[dnssec-trigger] Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update
Pavel Šimerda
pavlix at fedoraproject.org
Tue Jan 20 09:44:34 UTC 2015
commit c6b3534ce9fe4c5d2a868fdf4d5c34b83d57b981
Author: Pavel Šimerda <psimerda at redhat.com>
Date: Tue Jan 20 10:33:54 2015 +0100
Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update
dnssec-trigger-0.12-nm-script.patch | 352 +++++++++++++++++++++++++++++-----
dnssec-trigger-0.12-probe.patch | 39 ++++
dnssec-trigger-0.12-reshook.patch | 34 ++++
dnssec-trigger.spec | 22 ++-
4 files changed, 389 insertions(+), 58 deletions(-)
---
diff --git a/dnssec-trigger-0.12-nm-script.patch b/dnssec-trigger-0.12-nm-script.patch
index 5149bdb..ce584e1 100644
--- a/dnssec-trigger-0.12-nm-script.patch
+++ b/dnssec-trigger-0.12-nm-script.patch
@@ -1,8 +1,8 @@
diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in
-index b572dd1..32d7749 100644
+index b572dd1..b25afc9 100644
--- a/dnssec-trigger-script.in
+++ b/dnssec-trigger-script.in
-@@ -6,7 +6,7 @@
+@@ -6,17 +6,20 @@
"""
from gi.repository import NMClient
@@ -11,7 +11,12 @@ index b572dd1..32d7749 100644
import logging, logging.handlers
import socket, struct
-@@ -15,8 +15,7 @@ DEVNULL = open("/dev/null", "wb")
++# Python compatibility stuff
++if not hasattr(os, "O_CLOEXEC"):
++ os.O_CLOEXEC = 0x80000
++
+ DEVNULL = open("/dev/null", "wb")
+
log = logging.getLogger()
log.setLevel(logging.INFO)
log.addHandler(logging.handlers.SysLogHandler())
@@ -21,7 +26,7 @@ index b572dd1..32d7749 100644
# NetworkManager reportedly doesn't pass the PATH environment variable.
os.environ['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@@ -24,6 +23,24 @@ os.environ['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b
+@@ -24,12 +27,37 @@ os.environ['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b
class UserError(Exception):
pass
@@ -35,7 +40,7 @@ index b572dd1..32d7749 100644
+ dirname = os.path.dirname(self.path)
+ if not os.path.exists(dirname):
+ os.makedirs(dirname)
-+ self.lock = open(self.path, "w")
++ self.lock = os.open(self.path, os.O_WRONLY | os.O_CREAT | os.O_CLOEXEC, 0o600)
+
+ def __enter__(self):
+ fcntl.lockf(self.lock, fcntl.LOCK_EX)
@@ -46,12 +51,50 @@ index b572dd1..32d7749 100644
class Config:
"""Global configuration options"""
-@@ -53,18 +70,17 @@ class ConnectionList:
+ path = "/etc/dnssec.conf"
+- validate_connection_provided_zones = True
+- add_wifi_provided_zones = False
++
++ bool_options = {
++ "debug": False,
++ "validate_connection_provided_zones": True,
++ "add_wifi_provided_zones": False,
++ "use_vpn_global_forwarders": False,
++ "use_resolv_conf_symlink": False,
++ "use_resolv_secure_conf_symlink": False,
++ }
+
+ def __init__(self):
+ try:
+@@ -37,35 +65,36 @@ class Config:
+ for line in config_file:
+ if '=' in line:
+ option, value = [part.strip() for part in line.split("=", 1)]
+- if option == "validate_connection_provided_zones":
+- self.validate_connection_provided_zones = (value == "yes")
+- elif option == "add_wifi_provided_zones":
+- self.add_wifi_provided_zones = (value == "yes")
++ if option in self.bool_options:
++ self.bool_options[option] = (value == "yes")
+ except IOError:
+ pass
+ log.debug(self)
+
+- def __repr__(self):
+- return "<Config validate_connection_provided_zones={validate_connection_provided_zones} add_wifi_provided_zones={add_wifi_provided_zones}>".format(**vars(self))
++ def __getattr__(self, option):
++ return self.bool_options[option]
++
++ def __str__(self):
++ return "<Config {}>".format(self.bool_options)
+
+ class ConnectionList:
+ """List of NetworkManager active connections"""
nm_connections = None
- def __init__(self, only_default=False, skip_wifi=False):
-+ def __init__(self, client, only_default=False, skip_wifi=False):
++ def __init__(self, client, only_default=False, only_vpn=False, skip_wifi=False):
# Cache the active connection list in the class
+ if not client.get_manager_running():
+ raise UserError("NetworkManager is not running.")
@@ -61,15 +104,27 @@ index b572dd1..32d7749 100644
+ self.__class__.nm_connections = client.get_active_connections()
self.skip_wifi = skip_wifi
self.only_default = only_default
++ self.only_vpn = only_vpn
log.debug(self)
def __repr__(self):
- if not list(self):
- raise Exception("!!!")
- return "<ConnectionList(only_default={only_default}, skip_wifi={skip_wifi}, connections={})>".format(list(self), **vars(self))
+- return "<ConnectionList(only_default={only_default}, skip_wifi={skip_wifi}, connections={})>".format(list(self), **vars(self))
++ return "<ConnectionList(only_default={only_default}, only_vpn={only_vpn}, skip_wifi={skip_wifi}, connections={})>".format(list(self), **vars(self))
def __iter__(self):
-@@ -190,10 +206,10 @@ class UnboundZoneConfig:
+ for item in self.nm_connections:
+@@ -82,6 +111,8 @@ class ConnectionList:
+ # Skip non-default connections if appropriate
+ if self.only_default and not connection.is_default:
+ continue
++ if self.only_vpn and not connection.is_vpn:
++ continue
+ yield connection
+
+ def get_zone_connection_mapping(self):
+@@ -190,10 +221,10 @@ class UnboundZoneConfig:
if fields.pop(0) in ('forward', 'forward:'):
fields.pop(0)
secure = False
@@ -82,7 +137,7 @@ index b572dd1..32d7749 100644
log.debug(self)
def __repr__(self):
-@@ -255,7 +271,7 @@ class Store:
+@@ -255,7 +286,7 @@ class Store:
line = line.strip()
if line:
self.cache.add(line)
@@ -91,7 +146,7 @@ index b572dd1..32d7749 100644
pass
log.debug(self)
-@@ -277,10 +293,16 @@ class Store:
+@@ -277,10 +308,16 @@ class Store:
log.debug(self)
def update(self, zones):
@@ -111,7 +166,7 @@ index b572dd1..32d7749 100644
def remove(self, zone):
"""Remove zone from the cache."""
-@@ -309,7 +331,7 @@ class GlobalForwarders:
+@@ -309,10 +346,21 @@ class GlobalForwarders:
line = line.strip()
if line:
self.cache.add(line)
@@ -120,14 +175,30 @@ index b572dd1..32d7749 100644
pass
class Application:
-@@ -328,32 +350,40 @@ class Application:
++ resolvconf = "/etc/resolv.conf"
++ resolvconf_tmp = "/etc/.resolv.conf.dnssec-trigger"
++ resolvconf_secure = "/etc/resolv-secure.conf"
++ resolvconf_secure_tmp = "/etc/.resolv-secure.conf.dnssec-trigger"
++ resolvconf_backup = "/var/run/dnssec-trigger/resolv.conf.backup"
++ resolvconf_trigger = "/var/run/dnssec-trigger/resolv.conf"
++ resolvconf_trigger_tmp = resolvconf_trigger + ".tmp"
++ resolvconf_networkmanager = "/var/run/NetworkManager/resolv.conf"
++
++ resolvconf_localhost_contents = "# Generated by dnssec-trigger-script\nnameserver 127.0.0.1\n"
++
+ def __init__(self, argv):
+ if len(argv) > 1 and argv[1] == '--debug':
+ argv.pop(1)
+@@ -327,108 +375,222 @@ class Application:
+ self.method = getattr(self, "run_" + argv[1][2:].replace('-', '_'))
except AttributeError:
self.usage()
++
self.config = Config()
-+ self.client = NMClient.Client()
++ if self.config.debug:
++ log.setLevel(logging.DEBUG);
+
-+ self.resolvconf = "/etc/resolv.conf"
-+ self.resolvconf_backup = "/var/run/dnssec-trigger/resolv.conf.bak"
++ self.client = NMClient.Client()
def nm_handles_resolv_conf(self):
- if subprocess.call(["pidof", "NetworkManager"], stdout=DEVNULL, stderr=DEVNULL) != 0:
@@ -139,35 +210,129 @@ index b572dd1..32d7749 100644
for line in nm_config_file:
- if line.strip == "dns=none":
+ if line.strip() in ("dns=none", "dns=unbound"):
-+ log.debug("NetworkManager doesn't handle /etc/resolv.conf")
++ log.debug("NetworkManager doesn't handle resolv.conf")
return False
except IOError:
pass
-+ log.debug("NetworkManager handles /etc/resolv.conf")
++ log.debug("NetworkManager handles resolv.conf")
return True
def usage(self):
- raise UserError("Usage: dnssec-trigger-script [--debug] [--async] --prepare|--update|--update-global-forwarders|--update-connection-zones|--cleanup")
+- raise UserError("Usage: dnssec-trigger-script [--debug] [--async] --prepare|--update|--update-global-forwarders|--update-connection-zones|--cleanup")
++ raise UserError("Usage: dnssec-trigger-script [--debug] [--async] --prepare|--setup|--update|--update-global-forwarders|--update-connection-zones|--cleanup")
def run(self):
-- log.debug("Running: {}".format(self.method.__name__))
-- self.method()
-+ with Lock():
-+ log.debug("Running: {}".format(self.method.__name__))
-+ self.method()
+ log.debug("Running: {}".format(self.method.__name__))
+ self.method()
++ def _check_resolv_conf(self, path):
++ try:
++ with open(path) as source:
++ if source.read() != self.resolvconf_localhost_contents:
++ log.warning("Detected incorrect contents of {!r}!".format(path))
++ return False;
++ return True
++ except IOError:
++ return False
++
++ def _write_resolv_conf(self, path):
++ self._try_remove(path)
++ with open(path, "w") as target:
++ target.write(self.resolvconf_localhost_contents)
++
++ def _install_resolv_conf(self, path, path_tmp, symlink=False):
++ if symlink:
++ self._try_remove(path_tmp)
++ os.symlink(self.resolvconf_trigger, path_tmp)
++ self._try_set_mutable(path)
++ os.rename(path_tmp, path)
++ elif not self._check_resolv_conf(path):
++ self._write_resolv_conf(path_tmp)
++ self._try_set_mutable(path)
++ os.rename(path_tmp, path)
++ self._try_set_immutable(path)
++
++ def _try_remove(self, path):
++ self._try_set_mutable(path)
++ try:
++ os.remove(path)
++ except OSError:
++ pass
++
++ def _try_set_immutable(self, path):
++ subprocess.call(["chattr", "+i", path])
++
++ def _try_set_mutable(self, path):
++ if os.path.exists(path) and not os.path.islink(path):
++ subprocess.call(["chattr", "-i", path])
++
def run_prepare(self):
- """Prepare for dnssec-trigger."""
+- """Prepare for dnssec-trigger."""
++ """Prepare for starting dnssec-trigger
++
++ Called by the service manager before starting dnssec-trigger daemon.
++ """
++ # Backup resolv.conf when appropriate
if not self.nm_handles_resolv_conf():
- log.info("Backing up /etc/resolv.conf")
+- log.info("Backing up /etc/resolv.conf")
- shutil.copy("/etc/resolv.conf", "/var/run/dnssec-trigger/resolv.conf.bak")
-+ shutil.copy(self.resolvconf, self.resolvconf_backup)
++ try:
++ log.info("Backing up {} as {}...".format(self.resolvconf, self.resolvconf_backup))
++ shutil.move(self.resolvconf, self.resolvconf_backup)
++ except IOError as error:
++ log.warning("Cannot back up {!r} as {!r}: {}".format(self.resolvconf, self.resolvconf_backup, error.strerror))
++
++ # Make sure dnssec-trigger daemon doesn't get confused by existing files.
++ self._try_remove(self.resolvconf)
++ self._try_remove(self.resolvconf_secure)
++ self._try_remove(self.resolvconf_trigger)
++
++ def run_setup(self):
++ """Set up resolv.conf with localhost nameserver
++
++ Called by dnssec-trigger.
++ """
++
++ self._install_resolv_conf(self.resolvconf_trigger, self.resolvconf_trigger_tmp, False)
++ self._install_resolv_conf(self.resolvconf, self.resolvconf_tmp, self.config.use_resolv_conf_symlink)
++ self._install_resolv_conf(self.resolvconf_secure, self.resolvconf_secure_tmp, self.config.use_resolv_secure_conf_symlink)
++
++ def run_restore(self):
++ """Restore resolv.conf with original data
++
++ Called by dnssec-trigger or internally as part of other actions.
++ """
++
++ self._try_remove(self.resolvconf)
++ self._try_remove(self.resolvconf_secure)
++ self._try_remove(self.resolvconf_trigger)
++
++ log.info("Recovering {}...".format(self.resolvconf))
++ if self.nm_handles_resolv_conf():
++ if os.path.isfile(self.resolvconf_networkmanager):
++ os.symlink(self.resolvconf_networkmanager, self.resolvconf)
++ elif os.path.isfile("/sys/fs/cgroup/systemd"):
++ subprocess.check_call(["systemctl", "--ignore-dependencies", "try-restart", "NetworkManager.service"])
++ else:
++ subprocess.check_call(["/etc/init.d/NetworkManager", "restart"])
++ else:
++ try:
++ shutil.move(self.resolvconf_backup, self.resolvconf)
++ except IOError as error:
++ log.warning("Cannot restore {!r} from {!r}: {}".format(self.resolvconf, self.resolvconf_backup, error.strerror))
def run_cleanup(self):
- """Clean up after dnssec-trigger."""
-@@ -361,6 +391,18 @@ class Application:
+- """Clean up after dnssec-trigger."""
++ """Clean up after dnssec-trigger daemon
++
++ Called by the service manager after stopping dnssec-trigger daemon.
++ """
++
++ self.run_restore()
+
stored_zones = Store('zones')
++ stored_servers = Store('servers')
unbound_zones = UnboundZoneConfig()
+ # provide upgrade path for previous versions
@@ -185,38 +350,121 @@ index b572dd1..32d7749 100644
log.debug("clearing unbound configuration")
for zone in stored_zones:
unbound_zones.remove(zone)
-@@ -370,11 +412,14 @@ class Application:
- log.debug("recovering /etc/resolv.conf")
- subprocess.check_call(["chattr", "-i", "/etc/resolv.conf"])
- if not self.nm_handles_resolv_conf():
+ stored_zones.remove(zone)
++ for server in stored_servers:
++ stored_servers.remove(server)
+ stored_zones.commit()
+-
+- log.debug("recovering /etc/resolv.conf")
+- subprocess.check_call(["chattr", "-i", "/etc/resolv.conf"])
+- if not self.nm_handles_resolv_conf():
- shutil.copy("/var/run/dnssec-trigger/resolv.conf.bak", "/etc/resolv.conf")
-+ try:
-+ shutil.copy(self.resolvconf_backup, self.resolvconf)
-+ except IOError as error:
-+ log.warning("Cannot restore resolv.conf from {!r}: {}".format(self.resolvconf_backup, error.strerror))
- # NetworkManager currently doesn't support explicit /etc/resolv.conf
- # write out. For now we simply restart the daemon.
- elif os.path.exists("/sys/fs/cgroup/systemd"):
+- # NetworkManager currently doesn't support explicit /etc/resolv.conf
+- # write out. For now we simply restart the daemon.
+- elif os.path.exists("/sys/fs/cgroup/systemd"):
- subprocess.check_call(["systemctl", "try-restart", "NetworkManager.service"])
-+ subprocess.check_call(["systemctl", "--ignore-dependencies", "try-restart", "NetworkManager.service"])
- else:
- subprocess.check_call(["/etc/init.d/NetworkManager", "restart"])
+- else:
+- subprocess.check_call(["/etc/init.d/NetworkManager", "restart"])
++ stored_servers.commit()
-@@ -387,7 +432,7 @@ class Application:
+ def run_update(self):
++ """Update unbound and dnssec-trigger configuration."""
++
+ self.run_update_global_forwarders()
+ self.run_update_connection_zones()
- subprocess.check_call(["dnssec-trigger-control", "status"], stdout=DEVNULL, stderr=DEVNULL)
+ def run_update_global_forwarders(self):
+ """Configure global forwarders using dnssec-trigger-control."""
+
+- subprocess.check_call(["dnssec-trigger-control", "status"], stdout=DEVNULL, stderr=DEVNULL)
++ with Lock():
++ subprocess.check_call(["dnssec-trigger-control", "status"], stdout=DEVNULL, stderr=DEVNULL)
++
++ connections = None
++ if self.config.use_vpn_global_forwarders:
++ connections = list(ConnectionList(self.client, only_vpn=True))
++ if not connections:
++ connections = list(ConnectionList(self.client, only_default=True))
- default_connections = ConnectionList(only_default=True)
-+ default_connections = ConnectionList(self.client, only_default=True)
- servers = Store('servers')
+- servers = Store('servers')
++ servers = Store('servers')
+
+- if servers.update(sum((connection.servers for connection in default_connections), [])):
+- subprocess.check_call(["unbound-control", "flush_zone", "."])
+- subprocess.check_call(["dnssec-trigger-control", "submit"] + list(servers))
+- servers.commit()
+- log.info("Global forwarders: {}".format(' '.join(servers)))
++ if servers.update(sum((connection.servers for connection in connections), [])):
++ subprocess.check_call(["unbound-control", "flush_zone", "."])
++ subprocess.check_call(["dnssec-trigger-control", "submit"] + list(servers))
++ servers.commit()
++ log.info("Global forwarders: {}".format(' '.join(servers)))
- if servers.update(sum((connection.servers for connection in default_connections), [])):
-@@ -399,7 +444,7 @@ class Application:
def run_update_connection_zones(self):
"""Configures forward zones in the unbound using unbound-control."""
- connections = ConnectionList(skip_wifi=not self.config.add_wifi_provided_zones).get_zone_connection_mapping()
-+ connections = ConnectionList(self.client, skip_wifi=not self.config.add_wifi_provided_zones).get_zone_connection_mapping()
- unbound_zones = UnboundZoneConfig()
- stored_zones = Store('zones')
+- unbound_zones = UnboundZoneConfig()
+- stored_zones = Store('zones')
+-
+- # The purpose of the zone store is to keep the list of Unbound zones
+- # that are managed by dnssec-trigger-script. We don't want to track
+- # zones accoss Unbound restarts. We want to clear any Unbound zones
+- # that are no longer active in NetworkManager.
+- log.debug("removing stored zones not present in both unbound and an active connection")
+- for zone in stored_zones:
+- if zone not in unbound_zones:
+- stored_zones.remove(zone)
+- elif zone not in connections:
+- unbound_zones.remove(zone)
+- stored_zones.remove(zone)
+-
+- # We need to install zones that are not yet in Unbound. We also need to
+- # reinstall zones that are already managed by dnssec-trigger in case their
+- # list of nameservers was changed.
+- #
+- # TODO: In some cases, we don't seem to flush Unbound cache properly,
+- # even when Unbound is restarted (and dnssec-trigger as well, because
+- # of dependency).
+- log.debug("installing connection provided zones")
+- for zone in connections:
+- if zone in stored_zones or zone not in unbound_zones:
+- unbound_zones.add(zone, connections[zone].servers, secure=self.config.validate_connection_provided_zones)
+- stored_zones.add(zone)
+-
+- stored_zones.commit()
++ with Lock():
++ connections = ConnectionList(self.client, skip_wifi=not self.config.add_wifi_provided_zones).get_zone_connection_mapping()
++ unbound_zones = UnboundZoneConfig()
++ stored_zones = Store('zones')
++
++ # The purpose of the zone store is to keep the list of Unbound zones
++ # that are managed by dnssec-trigger-script. We don't want to track
++ # zones accoss Unbound restarts. We want to clear any Unbound zones
++ # that are no longer active in NetworkManager.
++ log.debug("removing stored zones not present in both unbound and an active connection")
++ for zone in stored_zones:
++ if zone not in unbound_zones:
++ stored_zones.remove(zone)
++ elif zone not in connections:
++ unbound_zones.remove(zone)
++ stored_zones.remove(zone)
++
++ # We need to install zones that are not yet in Unbound. We also need to
++ # reinstall zones that are already managed by dnssec-trigger in case their
++ # list of nameservers was changed.
++ #
++ # TODO: In some cases, we don't seem to flush Unbound cache properly,
++ # even when Unbound is restarted (and dnssec-trigger as well, because
++ # of dependency).
++ log.debug("installing connection provided zones")
++ for zone in connections:
++ if zone in stored_zones or zone not in unbound_zones:
++ unbound_zones.add(zone, connections[zone].servers, secure=self.config.validate_connection_provided_zones)
++ stored_zones.add(zone)
++
++ stored_zones.commit()
+ if __name__ == "__main__":
+ try:
diff --git a/dnssec-trigger-0.12-probe.patch b/dnssec-trigger-0.12-probe.patch
new file mode 100644
index 0000000..ea2611b
--- /dev/null
+++ b/dnssec-trigger-0.12-probe.patch
@@ -0,0 +1,39 @@
+diff --git a/riggerd/probe.c b/riggerd/probe.c
+index b521b09..dcd83dd 100644
+--- a/riggerd/probe.c
++++ b/riggerd/probe.c
+@@ -156,7 +156,7 @@ get_random_dest(void)
+ static const char*
+ get_random_nsec3_dest(void)
+ {
+- const char* choices[] = { "com.", "uk.", "nl.", "de." };
++ const char* choices[] = { "_probe.us.com.", "_probe.uk.com.", "_probe.kr.com.", "_probe.uk.net." };
+ return choices[ ldns_get_random() % 4 ];
+ }
+
+@@ -172,7 +172,7 @@ get_random_auth_ip4(void)
+ "198.41.0.4", /* a */
+ "192.228.79.201", /* b */
+ "192.33.4.12", /* c */
+- "128.8.10.90", /* d */
++ "199.7.91.13", /* d */
+ "192.203.230.10", /* e */
+ "192.5.5.241", /* f */
+ "192.112.36.4", /* g */
+@@ -193,6 +193,7 @@ get_random_auth_ip6(void)
+ /* list of root servers */
+ const char* choices[] = {
+ "2001:503:ba3e::2:30", /* a */
++ "2001:500:2::c", /* c */
+ "2001:500:2d::d", /* d */
+ "2001:500:2f::f", /* f */
+ "2001:500:1::803f:235", /* h */
+@@ -202,7 +203,7 @@ get_random_auth_ip6(void)
+ "2001:500:3::42", /* l */
+ "2001:dc3::35" /* m */
+ };
+- return choices[ ldns_get_random() % 9 ];
++ return choices[ ldns_get_random() % 10 ];
+ }
+
+ static const char* get_random_tcp80_ip4(struct cfg* cfg)
diff --git a/dnssec-trigger-0.12-reshook.patch b/dnssec-trigger-0.12-reshook.patch
new file mode 100644
index 0000000..52f5518
--- /dev/null
+++ b/dnssec-trigger-0.12-reshook.patch
@@ -0,0 +1,34 @@
+diff --git a/riggerd/reshook.c b/riggerd/reshook.c
+index c5e6250..f35d4af 100644
+--- a/riggerd/reshook.c
++++ b/riggerd/reshook.c
+@@ -256,6 +256,9 @@ void hook_resolv_localhost(struct cfg* cfg)
+ win_set_resolv("127.0.0.1");
+ #else /* not on windows */
+ # ifndef HOOKS_OSX /* on Linux/BSD */
++ if (system("/usr/libexec/dnssec-trigger-script --setup") == 0)
++ return;
++
+ if(really_set_to_localhost(cfg)) {
+ /* already done, do not do it again, that would open
+ * a brief moment of mutable resolv.conf */
+@@ -281,6 +284,9 @@ void hook_resolv_iplist(struct cfg* cfg, struct probe_ip* list)
+ #if defined(HOOKS_OSX) || defined(USE_WINSOCK)
+ char iplist[10240];
+ iplist[0] = 0;
++#else
++ if (system("/usr/libexec/dnssec-trigger-script --restore") == 0)
++ return;
+ #endif
+ set_to_localhost = 0;
+ if(cfg->noaction)
+@@ -323,7 +329,8 @@ void hook_resolv_flush(struct cfg* cfg)
+ (void)cfg;
+ #ifdef HOOKS_OSX
+ /* dscacheutil on 10.5 an later, lookupd before that */
+- system("dscacheutil -flushcache || lookupd -flushcache");
++ system("dscacheutil -flushcache || lookupd -flushcache || discoveryutil udnsflushcaches");
++ system("discoveryutil mdnsflushcache");
+ #elif defined(USE_WINSOCK)
+ win_run_cmd("ipconfig /flushdns");
+ #else
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index 237c06d..b5c2288 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -3,16 +3,17 @@
Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving
Name: dnssec-trigger
Version: 0.12
-Release: 15%{?dist}
+Release: 16%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
Source1: dnssec-trigger.conf
Source2: dnssec-trigger.tmpfiles.d
-# Fix dnssec-trigger-script (diff between 0.12 and what has been submitted to
-# upstream)
-#
+# Most patches are just diffs of specific files between 0.12 release and the
+# current upstream head. Sometimes the patch also includes code that has just
+# been submitted upstream.
+
# Upstream often squashes our patches so it's more practical to use just one
# patch. Please don't forget to submit the changes to upstream before
# updating the patch.
@@ -23,11 +24,17 @@ Source2: dnssec-trigger.tmpfiles.d
# https://bugzilla.redhat.com/show_bug.cgi?id=842455
# https://bugzilla.redhat.com/show_bug.cgi?id=1111143
# https://bugzilla.redhat.com/show_bug.cgi?id=1112248
+# https://bugzilla.redhat.com/show_bug.cgi?id=1165126
+# https://bugzilla.redhat.com/show_bug.cgi?id=1125267
+# https://bugzilla.redhat.com/show_bug.cgi?id=1089766
Patch2: dnssec-trigger-0.12-nm-script.patch
-# Fix dnssec-triggerd.service
-#
# https://bugzilla.redhat.com/show_bug.cgi?id=1112248
Patch3: dnssec-trigger-0.12-service.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1165126
+# https://bugzilla.redhat.com/show_bug.cgi?id=1125267
+Patch4: dnssec-trigger-0.12-reshook.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=824219
+Patch5: dnssec-trigger-0.12-probe.patch
Requires(postun): initscripts
Requires: ldns >= 1.6.10, NetworkManager-glib, unbound, xdg-utils
@@ -145,6 +152,9 @@ fi
%systemd_postun_with_restart %{name}d.service
%changelog
+* Tue Jan 20 2015 Pavel Šimerda <psimerda at redhat.com> - 0.12-16
+- Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update
+
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.12-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
More information about the scm-commits
mailing list