~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
10 3

[alpine-aports] [PATCH 1/5] main/unbound: upgrade to 1.5.6

Details
Message ID
<1445777886-24422-1-git-send-email-soeren+git@soeren-tempel.net>
Sender timestamp
1445777882
DKIM signature
missing
Download raw message
Patch: +4 -4
---
 main/unbound/APKBUILD | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index da17422..7b4d9c9 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.5.4
pkgver=1.5.6
pkgrel=0
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
pkgusers="unbound"
@@ -92,21 +92,21 @@ migrate() {
		"$subpkgdir"/usr/bin/
}

md5sums="f85854baad15adc7ce8acefe6cda4cf8  unbound-1.5.4.tar.gz
md5sums="691a34abd8e9257dd65b70f28326c1f0  unbound-1.5.6.tar.gz
32fe2914a2723142d3eae9ea556872d3  conf.patch
deb0a18f2250caa53750ee2cecac71e9  swig.patch
c1c71cd0e7f9630536a2abf2513c675d  update-unbound-root-hints
5340681e5ec1a1fd47a0de27f5c03c21  migrate-dnscache-to-unbound
d7a1cb305b7b5b72df4e574777f76723  root.hints
b98eded68339fc605ec7e6cbb50e5aa3  unbound.initd"
sha256sums="a1e1c1a578cf8447cb51f6033714035736a0f04444854a983123c094cc6fb137  unbound-1.5.4.tar.gz
sha256sums="ad3823f5895f59da9e408ea273fcf81d8a76914c18864fba256d7f140b83e404  unbound-1.5.6.tar.gz
48bedb743eda892f82adc8b4ce2e4f5ad216f1ab50d432aef768377edc98165c  conf.patch
d131e19129744f7014167d8701cb39c8358269a89b317b8a74dacfd267e1f516  swig.patch
0db3ca197b62901fab984cb2559925adbf3307ccd1dca3e1dd69cd1642ff0a36  update-unbound-root-hints
582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0  migrate-dnscache-to-unbound
eb0ce2b11bf2302a716fa8ef21d55e55f1892dfd853c73c71319bfa5e171eff3  root.hints
d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7  unbound.initd"
sha512sums="af8032b09ce75bb1aefab31ce5583c0fa8aaca544e13d6d7eaea8e44a940b1797397951f06f453ef80653038b5966d6053ddeb79818a66825925186ee351c65c  unbound-1.5.4.tar.gz
sha512sums="2477e3f00b8f5a3a4661ff20b0bc0d1d56c8a65cc6ab9f1308ae86f41c67a998af68d3ac5ba6c9c22a25a251f0410eaf9fee82911bcb3a3e82ffb6383e28dcf7  unbound-1.5.6.tar.gz
2214882954ed813c564a34cbf433240814f1cc03e62b7aa007d054406d17fa0359514400afe53b9cb0445d25a29ccf9bf27c5974901d30bbfb2bfaf5e755da2b  conf.patch
7d2666363be7156b26fd857459492f6e78fbc24bd6923dd51477e09df938d8c617035e4aa8bf91ffcde384e2dff8225eced14d7aaa7690e3a95b34c5f21eaf7d  swig.patch
0f80b507a8f71b0c00729501d861657ce91a57024cd1963c150d0630c71eccceba370d6e732ff39bb807713672550d87a8c8ecdb9fce6b8b4386c12689603700  update-unbound-root-hints
-- 
2.6.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 2/5] main/unbound: don't install root.hints by default

Details
Message ID
<1445777886-24422-2-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1445777886-24422-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445777883
DKIM signature
missing
Download raw message
Patch: +1 -94
The file gets outdated from time to time and on package upgrades it
a root.hints.apk-new file is created if the cron was invocate before the
package upgrade.
---
 main/unbound/APKBUILD   |  7 +---
 main/unbound/root.hints | 88 -------------------------------------------------
 2 files changed, 1 insertion(+), 94 deletions(-)
 delete mode 100644 main/unbound/root.hints

diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 7b4d9c9..3823827 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.5.6
pkgrel=0
pkgrel=1
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
pkgusers="unbound"
pkggroups="unbound"
@@ -19,7 +19,6 @@ source="http://unbound.net/downloads/unbound-$pkgver.tar.gz
	swig.patch
	update-unbound-root-hints
	migrate-dnscache-to-unbound
	root.hints
	unbound.initd"

_builddir="$srcdir"/unbound-$pkgver
@@ -67,7 +66,6 @@ package() {
        install -m755 -D "$srcdir"/unbound.initd \
                "$pkgdir"/etc/init.d/unbound || return 1
	install -d -o unbound -g unbound "$pkgdir"/var/run/unbound || return 1
	install -m644 "$srcdir"/root.hints "$pkgdir"/etc/unbound/ || return 1
	install -Dm755 "$srcdir"/update-unbound-root-hints \
		"$pkgdir"/etc/periodic/monthly/update-unbound-root-hints \
		|| return 1
@@ -97,19 +95,16 @@ md5sums="691a34abd8e9257dd65b70f28326c1f0  unbound-1.5.6.tar.gz
deb0a18f2250caa53750ee2cecac71e9  swig.patch
c1c71cd0e7f9630536a2abf2513c675d  update-unbound-root-hints
5340681e5ec1a1fd47a0de27f5c03c21  migrate-dnscache-to-unbound
d7a1cb305b7b5b72df4e574777f76723  root.hints
b98eded68339fc605ec7e6cbb50e5aa3  unbound.initd"
sha256sums="ad3823f5895f59da9e408ea273fcf81d8a76914c18864fba256d7f140b83e404  unbound-1.5.6.tar.gz
48bedb743eda892f82adc8b4ce2e4f5ad216f1ab50d432aef768377edc98165c  conf.patch
d131e19129744f7014167d8701cb39c8358269a89b317b8a74dacfd267e1f516  swig.patch
0db3ca197b62901fab984cb2559925adbf3307ccd1dca3e1dd69cd1642ff0a36  update-unbound-root-hints
582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0  migrate-dnscache-to-unbound
eb0ce2b11bf2302a716fa8ef21d55e55f1892dfd853c73c71319bfa5e171eff3  root.hints
d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7  unbound.initd"
sha512sums="2477e3f00b8f5a3a4661ff20b0bc0d1d56c8a65cc6ab9f1308ae86f41c67a998af68d3ac5ba6c9c22a25a251f0410eaf9fee82911bcb3a3e82ffb6383e28dcf7  unbound-1.5.6.tar.gz
2214882954ed813c564a34cbf433240814f1cc03e62b7aa007d054406d17fa0359514400afe53b9cb0445d25a29ccf9bf27c5974901d30bbfb2bfaf5e755da2b  conf.patch
7d2666363be7156b26fd857459492f6e78fbc24bd6923dd51477e09df938d8c617035e4aa8bf91ffcde384e2dff8225eced14d7aaa7690e3a95b34c5f21eaf7d  swig.patch
0f80b507a8f71b0c00729501d861657ce91a57024cd1963c150d0630c71eccceba370d6e732ff39bb807713672550d87a8c8ecdb9fce6b8b4386c12689603700  update-unbound-root-hints
b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131  migrate-dnscache-to-unbound
058ae1ef089eb4d5ad43ffb83e9f48d586cdfcd4cd4efe9b531a0628d4ee1a69e489187572747a224059a00efd9187012bf59a6da05c4ddfbfa1b7719ff6cbdc  root.hints
540e7a11fa5421e2d103c42d69faf1ba005adcadfac2f65091795a2f00e5b5acd1436b4d2adfe2bb0fdfcbfb44d0967d6bce87620c618549fcd7e32019040f29  unbound.initd"
diff --git a/main/unbound/root.hints b/main/unbound/root.hints
deleted file mode 100644
index 8fbbb65..0000000
--- a/main/unbound/root.hints
@@ -1,88 +0,0 @@
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jun 8, 2011
;       related version of root zone:   2011060800
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
; End of File
-- 
2.6.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 3/5] main/unbound: simplify cron

Details
Message ID
<1445777886-24422-3-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1445777886-24422-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445777884
DKIM signature
missing
Download raw message
Patch: +8 -31
No need to fetch the root.hints file twice since the ftp servers should
never distribute invalid root hints. Also make the ftp host and
destination path configurable using an environment variable.
---
 main/unbound/APKBUILD                  |  8 ++++----
 main/unbound/update-unbound-root-hints | 31 ++++---------------------------
 2 files changed, 8 insertions(+), 31 deletions(-)

diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 3823827..7734f3a 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.5.6
pkgrel=1
pkgrel=2
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
pkgusers="unbound"
pkggroups="unbound"
@@ -93,18 +93,18 @@ migrate() {
md5sums="691a34abd8e9257dd65b70f28326c1f0  unbound-1.5.6.tar.gz
32fe2914a2723142d3eae9ea556872d3  conf.patch
deb0a18f2250caa53750ee2cecac71e9  swig.patch
c1c71cd0e7f9630536a2abf2513c675d  update-unbound-root-hints
26461c76ac3295772087e7ad4469dc89  update-unbound-root-hints
5340681e5ec1a1fd47a0de27f5c03c21  migrate-dnscache-to-unbound
b98eded68339fc605ec7e6cbb50e5aa3  unbound.initd"
sha256sums="ad3823f5895f59da9e408ea273fcf81d8a76914c18864fba256d7f140b83e404  unbound-1.5.6.tar.gz
48bedb743eda892f82adc8b4ce2e4f5ad216f1ab50d432aef768377edc98165c  conf.patch
d131e19129744f7014167d8701cb39c8358269a89b317b8a74dacfd267e1f516  swig.patch
0db3ca197b62901fab984cb2559925adbf3307ccd1dca3e1dd69cd1642ff0a36  update-unbound-root-hints
b3616d7e7e022ff8a5e012b3b2ade2266515083e17569a1937a0bde81b75c006  update-unbound-root-hints
582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0  migrate-dnscache-to-unbound
d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7  unbound.initd"
sha512sums="2477e3f00b8f5a3a4661ff20b0bc0d1d56c8a65cc6ab9f1308ae86f41c67a998af68d3ac5ba6c9c22a25a251f0410eaf9fee82911bcb3a3e82ffb6383e28dcf7  unbound-1.5.6.tar.gz
2214882954ed813c564a34cbf433240814f1cc03e62b7aa007d054406d17fa0359514400afe53b9cb0445d25a29ccf9bf27c5974901d30bbfb2bfaf5e755da2b  conf.patch
7d2666363be7156b26fd857459492f6e78fbc24bd6923dd51477e09df938d8c617035e4aa8bf91ffcde384e2dff8225eced14d7aaa7690e3a95b34c5f21eaf7d  swig.patch
0f80b507a8f71b0c00729501d861657ce91a57024cd1963c150d0630c71eccceba370d6e732ff39bb807713672550d87a8c8ecdb9fce6b8b4386c12689603700  update-unbound-root-hints
ac0f8799026e5024ef5071657ef704bd64922454a9fabe37da524faaea50fe8aa3ff3acfa892d32674bedd97e53c88a483acc5c8dfffd526819015825a635924  update-unbound-root-hints
b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131  migrate-dnscache-to-unbound
540e7a11fa5421e2d103c42d69faf1ba005adcadfac2f65091795a2f00e5b5acd1436b4d2adfe2bb0fdfcbfb44d0967d6bce87620c618549fcd7e32019040f29  unbound.initd"
diff --git a/main/unbound/update-unbound-root-hints b/main/unbound/update-unbound-root-hints
index ee127de..238afc1 100644
--- a/main/unbound/update-unbound-root-hints
+++ b/main/unbound/update-unbound-root-hints
@@ -1,30 +1,7 @@
#!/bin/sh

check_format() {
	# check that we have some ipv4 addresses and some '.' hints
	egrep -q '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]' "$1" \
		&& egrep -q '^\.[[:space:]]+' "$1"
}
: ${UNBOUND_ROOTHINTS:="ftp.internic.net/domain/named.cache"}
: ${UNBOUND_HINTSDEST:="/etc/unbound/root.hints"}

ftphosts="FTP.INTERNIC.NET RS.INTERNIC.NET"
roothints=domain/named.cache
unbound_dir=/etc/unbound
outfile=$unbound_dir/root.hints

if [ "$1" = "--verify" ]; then
	if check_format $outfile; then
		echo "$outfile: ok"
		exit 0
	else
		echo "$outfile: failed"
		exit 1
	fi
fi

for host in $ftphosts; do
	url=ftp://$host/$roothints
	if wget -q -O ${outfile}.new $url && check_format ${outfile}.new; then
		mv ${outfile}.new $outfile && exit 0
	fi
done
exit 1
wget -q -O "${UNBOUND_HINTSDEST}" "${UNBOUND_ROOTHINTS}"
exit 0
-- 
2.6.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 4/5] main/unbound: invoke cron on post-install

Details
Message ID
<1445777886-24422-4-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1445777886-24422-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445777885
DKIM signature
missing
Download raw message
Patch: +4 -2
---
 main/unbound/APKBUILD             | 5 +++--
 main/unbound/unbound.post-install | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 120000 main/unbound/unbound.post-install

diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 7734f3a..7fa58e3 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.5.6
pkgrel=2
pkgrel=3
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
pkgusers="unbound"
pkggroups="unbound"
@@ -12,7 +13,7 @@ license="BSD"
depends="dnssec-root"
depends_dev="openssl-dev expat-dev ldns-dev libevent-dev"
makedepends="$depends_dev python-dev swig linux-headers"
install="$pkgname.pre-install"
install="$pkgname.pre-install $pkgname.post-install"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg py-unbound:py $pkgname-migrate"
source="http://unbound.net/downloads/unbound-$pkgver.tar.gz
	conf.patch
diff --git a/main/unbound/unbound.post-install b/main/unbound/unbound.post-install
new file mode 120000
index 0000000..bc673aa
--- /dev/null
+++ b/main/unbound/unbound.post-install
@@ -0,0 +1 @@
update-unbound-root-hints
\ No newline at end of file
-- 
2.6.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH 5/5] main/unbound: set arch for migrate subpackage to noarch

Details
Message ID
<1445777886-24422-5-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1445777886-24422-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445777886
DKIM signature
missing
Download raw message
Patch: +3 -1
---
 main/unbound/APKBUILD | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 7fa58e3..5fa5bfc 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.5.6
pkgrel=3
pkgrel=4
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
pkgusers="unbound"
pkggroups="unbound"
@@ -86,6 +86,8 @@ py() {

migrate() {
	pkgdesc="Simple tool to migrate from dnscache to unbound"
	arch="noarch"

	mkdir -p "$subpkgdir"/usr/bin/
	install -m755 "$srcdir"/migrate-dnscache-to-unbound \
		"$subpkgdir"/usr/bin/
-- 
2.6.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH 2/5] main/unbound: don't install root.hints by default

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20151026094554.6423236b@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1445777886-24422-2-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445849154
DKIM signature
missing
Download raw message
On Sun, 25 Oct 2015 13:58:03 +0100
Sören Tempel <soeren+git@soeren-tempel.net> wrote:

> The file gets outdated from time to time and on package upgrades it
> a root.hints.apk-new file is created if the cron was invocate before the
> package upgrade.

I am sceptic to this. If your only resolver is unbound, how can you
then download the root.hints if you don't know what root servers to ask?

We may want update the root.hints we ship once in a while though.

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH 3/5] main/unbound: simplify cron

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20151026100347.6f906e20@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1445777886-24422-3-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445850227
DKIM signature
missing
Download raw message
On Sun, 25 Oct 2015 13:58:04 +0100
Sören Tempel <soeren+git@soeren-tempel.net> wrote:

> No need to fetch the root.hints file twice since the ftp servers should
> never distribute invalid root hints. Also make the ftp host and
> destination path configurable using an environment variable.

NACK.

the existing script will not download it twice, it will 'exit 0' on
first successful download, but if the first download will fail for any
reason, then it will try the next ftp server.

It will also make sure it was actually able to complete the download
before installing it for production.

With your simplification, if for some reason wget manage to open the
out file, but fails to complete the download, it may end up replacing
the roots.hints with an empty file. You will not get a second chance to
download (or resolve) anything after that.

(Yeah, i have experience it. not fun to lose dns resolution when things
did not go as expected when cron job was run)

We must never end up without an empty root.hints, regardless of what
problem we might run into.

One thing we might what do to improve the script though, is to also try
download from http, in case ftp is blocked.

-nc

> ---
>  main/unbound/APKBUILD                  |  8 ++++----
>  main/unbound/update-unbound-root-hints | 31 ++++---------------------------
>  2 files changed, 8 insertions(+), 31 deletions(-)
> 
> diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
> index 3823827..7734f3a 100644
> --- a/main/unbound/APKBUILD
> +++ b/main/unbound/APKBUILD
> @@ -2,7 +2,7 @@
>  # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
>  pkgname=unbound
>  pkgver=1.5.6
> -pkgrel=1
> +pkgrel=2
>  pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
>  pkgusers="unbound"
>  pkggroups="unbound"
> @@ -93,18 +93,18 @@ migrate() {
>  md5sums="691a34abd8e9257dd65b70f28326c1f0  unbound-1.5.6.tar.gz
>  32fe2914a2723142d3eae9ea556872d3  conf.patch
>  deb0a18f2250caa53750ee2cecac71e9  swig.patch
> -c1c71cd0e7f9630536a2abf2513c675d  update-unbound-root-hints
> +26461c76ac3295772087e7ad4469dc89  update-unbound-root-hints
>  5340681e5ec1a1fd47a0de27f5c03c21  migrate-dnscache-to-unbound
>  b98eded68339fc605ec7e6cbb50e5aa3  unbound.initd"
>  sha256sums="ad3823f5895f59da9e408ea273fcf81d8a76914c18864fba256d7f140b83e404  unbound-1.5.6.tar.gz
>  48bedb743eda892f82adc8b4ce2e4f5ad216f1ab50d432aef768377edc98165c  conf.patch
>  d131e19129744f7014167d8701cb39c8358269a89b317b8a74dacfd267e1f516  swig.patch
> -0db3ca197b62901fab984cb2559925adbf3307ccd1dca3e1dd69cd1642ff0a36  update-unbound-root-hints
> +b3616d7e7e022ff8a5e012b3b2ade2266515083e17569a1937a0bde81b75c006  update-unbound-root-hints
>  582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0  migrate-dnscache-to-unbound
>  d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7  unbound.initd"
>  sha512sums="2477e3f00b8f5a3a4661ff20b0bc0d1d56c8a65cc6ab9f1308ae86f41c67a998af68d3ac5ba6c9c22a25a251f0410eaf9fee82911bcb3a3e82ffb6383e28dcf7  unbound-1.5.6.tar.gz
>  2214882954ed813c564a34cbf433240814f1cc03e62b7aa007d054406d17fa0359514400afe53b9cb0445d25a29ccf9bf27c5974901d30bbfb2bfaf5e755da2b  conf.patch
>  7d2666363be7156b26fd857459492f6e78fbc24bd6923dd51477e09df938d8c617035e4aa8bf91ffcde384e2dff8225eced14d7aaa7690e3a95b34c5f21eaf7d  swig.patch
> -0f80b507a8f71b0c00729501d861657ce91a57024cd1963c150d0630c71eccceba370d6e732ff39bb807713672550d87a8c8ecdb9fce6b8b4386c12689603700  update-unbound-root-hints
> +ac0f8799026e5024ef5071657ef704bd64922454a9fabe37da524faaea50fe8aa3ff3acfa892d32674bedd97e53c88a483acc5c8dfffd526819015825a635924  update-unbound-root-hints
>  b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131  migrate-dnscache-to-unbound
>  540e7a11fa5421e2d103c42d69faf1ba005adcadfac2f65091795a2f00e5b5acd1436b4d2adfe2bb0fdfcbfb44d0967d6bce87620c618549fcd7e32019040f29  unbound.initd"
> diff --git a/main/unbound/update-unbound-root-hints b/main/unbound/update-unbound-root-hints
> index ee127de..238afc1 100644
> --- a/main/unbound/update-unbound-root-hints
> +++ b/main/unbound/update-unbound-root-hints
> @@ -1,30 +1,7 @@
>  #!/bin/sh
>  
> -check_format() {
> -	# check that we have some ipv4 addresses and some '.' hints
> -	egrep -q '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]' "$1" \
> -		&& egrep -q '^\.[[:space:]]+' "$1"
> -}
> +: ${UNBOUND_ROOTHINTS:="ftp.internic.net/domain/named.cache"}
> +: ${UNBOUND_HINTSDEST:="/etc/unbound/root.hints"}
>  
> -ftphosts="FTP.INTERNIC.NET RS.INTERNIC.NET"
> -roothints=domain/named.cache
> -unbound_dir=/etc/unbound
> -outfile=$unbound_dir/root.hints
> -
> -if [ "$1" = "--verify" ]; then
> -	if check_format $outfile; then
> -		echo "$outfile: ok"
> -		exit 0
> -	else
> -		echo "$outfile: failed"
> -		exit 1
> -	fi
> -fi
> -
> -for host in $ftphosts; do
> -	url=ftp://$host/$roothints
> -	if wget -q -O ${outfile}.new $url && check_format ${outfile}.new; then
> -		mv ${outfile}.new $outfile && exit 0
> -	fi
> -done
> -exit 1
> +wget -q -O "${UNBOUND_HINTSDEST}" "${UNBOUND_ROOTHINTS}"
> +exit 0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH 4/5] main/unbound: invoke cron on post-install

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20151026101517.716c1b1b@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1445777886-24422-4-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445850917
DKIM signature
missing
Download raw message
On Sun, 25 Oct 2015 13:58:05 +0100
Sören Tempel <soeren+git@soeren-tempel.net> wrote:

> ---
>  main/unbound/APKBUILD             | 5 +++--
>  main/unbound/unbound.post-install | 1 +
>  2 files changed, 4 insertions(+), 2 deletions(-)
>  create mode 120000 main/unbound/unbound.post-install

for some reason this failed to build, something about missing
unbound.post-install.

I think the symlink got broken or similar. dunno why.

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH 5/5] main/unbound: set arch for migrate subpackage to noarch

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20151026101620.1453763e@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1445777886-24422-5-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1445850980
DKIM signature
missing
Download raw message
On Sun, 25 Oct 2015 13:58:06 +0100
Sören Tempel <soeren+git@soeren-tempel.net> wrote:

> ---
>  main/unbound/APKBUILD | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
> index 7fa58e3..5fa5bfc 100644
> --- a/main/unbound/APKBUILD
> +++ b/main/unbound/APKBUILD
> @@ -3,7 +3,7 @@
>  # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
>  pkgname=unbound
>  pkgver=1.5.6
> -pkgrel=3
> +pkgrel=4
>  pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
>  pkgusers="unbound"
>  pkggroups="unbound"
> @@ -86,6 +86,8 @@ py() {
>  
>  migrate() {
>  	pkgdesc="Simple tool to migrate from dnscache to unbound"
> +	arch="noarch"
> +
>  	mkdir -p "$subpkgdir"/usr/bin/
>  	install -m755 "$srcdir"/migrate-dnscache-to-unbound \
>  		"$subpkgdir"/usr/bin/

I'm ok with this, but it will currently not have any effect.

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH 2/5] main/unbound: don't install root.hints by default

Details
Message ID
<20151026153715.GA4661@calcium.lan>
In-Reply-To
<20151026094554.6423236b@ncopa-desktop.alpinelinux.org> (view parent)
Sender timestamp
1445873835
DKIM signature
missing
Download raw message
On 26.10.15, Natanael Copa wrote:
> I am sceptic to this. If your only resolver is unbound, how can you
> then download the root.hints if you don't know what root servers to ask?

Totally get your point, but how do you install unbound if you don't know
what servers to ask for the .apk file? Nonetheless I believe that it
would be ok to ship the the root.hints file with the package but we
don't need ship both the cron and the root.hints file since this will
create .apk-new files for the file on package upgrade. I think we should
decide on one of those options for shipping the file...

Sören.


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH 2/5] main/unbound: don't install root.hints by default

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20151026205445.0fa43584@ncopa-laptop>
In-Reply-To
<20151026153715.GA4661@calcium.lan> (view parent)
Sender timestamp
1445889285
DKIM signature
missing
Download raw message
On Mon, 26 Oct 2015 16:37:15 +0100
Sören Tempel <soeren@soeren-tempel.net> wrote:

> On 26.10.15, Natanael Copa wrote:
> > I am sceptic to this. If your only resolver is unbound, how can you
> > then download the root.hints if you don't know what root servers to ask?
> 
> Totally get your point, but how do you install unbound if you don't know
> what servers to ask for the .apk file? 

You use the unbound package shipped on the iso.

> Nonetheless I believe that it
> would be ok to ship the the root.hints file with the package but we
> don't need ship both the cron and the root.hints file since this will
> create .apk-new files for the file on package upgrade.I think we should
> decide on one of those options for shipping the file...

What is the problem with .apk-new?

I have already explained the problem with excluding it from .apk, so
that is not an option.

The problem with excluding the cron is that the root.hints will not be
kept up-to-date, and we end up need update the unbound apk every time
there is a change in the DNS root hints. We will then need to set up
some script that monitors changes in root dns list and notifies us so
we can update the package each time. The end users will have to
download the entire package each time that happens, even if the
majority of the update (the binary itself) in unmodified.

Now, we have another option, we could move the root.hints to some place
under /var (where it belongs technically), but then will diskless users
need to make sure that this is included in the 'lbu commit'. They would
also need to edit their config to point to new location. (running
update-conf will compare the .apk-new with exisitng config and give
some help in merge in config changes like this) Now, I have 100+ boxes
running that depends on unbound for proper DNS resolution.

Can you please explain for me what the problem with .apk-new is that
would justify the extra work for me to update the config for 100+
boxes, and justify that I break DNS resolution for one of those
boxes. I would pretty much prefer to spend time on getting v3.3 out, or
to try catch up on the long backlog of pending security fixes for the
stable branches.

I suspect the "problem" with .apk-new is small in comparison.

Besides, you can run update-conf and get a nice diff of .apk-new
changes and an interactive option to use/edit/purge the .apk-new.

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)