summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-10-21 19:54:10 -0500
committerChris Buechler <cmb@pfsense.org>2015-10-21 19:54:10 -0500
commitd7f5b68ab31f2317d2fba73de69e89a89fa0af1a (patch)
tree8ba38026ffe61e7df2b13370960f38ba8fecc349 /etc
parentf3ee8205e6332d4895e93f4f2831cc65ab98d0c0 (diff)
downloadpfsense-d7f5b68ab31f2317d2fba73de69e89a89fa0af1a.zip
pfsense-d7f5b68ab31f2317d2fba73de69e89a89fa0af1a.tar.gz
Check unbound root.key file contents, and remove it if invalid, before unbound-anchor runs otherwise it will fail and unbound will fail to start. fsync the file after writing to prevent the problem. Ticket #5334
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/unbound.inc9
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc
index 340efcc..9aeaa0c 100644
--- a/etc/inc/unbound.inc
+++ b/etc/inc/unbound.inc
@@ -450,7 +450,16 @@ function do_as_unbound_user($cmd) {
mwexec("echo '/usr/local/sbin/unbound-control reload' | /usr/bin/su -m unbound", true);
break;
case "unbound-anchor":
+ // sanity check root.key because unbound-anchor will fail without manual removal otherwise. redmine #5334
+ if (file_exists("{$g['unbound_chroot_path']}/root.key")) {
+ $rootkeycheck = mwexec("/usr/bin/grep 'autotrust trust anchor file' {$g['unbound_chroot_path']}/root.key", true);
+ if ($rootkeycheck != "0") {
+ log_error("Unbound root.key file is corrupt, removing and recreating.");
+ unlink_if_exists("{$g['unbound_chroot_path']}/root.key");
+ }
+ }
mwexec("echo '/usr/local/sbin/unbound-anchor -a {$g['unbound_chroot_path']}/root.key' | /usr/bin/su -m unbound", true);
+ pfSense_fsync("{$g['unbound_chroot_path']}/root.key");
break;
case "unbound-control-setup":
mwexec("echo '/usr/local/sbin/unbound-control-setup -d {$g['unbound_chroot_path']}' | /usr/bin/su -m unbound", true);
OpenPOWER on IntegriCloud