summaryrefslogtreecommitdiffstats
path: root/usr.sbin
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2015-07-06 13:23:27 +0000
committerdes <des@FreeBSD.org>2015-07-06 13:23:27 +0000
commita060063a487e71aee85b154308b20e3c3d050c54 (patch)
tree78e508412e7aed4056295e6af1335856834fc7e3 /usr.sbin
parentc49abb198d367256a94da48fed297b82b5a11ad9 (diff)
downloadFreeBSD-src-a060063a487e71aee85b154308b20e3c3d050c54.zip
FreeBSD-src-a060063a487e71aee85b154308b20e3c3d050c54.tar.gz
MFH (r276605, r282089): upgrade to latest Unbound
MFH (r276699, r276702, r277057): local control socket MFH (r276599, r276612, r282087, r282088): build fixes This brings in Unbound 1.5.3 from head. Local control sockets are now supported and will be used by default for new installations. Existing systems will continue to use TCP control sockets until the automated setup script is re-run ("service local_unbound setup") and the service restarted ("service local_unbound restart"). Approved by: re (kib) Relnotes: yes
Diffstat (limited to 'usr.sbin')
-rwxr-xr-xusr.sbin/unbound/local-setup/local-unbound-setup.sh65
1 files changed, 52 insertions, 13 deletions
diff --git a/usr.sbin/unbound/local-setup/local-unbound-setup.sh b/usr.sbin/unbound/local-setup/local-unbound-setup.sh
index a16e6d0..4c464d1 100755
--- a/usr.sbin/unbound/local-setup/local-unbound-setup.sh
+++ b/usr.sbin/unbound/local-setup/local-unbound-setup.sh
@@ -34,6 +34,8 @@ user=""
unbound_conf=""
forward_conf=""
lanzones_conf=""
+control_conf=""
+control_socket=""
workdir=""
confdir=""
chrootdir=""
@@ -61,6 +63,8 @@ set_defaults() {
: ${unbound_conf:=${workdir}/unbound.conf}
: ${forward_conf:=${workdir}/forward.conf}
: ${lanzones_conf:=${workdir}/lan-zones.conf}
+ : ${control_conf:=${workdir}/control.conf}
+ : ${control_socket:=/var/run/local_unbound.ctl}
: ${anchor:=${workdir}/root.key}
: ${pidfile:=/var/run/local_unbound.pid}
: ${resolv_conf:=/etc/resolv.conf}
@@ -76,7 +80,7 @@ set_defaults() {
set_chrootdir() {
chrootdir="${workdir}"
for file in "${unbound_conf}" "${forward_conf}" \
- "${lanzones_conf}" "${anchor}" ; do
+ "${lanzones_conf}" "${control_conf}" "${anchor}" ; do
if [ "${file#${workdir%/}/}" = "${file}" ] ; then
echo "warning: ${file} is outside ${workdir}" >&2
chrootdir=""
@@ -153,6 +157,14 @@ gen_resolv_conf() {
}
#
+# Boilerplate
+#
+do_not_edit() {
+ echo "# This file was generated by $self."
+ echo "# Modifications will be overwritten."
+}
+
+#
# Generate resolvconf.conf so it updates forward.conf in addition to
# resolv.conf. Note "in addition to" rather than "instead of",
# because we still want it to update the domain name and search path
@@ -160,7 +172,7 @@ gen_resolv_conf() {
# the libc resolver will try unbound first.
#
gen_resolvconf_conf() {
- echo "# Generated by $self"
+ do_not_edit
echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}"
echo "unbound_conf=\"${forward_conf}\""
echo "unbound_pid=\"${pidfile}\""
@@ -173,8 +185,7 @@ gen_resolvconf_conf() {
# Generate forward.conf
#
gen_forward_conf() {
- echo "# Generated by $self"
- echo "# Do not edit this file."
+ do_not_edit
echo "forward-zone:"
echo " name: ."
for forwarder ; do
@@ -190,8 +201,7 @@ gen_forward_conf() {
# Generate lan-zones.conf
#
gen_lanzones_conf() {
- echo "# Generated by $self"
- echo "# Do not edit this file."
+ do_not_edit
echo "server:"
echo " # Unblock reverse lookups for LAN addresses"
echo " unblock-lan-zones: yes"
@@ -223,10 +233,21 @@ gen_lanzones_conf() {
}
#
+# Generate control.conf
+#
+gen_control_conf() {
+ do_not_edit
+ echo "remote-control:"
+ echo " control-enable: yes"
+ echo " control-interface: ${control_socket}"
+ echo " control-use-cert: no"
+}
+
+#
# Generate unbound.conf
#
gen_unbound_conf() {
- echo "# Generated by $self"
+ do_not_edit
echo "server:"
echo " username: ${user}"
echo " directory: ${workdir}"
@@ -240,6 +261,9 @@ gen_unbound_conf() {
if [ -f "${lanzones_conf}" ] ; then
echo "include: ${lanzones_conf}"
fi
+ if [ -f "${control_conf}" ] ; then
+ echo "include: ${control_conf}"
+ fi
if [ -d "${confdir}" ] ; then
echo "include: ${confdir}/*.conf"
fi
@@ -278,6 +302,8 @@ usage() {
echo " -C path full path to additional configuration directory"
echo " -c path full path to unbound configuration file"
echo " -f path full path to forwarding configuration"
+ echo " -O path full path to remote control socket"
+ echo " -o path full path to remote control configuration"
echo " -p path full path to pid file"
echo " -R path full path to resolvconf.conf"
echo " -r path full path to resolv.conf"
@@ -296,7 +322,7 @@ main() {
#
# Parse and validate command-line options
#
- while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do
+ while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do
case $option in
a)
anchor="$OPTARG"
@@ -313,6 +339,12 @@ main() {
n)
start_unbound="no"
;;
+ O)
+ control_socket="$OPTARG"
+ ;;
+ o)
+ control_conf="$OPTARG"
+ ;;
p)
pidfile="$OPTARG"
;;
@@ -361,7 +393,7 @@ main() {
fi
else
local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX")
- gen_forward_conf ${forwarders} >"${tmp_forward_conf}"
+ gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}"
replace "${forward_conf}" "${tmp_forward_conf}"
fi
@@ -369,15 +401,22 @@ main() {
# Generate lan-zones.conf.
#
local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX")
- gen_lanzones_conf >"${tmp_lanzones_conf}"
+ gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}"
replace "${lanzones_conf}" "${tmp_lanzones_conf}"
#
+ # Generate control.conf.
+ #
+ local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX")
+ gen_control_conf | unexpand >"${tmp_control_conf}"
+ replace "${control_conf}" "${tmp_control_conf}"
+
+ #
# Generate unbound.conf.
#
local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX")
set_chrootdir
- gen_unbound_conf >"${tmp_unbound_conf}"
+ gen_unbound_conf | unexpand >"${tmp_unbound_conf}"
replace "${unbound_conf}" "${tmp_unbound_conf}"
#
@@ -401,14 +440,14 @@ main() {
# instead of resolv.conf.
#
local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX")
- gen_resolvconf_conf >"${tmp_resolvconf_conf}"
+ gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}"
replace "${resolvconf_conf}" "${tmp_resolvconf_conf}"
#
# Finally, rewrite resolv.conf.
#
local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX")
- gen_resolv_conf <"${resolv_conf}" >"${tmp_resolv_conf}"
+ gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}"
replace "${resolv_conf}" "${tmp_resolv_conf}"
}
OpenPOWER on IntegriCloud