On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote: > There are several issues here. Trying a summary. > 1. We need to patch bind9 apparmor profile (this is the cloned bug)
Yes. > 2. The /var/lib/samba/bind-dns directory is created on domain > provision. Nothing to do here? It's not created on upgrade from stretch, though? You don't re-provision your domain when upgrading Samba, yet upgrading should be allowed. > 2. bind9 conf "include" should be updated. As the conffile is not > owned by samba all we can do is printing a message in samba preinst > (if include "/usr/local/samba/private/named.conf" is found in > /etc/named/named.conf or /etc/bind/named.conf.local) Yes. > 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11) I _think_ samba_dnsupgradedns writes a new config fragment. > 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when? I would assume in postinst (assuming we detect its use). /* Steinar */ -- Homepage: https://www.sesse.net/
