From thozza at redhat.com Tue Jul 14 07:25:48 2015 From: thozza at redhat.com (Tomas Hozza) Date: Tue, 14 Jul 2015 09:25:48 +0200 Subject: [Dnssec-trigger] Fixes and enhancements for dnssec-trigger-script Message-ID: <55A4B97C.2010509@redhat.com> Hi. As we are moving towards unbound + dnssec-trigger as a default DNS resolver in Fedora, there are many issues that popped up. I'm sending a bunch of patches for dnssec-trigger-script that are solving at least the most regular ones. More to come :) Please see the patch commit message for the change description. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Use-one-import-on-one-line-as-defined-by-PEP8.patch Type: text/x-patch Size: 968 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Use-path-to-DEVNULL-from-os-module.patch Type: text/x-patch Size: 747 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-Move-the-main-functionality-into-main-function-to-en.patch Type: text/x-patch Size: 889 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0004-Use-existing-API-in-NM-for-distinguishing-VPN-connec.patch Type: text/x-patch Size: 822 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0005-Construct-NMClient-as-advised-by-the-documentation.patch Type: text/x-patch Size: 798 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0006-Forbid-Python-from-searching-local-dirs-and-using-en.patch Type: text/x-patch Size: 677 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0007-Set-low-max-negative-cache-TTL-to-prevent-possible-u.patch Type: text/x-patch Size: 1856 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0008-Send-SIGHUP-to-NM-if-it-is-new-enough-instead-of-res.patch Type: text/x-patch Size: 3196 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0009-Set-the-required-version-in-GI-before-importing-NMCl.patch Type: text/x-patch Size: 756 bytes Desc: not available URL: From wouter at nlnetlabs.nl Tue Jul 14 08:14:41 2015 From: wouter at nlnetlabs.nl (W.C.A. Wijngaards) Date: Tue, 14 Jul 2015 10:14:41 +0200 Subject: [Dnssec-trigger] Fixes and enhancements for dnssec-trigger-script In-Reply-To: <55A4B97C.2010509@redhat.com> References: <55A4B97C.2010509@redhat.com> Message-ID: <55A4C4F1.1090706@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Tomas, On 14/07/15 09:25, Tomas Hozza wrote: > Hi. > > As we are moving towards unbound + dnssec-trigger as a default DNS > resolver in Fedora, there are many issues that popped up. I'm > sending a bunch of patches for dnssec-trigger-script that are > solving at least the most regular ones. > > More to come :) > > Please see the patch commit message for the change description. Thanks for the patches, committed. These look like fine touches, with some larger (like neg-ttl). :-) Best regards, Wouter > > Regards, > > > > _______________________________________________ dnssec-trigger > mailing list dnssec-trigger at NLnetLabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVpMTxAAoJEJ9vHC1+BF+N7sYQAJtkYf9v5vxHDgLt8sn8I2Ha gkoTrCfln3UmLHymA6SUeDJvbZ4o6M3DxC+TGf/TyvKJ9BVst5ZtY0Q3B2u5FQRf ewZxCVvJOp4b2L9a3AVxZjqm0ErLl8gyNThWZ1aL5RoPKdj7wIWW55rD31S7Jl7A HwNQpKnXlLEf4gQ13tRrRFMJe7CbiiiC5Bn4/g4p0Squfh/p9NdicJsgCAIkUwf2 qiZt1J25Lp2OY3ySBhxTMyIerhwLAKLD0W/NGL7aSZaXxtXU2JxpyiPcwPx2qASZ JcWlr/rUHdLPLTbkTu7iqUPs4g4AFVFWSfB8W2WSp7K5E9aU+/rJtmTgk3E+T0Pr WQEuT44Ospnbg5D1FJTXCCA8LJzvCjWOau+KGKDA/RKpgK0pd6ZkXf6bbLpdL58x L3dNx+A53OVZE/JsLD0ya0eAiig+9GxbgA3miGLF21yXA3j/LEZm8JN4F0zWvsls 6ldC7M7PyTSLmOowUnY0ECTtw9ctZgAfjOHTp20rBMcMXVKI6svQ9/C3HSQur6Pj 0XQXfUJUXneYGwUxWFgHsruypEpTyBItFkAgy9pAlMdOaKxL7Mic166zAj8qJ+WJ srhyFsEv+UApTUV5Zz1thmTPhJIgsozOnztdsuSxrZVzfBqCL0hMl1li9xei3IYm srOJuvx4BEMzZSqKj+j3 =uBcn -----END PGP SIGNATURE----- From thozza at redhat.com Wed Jul 15 07:56:18 2015 From: thozza at redhat.com (Tomas Hozza) Date: Wed, 15 Jul 2015 09:56:18 +0200 Subject: [Dnssec-trigger] [PATCH] Fixes for systemd service files Message-ID: <55A61222.3010305@redhat.com> Hi. I'm sending two changes for systemd service files. - One is so that restorecon is not called, since any SELinux related issues should be fixed in the policy, not by calling restorecon - Another is addition of the pidfile path, so that systemd removes it if the daemons exits unexpectedly. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Set-PidFile-in-the-dnssec-triggerd.service-file.patch Type: text/x-patch Size: 692 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Remove-restorecon-call-in-dnssec-triggerd-keygen.ser.patch Type: text/x-patch Size: 845 bytes Desc: not available URL: From thozza at redhat.com Wed Jul 15 12:07:26 2015 From: thozza at redhat.com (Tomas Hozza) Date: Wed, 15 Jul 2015 14:07:26 +0200 Subject: [Dnssec-trigger] [PATCH] Fixes for systemd service files In-Reply-To: <55A61222.3010305@redhat.com> References: <55A61222.3010305@redhat.com> Message-ID: <55A64CFE.7020704@redhat.com> On 15.07.2015 09:56, Tomas Hozza wrote: > Hi. > > I'm sending two changes for systemd service files. > > - One is so that restorecon is not called, since any SELinux > related issues should be fixed in the policy, not by calling > restorecon > > - Another is addition of the pidfile path, so that systemd > removes it if the daemons exits unexpectedly. > > Regards, > > > > _______________________________________________ > dnssec-trigger mailing list > dnssec-trigger at NLnetLabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger > Unfortunately there was typo in the service file, which I found by further testing. Fixed patches are attached Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Set-PIDFile-in-the-dnssec-triggerd.service-file.patch Type: text/x-patch Size: 691 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Remove-restorecon-call-in-dnssec-triggerd-keygen.ser.patch Type: text/x-patch Size: 844 bytes Desc: not available URL: From wouter at nlnetlabs.nl Thu Jul 16 12:44:07 2015 From: wouter at nlnetlabs.nl (W.C.A. Wijngaards) Date: Thu, 16 Jul 2015 14:44:07 +0200 Subject: [Dnssec-trigger] [PATCH] Fixes for systemd service files In-Reply-To: <55A64CFE.7020704@redhat.com> References: <55A61222.3010305@redhat.com> <55A64CFE.7020704@redhat.com> Message-ID: <55A7A717.7070009@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Tomas, Committed the fixed (PIDFile) version. Thanks, Wouter On 15/07/15 14:07, Tomas Hozza wrote: > On 15.07.2015 09:56, Tomas Hozza wrote: >> Hi. >> >> I'm sending two changes for systemd service files. >> >> - One is so that restorecon is not called, since any SELinux >> related issues should be fixed in the policy, not by calling >> restorecon >> >> - Another is addition of the pidfile path, so that systemd >> removes it if the daemons exits unexpectedly. >> >> Regards, >> >> >> >> _______________________________________________ dnssec-trigger >> mailing list dnssec-trigger at NLnetLabs.nl >> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger >> > > Unfortunately there was typo in the service file, which I found by > further testing. > > Fixed patches are attached > > Regards, > > > > _______________________________________________ dnssec-trigger > mailing list dnssec-trigger at NLnetLabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVp6cXAAoJEJ9vHC1+BF+N7vwQAJv57VRwGxUrFTjCB044FU8e hQBHSn32YDpS2DUgyiDQFAf/+QFTozkuIw4TPN9/io2/KzvFtBu3nVcvXNVadtxq kYegjLIRtxccyYN9f8ai5S5wOyAGnaeahsqFUEnAjC1YMowHg0j17efywI1QG4Z2 xkVnkzsFpBaSUX0V0dfna1Hn/UJXI6x31gKElre3iy9gyqgk6zY0F0Ksu1j+iPh0 5Mq4O+3sBVYNvjsYM1ujA258T4O0CreXcVhuEdmrbwJRZTrII8ar/9MBkEynzKFi puBw7I6YzQTls3ZX0txM3TbGn3k7OgTGQBnc/a0xKToRYUYGFU+EEZ3kVP6IOCzf G5Z+Ld8zPq9egriUsS7vzlhfVWwjx7JQmDSqvufN4BDNWaoieL7KCN97QMVU/7FM EPro8RHWPMPDhK+HN6Rqw6KYFN1iaCERTSTYXIMumLK5pmNAfQxk9jg5YH1RQCVH aQ/muCkKHFnx0hhYnw8R1E/tQnlTMkgEg96kM/fE9Tu2Vs+ybQknG5018KCjIQl5 ysaWH064YbksqcfndN671s7JmCA+j5cau+4gghF6NdZQxJ1TKhEod9xk2M5hVVbP SrLZ2spPI7d1mfFzM7sYBNyOsmgG+JdCA57ZnYxIhff0OKJDWh9GA/InZz3skHx2 qQ8qnOSbr7F3N68VFqDJ =8r8e -----END PGP SIGNATURE-----