FS#3691 - redesigned bind package to fix some issues
Attached to Project:
Arch Linux
Opened by Mario Vazquez (darkcoder) - Monday, 02 January 2006, 20:38 GMT
Last edited by Kevin Piche (kpiche) - Monday, 07 July 2008, 16:38 GMT
Opened by Mario Vazquez (darkcoder) - Monday, 02 January 2006, 20:38 GMT
Last edited by Kevin Piche (kpiche) - Monday, 07 July 2008, 16:38 GMT
|
Details
Included is a completely redesigned bind package that add
new features, provides IMHO better organization and fix some
issues when removing it.
The issues it fixes are: 1. rndc.key is still generated by the bind.install, but now the PKGBUILD knows about it and made a backup of it when removed. And the file is not replaced when upgrading. This was requested in http://bugs.archlinux.org/task/3662 and applied, but by request of people with short sighted, and lack of time to look at the PKGBUILD/bind.install they think the file was pregenerated (fixed), while in fact it wasn't. (http://bugs.archlinux.org/task/3665). But don't worry, those files are now stored in other place (more on that later). 2. Fix a issue with current arch bind, that the daemon stays in memory after the package is removed. This is an example of the named process before and after removal of bind. # ps aux | grep named named 11899 0.3 0.9 4896 2364 ? Ss 18:23 0:00 /usr/sbin/named -u named # pacman -R bind removing bind... warning: /etc/rndc.key saved as /etc/rndc.key.pacsave warning: /etc/named.conf saved as /etc/named.conf.pacsave warning: /etc/logrotate.d/named saved as /etc/logrotate.d/named.pacsave warning: /etc/conf.d/named saved as /etc/conf.d/named.pacsave done. # ps aux | grep named 40 11899 0.0 0.4 4896 1124 ? Ss 18:23 0:00 /usr/sbin/named -u named Now implemented the process is stopped before removal. Changes are: 1. All config files (zones, named.conf, rndc.key) are stored at /var/named/etc/conf and a symlink to that directory is provided at /etc/bind. This allow better organization and easier chrooting. 2. Newly generated rndc.key are now 356-bit. 3. named.conf was splitted into several files. This was after looking at the organized debian bind9 package. IMHO it's better their way. Global options are defined in named.conf.options. Logging options are stored in named.conf.logging. Authoritative zones (domains) are defined in named.conf.local, and the named.conf stored the base root, and localhost zones. This approach allow easier to manage domains, configuration and security. 4. The best, a reconfig-named script made by me, stored on /usr/sbin that allow admin to switch between normal bind and chroot bind environment. The script generate or remove all chroot needed files. If the daemon is running, the script shuts it down, made the changes, and restart the server. This change do not need any extra config changes except for different arguments in /etc/conf.d/named which are done by the script itself. 5. Upon removal, the PKGBUILD remove chrooted files if they exist. Notes: 1. This is a big change, if it is implemented probably should be introduced in your homepage. 2. Current /etc/rndc.key is imported if it exists to the new location /var/named/etc/bind/rndc.key. 3. Due to the split of named.conf, it is NOT imported. User must import it's zones to the named.conf.local manually. 4. Also tpowa must be contacted that he must change the webmin dns module to store the zones in the /var/named/etc/bind folder and their references in named.conf.local instead of named.conf. 5. I provided all files attached for easier testing, but named.logrotate, root.hint, notools.patch, and named.conf.d where unchanged from the base arch bind package. Any question, can contact me. Mario |
This task depends upon
Closed by Kevin Piche (kpiche)
Monday, 07 July 2008, 16:38 GMT
Reason for closing: Won't implement
Additional comments about closing: Package removal should not stop running processes. The package will be changed to use chroot by default.
Monday, 07 July 2008, 16:38 GMT
Reason for closing: Won't implement
Additional comments about closing: Package removal should not stop running processes. The package will be changed to use chroot by default.
/var/log/named.log {
missingok
postrotate
/bin/kill -HUP `cat /var/run/named.pid 2> /dev/null` 2> /dev/null || true
endscript
}
Should be: 'cat /var/run/named/named.pid ...'
/var/log/samba/*.log {
notifempty
missingok
sharedscripts
copytruncate
postrotate
/bin/kill -HUP `cat /var/run/samba/*.pid 2> /dev/null` 2> /dev/null || true
endscript
Is missing a closing '}'
Also, '/var/log/samba/*.log' should be '/var/log/samba/log.*'
" /var This directory contains files which may change in size, such as spool and log files."
but is not generated at runtime.
Dunno if any of the recommendations have been applied to the bind package in the repo, but I really suggest to take a look at least to item #2, which explain that the bind service stay running after the package removal, and running as a non-existent user since package removal removes the named user.
About the script to create chrooting environment and other changes is up to developers to decide whenever they are good, or they are not. I just provide a script with commands based on chrooting guides available on the net. And as I specify above, with the option to undo the changes in case they were needed.
Pacman should never do things like stopping daemons. You're expected to know that.
Since very little interest is being shown into actually replacing bind with this new package, and I don't feel very comfortable with it either, I'm requesting a closing of this bug.
Adding Jan and myself to the assignees for opinions.
Jan, what do you think?