diff options
author | Christian Ruppert <idl0r@gentoo.org> | 2010-05-23 20:44:50 +0000 |
---|---|---|
committer | Christian Ruppert <idl0r@gentoo.org> | 2010-05-23 20:44:50 +0000 |
commit | a68601e8679df39b65a5991884011fac227673f7 (patch) | |
tree | 722a9b2666080265b08d4495ceffdc712f003459 | |
parent | Force python-2.4 usage #304521 by Domen Kožar. Apply upshader patch from up... (diff) | |
download | gentoo-2-a68601e8679df39b65a5991884011fac227673f7.tar.gz gentoo-2-a68601e8679df39b65a5991884011fac227673f7.tar.bz2 gentoo-2-a68601e8679df39b65a5991884011fac227673f7.zip |
Improve chroot part, bug 321071. Version bump from bind-9.6.1_p3 to bind-9.6.2_p2. bind-9.7.0_p2 revbump. Add chaos view to files/named.conf-r4.
(Portage version: 2.2_rc67/cvs/Linux x86_64)
-rw-r--r-- | net-dns/bind/ChangeLog | 12 | ||||
-rw-r--r-- | net-dns/bind/bind-9.6.2_p2.ebuild (renamed from net-dns/bind/bind-9.6.1_p3-r1.ebuild) | 132 | ||||
-rw-r--r-- | net-dns/bind/bind-9.7.0_p2-r1.ebuild (renamed from net-dns/bind/bind-9.7.0_p2.ebuild) | 83 | ||||
-rw-r--r-- | net-dns/bind/files/named.conf-r4 | 43 | ||||
-rw-r--r-- | net-dns/bind/files/named.init-r7 | 22 |
5 files changed, 175 insertions, 117 deletions
diff --git a/net-dns/bind/ChangeLog b/net-dns/bind/ChangeLog index 7d63243c5711..d65d30c6581f 100644 --- a/net-dns/bind/ChangeLog +++ b/net-dns/bind/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-dns/bind # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.274 2010/05/22 09:04:13 jlec Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.275 2010/05/23 20:44:50 idl0r Exp $ + +*bind-9.7.0_p2-r1 (23 May 2010) +*bind-9.6.2_p2 (23 May 2010) + + 23 May 2010; Christian Ruppert <idl0r@gentoo.org> + -bind-9.6.1_p3-r1.ebuild, +bind-9.6.2_p2.ebuild, -bind-9.7.0_p2.ebuild, + +bind-9.7.0_p2-r1.ebuild, files/named.conf-r4, files/named.init-r7: + Improve chroot part, bug 321071. Version bump from bind-9.6.1_p3 to + bind-9.6.2_p2. bind-9.7.0_p2 revbump. Add chaos view to + files/named.conf-r4. 22 May 2010; Justin Lecher <jlec@gentoo.org> bind-9.7.0_p2.ebuild: Removed epause in EAPI=3 ebuilds diff --git a/net-dns/bind/bind-9.6.1_p3-r1.ebuild b/net-dns/bind/bind-9.6.2_p2.ebuild index da5f071f11b5..56dafb598643 100644 --- a/net-dns/bind/bind-9.6.1_p3-r1.ebuild +++ b/net-dns/bind/bind-9.6.2_p2.ebuild @@ -1,8 +1,8 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.6.1_p3-r1.ebuild,v 1.4 2010/05/13 00:13:32 idl0r Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.6.2_p2.ebuild,v 1.1 2010/05/23 20:44:50 idl0r Exp $ -EAPI="2" +EAPI="3" inherit eutils autotools toolchain-funcs flag-o-matic @@ -93,17 +93,18 @@ src_prepare() { # Upstream URL: http://bind9-ldap.bayour.com/ use sdb-ldap && epatch "${WORKDIR}"/sdb-ldap/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch - use geoip && epatch "${DISTDIR}"/${GEOIP_P}.patch + if use geoip; then + cp "${DISTDIR}"/${GEOIP_P}.patch "${S}" || die + sed -i -e 's/-RELEASEVER=3/-RELEASEVER=2/' \ + -e 's/+RELEASEVER=3-geoip-1.3/+RELEASEVER=2-geoip-1.3/' \ + ${GEOIP_P}.patch || die + epatch ${GEOIP_P}.patch + fi # bug #220361 rm {aclocal,libtool}.m4 WANT_AUTOCONF=2.5 AT_NO_RECURSIVE=1 eautoreconf - # bug #151839 - sed -i -e \ - 's:struct isc_socket {:#undef SO_BSDCOMPAT\n\nstruct isc_socket {:' \ - lib/isc/unix/socket.c || die - # remove useless c++ checks epunt_cxx } @@ -116,8 +117,8 @@ src_configure() { use postgres && myconf="${myconf} --with-dlz-postgres" use mysql && myconf="${myconf} --with-dlz-mysql" use berkdb && myconf="${myconf} --with-dlz-bdb" - use ldap && myconf="${myconf} --with-dlz-ldap" - use odbc && myconf="${myconf} --with-dlz-odbc" + use ldap && myconf="${myconf} --with-dlz-ldap" + use odbc && myconf="${myconf} --with-dlz-odbc" } if use threads; then @@ -134,7 +135,6 @@ src_configure() { ewarn myconf="${myconf} --disable-linux-caps --disable-threads" ewarn "Threading support disabled" - epause 10 else myconf="${myconf} --enable-linux-caps --enable-threads" einfo "Threading support enabled" @@ -153,7 +153,8 @@ src_configure() { # bug #158664 gcc-specs-ssp && replace-flags -O[23s] -O - export BUILD_CC="${CBUILD}-gcc" + + export BUILD_CC=$(tc-getBUILD_CC) econf \ --sysconfdir=/etc/bind \ --localstatedir=/var \ @@ -163,6 +164,9 @@ src_configure() { $(use_enable ipv6) \ $(use_with xml libxml2) \ ${myconf} + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h } src_install() { @@ -201,12 +205,8 @@ src_install() { use geoip && dodoc "${DISTDIR}"/${GEOIP_P}-readme.txt - newenvd "${FILESDIR}"/10bind.env 10bind || die - - keepdir /var/bind/sec - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r3 named.conf || die + newins "${FILESDIR}"/named.conf-r4 named.conf || die # ftp://ftp.rs.internic.net/domain/named.cache: insinto /var/bind @@ -219,41 +219,49 @@ src_install() { newinitd "${FILESDIR}"/named.init-r7 named || die newconfd "${FILESDIR}"/named.confd-r3 named || die - dosym /var/bind/named.cache /var/bind/root.cache - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec + newenvd "${FILESDIR}"/10bind.env 10bind || die # Let's get rid of those tools and their manpages since they're provided by bind-tools rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} + + dosym /var/bind/named.cache /var/bind/root.cache || die + dosym /var/bind/pri /etc/bind/pri || die + dosym /var/bind/sec /etc/bind/sec || die + keepdir /var/bind/sec + + dodir /var/{run,log}/named || die + + fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri} + fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/named.conf + fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/named.conf + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/{run,log}/named /var/bind/{,sec} } pkg_postinst() { if [ ! -f '/etc/bind/rndc.key' ]; then if [ -c /dev/urandom ]; then einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a -u named + /usr/sbin/rndc-confgen -r /dev/urandom -a echo else einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a -u named + /usr/sbin/rndc-confgen -a echo fi + chown root:named /etc/bind/rndc.key + chmod 0640 /etc/bind/rndc.key fi - install -d -o named -g named "${ROOT}"/var/run/named \ - "${ROOT}"/var/bind/{pri,sec} "${ROOT}"/var/log/named - chown -R named:named "${ROOT}"/var/bind - einfo "The default zone files are now installed as *.zone," einfo "be careful merging config files if you have modified" - einfo "/var/bind/pri/127 or /var/bind/pri/localhost" + einfo "/var/bind/pri/127.zone or /var/bind/pri/localhost.zone" einfo einfo "You can edit /etc/conf.d/named to customize named settings" einfo - einfo "The BIND ebuild now includes chroot support." einfo "If you like to run bind in chroot AND this is a new install OR" einfo "your bind doesn't already run in chroot, simply run:" einfo "\`emerge --config '=${CATEGORY}/${PF}'\`" @@ -273,49 +281,55 @@ pkg_postinst() { einfo " zone "com" IN { type delegation-only; };" einfo " zone "net" IN { type delegation-only; };" - ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." + CHROOT=$(sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null) + if [[ -n ${CHROOT} && -d ${CHROOT} ]]; then + ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." + fi } pkg_config() { - CHROOT=`sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null` - EXISTS="no" + CHROOT=$(sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null) - if [ -z "${CHROOT}" -a ! -d "/chroot/dns" ]; then + if [ -z "${CHROOT}" ]; then CHROOT="/chroot/dns" - elif [ -d ${CHROOT} ]; then - eerror; eerror "${CHROOT:-/chroot/dns} already exists. Quitting."; eerror; EXISTS="yes" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of 'bind-9.6.1' the chroot part of the init-script got some major changes." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 fi - if [ ! "$EXISTS" = yes ]; then - einfo ; einfon "Setting up the chroot directory..." + echo; einfo "Setting up the chroot directory..." - mkdir -m 750 -p ${CHROOT} - mkdir -p ${CHROOT}/{dev,proc,etc/bind,var/{run,log}/named,var/bind} - chown -R named:named ${CHROOT} - chown root:named ${CHROOT} + mkdir -m 0750 -p ${CHROOT} + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} + mkdir -m 0750 -p ${CHROOT}/etc/bind + mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} + chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind - cp /etc/localtime ${CHROOT}/etc/localtime + cp /etc/localtime ${CHROOT}/etc/localtime - mknod ${CHROOT}/dev/zero c 1 5 - chmod 666 ${CHROOT}/dev/zero + mknod ${CHROOT}/dev/null c 1 3 + chmod 0666 ${CHROOT}/dev/null - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 666 ${CHROOT}/dev/random - fi + mknod ${CHROOT}/dev/zero c 1 5 + chmod 0666 ${CHROOT}/dev/zero - if [ -f '/etc/syslog-ng/syslog-ng.conf' ]; then - echo "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" >>/etc/syslog-ng/syslog-ng.conf - fi - - grep -q "^#[[:blank:]]\?CHROOT" /etc/conf.d/named ; RETVAL=$? - if [ $RETVAL = 0 ]; then - sed -i 's/^# \?\(CHROOT.*\)$/\1/' /etc/conf.d/named 2>/dev/null - fi + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 + chmod 0666 ${CHROOT}/dev/urandom else - ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." + mknod ${CHROOT}/dev/random c 1 8 + chmod 0666 ${CHROOT}/dev/random + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" + + grep -q "^#[[:blank:]]\?CHROOT" /etc/conf.d/named ; RETVAL=$? + if [ $RETVAL = 0 ]; then + sed -i 's/^# \?\(CHROOT.*\)$/\1/' /etc/conf.d/named 2>/dev/null fi } diff --git a/net-dns/bind/bind-9.7.0_p2.ebuild b/net-dns/bind/bind-9.7.0_p2-r1.ebuild index 6d5c07da30f8..d9ac1fade18e 100644 --- a/net-dns/bind/bind-9.7.0_p2.ebuild +++ b/net-dns/bind/bind-9.7.0_p2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.0_p2.ebuild,v 1.3 2010/05/22 09:04:13 jlec Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.0_p2-r1.ebuild,v 1.1 2010/05/23 20:44:50 idl0r Exp $ EAPI="3" @@ -105,11 +105,6 @@ src_prepare() { rm {aclocal,libtool}.m4 WANT_AUTOCONF=2.5 AT_NO_RECURSIVE=1 eautoreconf - # bug #151839 - sed -i -e \ - 's:struct isc_socket {:#undef SO_BSDCOMPAT\n\nstruct isc_socket {:' \ - lib/isc/include/isc/socket.h || die - # remove useless c++ checks epunt_cxx } @@ -169,6 +164,9 @@ src_configure() { $(use_enable ipv6) \ $(use_with xml libxml2) \ ${myconf} + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h } src_install() { @@ -260,11 +258,10 @@ pkg_postinst() { einfo "The default zone files are now installed as *.zone," einfo "be careful merging config files if you have modified" - einfo "/var/bind/pri/127 or /var/bind/pri/localhost" + einfo "/var/bind/pri/127.zone or /var/bind/pri/localhost.zone" einfo einfo "You can edit /etc/conf.d/named to customize named settings" einfo - einfo "The BIND ebuild now includes chroot support." einfo "If you like to run bind in chroot AND this is a new install OR" einfo "your bind doesn't already run in chroot, simply run:" einfo "\`emerge --config '=${CATEGORY}/${PF}'\`" @@ -284,51 +281,55 @@ pkg_postinst() { einfo " zone "com" IN { type delegation-only; };" einfo " zone "net" IN { type delegation-only; };" - ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." + CHROOT=$(sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null) + if [[ -n ${CHROOT} && -d ${CHROOT} ]]; then + ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." + fi } pkg_config() { - CHROOT=`sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null` - EXISTS="no" + CHROOT=$(sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null) - if [ -z "${CHROOT}" -a ! -d "/chroot/dns" ]; then + if [ -z "${CHROOT}" ]; then CHROOT="/chroot/dns" - elif [ -d ${CHROOT} ]; then - eerror; eerror "${CHROOT:-/chroot/dns} already exists. Quitting."; eerror; EXISTS="yes" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of 'bind-9.6.1' the chroot part of the init-script got some major changes." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 fi - if [ ! "$EXISTS" = yes ]; then - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} - mkdir -m 0750 ${CHROOT}/etc/bind - mkdir -m 0770 ${CHROOT}/var/{bind,{run,log}/named} - chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind + echo; einfo "Setting up the chroot directory..." - cp /etc/localtime ${CHROOT}/etc/localtime + mkdir -m 0750 -p ${CHROOT} + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} + mkdir -m 0750 -p ${CHROOT}/etc/bind + mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} + chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero + cp /etc/localtime ${CHROOT}/etc/localtime - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random - fi + mknod ${CHROOT}/dev/null c 1 3 + chmod 0666 ${CHROOT}/dev/null - if [ -f '/etc/syslog-ng/syslog-ng.conf' ]; then - elog "You should add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" - fi + mknod ${CHROOT}/dev/zero c 1 5 + chmod 0666 ${CHROOT}/dev/zero - grep -q "^#[[:blank:]]\?CHROOT" /etc/conf.d/named ; RETVAL=$? - if [ $RETVAL = 0 ]; then - sed -i 's/^# \?\(CHROOT.*\)$/\1/' /etc/conf.d/named 2>/dev/null - fi + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 + chmod 0666 ${CHROOT}/dev/urandom else - ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." + mknod ${CHROOT}/dev/random c 1 8 + chmod 0666 ${CHROOT}/dev/random + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" + + grep -q "^#[[:blank:]]\?CHROOT" /etc/conf.d/named ; RETVAL=$? + if [ $RETVAL = 0 ]; then + sed -i 's/^# \?\(CHROOT.*\)$/\1/' /etc/conf.d/named 2>/dev/null fi } diff --git a/net-dns/bind/files/named.conf-r4 b/net-dns/bind/files/named.conf-r4 index 9c41c68c62d1..c82d13b06ced 100644 --- a/net-dns/bind/files/named.conf-r4 +++ b/net-dns/bind/files/named.conf-r4 @@ -30,8 +30,8 @@ options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; - /* https://www.isc.org/solutions/dlv */ - bindkeys-file "/etc/bind/bind.keys"; + /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ + //bindkeys-file "/etc/bind/bind.keys"; listen-on-v6 { none; }; listen-on { 127.0.0.1; }; @@ -126,6 +126,8 @@ view "internal" in { file "pri/localhost.zone"; allow-update { none; }; notify no; + allow-query { any; }; + allow-transfer { none; }; }; zone "127.in-addr.arpa" IN { @@ -133,6 +135,8 @@ view "internal" in { file "pri/127.zone"; allow-update { none; }; notify no; + allow-query { any; }; + allow-transfer { none; }; }; /* @@ -144,6 +148,19 @@ view "internal" in { * include "/etc/bind/zones.cfg"; * for "internal" and "public" view. */ + + /* + * Briefly, a zone which has been declared delegation-only will be effectively + * limited to containing NS RRs for subdomains, but no actual data beyond its + * own apex (for example, its SOA RR and apex NS RRset). This can be used to + * filter out "wildcard" or "synthesized" data from NAT boxes or from + * authoritative name servers whose undelegated (in-zone) data is of no + * interest. + * See http://www.isc.org/software/bind/delegation-only for more info + */ + + //zone "COM" { type delegation-only; }; + //zone "NET" { type delegation-only; }; }; view "public" in { @@ -167,6 +184,7 @@ view "public" in { // type master; // file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; // allow-query { any; }; + // allow-transfer { xfer; }; //}; //zone "YOUR-SLAVE.TLD" { @@ -182,17 +200,14 @@ view "public" in { // allow-notify { <MASTER>; }; // notify no; //}; +}; - /* - * Briefly, a zone which has been declared delegation-only will be effectively - * limited to containing NS RRs for subdomains, but no actual data beyond its - * own apex (for example, its SOA RR and apex NS RRset). This can be used to - * filter out "wildcard" or "synthesized" data from NAT boxes or from - * authoritative name servers whose undelegated (in-zone) data is of no - * interest. - * See http://www.isc.org/products/BIND/delegation-only.html for more info - */ - - //zone "COM" { type delegation-only; }; - //zone "NET" { type delegation-only; }; +/* Hide the bind version */ +view "chaos" chaos { + match-clients { any; }; + allow-query { none; }; + zone "." { + type hint; + file "/dev/null"; // or any empty file + }; }; diff --git a/net-dns/bind/files/named.init-r7 b/net-dns/bind/files/named.init-r7 index b722db4f78ba..177be7647240 100644 --- a/net-dns/bind/files/named.init-r7 +++ b/net-dns/bind/files/named.init-r7 @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2009 Gentoo Foundation +# Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r7,v 1.2 2010/02/25 19:03:31 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/files/named.init-r7,v 1.3 2010/05/23 20:44:50 idl0r Exp $ opts="start stop reload restart" @@ -47,6 +47,20 @@ _umount() { fi } +check_chroot() { + if [[ -n ${CHROOT} ]]; then + [[ ! -d ${CHROOT} ]] && return 1 + [[ ! -d ${CHROOT}/dev || ! -d ${CHROOT}/etc || ! -d ${CHROOT}/var ]] && return 1 + [[ ! -d ${CHROOT}/var/run || ! -d ${CHROOT}/var/log ]] && return 1 + [[ ! -d ${CHROOT}/etc/bind || ! -d ${CHROOT}/var/bind ]] && return 1 + [[ ! -d ${CHROOT}/var/run/named || ! -d ${CHROOT}/var/log/named ]] && return 1 + [[ ! -e ${CHROOT}/etc/localtime ]] && return 1 + [[ ! -c ${CHROOT}/dev/null || ! -c ${CHROOT}/dev/zero ]] && return 1 + [[ ! -c ${CHROOT}/dev/random && ! -c ${CHROOT}/dev/urandom ]] && return 1 + fi + return 0 +} + checkconfig() { if [ ! -f ${CHROOT}/etc/bind/named.conf ] ; then eerror "No ${CHROOT}/etc/bind/named.conf file exists!" @@ -74,6 +88,10 @@ start() { if [[ -n ${CHROOT} ]]; then + check_chroot || { + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } einfo "Mounting chroot dirs" _mount /etc/bind ${CHROOT}/etc/bind -o bind _mount /var/bind ${CHROOT}/var/bind -o bind |