net-dns/unbound: runscript rewritten

- "need net" changed to "use net". If you need to bind service to a specific interface or address add 'rc_need="<interface>"' in /etc/conf.d/<unbound>. - Use "/run" instead of "/var/run". - Verify daemon is really up and running. - It is now possible to pass any by start-stop-daemon supported arguments to start-stop-daemon. - It is now possible to preserve unbound's cache. [Bug 632644] Closes: https://bugs.gentoo.org/632644 Package-Manager: Portage-2.3.49, Repoman-2.3.10
author: Thomas Deutschmann <whissi@gentoo.org> 2018-09-15 00:00:12 +0200
committer: Thomas Deutschmann <whissi@gentoo.org> 2018-09-15 00:03:47 +0200
commit: 76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c (patch)
tree: 69adc3b7d21f84e9c17edd92d69d61a7c3aa6282 /net-dns
parent: net-dns/unbound: move EDNS client subnet support behind USE flag due to priva... (diff)
download: gentoo-76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c.tar.gz
gentoo-76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c.tar.bz2
gentoo-76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c.zip
4 files changed, 184 insertions, 6 deletions
diff --git a/net-dns/unbound/files/unbound-r1.confd b/net-dns/unbound/files/unbound-r1.confd
new file mode 100644
index 000000000000..c86c65c64962
--- /dev/null
+++ b/net-dns/unbound/files/unbound-r1.confd
@@ -0,0 +1,36 @@
+# /etc/conf.d/unbound
+
+# Configuration file
+#UNBOUND_CONFFILE="/etc/unbound/unbound.conf"
+
+# PID file
+# This is a fallback value which should NOT be changed. If you ever need
+# to change PID file, please change value in configuration file instead!
+#UNBOUND_PIDFILE="/run/unbound.pid"
+
+# You can use this configuration option to pass additional options to the
+# start-stop-daemon, see start-stop-daemon(8) for more details.
+# Per default we wait 1000ms after we have started the service to ensure
+# that the daemon is really up and running.
+#UNBOUND_SSDARGS="--wait 1000"
+
+# The termination timeout (start-stop-daemon parameter "retry") ensures
+# that the service will be terminated within a given time (25 + 5 seconds
+# per default) when you are stopping the service.
+#UNBOUND_TERMTIMEOUT="TERM/25/KILL/5"
+
+# Options to unbound
+# See unbound(8) for more details
+# Notes:
+# * Do not specify another CONFIGFILE but use the variable above to change the location
+#UNBOUND_OPTS=""
+
+# If you want to preserve unbound's cache, set the following variable to
+# a non-zero value. In this case unbound's cache will be dumped to disk
+# before shutdown and loaded right after start.
+# To be able to dump and load cache you have to set up keys (use `unbound-control-setup`)
+# and need to set 'control-enable: yes' in your configuration!
+# WARNING: If you don't know what you are doing you should NOT use this
+#          feature. Loading the cache with old or wrong data can result in
+#          old or wrong data being returned to clients.
+#UNBOUND_PRESERVE_CACHE=""
diff --git a/net-dns/unbound/files/unbound-r1.initd b/net-dns/unbound/files/unbound-r1.initd
new file mode 100644
index 000000000000..54886d1f47ad
--- /dev/null
+++ b/net-dns/unbound/files/unbound-r1.initd
@@ -0,0 +1,137 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+UNBOUND_BINARY=${UNBOUND_BINARY:-"/usr/sbin/unbound"}
+UNBOUND_CACHEFILE=${UNBOUND_CACHEFILE:-"/var/lib/unbound/${SVCNAME}.cache"}
+UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-"/usr/sbin/unbound-checkconf"}
+UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-"/etc/unbound/${SVCNAME}.conf"}
+UNBOUND_CONTROL=${UNBOUND_CONTROL:-"/usr/sbin/unbound-control"}
+UNBOUND_PIDFILE=${UNBOUND_PIDFILE:-"/run/unbound.pid"}
+UNBOUND_SSDARGS=${UNBOUND_SSDARGS:-"--wait 1000"}
+UNBOUND_TERMTIMEOUT=${UNBOUND_TERMTIMEOUT:-"TERM/25/KILL/5"}
+UNBOUND_OPTS=${UNBOUND_OPTS:-""}
+UNBOUND_LOAD_CACHE_TIMEOUT=${UNBOUND_LOAD_CACHE_TIMEOUT:-"30"}
+
+getconfig() {
+	local key="$1"
+	local value_default="$2"
+	local value=
+
+	if service_started ; then
+		value="$(service_get_value "${key}")"
+	fi
+
+	if [ -z "${value}" ] && [ -n "${UNBOUND_CONFFILE}" ] && [ -r "${UNBOUND_CONFFILE}" ] ; then
+		value=$("${UNBOUND_CHECKCONF}" -o ${key} "${UNBOUND_CONFFILE}")
+	fi
+
+	if [ -z "${value}" ] ; then
+		# Value not explicitly set in the configfile or configfile does not exist
+		# or is not readable
+		echo "${value_default}"
+	else
+		echo "${value}"
+	fi
+
+	return 0
+}
+
+command=${UNBOUND_BINARY}
+command_args="${UNBOUND_OPTS} -c \"${UNBOUND_CONFFILE}\""
+start_stop_daemon_args="${UNBOUND_SSDARGS}"
+pidfile="$(getconfig pidfile /run/unbound.pid)"
+retry="${UNBOUND_TERMTIMEOUT}"
+
+required_files="${UNBOUND_CONFFILE}"
+
+name="unbound daemon"
+extra_commands="configtest"
+extra_started_commands="reload save_cache"
+description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address."
+description_configtest="Run syntax tests for configuration files only."
+description_reload="Kills all children and reloads the configuration."
+description_save_cache="Saves the current cache to disk."
+
+depend() {
+	use net logger
+	provide dns
+	after auth-dns
+}
+
+configtest() {
+	local _config_status=
+
+	ebegin "Checking ${SVCNAME} configuration"
+	"${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" 1>/dev/null 2>&1
+	_config_status=$?
+
+	if [ ${_config_status} -ne 0 ] ; then
+		# Run command again but this time we will show the output
+		# Ugly, but ...
+		"${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}"
+	else
+		if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
+			local _is_control_enabled=$(getconfig control-enable no)
+			if [ "${_is_control_enabled}" != "yes" ] ; then
+				eerror "Cannot preserve cache: control-enable is 'no' in the config file!"
+				_config_status=2
+			fi
+		fi
+	fi
+
+	eend ${_config_status} "failed, please correct errors above"
+}
+
+save_cache() {
+	if [ "${RC_CMD}" != "restart" ] ; then
+		UNBOUND_PRESERVE_CACHE=1 configtest || return 1
+	fi
+
+	ebegin "Saving cache to '${UNBOUND_CACHEFILE}'"
+	${UNBOUND_CONTROL} -c "${UNBOUND_CONFFILE}" dump_cache > "${UNBOUND_CACHEFILE}"
+	eend $?
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ] ; then
+		configtest || return 1
+	fi
+}
+
+start_post() {
+	if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
+		if [ -s "${UNBOUND_CACHEFILE}" ] ; then
+			ebegin "Loading cache from '${UNBOUND_CACHEFILE}'"
+			# Loading cache can fail which would block this runscript.
+			# Using `timeout` from coreutils will be our safeguard ...
+			timeout -k 5 ${UNBOUND_LOAD_CACHE_TIMEOUT} ${UNBOUND_CONTROL} -q -c "${UNBOUND_CONFFILE}" load_cache < "${UNBOUND_CACHEFILE}"
+			eend $?
+		else
+			ewarn "Loading cache from '${UNBOUND_CACHEFILE}' skipped: File does not exists or is empty!"
+		fi
+	fi
+
+	# It is not a fatal error if preserved cache could not be loaded
+	return 0
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" = "restart" ] ; then
+		configtest || return 1
+	fi
+
+	if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
+		save_cache
+	fi
+
+	# It is not a fatal error if cache cannot be preserved
+	return 0
+}
+
+reload() {
+	configtest || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
+	eend $?
+}
diff --git a/net-dns/unbound/unbound-1.7.3-r1.ebuild b/net-dns/unbound/unbound-1.7.3-r1.ebuild
index d80538d81d74..ee301c92356f 100644
--- a/net-dns/unbound/unbound-1.7.3-r1.ebuild
+++ b/net-dns/unbound/unbound-1.7.3-r1.ebuild
@@ -103,7 +103,7 @@ multilib_src_configure() {
 		--disable-flto \
 		--disable-rpath \
 		--with-libevent="${EPREFIX%/}"/usr \
-		--with-pidfile="${EPREFIX%/}"/var/run/unbound.pid \
+		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \
 		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \
 		--with-ssl="${EPREFIX%/}"/usr \
 		--with-libexpat="${EPREFIX%/}"/usr
@@ -118,8 +118,8 @@ multilib_src_configure() {
 multilib_src_install_all() {
 	use python && python_optimize
 
-	newinitd "${FILESDIR}"/unbound.initd unbound
-	newconfd "${FILESDIR}"/unbound.confd unbound
+	newinitd "${FILESDIR}"/unbound-r1.initd unbound
+	newconfd "${FILESDIR}"/unbound-r1.confd unbound
 
 	systemd_dounit "${FILESDIR}"/unbound.service
 	systemd_dounit "${FILESDIR}"/unbound.socket
diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild
index 6d9dee1cdfcb..f294360a6d44 100644
--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild
+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild
@@ -110,7 +110,7 @@ multilib_src_configure() {
 		--enable-tfo-server \
 		--with-libevent="${EPREFIX%/}"/usr \
 		$(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \
-		--with-pidfile="${EPREFIX%/}"/var/run/unbound.pid \
+		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \
 		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \
 		--with-ssl="${EPREFIX%/}"/usr \
 		--with-libexpat="${EPREFIX%/}"/usr
@@ -125,8 +125,8 @@ multilib_src_configure() {
 multilib_src_install_all() {
 	use python && python_optimize
 
-	newinitd "${FILESDIR}"/unbound.initd unbound
-	newconfd "${FILESDIR}"/unbound.confd unbound
+	newinitd "${FILESDIR}"/unbound-r1.initd unbound
+	newconfd "${FILESDIR}"/unbound-r1.confd unbound
 
 	systemd_dounit "${FILESDIR}"/unbound.service
 	systemd_dounit "${FILESDIR}"/unbound.socket
@@ -152,6 +152,11 @@ multilib_src_install_all() {
 		"${ED%/}/etc/unbound/unbound.conf" || \
 		die
 
+	# Used to store cache data
+	keepdir /var/lib/${PN}
+	fowners root:unbound /var/lib/${PN}
+	fperms 0750 /var/lib/${PN}
+
 	find "${ED}" -name '*.la' -delete || die
 	if ! use static-libs ; then
 		find "${ED}" -name "*.a" -delete || die
author	Thomas Deutschmann <whissi@gentoo.org>	2018-09-15 00:00:12 +0200
committer	Thomas Deutschmann <whissi@gentoo.org>	2018-09-15 00:03:47 +0200
commit	76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c (patch)
tree	69adc3b7d21f84e9c17edd92d69d61a7c3aa6282 /net-dns
parent	net-dns/unbound: move EDNS client subnet support behind USE flag due to priva... (diff)
download	gentoo-76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c.tar.gz gentoo-76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c.tar.bz2 gentoo-76a0fe9aa1906a7bbe192efb56ef8335d21b9a3c.zip