[Pkg-dns-devel] Bug#790392: Bug#790392: unbound chroot accumulates old files

Simon Deziel simon.deziel at gmail.com
Mon Feb 15 22:58:14 UTC 2016 

Hello Robert,

On 2016-01-30 10:26 PM, Robert Edmonds wrote:
> Simon Deziel wrote:
>> What do you think of the 2nd version of the proposed fixed 
>> (unbound-fresh-chroot-2.patch)?
> 
> This version of the patch will read from any *.conf file in 
> /etc/unbound, which could easily not be part of the active config,
> e.g.:
> 
> /etc/unbound/unbound-bad.conf
> 
> /etc/unbound/unbound.conf.d.bak/chroot.conf
> 
> Or the admin could simply delete the 'include' directive in the
> default /etc/unbound/unbound.conf file, in which case we shouldn't be
> looking at any /etc/unbound/unbound.conf.d/*.conf files at all.
> 
> The awk/find/sed/etc. code that you use to try to find the chroot 
> directory makes me uncomfortable.  It seems that if we need to find
> the configured chroot directory, we should be fixing
> unbound-checkconf so that we can use the Unbound config parser itself
> to tell us where the chroot directory is, rather than trying to
> implement an ad hoc config parser in shell.

Turns out that unbound-checkconf has been fixed somewhere between 1.4.22
and 1.5.7. "unbound-checkconf -o chroot" just works now. Please see the
updated patch attached.

>> If we could resolve this chroot'ing problem, Ubuntu, that turns
>> off chroot by default, would be more comfortable to drop part of
>> their delta with Debian.
> 
> What delta is there in Ubuntu?  I'm looking at the unbound 
> 1.5.7-1ubuntu1 source package and the only change I see is to
> disable dnstap support.

After I sent this patch, Ubuntu pulled 1.5.7-1 in and dropped most of
the delta.

Best regards,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound-fresh-chroot-3.patch
Type: text/x-patch
Size: 919 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20160215/31833052/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20160215/31833052/attachment.sig>

More information about the pkg-dns-devel mailing list