Project

General

Profile

Feature #3466

Package request: knot-dns

Added by Dennis Przytarski over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
Start date:
10/20/2014
Due date:
% Done:

100%

Estimated time:

Description

Knot DNS is a high-performance authoritative-only DNS server which supports all key features of the domain name system including zone transfers and DNSSEC.

https://www.knot-dns.cz/

Associated revisions

Revision e386afe4 (diff)
Added by Francesco Colista over 4 years ago

testing/knot: new aport. Fixes #3466

History

#1 Updated by Anonymous over 4 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Chris Spillane over 4 years ago

Needs a few changes to work properly:

1) rc-service can't start the service, with 'Permission Denied' error, because /etc/init.d/knot is not made executable at package install

2) knot won't run without /etc/knot/knot.conf being created.....this isn't necessarily something that needs fixing, since the user would be expected to create this or at least copy over the example config file

3) Once point 1 is fixd, you can try to start the daemon with "rc-service knot start" and Knot tries to run as knot:knot but fails with "*checkpath: owner 'knot:knot' not found" because user and group knot don't exist....these should be created by package.

4) Minor spelling mistake: "rc-service knot stop" leads to "*Stoping knot", this should of course read "Stopping knot"

Hopefully that's it ;)

#3 Updated by Dennis Przytarski over 4 years ago

Alternatively, user and group could be nobody.

#4 Updated by Chris Spillane over 4 years ago

IMHO, a distinct user:group (like knot:knot) is better.....if loads of stuff runs as nobody:nobody and there was some way for an attacker to become nobody and do some naughty stuff, this could really ruin alot of things (as opposed to them exploiting, say, knot:knot and only breaking the dns server but not being able to touch anything else)....hope that makes sense.

#5 Updated by Francesco Colista over 4 years ago

Chris, I've added knot user and group, and fixed permission on the initd file.
Every feedback is welcome.
Regards config file, I've just added a message in the post-install script.

#6 Updated by Chris Spillane over 4 years ago

That's awesome!  And very quick!  Thanks very much :-)

Sent from Samsung Mobile

-------- Original message --------
From:
Date:21/10/2014 17:40 (GMT+00:00)
To:
Subject: [Alpine Linux - Feature #3466] Package request: knot-dns

Issue #3466 has been updated by Francesco Colista.
Chris, I've added knot user and group, and fixed permission on the initd file.
Every feedback is welcome.
Regards config file, I've just added a message in the post-install script.

Feature #3466: Package request: knot-dns
Author: Dennis Przytarski

Priority: Normal
Assignee:
Category:

Knot DNS is a high-performance authoritative-only DNS server which supports all key features of the domain name system including zone transfers and DNSSEC.

https://www.knot-dns.cz/

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.alpinelinux.org/my/account

#7 Updated by Chris Spillane over 4 years ago

:( bad news I'm afraid:

====

  1. apk -U add knot
    fetch http://dl-5.alpinelinux.org/alpine/v3.0/main/x86_64/APKINDEX.tar.gz
    fetch http://dl-5.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
    fetch http://dl-5.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
    (1/2) Installing userspace-rcu (0.8.4-r0)
    (2/2) Installing knot (1.5.3-r1)
    Executing knot-1.5.3-r1.pre-install
    Executing knot-1.5.3-r1.post-install *
    • Before running knot, you must create a knot.conf file.
    • There is an example into /etc/knot directory.
      var/cache/misc/knot-1.5.3-r1.post-install: line 6: syntax error: unterminated quoted string
      ERROR: knot-1.5.3-r1.post-install: script exited with error 2
      Executing busybox-1.22.1-r13.trigger
      1 errors; 277 MiB in 83 packages

      apk fix
      (1/1) Reinstalling knot (1.5.3-r1)
      Executing busybox-1.22.1-r13.trigger
      OK: 277 MiB in 83 packages

  1. rc-service knot start * checkpath: owner `knot:knot' not found * Starting knot ... [ ok ]
  2. rc-service knot status * status: crashed
  3. rc-service knot stop * Stoping knot ... [ ok ]

====

So it looks like knot:knot isn't created; this could well be down to the post-install script error?

#8 Updated by Francesco Colista over 4 years ago

  • Assignee set to Francesco Colista

Chris, fixed this issues.
I've tested the package in a lxc container (I had no chance before to test the package, sorry), and after cat /etc/knot/knot.sample.conf > /etc/knot/knot.conf it starts without complaining.

-------
alpine:/etc# apk add knot
(1/2) Installing userspace-rcu (0.8.1-r0)
(2/2) Installing knot (1.5.3-r2)
Executing knot-1.5.3-r2.pre-install
Executing knot-1.5.3-r2.post-install *
  • Before running knot, you must create a knot.conf file.
  • There is an example into /etc/knot directory.
  • You can rename the example file and make the necessary adjustment. *
    Executing busybox-1.22.1-r9.trigger
    OK: 34 MiB in 22 packages

alpine:/etc/knot# cat /etc/knot/knot.sample.conf > /etc/knot/knot.conf
alpine:/etc/knot# /etc/init.d/knot start * Starting knot ... [ ok ]
alpine:/etc/knot# /etc/init.d/knot stop * Stopping knot ... [ ok ]
alpine:/etc/knot# /etc/init.d/knot start * Starting knot ... [ ok ]
alpine:/etc/knot# ps aux | grep knot
519 knot 0:00 /usr/sbin/knotd -d
543 root 0:00 grep knot
alpine:/etc/knot# /etc/init.d/knot stop * Stopping knot ... [ ok ]
alpine:/etc/knot#


Any feedback welcome ;)

#9 Updated by Chris Spillane over 4 years ago

Thanks Francesco!

All looks good, thanks very much for the quick changes.

Feel free to close this feature request.

#10 Updated by Francesco Colista over 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF