unbound port doesn't create/install startup wrapper correctly

Gerben Wierda gerben.wierda at rna.nl
Fri Apr 3 11:20:15 UTC 2020


I have an adapted Portfile for net/unbound. This Portfile enables the launch of multiple unbound servers in parallel. This is for instance needed for rspamd (also from MacPorts) if your forwarder is one of the big ones such as Google’s 8.8.8.8 or Quad9’s 9.9.9.9 (which are blocked by some blacklist providers, making rspamd fail on certain actions). So, I am running two unbound daemons side by side, one om port 53 (the normal one, for all users) and one on port 1053 for rspamd. That last one does not forward, but resolves using the formal root servers path.

To be able to do that, I have two unbound configurations files: unbound.conf and unbound-noforwarders.conf. 

Launching unbound should launch both. So, I have adapted the Portfile:

#
# Start
#
Start()
{
        ('/opt/local/sbin/unbound-anchor' -a '/opt/local/etc/unbound/root.key' 2>&1) \
            || : && (chown unbound:unbound '/opt/local/etc/unbound/root.key' 2>&1) \
            && (for i in '/opt/local/etc/unbound/unbound'*conf; \
                do '/opt/local/sbin/unbound' -c "$i" 2>&1; done)
}

#
# Stop
#
Stop()
{
        (for i in '/opt/local/var/run/unbound/unbound'*pid; \
            do /bin/kill -15 $(cat "$i") 2>&1; done)
}

And that works fine. port load unbound leads to these processes:

    0 67637     1   0  20  0  4322368   5800 -      Ss     ??    0:00.01 /opt/local/bin/daemondo --label=unbound --start-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper start ; --stop-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper stop ; --restart-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper restart ; --verbosity=1 --pid=fileclean --pidfile /opt/local/var/run/unbound/unbound.pid
  500 67643     1   0  20  0  4330452  18200 -      Ss     ??    0:00.22 /opt/local/sbin/unbound -c /opt/local/etc/unbound/unbound-noforwarders.conf
  500 67645     1   0  20  0  4337620  17732 -      Ss     ??    0:00.15 /opt/local/sbin/unbound -c /opt/local/etc/unbound/unbound.conf

To get that I have adapted the Portfile:

# Make it run on boot
# Redirect stderr on launchd-started items because launchd redirects stderr to a black hole
# Let macports (daemondo) manage the availability of process and pidfile as unbound fails to start at the first attempt
# because unbound is unable to get port 53. Unbound starts successfully at second attempt.
startupitem.create      yes
startupitem.name        unbound
startupitem.logfile     /Library/Logs/unbound-startupitem.log
startupitem.logevents   yes
# the following entries handle multiple instances running in parallel
startupitem.start       "(\'${prefix}/sbin/unbound-anchor\' -a \'${prefix}/etc/${name}/root.key\' 2>&1) \\"\
        "    || : && (chown ${unbounduser}:${unboundgroup} \'${prefix}/etc/${name}/root.key\' 2>&1) \\"\
        "    && (for i in \'${prefix}/etc/${name}/${name}\'*conf; \\"\
        "        do \'${prefix}/sbin/unbound\' -c \"\$i\" 2>&1; done)"
startupitem.stop        "(for i in \'${prefix}/var/run/${name}/${name}\'*pid; \\"\
        "    do /bin/kill -15 \$(cat \"\$i\") 2>&1; done)"
# The following ignores any second process and pidfile
startupitem.pidfile     clean ${prefix}/var/run/${name}/${name}.pid

notes-append        \
        "An example configuration is provided at ${prefix}/etc/${name}/${name}.conf-dist." \
        "" \
        "The startup item will start as many unbounds as there are ${prefix}/etc/${name}*conf files." \
        "Make sure each of these has a server that doesn't conflict with any other. Especially, make" \
        "sure that they do not try to listen on the same interface&port, do not write the same pid file," \
        "and make sure they have different log files." \
        "  This setup enables the single management through macports of a set of unbound servers. The use" \
        "of this is for instance for rspamd, which requires a DNS that does not forward to a public DNS" \
        "server, while ordinary requests would benefit. Running one DNS resolver with forwarding on port 53," \
        "while running another one without forwarding for rspamd on port 1053 is a typical use case."


But, and here is my problem, when I install the upgraded unbound, I get the old/original wrapper. So, while the process ends with the notes shown above (so my adapted Portfile is actually used), the wrapper is incorrect after install.

What is going wrong here?

(I think I contributed the unbound fix a while back, but apparently it did not make it to the official port distribution)

G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20200403/73caeb52/attachment.html>


More information about the macports-users mailing list