mirror of
https://github.com/opnsense/src.git
synced 2026-03-16 07:41:02 -04:00
79a07a2e0c
Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.
Rename named_precmd to named_prestart to make it more clear and match
convention.
Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.
Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.
For named_conf:
Add "-c $named_conf" to command_args if it's not set to the
default. If it is set to the default and we're using the base
BIND it's not necessary. If we're using BIND from the ports
the user is likely to have included it in _flags (due to long
necessity for doing so) so don't duplicate that if it's set.
Add $named_conf to required_files
MFC r200563:
The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.
In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.
This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
|
||
|---|---|---|
| .. | ||
| BIND.chroot.dist | ||
| BIND.include.dist | ||
| BSD.include.dist | ||
| BSD.local.dist | ||
| BSD.release.dist | ||
| BSD.root.dist | ||
| BSD.sendmail.dist | ||
| BSD.usr.dist | ||
| BSD.var.dist | ||
| BSD.x11-4.dist | ||
| BSD.x11.dist | ||
| Makefile | ||
| README | ||
$FreeBSD$
Note: If you modify these files, please keep hier(7) updated!
These files are used to create empty file hierarchies for building the
system into. Some notes about working with them are placed here to try
and keep them in good working order.
a) The files use 4 space indentation, and other than in the header
comments, should not contain any tabs. An indentation of 4 is
preferable to the standard indentation of 8 because the indentation
of levels in these files can become quite deep causing the line to
overflow 80 characters.
This also matches with the files generated when using the
mtree -c option, which was implemented that way for the same reason.
b) Only directories should be listed here.
c) The listing should be kept in filename sorted order.
d) Sanity checking changes to these files can be done by following
this procedure (the sed -e is ugly, but fixing mtree -c to
not emit the trailing white space would be even uglier):
mkdir /tmp/MTREE
mtree -deU -f BSD.X.dist -p /tmp/MTREE
mtree -cdin -k uname,gname,mode -p /tmp/MTREE | \
sed -e 's/ *$//' >BSD.X.new
diff -u BSD.X.dist BSD.X.new
rm -r /tmp/MTREE
Note that you will get some differences about /set lines,
and uname= gname= on certain directory areas, mainly man page
sections. This is caused by mtree not having a look ahead
mechanism for making better selections for these as it
traverses the hierarchy.
The BSD.X.new file should NOT be commited, will be missing the
correct header, and important keywords like ``nochange''. Simply
use the diff for a sanity check to make sure things are in the
correct order and correctly indented.
e) Further sanity checking of the system builds with DESTDIR=/someplace
are more complicated, but can often catch missing entries in these
files. I tend to run this more complete sanity check shortly after
the target date for a new release is announced.
If you want details on it bug me about it via email to
rgrimes@FreeBSD.org.