Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#3665 - Bind update stumbles over /etc/rndc.key

Attached to Project: Arch Linux
Opened by Erwin Van de Velde (evdvelde) - Monday, 26 December 2005, 09:53 GMT
Last edited by Jan de Groot (JGC) - Monday, 26 December 2005, 13:09 GMT
Task Type Bug Report
Category Packages: Current
Status Closed
Assigned To Judd Vinet (judd)
Architecture not specified
Severity Medium
Priority Normal
Reported Version 0.7 Wombat
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Details below tell it all :-)

:: Retrieving packages from current...
bind-9.3.1-6 [####################################################] 100% 1734K 284.0K/s 00:00:06

checking package integrity... done.
loading package data... done.
checking for file conflicts...
error: the following file conflicts were found:
bind: /etc/rndc.key: exists in filesystem


errors occurred, no packages were upgraded.
This task depends upon

Closed by  Judd Vinet (judd)
Sunday, 01 January 2006, 20:25 GMT
Reason for closing:  Fixed
Comment by Jan de Groot (JGC) - Monday, 26 December 2005, 13:09 GMT
Seems the keyfile is made in the .install file and is included in the package also now.
As this is a host-specific file, please keep it out of the package. It's a security issue to have the same rndc.key file on every arch installation.

Also, clean up the .install file a bit, take a look at dbus and hal, these include conditional useradd instructions that use getent to find out if a user already exists.
Comment by Dale Blount (dale) - Sunday, 01 January 2006, 19:02 GMT
yes, agreed, we do not want key to be included with the package (think how sshd generates keys in the rc file if they don't exist).

otherwise public arch bind servers may be restarted/shutdown remotely if not properly secured.

Loading...