -urN debian.orig/unbound.init debian/unbound.init
--- debian.orig/unbound.init 2008-10-08 11:56:40.0 +0900
+++ debian/unbound.init 2008-11-10 17:42:47.0 +0900
@@ -1,6 +1,29 @@
#!/bin/sh
+set -e
+
+### BEGIN INIT INFO
+# Provides: unbound
+# Required-Start:$network $remote_fs $syslog
+# Required-Stop: $network $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: validating, recursive, caching DNS resolver
+# Description: Unbound is a recursive-only caching DNS server which can
+#optionally perform DNSSEC validation of results. It
+#implements only a minimum amount of authoritative service
+#to prevent leakage to the root nameservers: forward lookups
+#for localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN
+#for zones served by AS112. Stub and forward zones are
+#supported.
+#Unbound implements a number of security features, including
+#chrooting and privilege dropping. The Debian init script
+#will populate a chroot by default.
+#
+### END INIT INFO
+
NAME=unbound
+UNBOUND_ENABLE=false
DESC=recursive DNS server
DAEMON=/usr/sbin/unbound
CHROOT_DIR=/var/lib/unbound
@@ -10,7 +33,18 @@
. /lib/lsb/init-functions
-test -f /etc/default/$NAME . /etc/default/$NAME
+if [ -f /etc/default/$NAME ]; then
+ . /etc/default/$NAME
+ case x$UNBOUND_ENABLE in
+ xtrue|xfalse) ;;
+ *) log_failure_msg \
+ Value of UNBOUND_ENABLE in /etc/default/$NAME must be either 'true' or 'false';
+ log_failure_msg \
+ not starting unbound daemon.
+ exit 1;
+ ;;
+ esac
+fi
install_chroot() {
if [ $CHROOT != no ]; then
@@ -40,14 +74,22 @@
case $1 in
start)
-log_daemon_msg Starting $DESC $NAME
-if daemon_stopped; then
-install_chroot
-fi
-if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then
-log_end_msg 0
+if $UNBOUND_ENABLE; then
+ log_daemon_msg Starting $DESC $NAME
+ if daemon_stopped; then
+ install_chroot
+ fi
+ if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE \
+ --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
else
-log_end_msg 1
+ if [ -s $UNBOUND_CONFIG_FILE ]; then
+ log_warning_msg \
+ $NAME daemon is not enabled in /etc/default/$NAME, not starting...
+ fi
fi
;;
@@ -61,14 +103,19 @@
;;
restart|force-reload)
-log_daemon_msg Restarting $DESC $NAME
-start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --retry 5
-uninstall_chroot
-install_chroot
-if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE
Bug#500176: This bug is still around and release-critical
also sprach Pierre Habouzit [EMAIL PROTECTED] [2008.10.08.1054 +0200]: FWIW I've upgraded a machine to replace pdnsd with unbound, it hit that bug of course. [...] I don't think this is too hard to ask from someone that is installing multiple DNS softwares on the same machine. A bit more user friendly steps could help, but well... I agree that #500176 needs a more generic solution, but I can't think of any right now. It would be good to have this as a release goal. One thing I was thinking of was port-xyz virtual packages, but that already doesn't work with DNS... -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems in the stage of grand illusion you walked into my life out of my dreams. -- david bowie digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#500176: This bug is still around and release-critical
On Thu, Oct 09, 2008 at 09:07:00AM +0200, martin f krafft wrote: also sprach Pierre Habouzit [EMAIL PROTECTED] [2008.10.08.1054 +0200]: FWIW I've upgraded a machine to replace pdnsd with unbound, it hit that bug of course. [...] I don't think this is too hard to ask from someone that is installing multiple DNS softwares on the same machine. A bit more user friendly steps could help, but well... I agree that #500176 needs a more generic solution, but I can't think of any right now. It would be good to have this as a release goal. One thing I was thinking of was port-xyz virtual packages, but that already doesn't work with DNS... Maybe http://thread.gmane.org/gmane.linux.debian.devel.general/87792/focus=88198 Regards, Gerrit. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#500176: This bug is still around and release-critical
Hi, On Mon, 06 Oct 2008 15:46:11 +0200 Pierre Habouzit [EMAIL PROTECTED] wrote: Agreed, that would be nice. While this is something to consider for squeeze release goals, how do we solve the problem for lenny? I see no proper fix, except using an /etc/default file, which is ugly. Using /etc/default/unbound is reasonable, I think. Some of daemon packages (e.g. rsync) are not started by default because it is set in its /etc/default file. # Some Unbound users ask me Will lenny include unbound package? at Conference, Japan. So, if you allow me to fix this by using /etc/default, I'll try it (but I think it is better that you'll do it because I'm not a good programmer ;-). -- Regards, Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#500176: This bug is still around and release-critical
also sprach Pierre Habouzit [EMAIL PROTECTED] [2008.10.05.1117 +0200]: FWIW this problem is found in many other cases: see lighttpd with apache2 installed, or caudium or any other http daemon, and none of them has a bug about it, it's unfair to mark it as RC. Uh, don't you think that marking it down to important for this reason is not the solution? It's not unfair to file an RC bug for something I consider an RC problem: an unusable (albeit far from corrupted) dpkg database! I believe the problem here is somehow very generic, and that using a virtual package like proposed in the bug report (#500176) doesn't scale well. [...] Anyways I think there is a more general solution to find and here are a path. The fact that Debian starts every single service on first install is something that we strive for, but causes some grief for sysadmins that don't wish to open an unprotected service before they configured it. It also generates the issue we're disussing. Though, we could probably do better: a bit like solaris does, we could have some kind of service handler that wraps every single service, and if the start action fails, it marks the service as broken and refuse it to start, prints whatever warning you want to, but doesn't prevent the package manager to do its job. Agreed, that would be nice. While this is something to consider for squeeze release goals, how do we solve the problem for lenny? -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems the husbands of very beautiful women belong to the criminal classes. -- oscar wilde digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#500176: This bug is still around and release-critical
On Mon, Oct 06, 2008 at 07:48:18AM +, martin f krafft wrote: also sprach Pierre Habouzit [EMAIL PROTECTED] [2008.10.05.1117 +0200]: FWIW this problem is found in many other cases: see lighttpd with apache2 installed, or caudium or any other http daemon, and none of them has a bug about it, it's unfair to mark it as RC. Uh, don't you think that marking it down to important for this reason is not the solution? It's not unfair to file an RC bug for something I consider an RC problem: an unusable (albeit far from corrupted) dpkg database! The dpkg database is _not_ corrupted in that case, you can do multiple things, and if you believe it's not adequate then you can report an RC bug on linux too that does this on purpose if you e.g. uninstal your currently running kernel. I believe the problem here is somehow very generic, and that using a virtual package like proposed in the bug report (#500176) doesn't scale well. [...] Anyways I think there is a more general solution to find and here are a path. The fact that Debian starts every single service on first install is something that we strive for, but causes some grief for sysadmins that don't wish to open an unprotected service before they configured it. It also generates the issue we're disussing. Though, we could probably do better: a bit like solaris does, we could have some kind of service handler that wraps every single service, and if the start action fails, it marks the service as broken and refuse it to start, prints whatever warning you want to, but doesn't prevent the package manager to do its job. Agreed, that would be nice. While this is something to consider for squeeze release goals, how do we solve the problem for lenny? I see no proper fix, except using an /etc/default file, which is ugly. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpaQ64jil3e4.pgp Description: PGP signature
Bug#500176: This bug is still around and release-critical
reopen 500176 severity 500176 serious thanks This bug is actually release-critical because installation leaves the dpkg database in an unusable state. Please either conflict with other DNS servers, do not start it by default, bind it to 127.0.0.42, fail gracefully (which would not be ok, I think), or do something else, but don't close bug reports about messages like Errors were encountered while processing: unbound E: Sub-process /usr/bin/dpkg returned an error code (1) -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
