From 86f14126ab392a98879b631db6b877b8e0340630 Mon Sep 17 00:00:00 2001 From: John Klug Date: Tue, 24 Oct 2017 09:56:34 -0500 Subject: New dnsmasq fixing CVE-2017-13704, 14491-14496 --- recipes-support/dnsmasq/dnsmasq.inc | 83 ++++++ recipes-support/dnsmasq/dnsmasq_2.78.bb | 5 + recipes-support/dnsmasq/files/99_dnsmasq | 1 + .../dnsmasq/files/dnsmasq-noresolvconf.service | 15 ++ .../dnsmasq/files/dnsmasq-resolvconf-helper | 62 +++++ .../dnsmasq/files/dnsmasq-resolvconf.service | 17 ++ recipes-support/dnsmasq/files/dnsmasq.conf | 293 +++++++++++++++++++++ recipes-support/dnsmasq/files/dnsmasq.resolvconf | 84 ++++++ recipes-support/dnsmasq/files/init | 117 ++++++++ 9 files changed, 677 insertions(+) create mode 100644 recipes-support/dnsmasq/dnsmasq.inc create mode 100644 recipes-support/dnsmasq/dnsmasq_2.78.bb create mode 100644 recipes-support/dnsmasq/files/99_dnsmasq create mode 100644 recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service create mode 100644 recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper create mode 100644 recipes-support/dnsmasq/files/dnsmasq-resolvconf.service create mode 100755 recipes-support/dnsmasq/files/dnsmasq.conf create mode 100755 recipes-support/dnsmasq/files/dnsmasq.resolvconf create mode 100644 recipes-support/dnsmasq/files/init diff --git a/recipes-support/dnsmasq/dnsmasq.inc b/recipes-support/dnsmasq/dnsmasq.inc new file mode 100644 index 0000000..9ef54fe --- /dev/null +++ b/recipes-support/dnsmasq/dnsmasq.inc @@ -0,0 +1,83 @@ +SUMMARY = "Lightweight, easy to configure DNS forwarder and DHCP server" +HOMEPAGE = "http://www.thekelleys.org.uk/dnsmasq/doc.html" +SECTION = "net" +# GPLv3 was added in version 2.41 as license option +LICENSE = "GPLv2 | GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ + file://COPYING-v3;md5=d32239bcb673463ab874e80d47fae504" + +#at least versions 2.15 and prior are moved to the archive folder on the server +SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getVar('PV',1).split('.')[1]) > 15]}dnsmasq-${PV}.tar.gz;name=dnsmasq-${PV} \ + file://init \ + file://dnsmasq.conf \ + file://dnsmasq-resolvconf.service \ + file://dnsmasq-noresolvconf.service \ +" + +inherit pkgconfig update-rc.d systemd + +INITSCRIPT_NAME = "dnsmasq" +INITSCRIPT_PARAMS = "defaults" + +PACKAGECONFIG ?= "" +PACKAGECONFIG[dbus] = ",,dbus" +PACKAGECONFIG[idn] = ",,libidn" +PACKAGECONFIG[conntrack] = ",,libnetfilter-conntrack" +PACKAGECONFIG[lua] = ",,lua" +PACKAGECONFIG[resolvconf] = ",,,resolvconf" +EXTRA_OEMAKE = "\ + 'COPTS=${@bb.utils.contains('PACKAGECONFIG', 'dbus', '-DHAVE_DBUS', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'idn', '-DHAVE_IDN', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'conntrack', '-DHAVE_CONNTRACK', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'lua', '-DHAVE_LUASCRIPT', '', d)}' \ + 'CFLAGS=${CFLAGS}' \ + 'LDFLAGS=${LDFLAGS}' \ +" + +SRC_URI += "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'file://dnsmasq.resolvconf file://99_dnsmasq file://dnsmasq-resolvconf-helper', '', d)}" + +do_compile_append() { + # build dhcp_release + cd ${S}/contrib/lease-tools + oe_runmake +} + +do_install () { + oe_runmake "PREFIX=${D}${prefix}" \ + "BINDIR=${D}${bindir}" \ + "MANDIR=${D}${mandir}" \ + install + install -d ${D}${sysconfdir}/ ${D}${sysconfdir}/init.d ${D}${sysconfdir}/dnsmasq.d + install -m 644 ${WORKDIR}/dnsmasq.conf ${D}${sysconfdir}/ + install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/dnsmasq + + install -d ${D}${systemd_unitdir}/system + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'resolvconf', '', d)}" != "" ]; then + install -m 0644 ${WORKDIR}/dnsmasq-resolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service + else + install -m 0644 ${WORKDIR}/dnsmasq-noresolvconf.service ${D}${systemd_unitdir}/system/dnsmasq.service + fi + + install -m 0755 ${S}/contrib/lease-tools/dhcp_release ${D}${bindir} + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'dbus', 'dbus', '', d)}" != "" ]; then + install -d ${D}${sysconfdir}/dbus-1/system.d + install -m 644 dbus/dnsmasq.conf ${D}${sysconfdir}/dbus-1/system.d/ + fi + if [ "${@bb.utils.contains('PACKAGECONFIG', 'resolvconf', 'resolvconf', '', d)}" != "" ]; then + install -d ${D}${sysconfdir}/resolvconf/update.d/ + install -m 0755 ${WORKDIR}/dnsmasq.resolvconf ${D}${sysconfdir}/resolvconf/update.d/dnsmasq + + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/99_dnsmasq ${D}${sysconfdir}/default/volatiles + install -m 0755 ${WORKDIR}/dnsmasq-resolvconf-helper ${D}${bindir} + fi +} + +CONFFILES_${PN} = "${sysconfdir}/dnsmasq.conf" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "dnsmasq.service" diff --git a/recipes-support/dnsmasq/dnsmasq_2.78.bb b/recipes-support/dnsmasq/dnsmasq_2.78.bb new file mode 100644 index 0000000..a2641f1 --- /dev/null +++ b/recipes-support/dnsmasq/dnsmasq_2.78.bb @@ -0,0 +1,5 @@ +require dnsmasq.inc + +SRC_URI[dnsmasq-2.78.md5sum] = "3bb97f264c73853f802bf70610150788" +SRC_URI[dnsmasq-2.78.sha256sum] = "c92e5d78aa6353354d02aabf74590d08980bb1385d8a00b80ef9bc80430aa1dc" + diff --git a/recipes-support/dnsmasq/files/99_dnsmasq b/recipes-support/dnsmasq/files/99_dnsmasq new file mode 100644 index 0000000..f52ce4e --- /dev/null +++ b/recipes-support/dnsmasq/files/99_dnsmasq @@ -0,0 +1 @@ +d root root 0755 /run/dnsmasq none diff --git a/recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service b/recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service new file mode 100644 index 0000000..0c64fab --- /dev/null +++ b/recipes-support/dnsmasq/files/dnsmasq-noresolvconf.service @@ -0,0 +1,15 @@ +[Unit] +Description=DNS forwarder and DHCP server +After=network.target + +[Service] +Type=forking +PIDFile=/run/dnsmasq.pid +ExecStartPre=/usr/bin/dnsmasq --test +ExecStart=/usr/bin/dnsmasq -x /run/dnsmasq.pid -7 /etc/dnsmasq.d --local-service +ExecStop=/bin/kill $MAINPID +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + diff --git a/recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper b/recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper new file mode 100644 index 0000000..db54d46 --- /dev/null +++ b/recipes-support/dnsmasq/files/dnsmasq-resolvconf-helper @@ -0,0 +1,62 @@ +#!/bin/bash +# +# Borrowing heavily from the dnsmasq initscript's version of support for +# resolvconf, intended for use in systemd-only configurations. +# +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dnsmasq +NAME=dnsmasq + +# Most configuration options in /etc/default/dnsmasq are deprecated +# but still honoured. +if [ -r /etc/default/$NAME ]; then + . /etc/default/$NAME +fi + +start_resolvconf() +{ + # If interface "lo" is explicitly disabled in /etc/default/dnsmasq + # Then dnsmasq won't be providing local DNS, so don't add it to + # the resolvconf server set. + for interface in $DNSMASQ_EXCEPT + do + [ $interface = lo ] && return + done + + if [ -x /sbin/resolvconf ] ; then + echo "nameserver 127.0.0.1" | + /sbin/resolvconf -a lo.$NAME + fi + return 0 +} + +stop_resolvconf() +{ + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d lo.$NAME + fi + return 0 +} + +case "$1" in + start) + start_resolvconf + exit 0 + ;; + stop) + stop_resolvconf + exit 0 + ;; + restart) + stop_resolvconf + start_resolvconf + exit 0 + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart}" >&2 + exit 3 + ;; +esac + +exit 0 + diff --git a/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service b/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service new file mode 100644 index 0000000..2980f7d --- /dev/null +++ b/recipes-support/dnsmasq/files/dnsmasq-resolvconf.service @@ -0,0 +1,17 @@ +[Unit] +Description=DNS forwarder and DHCP server +After=network.target + +[Service] +Type=forking +PIDFile=/run/dnsmasq.pid +ExecStartPre=/usr/bin/dnsmasq --test +ExecStart=/usr/bin/dnsmasq -x /run/dnsmasq.pid -7 /etc/dnsmasq.d --local-service +ExecStartPost=/usr/bin/dnsmasq-resolvconf-helper start +ExecStopPre=/usr/bin/dnsmasq-resolvconf-helper stop +ExecStop=/bin/kill $MAINPID +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target + diff --git a/recipes-support/dnsmasq/files/dnsmasq.conf b/recipes-support/dnsmasq/files/dnsmasq.conf new file mode 100755 index 0000000..34d5135 --- /dev/null +++ b/recipes-support/dnsmasq/files/dnsmasq.conf @@ -0,0 +1,293 @@ +# Configuration file for dnsmasq. +# +# Format is one option per line, legal options are the same +# as the long options legal on the command line. See +# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. + +# Change these lines if you want dnsmasq to serve MX records. +# Only one of mx-host and mx-target need be set, the other defaults +# to the name of the host running dnsmasq. +#mx-host= +#mx-target= +#selfmx +#localmx + +# The following two options make you a better netizen, since they +# tell dnsmasq to filter out queries which the public DNS cannot +# answer, and which load the servers (especially the root servers) +# uneccessarily. If you have a dial-on-demand link they also stop +# these requests from bringing up the link uneccessarily. + +# Never forward plain names (with a dot or domain part) +domain-needed +# Never forward addresses in the non-routed address spaces. +bogus-priv + + +# Uncomment this to filter useless windows-originated DNS requests +# which can trigger dial-on-demand links needlessly. +# Note that (amongst other things) this blocks all SRV requests, +# so don't use it if you use eg Kerberos. +#filterwin2k + +# Change this line if you want dns to get its upstream servers from +# somewhere other that /etc/resolv.conf +#resolv-file= + +# By default, dnsmasq will send queries to any of the upstream +# servers it knows about and tries to favour servers to are known +# to be up. Uncommenting this forces dnsmasq to try each query +# with each server strictly in the order they appear in +# /etc/resolv.conf +#strict-order + +# If you don't want dnsmasq to read /etc/resolv.conf or any other +# file, getting its servers for this file instead (see below), then +# uncomment this +#no-resolv + +# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv +# files for changes and re-read them then uncomment this. +#no-poll + +# Add other name servers here, with domain specs if they are for +# non-public domains. +#server=/localnet/192.168.0.1 + +# Add local-only domains here, queries in these domains are answered +# from /etc/hosts or DHCP only. +#local=/localnet/ + +# Add domains which you want to force to an IP address here. +# The example below send any host in doubleclick.net to a local +# webserver. +#address=/doubleclick.net/127.0.0.1 + +# You no longer (as of version 1.7) need to set these to enable +# dnsmasq to read /etc/ppp/resolv.conf since dnsmasq now uses the +# "dip" group to achieve this. +#user= +#group= + +# If you want dnsmasq to listen for requests only on specified interfaces +# (and the loopback) give the name of the interface (eg eth0) here. +# Repeat the line for more than one interface. +#interface= +# Or you can specify which interface _not_ to listen on +#except-interface= +# Or which to listen on by address (remember to include 127.0.0.1 if +# you use this.) +#listen-address=127.0.0.1 + +# On systems which support it, dnsmasq binds the wildcard address, +# even when it is listening on only some interfaces. It then discards +# requests that it shouldn't reply to. This has the advantage of +# working even when interfaces come and go and change address. If you +# want dnsmasq to really bind only the interfaces it is listening on, +# uncomment this option. About the only time you may need this is when +# running another nameserver on the same machine. +#bind-interfaces + +# If you don't want dnsmasq to read /etc/hosts, uncomment the +# following line. +#no-hosts +# or if you want it to read another file, as well as /etc/hosts, use +# this. +#addn-hosts=/etc/banner_add_hosts + +# Set this (and domain: see below) if you want to have a domain +# automatically added to simple names in a hosts-file. +#expand-hosts + +# Set the domain for dnsmasq. this is optional, but if it is set, it +# does the following things. +# 1) Allows DHCP hosts to have fully qualified domain names, as long +# as the domain part matches this setting. +# 2) Sets the "domain" DHCP option thereby potentially setting the +# domain of all systems configured by DHCP +# 3) Provides the domain part for "expand-hosts" +#domain=thekelleys.org.uk + +# Uncomment this to enable the integrated DHCP server, you need +# to supply the range of addresses available for lease and optionally +# a lease time. If you have more than one network, you will need to +# repeat this for each network on which you want to supply DHCP +# service. +#dhcp-range=192.168.0.50,192.168.0.150,12h +#dhcp-range=10.0.0.10,10.0.0.200,2h + +# This is an example of a DHCP range where the netmask is given. This +# is needed for networks we reach the dnsmasq DHCP server via a relay +# agent. If you don't know what a DHCP relay agent is, you probably +# don't need to worry about this. +#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h + +# This is an example of a DHCP range with a network-id, so that +# some DHCP options may be set only for this network. +#dhcp-range=red,192.168.0.50,192.168.0.150 + +# Supply parameters for specified hosts using DHCP. There are lots +# of valid alternatives, so we will give examples of each. Note that +# IP addresses DO NOT have to be in the range given above, they just +# need to be on the same network. The order of the parameters in these +# do not matter, it's permissble to give name,adddress and MAC in any order + +# Always allocate the host with ethernet address 11:22:33:44:55:66 +# The IP address 192.168.0.60 +#dhcp-host=11:22:33:44:55:66,192.168.0.60 + +# Always set the name of the host with hardware address +# 11:22:33:44:55:66 to be "fred" +#dhcp-host=11:22:33:44:55:66,fred + +# Always give the host with ethernet address 11:22:33:44:55:66 +# the name fred and IP address 192.168.0.60 and lease time 45 minutes +#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m + +# Give the machine which says it's name is "bert" IP address +# 192.168.0.70 and an infinite lease +#dhcp-host=bert,192.168.0.70,infinite + +# Always give the host with client identifier 01:02:02:04 +# the IP address 192.168.0.60 +#dhcp-host=id:01:02:02:04,192.168.0.60 + +# Always give the host with client identifier "marjorie" +# the IP address 192.168.0.60 +#dhcp-host=id:marjorie,192.168.0.60 + +# Enable the address given for "judge" in /etc/hosts +# to be given to a machine presenting the name "judge" when +# it asks for a DHCP lease. +#dhcp-host=judge + +# Never offer DHCP service to a machine whose ethernet +# address is 11:22:33:44:55:66 +#dhcp-host=11:22:33:44:55:66,ignore + +# Ignore any client-id presented by the machine with ethernet +# address 11:22:33:44:55:66. This is useful to prevent a machine +# being treated differently when running under different OS's or +# between PXE boot and OS boot. +#dhcp-host=11:22:33:44:55:66,id:* + +# Send extra options which are tagged as "red" to +# the machine with ethernet address 11:22:33:44:55:66 +#dhcp-host=11:22:33:44:55:66,net:red + +# Send extra options which are tagged as "red" to any machine whose +# DHCP vendorclass string includes the substring "Linux" +#dhcp-vendorclass=red,Linux + +# Send extra options which are tagged as "red" to any machine one +# of whose DHCP userclass strings includes the substring "accounts" +#dhcp-userclass=red,accounts + +# If this line is uncommented, dnsmasq will read /etc/ethers and act +# on the ethernet-address/IP pairs found there just as if they had +# been given as --dhcp-host options. Useful if you keep +# MAC-address/host mappings there for other purposes. +#read-ethers + +# Send options to hosts which ask for a DHCP lease. +# See RFC 2132 for details of available options. +# Note that all the common settings, such as netmask and +# broadcast address, DNS server and default route, are given +# sane defaults by dnsmasq. You very likely will not need any +# any dhcp-options. If you use Windows clients and Samba, there +# are some options which are recommended, they are detailed at the +# end of this section. +# For reference, the common options are: +# subnet mask - 1 +# default router - 3 +# DNS server - 6 +# broadcast address - 28 + +# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 +#dhcp-option=42,192.168.0.4,10.10.0.5 + +# Set the NTP time server address to be the same machine as +# is running dnsmasq +#dhcp-option=42,0.0.0.0 + +# Set the NIS domain name to "welly" +#dhcp-option=40,welly + +# Set the default time-to-live to 50 +#dhcp-option=23,50 + +# Set the "all subnets are local" flag +#dhcp-option=27,1 + +# Send the etherboot magic flag and then etherboot options (a string). +#dhcp-option=128,e4:45:74:68:00:00 +#dhcp-option=129,NIC=eepro100 + +# Specify an option which will only be sent to the "red" network +# (see dhcp-range for the declaration of the "red" network) +#dhcp-option=red,42,192.168.1.1 + +# The following DHCP options set up dnsmasq in the same way as is specified +# for the ISC dhcpcd in +# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt +# adapted for a typical dnsmasq installation where the host running +# dnsmasq is also the host running samba. +# you may want to uncomment them if you use Windows clients and Samba. +#dhcp-option=19,0 # option ip-forwarding off +#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) +#dhcp-option=45,0.0.0.0 # netbios datagram distribution server +#dhcp-option=46,8 # netbios node type +#dhcp-option=47 # empty netbios scope. + + +# Set the boot filename and tftpd server name and address +# for BOOTP. You will only need this is you want to +# boot machines over the network. +#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 + +# Set the limit on DHCP leases, the default is 150 +#dhcp-lease-max=150 + +# The DHCP server needs somewhere on disk to keep its lease database. +# This defaults to a sane location, but if you want to change it, use +# the line below. +#dhcp-leasefile=/var/lib/misc/dnsmasq.leases + +# Set the cachesize here. +#cache-size=150 + +# If you want to disable negative caching, uncomment this. +#no-negcache + +# Normally responses which come form /etc/hosts and the DHCP lease +# file have Time-To-Live set as zero, which conventionally means +# do not cache further. If you are happy to trade lower load on the +# server for potentially stale date, you can set a time-to-live (in +# seconds) here. +#local-ttl= + +# If you want dnsmasq to detect attempts by Verisign to send queries +# to unregistered .com and .net hosts to its sitefinder service and +# have dnsmasq instead return the correct NXDOMAIN response, uncomment +# this line. You can add similar lines to do the same for other +# registries which have implemented wildcard A records. +#bogus-nxdomain=64.94.110.11 + +# If you want to fix up DNS results from upstream servers, use the +# alias option. This only works for IPv4. +# This alias makes a result of 1.2.3.4 appear as 5.6.7.8 +#alias=1.2.3.4,5.6.7.8 +# and this maps 1.2.3.x to 5.6.7.x +#alias=1.2.3.0,5.6.7.0,255.255.255.0 + +# For debugging purposes, log each DNS query as it passes through +# dnsmasq. +#log-queries + +# Include a another lot of configuration options. +#conf-file=/etc/dnsmasq.more.conf + + + + + diff --git a/recipes-support/dnsmasq/files/dnsmasq.resolvconf b/recipes-support/dnsmasq/files/dnsmasq.resolvconf new file mode 100755 index 0000000..06cd25c --- /dev/null +++ b/recipes-support/dnsmasq/files/dnsmasq.resolvconf @@ -0,0 +1,84 @@ +#!/bin/sh +# +# Script to update the resolver list for dnsmasq +# +# N.B. Resolvconf may run us even if dnsmasq is not (yet) running. +# If dnsmasq is installed then we go ahead and update the resolver list +# in case dnsmasq is started later. +# +# Assumption: On entry, PWD contains the resolv.conf-type files. +# +# This file is part of the dnsmasq package. +# + +set -e + +RUN_DIR="/run/dnsmasq" +RSLVRLIST_FILE="${RUN_DIR}/resolv.conf" +TMP_FILE="${RSLVRLIST_FILE}_new.$$" +MY_NAME_FOR_RESOLVCONF="dnsmasq" + +[ -x /usr/bin/dnsmasq ] || exit 0 +[ -x /lib/resolvconf/list-records ] || exit 1 + +PATH=/bin:/sbin + +report_err() { echo "$0: Error: $*" >&2 ; } + +# Stores arguments (minus duplicates) in RSLT, separated by spaces +# Doesn't work properly if an argument itself contains whitespace +uniquify() +{ + RSLT="" + while [ "$1" ] ; do + for E in $RSLT ; do + [ "$1" = "$E" ] && { shift ; continue 2 ; } + done + RSLT="${RSLT:+$RSLT }$1" + shift + done +} + +if [ ! -d "$RUN_DIR" ] && ! mkdir --parents --mode=0755 "$RUN_DIR" ; then + report_err "Failed trying to create directory $RUN_DIR" + exit 1 +fi + +RSLVCNFFILES="" +for F in $(/lib/resolvconf/list-records --after "lo.$MY_NAME_FOR_RESOLVCONF") ; do + case "$F" in + "lo.$MY_NAME_FOR_RESOLVCONF") + # Omit own record + ;; + lo.*) + # Include no more records after one for a local nameserver + RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F" + break + ;; + *) + RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F" + ;; + esac +done + +NMSRVRS="" +if [ "$RSLVCNFFILES" ] ; then + uniquify $(sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' $RSLVCNFFILES) + NMSRVRS="$RSLT" +fi + +# Dnsmasq uses the mtime of $RSLVRLIST_FILE, with a resolution of one second, +# to detect changes in the file. This means that if a resolvconf update occurs +# within one second of the previous one then dnsmasq may fail to notice the +# more recent change. To work around this problem we sleep one second here +# if necessary in order to ensure that the new mtime is different. +if [ -f "$RSLVRLIST_FILE" ] && [ "$(stat -c %X "$RSLVRLIST_FILE")" = "$(date +%s)" ] ; then + sleep 1 +fi + +clean_up() { rm -f "$TMP_FILE" ; } +trap clean_up EXIT +: >| "$TMP_FILE" +for N in $NMSRVRS ; do echo "nameserver $N" >> "$TMP_FILE" ; done +mv -f "$TMP_FILE" "$RSLVRLIST_FILE" + diff --git a/recipes-support/dnsmasq/files/init b/recipes-support/dnsmasq/files/init new file mode 100644 index 0000000..51c95df --- /dev/null +++ b/recipes-support/dnsmasq/files/init @@ -0,0 +1,117 @@ +#!/bin/sh +DAEMON=/usr/bin/dnsmasq +NAME=dnsmasq +DESC="DNS forwarder and DHCP server" +ARGS="-7 /etc/dnsmasq.d" + +test -f $DAEMON || exit 0 + +set -e + +if [ -r /etc/default/$NAME ] +then + . /etc/default/$NAME +fi + +DNSMASQ_CONF="/etc/dnsmasq.conf" +test "/etc/dnsmasq.d/*" != '/etc/dnsmasq.d/*' && DNSMASQ_CONF="${DNSMASQ_CONF} /etc/dnsmasq.d/*" + +test -z "${PIDFILE}" && PIFILE="/run/dnsmasq.pid" + +if [ -z "$IGNORE_RESOLVCONF" ] +then + egrep -h -q '^no-resolv' ${DNSMASQ_CONF} && IGNORE_RESOLVCONF="yes" +fi + +# RESOLV_CONF: +# If the resolvconf package is installed then use the resolv conf file +# that it provides as the default. Otherwise use /etc/resolv.conf as +# the default. +# +# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit +# filename is set there then this inhibits the use of the resolvconf-provided +# information. +# +# Note that if the resolvconf package is installed it is not possible to +# override it just by configuration in /etc/dnsmasq.conf, it is necessary +# to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq. + +test -z "$RESOLV_CONF" -a "$IGNORE_RESOLVCONF" != "yes" -a -x /sbin/resolvconf && \ + RESOLV_CONF=/run/dnsmasq/resolv.conf + +start_resolvconf() +{ + if [ "$IGNORE_RESOLVCONF" != "yes" -a -x /sbin/resolvconf ] + then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME + fi + : +} + +stop_resolvconf() +{ + if [ "$IGNORE_RESOLVCONF" != "yes" -a -x /sbin/resolvconf ] + then + /sbin/resolvconf -d lo.$NAME + fi + : +} + +case "$1" in + start) + echo -n "starting $DESC: $NAME... " + test -d /var/lib/misc/ || mkdir /var/lib/misc/ + start-stop-daemon -S -x $DAEMON -- $ARGS \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${PIDFILE:+ -x $PIDFILE} + test $? -eq 0 && start_resolvconf + echo "done." + ;; + stop) + echo -n "stopping $DESC: $NAME... " + stop_resolvconf + start-stop-daemon -K -x $DAEMON + echo "done." + ;; + status) + echo -n "dnsmasq " + start-stop-daemon -q -K -t -x $DAEMON + RET=$? + if [ "$RET" = "0" ]; then + PID=`cat ${PIDFILE}` + echo "($PID) is running" + else + echo "is not running" + exit $RET + fi + ;; + restart) + echo "restarting $DESC: $NAME... " + $0 stop + $0 start + echo "done." + ;; + reload) + echo -n "reloading $DESC: $NAME... " + killall -HUP $(basename ${DAEMON}) + echo "done." + ;; + systemd-start-resolvconf) + start_resolvconf + ;; + systemd-stop-resolvconf) + stop_resolvconf + ;; + systemd-exec) + test -d /var/lib/misc/ || mkdir /var/lib/misc/ + exec $DAEMON --keep-in-foreground $ARGS \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${PIDFILE:+ -x $PIDFILE} + ;; + *) + echo "Usage: $0 {start|stop|status|restart|reload}" + exit 1 + ;; +esac + +exit 0 -- cgit v1.2.3