[Pkg-dns-devel] Bug#816425: Bug#816425: unbound: re-enables upstream forwarding
Robert Edmonds
edmonds at debian.org
Tue Mar 1 19:58:51 UTC 2016
Jakub Wilk wrote:
> After upgrading to 1.5.7-2, unbound started forwarding queries to upstream
> nameservers, despite the fact that I had RESOLVCONF_FORWARDERS=false in
> /etc/unbound/unbound.
>
> The NEWS file says that the resolvconf hook is disabled by default, and that
> you need to chmod +x the hook to enable it, but even though I didn't chmod
> anything I have:
>
> $ ls -l /etc/resolvconf/update.d/unbound
> -rwxr-xr-x 1 root root 661 Feb 22 01:37 /etc/resolvconf/update.d/unbound
Hi, Jakub:
Thanks for the bug report, and apologies for the regression.
In unbound 1.5.7-2, a new version of the conffile
/etc/resolvconf/update.d/unbound was shipped, and the perms went from
0755 to 0644:
$ debdiff unbound_1.5.7-1_amd64.deb unbound_1.5.7-2_amd64.deb
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .deb but not in first
-------------------------------------
-rw-r--r-- root/root /etc/resolvconf/update.d/unbound
[...]
Files in first .deb but not in second
-------------------------------------
[...]
-rwxr-xr-x root/root /etc/resolvconf/update.d/unbound
I just tested an upgrade from 1.5.7-1 to 1.5.7-2. dpkg says:
Installing new version of config file /etc/resolvconf/update.d/unbound ...
But it keeps the permission bits of the old version of the conffile
(even though I didn't touch them), which is surprising. A new install of
1.5.7-2 uses the permissions shipped in the package, though.
I'm not entirely sure what the correct way is to migrate the permissions
on a conffile on an upgrade. Do we maybe need something like this in the
preinst?
# XXX: Check if upgrading from a version less than 1.5.7-2~, then do:
if [ -f /etc/default/unbound ]; then
. /etc/default/unbound
case "x$RESOLVCONF" in xfalse|x0|xno)
RESOLVCONF="false"
*)
RESOLVCONF="true"
esac
if ! $RESOLVCONF; then
if [ -f /etc/resolvconf/update.d/unbound ]; then
chmod -x /etc/resolvconf/update.d/unbound || true
fi
fi
fi
That doesn't help for upgrades from 1.5.7-2, since /etc/default/unbound
will no longer exist. (Maybe we could specially check
/etc/default/unbound.dpkg-bak for upgrades from 1.5.7-2? Ugh.)
Any thoughts?
--
Robert Edmonds
edmonds at debian.org
More information about the pkg-dns-devel
mailing list