ipsechook and unbound-checkconf
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Mon Jul 3 07:15:32 UTC 2017
Hi Paul,
Thanks! Fixed to check it only if ipsecmod is enabled and present in
module-config.
Best regards, Wouter
On 02/07/17 13:57, Paul Wouters via Unbound-users wrote:
>
> Hi,
>
> The unbound-checkconf code checks for the ipsecmod hook to exist:
>
> check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook,
> cfg->chrootdir
> ,
> cfg);
>
> I want to ship unbound with the ipsecmod module enabled via the
> modules line, but activated via unbound-control. This means that
> the unbound.conf needs no changes when switching from regular mode
> to the mode where it uses the ipsec module for lookups. Currently,
> the ipsecmod hook is checked for, but if people don't have libreswan
> installed, unbound-checkconf fails, and with the systemd service,
> it means unbound won't start.
>
> I've patched this check out to prevent this.
>
> Paul
> ps. minor nit: you should rename check_chroot_string() if you use
> it for multiple things, one of which does not involve chroot :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170703/e9552dc7/attachment.bin>
More information about the Unbound-users
mailing list