[dnssec-trigger/f19: 2/2] Use improved NM dispatcher script from upstream
Tomas Hozza
thozza at fedoraproject.org
Fri Aug 9 12:08:40 UTC 2013
commit 4b5233ccbdd314b6c4404fbd5257c0d0f97793d2
Author: Tomas Hozza <thozza at redhat.com>
Date: Fri Aug 9 12:28:07 2013 +0200
Use improved NM dispatcher script from upstream
- Added tmpfiles.d config due to improved NM dispatcher script
Signed-off-by: Tomas Hozza <thozza at redhat.com>
01-dnssec-trigger-hook | 98 ++++++++++++++++++++++++++++++++++++++++++++
01-dnssec-trigger-hook-f17 | 22 ----------
dnssec-trigger.spec | 22 ++++++++-
dnssec-trigger.tmpfiles.d | 1 +
4 files changed, 118 insertions(+), 25 deletions(-)
---
diff --git a/01-dnssec-trigger-hook b/01-dnssec-trigger-hook
new file mode 100755
index 0000000..f6c7d2a
--- /dev/null
+++ b/01-dnssec-trigger-hook
@@ -0,0 +1,98 @@
+#!/bin/sh
+#
+# NetworkManager trigger for in dispatcher.d
+# config items
+alias unbound-control="/usr/sbin/unbound-control"
+alias dnssec-trigger-control="/usr/sbin/dnssec-trigger-control"
+alias pidof="/usr/sbin/pidof"
+alias nmcli="/usr/bin/nmcli"
+
+state_dir="/var/run/dnssec-trigger"
+validate_forward_zones="no"
+
+# implementation
+ifname="$1"
+action="$2"
+domains=""
+nameservers=""
+global_nameservers=""
+conn_zones_file="$state_dir/$CONNECTION_UUID"
+
+################################################################
+# get domains and nameservers if provided by connection going up
+case "$action" in
+ "vpn-up" )
+ domains="`echo $VPN_IP4_DOMAINS $VPN_IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`"
+ nameservers="`echo $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS`"
+ ;;
+ "up" )
+ domains="`echo $IP4_DOMAINS $IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`"
+ nameservers="`echo $IP4_NAMESERVERS $IP6_NAMESERVERS`"
+ ;;
+esac
+
+#########################
+# get global nameservers
+if [ -x "`which $nmcli 2>&1`" ]; then
+ global_nameservers="`$nmcli -f IP4,IP6 dev list | fgrep 'DNS' | awk '{print $2;}'`"
+else
+ global_nameservers="`nm-tool | grep 'DNS:' | awk '{print $2;}'`"
+fi
+# fix whitespaces
+global_nameservers="`echo $global_nameservers`"
+
+
+############################################################
+# configure global nameservers using dnssec-trigger-control
+if [ -n "`pidof dnssec-triggerd`" ] ; then
+ dnssec-trigger-control submit "$global_nameservers" &> /dev/null
+ logger "dnssec-trigger-hook(networkmanager) $ifname $action added global DNS $global_nameservers"
+else
+ logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added global DNS - dnssec-triggerd is not running"
+fi
+
+######################################################
+# add forward zones into unbound using unbound-control
+if [ -n "`pidof unbound`" ]; then
+ if [ -r "$conn_zones_file" ]; then
+ for domain in `cat $conn_zones_file`; do
+ # Remove forward zone from unbound
+ if [ "$validate_forward_zones" == "no" ]; then
+ unbound-control forward_remove +i $domain &> /dev/null
+ else
+ unbound-control forward_remove $domain &> /dev/null
+ fi
+ unbound-control flush_zone $domain &> /dev/null
+ unbound-control flush_requestlist &> /dev/null
+
+ logger "dnssec-trigger-hook(networkmanager) $ifname $action removed forward DNS zone $domain"
+ done
+
+ # Remove file with zones for this connection
+ rm -f $conn_zones_file &> /dev/null
+ fi
+
+ if [ "$action" == "vpn-up" ] || [ "$action" == "up" ]; then
+ if [ -n "$domains" ]; then
+ for domain in $domains; do
+ # Add forward zone into unbound
+ if [ "$validate_forward_zones" == "no" ]; then
+ unbound-control forward_add +i $domain $nameservers &> /dev/null
+ else
+ unbound-control forward_add $domain $nameservers &> /dev/null
+ fi
+ unbound-control flush_zone $domain &> /dev/null
+ unbound-control flush_requestlist &> /dev/null
+
+ # Create zone info file
+ echo $domain >> $conn_zones_file
+
+ logger "dnssec-trigger-hook(networkmanager) $ifname $action added forward DNS zone $domain $nameservers"
+ done
+ fi
+ fi
+else
+ logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added forward DNS zone(s) - unbound is not running"
+fi
+
+exit 0
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index 2fab395..1832bb7 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -1,14 +1,17 @@
Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving
Name: dnssec-trigger
Version: 0.11
-Release: 11%{?dist}
+Release: 12%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
Source: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
Source1:dnssec-triggerd.service
Source2: dnssec-triggerd-keygen.service
Source3: dnssec-trigger.conf
-Source4: 01-dnssec-trigger-hook-f17
+# Latest NM dispatcher hook from upstream SVN
+# http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk/01-dnssec-trigger-hook.sh.in
+Source4: 01-dnssec-trigger-hook
+Source5: dnssec-trigger.tmpfiles.d
Patch1: dnssec-trigger-0.11-gui.patch
Patch2: dnssec-trigger-842455.patch
# https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=489
@@ -59,9 +62,16 @@ install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/
desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
-# overwrite the stock dhcp hook, as nmcli syntax changed on f17+
+# overwrite the stock NM hook since there is new one in upstream SVN that has not been released yet
cp -p %{SOURCE4} %{buildroot}/%{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook
+# install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 644 %{SOURCE5} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf
+# we must create the /var/run/dnssec-trigger directory
+mkdir -p %{buildroot}%{_localstatedir}/run
+install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
+
# supress the panel name everywhere including the gnome3 panel at the bottom
ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger
@@ -85,6 +95,8 @@ rm -rf ${RPM_BUILD_ROOT}
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop
+%dir %{_localstatedir}/run/%{name}
+%{_tmpfilesdir}/%{name}.conf
%{_bindir}/dnssec-trigger-panel
%{_bindir}/dnssec-trigger
%{_sbindir}/dnssec-trigger*
@@ -115,6 +127,10 @@ fi
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%changelog
+* Fri Aug 09 2013 Tomas Hozza <thozza at redhat.com> - 0.11-12
+- Use improved NM dispatcher script from upstream
+- Added tmpfiles.d config due to improved NM dispatcher script
+
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-11
- link dnssec-trigger.conf.8 to dnssec-trigger.8
- build dnssec-triggerd with full RELRO
diff --git a/dnssec-trigger.tmpfiles.d b/dnssec-trigger.tmpfiles.d
new file mode 100644
index 0000000..000d918
--- /dev/null
+++ b/dnssec-trigger.tmpfiles.d
@@ -0,0 +1 @@
+d /var/run/dnssec-trigger 0755 root root -
More information about the scm-commits
mailing list