svn commit: r276702 - in head: . usr.sbin/unbound/local-setup

[Dag-Erling Smørgrav]

Author: des
Date: Mon Jan  5 15:09:00 2015
New Revision: 276702
URL: https://svnweb.freebsd.org/changeset/base/276702
Log:
  Enable remote control using a local socket in the default configuration.

Modified:
  head/UPDATING
  head/usr.sbin/unbound/local-setup/local-unbound-setup.sh

Modified: head/UPDATING
==============================================================================
--- head/UPDATING       Mon Jan  5 15:04:17 2015        (r276701)
+++ head/UPDATING       Mon Jan  5 15:09:00 2015        (r276702)
@@ -31,6 +31,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
        disable the most expensive debugging functionality run
        "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20150105:
+       The default Unbound configuration now enables remote control
+       using a local socket.  Users who have already enabled the
+       local_unbound service should regenerate their configuration
+       by running "service local_unbound setup" as root.
+       
 20150102:
        The GNU texinfo and GNU info pages have been removed.
        To be able to view GNU info pages please install texinfo from ports.

Modified: head/usr.sbin/unbound/local-setup/local-unbound-setup.sh
==============================================================================
--- head/usr.sbin/unbound/local-setup/local-unbound-setup.sh    Mon Jan  5 
15:04:17 2015        (r276701)
+++ head/usr.sbin/unbound/local-setup/local-unbound-setup.sh    Mon Jan  5 
15:09:00 2015        (r276702)
@@ -34,6 +34,8 @@ user=""
 unbound_conf=""
 forward_conf=""
 lanzones_conf=""
+control_conf=""
+control_socket=""
 workdir=""
 confdir=""
 chrootdir=""
@@ -61,6 +63,8 @@ set_defaults() {
        : ${unbound_conf:=${workdir}/unbound.conf}
        : ${forward_conf:=${workdir}/forward.conf}
        : ${lanzones_conf:=${workdir}/lan-zones.conf}
+       : ${control_conf:=${workdir}/control.conf}
+       : ${control_socket:=/var/run/local_unbound.ctl}
        : ${anchor:=${workdir}/root.key}
        : ${pidfile:=/var/run/local_unbound.pid}
        : ${resolv_conf:=/etc/resolv.conf}
@@ -76,7 +80,7 @@ set_defaults() {
 set_chrootdir() {
        chrootdir="${workdir}"
        for file in "${unbound_conf}" "${forward_conf}" \
-           "${lanzones_conf}" "${anchor}" ; do
+           "${lanzones_conf}" "${control_conf}" "${anchor}" ; do
                if [ "${file#${workdir%/}/}" = "${file}" ] ; then
                        echo "warning: ${file} is outside ${workdir}" >&2
                        chrootdir=""
@@ -153,6 +157,14 @@ gen_resolv_conf() {
 }
 
 #
+# Boilerplate
+#
+do_not_edit() {
+       echo "# This file was generated by $self."
+       echo "# Modifications will be overwritten."
+}
+
+#
 # Generate resolvconf.conf so it updates forward.conf in addition to
 # resolv.conf.  Note "in addition to" rather than "instead of",
 # because we still want it to update the domain name and search path
@@ -160,7 +172,7 @@ gen_resolv_conf() {
 # the libc resolver will try unbound first.
 #
 gen_resolvconf_conf() {
-       echo "# Generated by $self"
+       do_not_edit
        echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}"
        echo "unbound_conf=\"${forward_conf}\""
        echo "unbound_pid=\"${pidfile}\""
@@ -173,8 +185,7 @@ gen_resolvconf_conf() {
 # Generate forward.conf
 #
 gen_forward_conf() {
-       echo "# Generated by $self"
-       echo "# Do not edit this file."
+       do_not_edit
        echo "forward-zone:"
        echo "        name: ."
        for forwarder ; do
@@ -190,8 +201,7 @@ gen_forward_conf() {
 # Generate lan-zones.conf
 #
 gen_lanzones_conf() {
-       echo "# Generated by $self"
-       echo "# Do not edit this file."
+       do_not_edit
        echo "server:"
        echo "        # Unblock reverse lookups for LAN addresses"
        echo "        unblock-lan-zones: yes"
@@ -223,10 +233,21 @@ gen_lanzones_conf() {
 }
 
 #
+# Generate control.conf
+#
+gen_control_conf() {
+       do_not_edit
+       echo "remote-control:"
+       echo "        control-enable: yes"
+       echo "        control-interface: ${control_socket}"
+       echo "        control-use-cert: no"
+}
+
+#
 # Generate unbound.conf
 #
 gen_unbound_conf() {
-       echo "# Generated by $self"
+       do_not_edit
        echo "server:"
        echo "        username: ${user}"
        echo "        directory: ${workdir}"
@@ -240,6 +261,9 @@ gen_unbound_conf() {
        if [ -f "${lanzones_conf}" ] ; then
                echo "include: ${lanzones_conf}"
        fi
+       if [ -f "${control_conf}" ] ; then
+               echo "include: ${control_conf}"
+       fi
        if [ -d "${confdir}" ] ; then
                echo "include: ${confdir}/*.conf"
        fi
@@ -278,6 +302,8 @@ usage() {
        echo "    -C path     full path to additional configuration directory"
        echo "    -c path     full path to unbound configuration file"
        echo "    -f path     full path to forwarding configuration"
+       echo "    -O path     full path to remote control socket"
+       echo "    -o path     full path to remote control configuration"
        echo "    -p path     full path to pid file"
        echo "    -R path     full path to resolvconf.conf"
        echo "    -r path     full path to resolv.conf"
@@ -296,7 +322,7 @@ main() {
        #
        # Parse and validate command-line options
        #
-       while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do
+       while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do
                case $option in
                a)
                        anchor="$OPTARG"
@@ -313,6 +339,12 @@ main() {
                n)
                        start_unbound="no"
                        ;;
+               O)
+                       control_socket="$OPTARG"
+                       ;;
+               o)
+                       control_conf="$OPTARG"
+                       ;;      
                p)
                        pidfile="$OPTARG"
                        ;;
@@ -361,7 +393,7 @@ main() {
                fi
        else
                local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX")
-               gen_forward_conf ${forwarders} >"${tmp_forward_conf}"
+               gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}"
                replace "${forward_conf}" "${tmp_forward_conf}"
        fi
 
@@ -369,15 +401,22 @@ main() {
        # Generate lan-zones.conf.
        #
        local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX")
-       gen_lanzones_conf >"${tmp_lanzones_conf}"
+       gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}"
        replace "${lanzones_conf}" "${tmp_lanzones_conf}"
 
        #
+       # Generate control.conf.
+       #
+       local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX")
+       gen_control_conf | unexpand >"${tmp_control_conf}"
+       replace "${control_conf}" "${tmp_control_conf}"
+
+       #
        # Generate unbound.conf.
        #
        local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX")
        set_chrootdir
-       gen_unbound_conf >"${tmp_unbound_conf}"
+       gen_unbound_conf | unexpand >"${tmp_unbound_conf}"
        replace "${unbound_conf}" "${tmp_unbound_conf}"
 
        #
@@ -401,14 +440,14 @@ main() {
        # instead of resolv.conf.
        #
        local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX")
-       gen_resolvconf_conf >"${tmp_resolvconf_conf}"
+       gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}"
        replace "${resolvconf_conf}" "${tmp_resolvconf_conf}"
 
        #
        # Finally, rewrite resolv.conf.
        #
        local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX")
-       gen_resolv_conf <"${resolv_conf}" >"${tmp_resolv_conf}"
+       gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}"
        replace "${resolv_conf}" "${tmp_resolv_conf}"
 }
 
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"