<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Jul 25, 2012, at 6:01 PM, Phil Regnauld <<a href="mailto:regnauld@nsrc.org">regnauld@nsrc.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Quick testing shows that it works fine - have tried both in<br>hotspot signon, and on a "normal" network. Everything seems<br>to function (for those hesitating to upgrade).<br></blockquote><br></div><div><br></div><div>I have noticed that unbound failed to start after I upgraded [*]</div><div><br></div><div><br></div><div>If you find yourself in that situation, set dnssec-trigger to hot-spot-signon mode in order to connect to the Internet.</div><div><br></div><div>This is because the installation script does not create a UniqueID and PrimaryGroupID for the unbound user. It seems that mountain lion does need these IDs in order to be recognized as a unix user, in contrast to previous versions of OS X.</div><div><br></div><div>If the command </div><div>$ id unbound</div><div>returns "no such user", you know that you have been bitten by this problem.</div><div><br></div><div>To fix: </div><div>Allocate yourself a free id. You can see the allocated ids using the following:</div><div>dscl localhost -list /Local/Default/Groups PrimaryGroupID</div><div>dscl localhost -list /Local/Default/Users UniqueID</div><div><br></div><div>Then assign the ids to the unbound user.</div><div><div>sudo dscl localhost -create /Local/Default/Users/unbound PrimaryGroupID <number></div><div>sudo dscl localhost -create /Local/Default/Users/unbound UniqueID <number></div></div><div><br></div><div><br></div><div>(I have toyed around with the user creation script below; use at your own risk.)</div><div><br></div><div><br></div><div>Finally, we will be fixing the dnssec-trigger package in the order of weeks (rather than days).</div><div><br></div><div>--Olaf</div><div><br></div><div><br></div><div><br></div><div>[*] It might be that Phil did not encounter this problem because unbound had been released earlier, e.g. through a port.</div><div><br></div><div><br></div><div><div>#!/bin/bash</div><div><br></div><div>USERNAME=unbound</div><div>REALNAME="unbound daemon"</div><div>NFSHomeDirectory="/etc/unbound/"</div><div><br></div><div>MAXID=1000</div><div>if [[ $UID -ne 0 ]]; then echo "Please run $0 as root." && exit 1; fi</div><div><br></div><div># We prefer to use the same GID and UID so need to test that.</div><div><br></div><div># Start with the the first slot after the highes allocated number in the 200-300 range.</div><div>id=$(dscl localhost -list /Local/Default/Users UniqueID | awk '{ if ( $2 > max && $2 <300 ) max = $2 } END { print max+1 }' )</div><div><br></div><div>while [ $id -le $MAXID ] # Really we are exagerating here... surely there will be one ID free below 1000.</div><div>do</div><div> gid=""</div><div> uid=""</div><div> gid=$(dscl localhost -search /Local/Default/Groups PrimaryGroupID $id)</div><div> uid=$(dscl localhost -search /Local/Default/Users UniqueID $id)</div><div> if [ -z "$gid$uid" ]</div><div> then</div><div><span class="Apple-tab-span" style="white-space: pre; "> </span>break</div><div> fi</div><div> id=$(($id+1))</div><div>done</div><div><br></div><div>echo $id $MAXID</div><div><br></div><div>if [ $id -eq $((MAXID+1)) ] ; then</div><div> echo "NO FREE IDs"</div><div> exit</div><div>else</div><div> dscl localhost -create /Local/Default/Users/${USERNAME}</div><div> dscl localhost -create /Local/Default/Users/${USERNAME} UserShell /usr/bin/false</div><div> dscl localhost -create /Local/Default/Users/${USERNAME} PrimaryGroupID ${id}</div><div> dscl localhost -create /Local/Default/Users/${USERNAME} UniqueID ${id}</div><div> dscl localhost -create /Local/Default/Users/${USERNAME} RealName ${REALNAME}</div><div> dscl localhost -create /Local/Default/Users/${USERNAME} NFSHomeDirectory ${NSFHomeDirectory}</div><div> </div><div>fi</div></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="font-family: Helvetica; font-size: 12px; "><br class="Apple-interchange-newline"><table cellspacing="0" cellpadding="0" style="background-color: rgb(255, 255, 255); border-collapse: collapse; "><tbody><tr><td rowspan="2" valign="top" style="width: 97.8px; height: 56.3px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-top-color: rgb(180, 180, 180); border-right-color: transparent; border-bottom-color: transparent; border-left-color: transparent; padding-top: 5px; padding-right: 5px; padding-bottom: 5px; padding-left: 5px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; text-align: right; font: normal normal normal 19px/normal 'Gill Sans'; "><font class="Apple-style-span" color="#777777"><span style="letter-spacing: 0px; "><b>NLnet<br></b></span><span style="font: normal normal normal 24px/normal 'Gill Sans'; letter-spacing: 0px; ">Labs</span></font></div></td><td valign="top" style="width: 114.5px; height: 18.1px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; border-top-color: rgb(180, 180, 180); border-right-color: transparent; border-bottom-color: rgb(202, 202, 202); border-left-color: transparent; padding-top: 5px; padding-right: 5px; padding-bottom: 5px; padding-left: 5px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; "><span style="letter-spacing: 0px; "><font class="Apple-style-span" color="#777777">Olaf M. Kolkman</font></span></div></td><td valign="top" style="width: 2.3px; height: 18.1px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px; border-top-color: rgb(180, 180, 180); border-right-color: transparent; border-bottom-color: rgb(202, 202, 202); border-left-color: transparent; padding-top: 5px; padding-right: 5px; padding-bottom: 5px; padding-left: 5px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><font class="Apple-style-span" color="#777777"><br></font></div></td></tr><tr><td valign="top" style="width: 114.5px; height: 27.2px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-top-color: rgb(202, 202, 202); border-right-color: transparent; border-bottom-color: transparent; border-left-color: transparent; padding-top: 5px; padding-right: 5px; padding-bottom: 5px; padding-left: 5px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 9px/normal Helvetica; "><span style="text-decoration: underline; letter-spacing: 0px; "><a href="http://www.NLnetLabs.nl"><font class="Apple-style-span" color="#777777">www.NLnetLabs.nl</font></a></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 9px/normal Helvetica; "><span style="text-decoration: underline; letter-spacing: 0px; "><a href="mailto:olaf@NLnetLabs.nl"><font class="Apple-style-span" color="#777777">olaf@NLnetLabs.nl</font></a></span></div></td><td valign="top" style="width: 2.3px; height: 27.2px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-top-color: rgb(202, 202, 202); border-right-color: transparent; border-bottom-color: transparent; border-left-color: transparent; padding-top: 5px; padding-right: 5px; padding-bottom: 5px; padding-left: 5px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><font class="Apple-style-span" color="#777777"><br></font></div></td></tr><tr><td colspan="3" valign="top" style="width: 234.6px; height: 13.2px; padding-top: 5px; padding-right: 5px; padding-bottom: 5px; padding-left: 5px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 9px/normal Helvetica; "><span style="letter-spacing: 0px; "><font class="Apple-style-span" color="#777777">Science Park 400, 1098 XH Amsterdam, The Netherlands</font></span></div></td></tr></tbody></table><div style="color: rgb(158, 158, 158); margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><br></div></span></span><br class="Apple-interchange-newline">
</div>
<br></body></html>