From patchwork Sun Mar 1 18:41:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Fitzenreiter X-Patchwork-Id: 2808 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48VsYg2tzrz3yBQ for ; Sun, 1 Mar 2020 18:41:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48VsYd3vbyz1Ky; Sun, 1 Mar 2020 18:41:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48VsYd1pB5z2yy0; Sun, 1 Mar 2020 18:41:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48VsYb5SKkz2ywy for ; Sun, 1 Mar 2020 18:41:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48VsYb37fyz1JM; Sun, 1 Mar 2020 18:41:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1583088083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=J3RRNp2U+38UA+CJfiNitzYa6IHMhLXe+caCazHnFPY=; b=RBafEEETnDzHX8gjt4u4FbjTW5+Gk1mQfqeWYq4yvz/e9q3uDTOmule9dK5fi1Ra12NceQ WhHS3GKcYI0OOmpzZdnkxrVonfCKdc/H+deYiUbRNJVy42BKVnGInCAh12GYZVScta8Hth V2xNC7uIBuNUwb4et1HguLMGDBN9qftUPoWtH8WlVZf8Tur37NJzs7+OPQtyBYPH7j8sNH Ynw9kT9EXGF4+NNRRd9DAOGqKx+o6dbvugyEXGm1fuUhMM1KMZ1BWOdLKy9wnZQTo8UQFD djbLpR7+K54Bxs+S0WmF8d5JnTtPhvhh8sR6VXAqf6Y7/erlqEUALMWPg/0vjw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1583088083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=J3RRNp2U+38UA+CJfiNitzYa6IHMhLXe+caCazHnFPY=; b=5sGk0vPNLQdOX89ooDc80/QK+h5XPFMo2OVVTGpv7HRiCpt2x6mjHk6XfqV7TlPs8b5REM T8nFOiV4OirCZ4Dw== From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: [PATCH 1/4] unbound: update savesearch after reload configfiles Date: Sun, 1 Mar 2020 19:41:13 +0100 Message-Id: <20200301184116.15686-1-arne_f@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=arne_f@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Fitzenreiter Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Arne Fitzenreiter --- src/initscripts/system/unbound | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index b6b57f1c1..507f589ca 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -592,13 +592,13 @@ case "$1" in write_forward_conf write_hosts_conf + # Call unbound-control and perform the reload + /usr/sbin/unbound-control -q reload + # Update Safe Search rules if the system is online. if [ -e "/var/ipfire/red/active" ]; then update_safe_search fi - - # Call unbound-control and perform the reload - /usr/sbin/unbound-control -q reload ;; status) From patchwork Sun Mar 1 18:41:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Fitzenreiter X-Patchwork-Id: 2809 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48VsYg5JZBz3yBt for ; Sun, 1 Mar 2020 18:41:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48VsYd6QxYz1km; Sun, 1 Mar 2020 18:41:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48VsYd4DSGz301v; Sun, 1 Mar 2020 18:41:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48VsYb6qVxz2yxC for ; Sun, 1 Mar 2020 18:41:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48VsYb5Fx6z1kc; Sun, 1 Mar 2020 18:41:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1583088083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:in-reply-to:in-reply-to:references:references; bh=AgqRaNskPGXB7E4RZiQmrM/VNt6J+q0iMzRsVfAo3oA=; b=tOYV0mgc5ww22KYAr0njdMjxlwrKmCcVHBZN3067yvkYLn1evlxYbXpnz3UTX91F/tUBxa 76gq52TkW9WasOAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1583088083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:in-reply-to:in-reply-to:references:references; bh=AgqRaNskPGXB7E4RZiQmrM/VNt6J+q0iMzRsVfAo3oA=; b=TH/DFSi0y65jGPen4dcq095CoQuW/muW2DzXleLeruWuX+hFGl8XT780DW3dOFjUEPO/j+ 7WT6nXtYVyv8l/yWRbvA69k8P63ufObPonS6uyG0DitB9aLKgWHXkSa8fUbur2DWT0FvBq b3fV0lFvkYXMEwhvZx2RoaNirHlePAQhMi+GKqbEqnfV6XAL8g5c6ymTv0ep3yCjUI8EIq LLJS7z4auoikBzGMV2+oYtrYcFD7X78W0wWq93kfGZvsHEOgHaAypZwPF+rrYJ8f5qVNDg jIUyrQVh3yR3X7eEmE1xfV3T5BacBAX7W/slsBjKbWWxW6FDCGWaN8vJRfAYyg== From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: [PATCH 2/4] unbound: run "time-fix" before savesearch resolves Date: Sun, 1 Mar 2020 19:41:14 +0100 Message-Id: <20200301184116.15686-2-arne_f@ipfire.org> In-Reply-To: <20200301184116.15686-1-arne_f@ipfire.org> References: <20200301184116.15686-1-arne_f@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=arne_f@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Fitzenreiter Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Arne Fitzenreiter --- src/initscripts/system/unbound | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 507f589ca..7bf2ffc2c 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -587,7 +587,7 @@ case "$1" in sleep 1 $0 start ;; - reload|remove-forwarders) + reload|remove-forwarders|update-forwarders) # Update configuration files write_forward_conf write_hosts_conf @@ -595,6 +595,14 @@ case "$1" in # Call unbound-control and perform the reload /usr/sbin/unbound-control -q reload + # Dummy Resolve to wait for unbound + resolve "ping.ipfire.org" &>/dev/null + + if [ "$1" = "update-forwarders" ]; then + # Make sure DNS works at this point + fix_time_if_dns_fails + fi + # Update Safe Search rules if the system is online. if [ -e "/var/ipfire/red/active" ]; then update_safe_search @@ -605,9 +613,6 @@ case "$1" in statusproc /usr/sbin/unbound ;; - update-forwarders) - $0 reload - # Make sure DNS works at this point fix_time_if_dns_fails ;; From patchwork Sun Mar 1 18:41:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Fitzenreiter X-Patchwork-Id: 2810 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48VsYh09Xbz3yBv for ; Sun, 1 Mar 2020 18:41:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48VsYf1MzNz1lK; Sun, 1 Mar 2020 18:41:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48VsYd6BWwz2yyY; Sun, 1 Mar 2020 18:41:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48VsYc1dXbz2yy0 for ; Sun, 1 Mar 2020 18:41:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48VsYb6tbjz1kd; Sun, 1 Mar 2020 18:41:23 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1583088084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:in-reply-to:in-reply-to:references:references; bh=3578FB+XzxAIsW1gwYUBwbNJzGHchYnfeAwFQa78aM8=; b=5qgcH68msETzbW5jzYZ5lV/T0PTxWM8yO4sdVotMa4wI76zNRMK0XFLH3ANnmnXITIu2jz LhZYdcERX1v7PjAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1583088084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:in-reply-to:in-reply-to:references:references; bh=3578FB+XzxAIsW1gwYUBwbNJzGHchYnfeAwFQa78aM8=; b=c37APIEc0s9DvfZTBOvnXq2hmZn2xW3u/l4OCqOSW+r6CsaosnjijBB0hj3HB5A7SAnh8H 9enVVGpNzI7/TzwnIKvYDdu2zF1UWBwkOkF017HasFGVXgJYqvUz/FViepUVocVpSQzej8 8Up054yPq1FOAfGmtbg/drEMMKBZtZ+E81LanSDfEXn1x6X8iEYEYpqrOYkBM/6IjLttOO NANM0DlgHbuHBpSlRagplIbxEMfSjugh+U2Y2WJKPP1Z22Z02eX8cu3LBAaak6ymArW5ke Rz21Onw6Nlt6SjO2f2UxMzRuVCxl0ONUvIfkzcUIvBFKDAfCviH2sLm3bEguPw== From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: [PATCH 3/4] unbound: fix typo at safesearch for googe Date: Sun, 1 Mar 2020 19:41:15 +0100 Message-Id: <20200301184116.15686-3-arne_f@ipfire.org> In-Reply-To: <20200301184116.15686-1-arne_f@ipfire.org> References: <20200301184116.15686-1-arne_f@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=arne_f@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Fitzenreiter Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Arne Fitzenreiter --- src/initscripts/system/unbound | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 7bf2ffc2c..b3185feab 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -534,7 +534,7 @@ update_safe_search() { for domain in ${google_tlds[@]}; do unbound-control local_zone "${domain}" transparent >/dev/null for address in ${addresses}; do - unbound-control local_data: "www.${domain} ${LOCAL_TTL} IN A ${address}" + unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" done >/dev/null done From patchwork Sun Mar 1 18:41:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Fitzenreiter X-Patchwork-Id: 2811 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48VsYh28QMz3yBw for ; Sun, 1 Mar 2020 18:41:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48VsYf313Lz1lc; Sun, 1 Mar 2020 18:41:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48VsYf0md0z2yxL; Sun, 1 Mar 2020 18:41:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48VsYc3X5Wz2yy0 for ; Sun, 1 Mar 2020 18:41:24 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48VsYc1gVMz1JM; Sun, 1 Mar 2020 18:41:24 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1583088084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:in-reply-to:in-reply-to:references:references; bh=hJBhlhqxysd2yMglIH0zTVpGe2ZSzB2ePNS1eQecbmE=; b=SBxJ2BlIQKxiobxvjynd8z4qdiD0iNGYoKCfozS8nDPyiOqSR67ze+zpMUXxO3zB7l3Kwy 99Cqko8+/5AS+0DA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1583088084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:in-reply-to:in-reply-to:references:references; bh=hJBhlhqxysd2yMglIH0zTVpGe2ZSzB2ePNS1eQecbmE=; b=QfPPf7t1/F/0sLjWh4lJCpGuinzWCp4/mQ8xrHoqqRKbGoC+tMJR6kNCyV9X30zf9yCJAj KFTW63NCFUXdH7ZqCfiIdVigH0xR1TXcb68ZUAZLZ1rZZUMXDO2/T9ysesBDQsn1asPCe4 EK57RraNNOAxJfdMSqcxxF96bS4JbIOOQj/duJHwkD4eI2tOz0z13VQp5r++fUrWcu+3Nl ofUir7pP6V+ywUQTIqDDMT2gtJvD225ab1vcAFgqwU6pMC9wp/g8VMjUe2xgOSuicdOw6v K7A7k1qUz6/dLYeX6n22d1Cz49nAfcBat+kU9016APwZ1cblHcrXAT56VwMFog== From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: [PATCH 4/4] core142: ship unbound initskript Date: Sun, 1 Mar 2020 19:41:16 +0100 Message-Id: <20200301184116.15686-4-arne_f@ipfire.org> In-Reply-To: <20200301184116.15686-1-arne_f@ipfire.org> References: <20200301184116.15686-1-arne_f@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=arne_f@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arne Fitzenreiter Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/142/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/142/filelists/files b/config/rootfiles/core/142/filelists/files index 4d6c69adb..8be29a77c 100644 --- a/config/rootfiles/core/142/filelists/files +++ b/config/rootfiles/core/142/filelists/files @@ -4,6 +4,7 @@ srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs etc/rc.d/helper/aws-setup etc/rc.d/helper/azure-setup +etc/rc.d/init.d/unbound etc/suricata/suricata.yaml lib/udev/network-hotplug-bridges opt/pakfire/etc/pakfire.conf