[Dnssec-trigger] Resolution on resume from hibernate (MacOS 10.8)

Phil Pennock dnssec-trigger+phil at spodhuis.org
Fri Apr 19 21:49:57 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On 2013-04-09 at 15:22 +0200, W.C.A. Wijngaards wrote:
> I have created a snapshot of the devel version of dnssec-trigger.
> The changes are mostly for OSX, so there is this dmg.
> 
> http://nlnetlabs.nl/~wouter/dnssectrigger-0.12_20130409.dmg
> 
> You can install it over your current 0.11.  It includes newer ldns and
> unbound versions as well as some OSX specific improvements in
> dnssec-trigger

We installed again on my co-worker's computer.  The "unbound" user was
not created.  Fixed, installed, validation not working, the linetag
updates were not present in the config file.  Uninstalled, nuked
/etc/unbound and /etc/dnssec-trigger (remnants from 0.11 install
attempt?), installed and he has working validation.

I unpacked the install stuff on my laptop and found one problem, but the
logic should be the same anyway so it's not the root cause.  I can't
(at this time) take my colleague's laptop away to repeatedly probe
what's happening.

/Volumes/DnssecTrigger/dnssectrigger-0.12_20130409-i386.mpkg/Contents/Packages/packageroot.pkg/Contents/Resources/postflight
- ----------------------------8< cut here >8------------------------------
#!/bin/bash
# stop unbound if launch plist exists
OSVERS=10.6
INSTLOG=/tmp/dnssectrigger-0.12_20130409-install.log
- ----------------------------8< cut here >8------------------------------

So makepackage should probably change:
  OSVERS=`sw_vers -productVersion | cut -d . -f 1,2`
to:
  OSVERS=\$(sw_vers -productVersion | cut -d . -f 1,2)

Similarly throughout the written script.  guiuser is hardcoded to
"root", which appears to mean it will get hard-set to "wouter" because
this:
  guiuser="`basename \$HOME`"
becomes this in the shipped package:
  guiuser="wouter"

and so the attempt to unload the trigger panel runs as wouter on other
peoples' machines.


Aside: It appears that Google's Public DNS service, now that it
validates, blocks the functioning of tests such as:
  http://test.dnssec-or-not.org/
by causing the host itself to not resolve.  Well, at least we know
something's blocking the resolution, even if it's not quite right.  So
there's some weirdness at this location, yes.

- -Phil
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAlFxu/0ACgkQQDBDFTkDY39sCgCgiXKJ0e0K+FyL+2r6M2ZG15vc
zPUAniSd8MfSHa5szAaRwL26smmxrGso
=PyzX
-----END PGP SIGNATURE-----



More information about the dnssec-trigger mailing list