[Pkg-dns-devel] Bug#790392: unbound chroot accumulates old files

[Simon Deziel]

Hi Robert,

On 12/12/2015 05:08 PM, Robert Edmonds wrote:
> Hi, Simon:
> 
> The chroot directory might be configured by a file in
> /etc/unbound/unbound.conf.d/*.conf, rather than in the main unbound.conf
> file.

Good point, this needs to be supported.

> What do you think of setting UNBOUND_CONF like this instead?
> 
>     CHROOT_DIR="$(unbound-checkconf -o chroot)"

I tried it initially but it doesn't work:

# unbound-checkconf -o chroot
[1450106598] unbound-checkconf[11733:0] fatal error: config file
/etc/unbound/unbound.conf is not inside chroot /var/lib/unbound

Yet the unbound.conf does exist in the chroot:

# ll /var/lib/unbound/etc/unbound/unbound.conf
-rw-r--r-- 1 root root 2737 Nov 25 13:11
/var/lib/unbound/etc/unbound/unbound.conf

So this (bug?) requires to always pass the path to the chrooted config
file to unbound-checkconf when using a chroot.

# unbound-checkconf -o interface
[1450109011] unbound-checkconf[15475:0] fatal error: config file
/etc/unbound/unbound.conf is not inside chroot /var/lib/unbound

# unbound-checkconf /var/lib/unbound/etc/unbound/unbound.conf \
                    -o interface
127.0.0.1
::1


I've updated the patch to support setting the chroot anywhere in
unbound.conf, not just the main config file. Please let me know what you
think of the proposed workaround.

Regards,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound-fresh-chroot-2.patch
Type: text/x-patch
Size: 1008 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20151214/0cd63b1a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20151214/0cd63b1a/attachment.sig>