diff options
| author | des <des@FreeBSD.org> | 2015-07-06 13:23:27 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2015-07-06 13:23:27 +0000 |
| commit | a060063a487e71aee85b154308b20e3c3d050c54 (patch) | |
| tree | 78e508412e7aed4056295e6af1335856834fc7e3 /usr.sbin | |
| parent | c49abb198d367256a94da48fed297b82b5a11ad9 (diff) | |
| download | FreeBSD-src-a060063a487e71aee85b154308b20e3c3d050c54.zip FreeBSD-src-a060063a487e71aee85b154308b20e3c3d050c54.tar.gz | |
MFH (r276605, r282089): upgrade to latest Unbound
MFH (r276699, r276702, r277057): local control socket
MFH (r276599, r276612, r282087, r282088): build fixes
This brings in Unbound 1.5.3 from head. Local control sockets are now
supported and will be used by default for new installations. Existing
systems will continue to use TCP control sockets until the automated
setup script is re-run ("service local_unbound setup") and the service
restarted ("service local_unbound restart").
Approved by: re (kib)
Relnotes: yes
Diffstat (limited to 'usr.sbin')
| -rwxr-xr-x | usr.sbin/unbound/local-setup/local-unbound-setup.sh | 65 |
1 files changed, 52 insertions, 13 deletions
diff --git a/usr.sbin/unbound/local-setup/local-unbound-setup.sh b/usr.sbin/unbound/local-setup/local-unbound-setup.sh index a16e6d0..4c464d1 100755 --- a/usr.sbin/unbound/local-setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/local-setup/local-unbound-setup.sh @@ -34,6 +34,8 @@ user="" unbound_conf="" forward_conf="" lanzones_conf="" +control_conf="" +control_socket="" workdir="" confdir="" chrootdir="" @@ -61,6 +63,8 @@ set_defaults() { : ${unbound_conf:=${workdir}/unbound.conf} : ${forward_conf:=${workdir}/forward.conf} : ${lanzones_conf:=${workdir}/lan-zones.conf} + : ${control_conf:=${workdir}/control.conf} + : ${control_socket:=/var/run/local_unbound.ctl} : ${anchor:=${workdir}/root.key} : ${pidfile:=/var/run/local_unbound.pid} : ${resolv_conf:=/etc/resolv.conf} @@ -76,7 +80,7 @@ set_defaults() { set_chrootdir() { chrootdir="${workdir}" for file in "${unbound_conf}" "${forward_conf}" \ - "${lanzones_conf}" "${anchor}" ; do + "${lanzones_conf}" "${control_conf}" "${anchor}" ; do if [ "${file#${workdir%/}/}" = "${file}" ] ; then echo "warning: ${file} is outside ${workdir}" >&2 chrootdir="" @@ -153,6 +157,14 @@ gen_resolv_conf() { } # +# Boilerplate +# +do_not_edit() { + echo "# This file was generated by $self." + echo "# Modifications will be overwritten." +} + +# # Generate resolvconf.conf so it updates forward.conf in addition to # resolv.conf. Note "in addition to" rather than "instead of", # because we still want it to update the domain name and search path @@ -160,7 +172,7 @@ gen_resolv_conf() { # the libc resolver will try unbound first. # gen_resolvconf_conf() { - echo "# Generated by $self" + do_not_edit echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}" echo "unbound_conf=\"${forward_conf}\"" echo "unbound_pid=\"${pidfile}\"" @@ -173,8 +185,7 @@ gen_resolvconf_conf() { # Generate forward.conf # gen_forward_conf() { - echo "# Generated by $self" - echo "# Do not edit this file." + do_not_edit echo "forward-zone:" echo " name: ." for forwarder ; do @@ -190,8 +201,7 @@ gen_forward_conf() { # Generate lan-zones.conf # gen_lanzones_conf() { - echo "# Generated by $self" - echo "# Do not edit this file." + do_not_edit echo "server:" echo " # Unblock reverse lookups for LAN addresses" echo " unblock-lan-zones: yes" @@ -223,10 +233,21 @@ gen_lanzones_conf() { } # +# Generate control.conf +# +gen_control_conf() { + do_not_edit + echo "remote-control:" + echo " control-enable: yes" + echo " control-interface: ${control_socket}" + echo " control-use-cert: no" +} + +# # Generate unbound.conf # gen_unbound_conf() { - echo "# Generated by $self" + do_not_edit echo "server:" echo " username: ${user}" echo " directory: ${workdir}" @@ -240,6 +261,9 @@ gen_unbound_conf() { if [ -f "${lanzones_conf}" ] ; then echo "include: ${lanzones_conf}" fi + if [ -f "${control_conf}" ] ; then + echo "include: ${control_conf}" + fi if [ -d "${confdir}" ] ; then echo "include: ${confdir}/*.conf" fi @@ -278,6 +302,8 @@ usage() { echo " -C path full path to additional configuration directory" echo " -c path full path to unbound configuration file" echo " -f path full path to forwarding configuration" + echo " -O path full path to remote control socket" + echo " -o path full path to remote control configuration" echo " -p path full path to pid file" echo " -R path full path to resolvconf.conf" echo " -r path full path to resolv.conf" @@ -296,7 +322,7 @@ main() { # # Parse and validate command-line options # - while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do + while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do case $option in a) anchor="$OPTARG" @@ -313,6 +339,12 @@ main() { n) start_unbound="no" ;; + O) + control_socket="$OPTARG" + ;; + o) + control_conf="$OPTARG" + ;; p) pidfile="$OPTARG" ;; @@ -361,7 +393,7 @@ main() { fi else local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX") - gen_forward_conf ${forwarders} >"${tmp_forward_conf}" + gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}" replace "${forward_conf}" "${tmp_forward_conf}" fi @@ -369,15 +401,22 @@ main() { # Generate lan-zones.conf. # local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") - gen_lanzones_conf >"${tmp_lanzones_conf}" + gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}" replace "${lanzones_conf}" "${tmp_lanzones_conf}" # + # Generate control.conf. + # + local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX") + gen_control_conf | unexpand >"${tmp_control_conf}" + replace "${control_conf}" "${tmp_control_conf}" + + # # Generate unbound.conf. # local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") set_chrootdir - gen_unbound_conf >"${tmp_unbound_conf}" + gen_unbound_conf | unexpand >"${tmp_unbound_conf}" replace "${unbound_conf}" "${tmp_unbound_conf}" # @@ -401,14 +440,14 @@ main() { # instead of resolv.conf. # local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX") - gen_resolvconf_conf >"${tmp_resolvconf_conf}" + gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}" replace "${resolvconf_conf}" "${tmp_resolvconf_conf}" # # Finally, rewrite resolv.conf. # local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX") - gen_resolv_conf <"${resolv_conf}" >"${tmp_resolv_conf}" + gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}" replace "${resolv_conf}" "${tmp_resolv_conf}" } |
