Commit 308055d7 authored by Matt Smith's avatar Matt Smith
Browse files

testing/nsd: new aport

NSD is an authoritative only, high performance, simple and open source name server.
http://www.nlnetlabs.nl/projects/nsd/
parent 4fd3d2a1
This patch prevents nsd from attempting to unlink the pidfile on nsd
shutdown. The reason for this is because we get a permission denied
error in nsd.log when it attempts to do so.
I think this is needed because of how normal OpenRC init scripts are
designed and handled.
See the included /etc/init.d/nsd (nsd.initd) for my conversion of the
nsdc script that's normally distributed with nsd. The included nsdc
script is a wrapper for the converted OpenRC init script, designed to
maintain compatibility.
Matt Smith <msmith@alpinelinux.org>
--- a/server.c
+++ b/server.c
@@ -1167,7 +1167,7 @@
close(fd);
/* Unlink it if possible... */
- unlinkpid(nsd->pidfile);
+ //unlinkpid(nsd->pidfile);
if(reload_listener.fd > 0) {
sig_atomic_t cmd = NSD_QUIT;
# Contributor: Matt Smith <msmith@alpinelinux.org>
# Maintainer: Matt Smith <msmith@alpinelinux.org>
pkgname=nsd
pkgver=3.2.7
pkgrel=0
pkgdesc="NSD is an authoritative only, high performance, simple and open source name server."
url="http://www.nlnetlabs.nl/projects/nsd/"
arch="all"
license="BSD"
depends=
depends_dev=
makedepends="$depends_dev openssl-dev"
install="$pkgname.pre-install $pkgname.post-deinstall"
subpackages="$pkgname-doc"
pkgusers="nsd"
pkggroups="nsd"
source="http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.7.tar.gz
0010-stop-unlink-pid-error.patch
nsdc
nsd.initd
nsd.confd
"
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
local i
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
build() {
cd "$_builddir"
./configure \
--sbindir=/usr/sbin \
--mandir=/usr/share/man \
--with-user=nsd \
|| return 1
make || return 1
}
package() {
cd "$_builddir"
make DESTDIR="$pkgdir" install || return 1
install -m755 -D "$srcdir"/nsdc \
"$pkgdir"/usr/sbin/nsdc || return 1
install -m755 -D "$srcdir"/$pkgname.initd \
"$pkgdir"/etc/init.d/nsd || return 1
install -m644 -D "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/nsd || return 1
chown nsd:nsd "$pkgdir"/var/db/nsd
}
doc() {
arch="noarch"
mkdir -p "$subpkgdir"/usr/share/doc/$pkgname || return 1
cp -a "$_builddir"/doc/* \
"$subpkgdir"/usr/share/doc/$pkgname/ || return 1
cp -a "$_builddir"/contrib/ \
"$subpkgdir"/usr/share/doc/$pkgname/ || return 1
mv "$pkgdir"/usr/share/man \
"$subpkgdir"/usr/share/man || return 1
}
md5sums="b5aca8a207f77db566b08db25bf77d74 nsd-3.2.7.tar.gz
cc592572846b978a6f52130a8e518ab3 0010-stop-unlink-pid-error.patch
3aa94004a39319db89a329e9f24fb9da nsdc
4c0eef07caac9083aeeb9b15602d014d nsd.initd
37bd648259fdd919c79aaa0168b4423c nsd.confd"
#
# Specify nsd options here.
#
# configuration file default
configfile="/etc/nsd/nsd.conf"
# The directory where NSD binaries reside
sbindir="/usr/sbin"
# how verbose is zonec run. Specify Nothing (empty string), -v or -vv.
ZONEC_VERBOSE=-v
# how patch is done. Specify 1 (with use of textfiles, default) or 0 (without)
PATCH_STYLE=1
#!/sbin/runscript
#
# nsdc.sh -- a shell script to manage the beast
#
# Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
#
# See LICENSE for the license.
#
# OpenRC conversion by Matt Smith <msmith@alpinelinux.org>
#
#
name=nsd
daemon=/usr/sbin/${name}
initd=/etc/init.d/${name}
description="NSD, authoritative only high performance name server."
extra_commands="stats reload running patch rebuild update notify do_start do_stop"
description_reload="Reloads the nsd database file."
description_running="Prints message and exits nonzero if server is not running."
description_patch="Merge zone transfer changes back to zone files."
description_rebuild="Compile database file from zone files."
description_update="Try to update all slave zones hosted on this server."
description_notify="Send notify messages to all secondary servers."
description_do_start="Internal command; use 'start' instead."
description_do_stop="Internal command; use 'stop' instead."
depend() {
need net
after firewall
}
#
# You sure heard this many times before: NO USER SERVICEABLE PARTS BELOW
#
# see if user selects a different config file, with -c <filename>
if test "x$1" = "x-c"; then
shift
if [ -e $1 ]; then
configfile=$1
shift
else
echo "`basename $0`: Config file "$1" does not exist."
exit 1
fi
fi
# locate nsd-checkconf : in sbindir, PATH, nsdc_dir or .
nsd_checkconf=""
if [ -e ${sbindir}/nsd-checkconf ]; then
nsd_checkconf=${sbindir}/nsd-checkconf
else
if which nsd-checkconf >/dev/null 2>&1 ; then
if which nsd-checkconf 2>&1 | grep "^[Nn]o " >/dev/null; then
nsd_checkconf=""
else
nsd_checkconf=`which nsd-checkconf`
fi
fi
if [ -z "${nsd_checkconf}" -a -e `dirname $0`/nsd-checkconf ]; then
nsd_checkconf=`dirname $0`/nsd-checkconf
fi
if [ -z "${nsd_checkconf}" -a -e ./nsd-checkconf ]; then
nsd_checkconf=./nsd-checkconf
fi
if [ -z "${nsd_checkconf}" ]; then
echo "`basename $0`: Could not find nsd programs" \
"in $sbindir, in PATH=$PATH, in cwd=`pwd`," \
"or in dir of nsdc=`dirname $0`"
exit 1
fi
fi
# check the config syntax before using it
${nsd_checkconf} ${configfile}
if test $? -ne 0 ; then
${initd} describe
exit 1
fi
# Read some settings from the config file.
dbfile=`${nsd_checkconf} -o database ${configfile}`
pidfile=`${nsd_checkconf} -o pidfile ${configfile}`
difffile=`${nsd_checkconf} -o difffile ${configfile}`
zonesdir=`${nsd_checkconf} -o zonesdir ${configfile}`
lockfile="${dbfile}.lock" # still needed
sbindir=`dirname ${nsd_checkconf}`
# move to zonesdir (if specified), and make absolute pathnames.
if test -n "${zonesdir}"; then
zonesdir=`dirname ${zonesdir}/.`
if echo "${zonesdir}" | grep "^[^/]" >/dev/null; then
zonesdir=`pwd`/${zonesdir}
fi
if echo "${dbfile}" | grep "^[^/]" >/dev/null; then
dbfile=${zonesdir}/${dbfile}
fi
if echo "${pidfile}" | grep "^[^/]" >/dev/null; then
pidfile=${zonesdir}/${pidfile}
fi
if echo "${lockfile}" | grep "^[^/]" >/dev/null; then
lockfile=${zonesdir}/${lockfile}
fi
if echo "${difffile}" | grep "^[^/]" >/dev/null; then
difffile=${zonesdir}/${difffile}
fi
fi
# for bash: -C or noclobber. For tcsh: noclobber. For bourne: -C.
noclobber_set="set -C"
# ugly check for tcsh
if echo /bin/sh | grep tcsh >/dev/null; then
noclobber_set="set noclobber"
fi
#
# useful routines
#
signal() {
if [ -s ${pidfile} ]
then
kill -"$1" `cat ${pidfile}` && return 0
else
echo "nsd is not running"
fi
return 1
}
lock_file() {
(umask 222; ${noclobber_set}; echo "$$" >${lockfile})
}
lock() {
lock_file
if [ $? = 1 ]
then
# check if the lockfile has not gone stale
LPID=`cat ${lockfile}`
echo database locked by PID: $LPID
if kill -0 $LPID 2>/dev/null; then
exit 1
fi
# locking process does not exist, consider lockfile stale
echo stale lockfile, removing... && rm -f ${lockfile} && lock_file
fi
if [ $? = 1 ]
then
echo lock failed
exit 1
fi
return 0
}
unlock() {
rm -f ${lockfile}
}
do_start() {
if test -x ${sbindir}/nsd; then
${sbindir}/nsd -c ${configfile}
test $? = 0 || (echo "nsd startup failed."; exit 1)
else
echo "${sbindir}/nsd not an executable file, nsd startup failed."; exit 1
fi
}
controlled_sleep() {
if [ $1 -ge 25 ]; then
sleep 1
fi
}
controlled_stop() {
pid=$1
try=1
while [ $try -ne 0 ]; do
if [ ${try} -gt 50 ]; then
echo "nsdc stop failed"
return 1
else
if [ $try -eq 1 ]; then
kill -TERM ${pid}
else
kill -TERM ${pid} >/dev/null 2>&1
fi
# really stopped?
kill -0 ${pid} >/dev/null 2>&1
if [ $? -eq 0 ]; then
controlled_sleep ${try}
try=`expr ${try} + 1`
else
try=0
fi
fi
done
return 0
}
do_controlled_stop() {
if [ -s ${pidfile} ]; then
pid=`cat ${pidfile}`
controlled_stop ${pid} && return 0
else
echo "nsd is not running, starting anyway" && return 0
fi
return 1
}
do_stop() {
signal "TERM"
}
do_reload() {
signal "HUP"
}
# send_updates zone_name {ip_spec key_spec}
send_updates() {
local zonename=$1
shift 1
# extract port number (if any)
port=`${nsd_checkconf} -o port ${configfile}`
if test -n "${port}"; then
port="-p ${port}"
fi
update_sent="no"
while test $# -gt 0; do
ip_spec=$1
key_spec=$2
shift 2
# only localhost is allowed.
# see if zone has 127.0.0.1 or ::1 as allowed.
if test Z${ip_spec} = "Z127.0.0.1" -o Z${ip_spec} = "Z::1"; then
secret=""
if test K${key_spec} != KNOKEY -a K${key_spec} != KBLOCKED; then
secret=`${nsd_checkconf} -s ${key_spec} ${configfile}`
algo=`${nsd_checkconf} -a ${key_spec} ${configfile}`
secret="-y ${key_spec}:${secret}:${algo}"
fi
if test K${key_spec} != KBLOCKED; then
#echo "${sbindir}/nsd-notify -a ${ip_spec} ${port} ${secret} -z ${zonename} ${ip_spec}"
${sbindir}/nsd-notify -a ${ip_spec} ${port} ${secret} -z ${zonename} ${ip_spec} && update_sent="yes"
fi
fi
done
if test ${update_sent} = no; then
req_xfr=`${nsd_checkconf} -z "${zonename}" -o request-xfr ${configfile}`
if test -n "${req_xfr}"; then
# must be a slave zone (has request-xfr).
echo "`basename $0`: Could not send notify for slave zone ${zonename}: not configured (with allow-notify: 127.0.0.1 or ::1)"
fi
fi
}
# send_notify zone_name ifc_spec {ip_spec key_spec}
send_notify() {
local zonename=$1
# set local interface
ifc_spec=""
if test I$2 != INOIFC; then
ifc_spec="-a $2"
fi
shift 2
while test $# -gt 0; do
ip_spec=$1
key_spec=$2
shift 2
secret=""
if test K${key_spec} != KNOKEY -a K${key_spec} != KBLOCKED; then
secret=`${nsd_checkconf} -s ${key_spec} ${configfile}`
algo=`${nsd_checkconf} -a ${key_spec} ${configfile}`
secret="-y ${key_spec}:${secret}:${algo}"
fi
if test K${key_spec} != KBLOCKED; then
port=""
ipaddr=${ip_spec}
if echo ${ip_spec} | grep @ >/dev/null; then
port="-p "`echo ${ip_spec} | sed -e 's/[^@]*@\([0-9]*\)/\1/'`
ipaddr=`echo ${ip_spec} | sed -e 's/\([^@]*\)@[0-9]*/\1/'`
fi
#echo "${sbindir}/nsd-notify ${ifc_spec} ${port} ${secret} -z ${zonename} ${ipaddr}"
${sbindir}/nsd-notify ${ifc_spec} ${port} ${secret} -z ${zonename} ${ipaddr}
fi
done
}
# do_patch {with-textfile}
do_patch() {
if test I$1 = I1; then
lock && mv ${difffile} ${difffile}.$$ && \
${sbindir}/nsd-patch -c ${configfile} -x ${difffile}.$$ && \
rm -f ${difffile}.$$ && unlock && do_rebuild
result=$?
else # without textfile
lock && mv ${difffile} ${difffile}.$$ && \
${sbindir}/nsd-patch -c ${configfile} -x ${difffile}.$$ -s -o ${dbfile}.$$ \
&& rm -f ${difffile}.$$ && unlock && \
mv ${dbfile}.$$ ${dbfile}
result=$?
fi
return ${result}
}
do_rebuild() {
lock && \
${sbindir}/zonec ${ZONEC_VERBOSE} -c ${configfile} -f ${dbfile}.$$ && \
mv ${dbfile}.$$ ${dbfile}
result=$?
unlock
[ $result != 0 ] && echo "${dbfile} is unmodified"
rm -f ${dbfile}.$$
return ${result}
}
start() {
ebegin "Starting ${name}"
if test -s ${pidfile} && kill -"0" `cat ${pidfile}`
then
(echo "process `cat ${pidfile}` exists, please use restart"; exit 1)
else
start-stop-daemon --start --quiet \
--pidfile ${pidfile} \
--exec ${initd} -- do_start
fi
eend $?
}
stop() {
ebegin "Stopping ${name}"
start-stop-daemon --stop --quiet \
--pidfile ${pidfile} \
--exec ${initd} -- do_stop
eend $?
}
stats() {
signal "USR1"
}
reload() {
do_reload
}
running() {
signal "0"
}
patch() {
# patch queue clearen
if test -s ${difffile}; then
#${sbindir}/nsd-patch -c ${configfile} -x ${difffile} -l #debug
#echo ${sbindir}/nsd-patch -c ${configfile} -x ${difffile}
if do_patch ${PATCH_STYLE}; then
do_reload
else
unlock
# try to move back the transfer data
if [ -e ${difffile}.$$ -a ! -e ${difffile} ]; then
mv ${difffile}.$$ ${difffile}
fi
echo "`basename $0`: patch failed."
exit 1
fi
else
echo "`basename $0`: no patch necessary."
fi
}
rebuild() {
do_rebuild
}
update() {
# send notifies to localhost for all zones that allow it
echo "Sending notify to localhost to update secondary zones..."
if [ -s ${pidfile} ]; then
zoneslist=`${nsd_checkconf} -o zones ${configfile}`
for zonename in ${zoneslist}; do
notify_allow=`${nsd_checkconf} -z "${zonename}" -o allow-notify ${configfile}`
if test "" != "${notify_allow}"; then
send_updates ${zonename} ${notify_allow}
fi
done
else
echo "nsd is not running"
fi
}
notify() {
# send notifies to all slaves
echo "Sending notify to slave servers..."
zoneslist=`${nsd_checkconf} -o zones ${configfile}`
for zonename in ${zoneslist}; do
notify=`${nsd_checkconf} -z "${zonename}" -o notify ${configfile}`
local_ifc=`${nsd_checkconf} -z "${zonename}" -o outgoing-interface ${configfile}`
if test "" = "${local_ifc}"; then
local_ifc="NOIFC"
fi
if test "" != "${notify}"; then
for ifc in ${local_ifc}; do
send_notify ${zonename} ${ifc} ${notify}
done
fi
done
}
restart() {
do_controlled_stop && do_start
}
#!/bin/sh
deluser nsd 2>/dev/null
exit 0
#!/bin/sh
adduser -H -D -s /bin/false nsd 2>/dev/null
exit 0
#!/bin/sh
#
# nsdc replacement script by Matt Smith <msmith@alpinelinux.org>
#
usage() {
echo "Usage: `basename $0` {start|stop|reload|rebuild|restart|"
echo " running|update|notify|patch}"
echo "commands:"
echo " start Start nsd server."
echo " stop Stop nsd server."
echo " reload Nsd server reloads database file."
echo " rebuild Compile database file from zone files."
echo " restart Stop the nsd server and start it again."
echo " running Prints message and exit nonzero if server not running."
echo " update Try to update all slave zones hosted on this server."
echo " notify Send notify messages to all secondary servers."
echo " patch Merge zone transfer changes back to zone files."
}
if [ $# -eq 0 ]; then
usage
else
case "$1" in
"-h"|"--help")
usage;;
*)
/etc/init.d/nsd $*
esac
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment