getent group knot-resolver >/dev/null || groupadd -r knot-resolver
getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysconfdir}/knot-resolver -s /sbin/nologin -c "Knot Resolver" knot-resolver
-%if "x%{?rhel}" == "x"
-# upgrade-4-to-5
-if [ -f %{_unitdir}/kresd.socket ] ; then
- export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
- mkdir -p ${UPG_DIR}
- touch ${UPG_DIR}/.unfinished
-
- for sock in kresd.socket kresd-tls.socket kresd-webmgmt.socket kresd-doh.socket ; do
- if systemctl is-enabled ${sock} 2>/dev/null | grep -qv masked ; then
- systemctl show ${sock} -p Listen > ${UPG_DIR}/${sock}
- case "$(systemctl show ${sock} -p BindIPv6Only)" in
- *ipv6-only)
- touch ${UPG_DIR}/${sock}.v6only
- ;;
- *default)
- if cat /proc/sys/net/ipv6/bindv6only | grep -q 1 ; then
- touch ${UPG_DIR}/${sock}.v6only
- fi
- ;;
- esac
- fi
- done
-fi
-%endif
-
%post core
-# upgrade-4-to-5
-%if "x%{?rhel}" == "x"
-export UPG_DIR=%{_sharedstatedir}/knot-resolver/.upgrade-4-to-5
-if [ -f ${UPG_DIR}/.unfinished ] ; then
- rm -f ${UPG_DIR}/.unfinished
- kresd -c %{_libdir}/knot-resolver/upgrade-4-to-5.lua &>/dev/null
- echo -e "\n !!! WARNING !!!"
- echo -e "Knot Resolver configuration file requires manual upgrade.\n"
- cat ${UPG_DIR}/kresd.conf.net 2>/dev/null
-fi
-%endif
-
# 5.0.1 fix to force restart of kres-cache-gc.service, which was missing in systemd_postun_with_restart
# TODO: remove once most users upgrade to 5.0.1+
systemctl daemon-reload >/dev/null 2>&1 || :
+++ /dev/null
--- SPDX-License-Identifier: GPL-3.0-or-later
-
-local upg_dir = '@systemd_work_dir@/.upgrade-4-to-5'
-local out = upg_dir..'/kresd.conf.net'
-local sockets = {
- { file='kresd.socket', kind='dns' },
- { file='kresd-tls.socket', kind='tls' },
- { file='kresd-doh.socket', kind='doh2' },
- { file='kresd-webmgmt.socket', kind='webmgmt' },
-}
-
--- globals
-addr_port = {}
-outfile = io.open(out, 'w')
-
-if outfile == nil then
- -- this is technically an error, but upgrade script shouldn't fail in scriptlets
- os.exit(0) -- make no changes and exit
-end
-
-outfile:write("-- Suggested network interface configuration\n")
-outfile:write("-- See https://knot-resolver.readthedocs.io/en/stable/upgrading.html\n\n")
-outfile:write("-- Please remove any unused or undesired interfaces and add them to\n")
-outfile:write("-- @etc_dir@/kresd.conf\n\n")
-
-local function write_net_listen(addr, port, kind)
- -- make sure (addr, port) combination is unique
- for _, val in ipairs(addr_port) do
- if val.addr == addr and val.port == port then
- return
- end
- end
-
- table.insert(addr_port, { addr=addr, port=port })
- outfile:write(
- "net.listen('"..addr.."', "..tostring(port)..
- ", { kind = '"..kind.."', freebind = true })\n")
-end
-
-local function convert(line, kind, ipv6only)
- local patterns = {
- '^[^=]+=(%d+%.%d+%.%d+%.%d+):(%d+)', -- IPv4
- '^[^=]+=%[([^%]]+)%]:(%d+)', -- IPv6
- '^[^=]+=(/.*)', -- UNIX
- }
-
- -- Datagram is either implied (dns) or unsupported (tls/doh/webmgmt)
- if not line:match('^Listen.*Stream') then
- return
- end
-
- for _, pattern in ipairs(patterns) do
- local addr, port = line:match(pattern)
- if addr ~= nil then
- write_net_listen(addr, port, kind)
- if not ipv6only then
- if addr:match('^::$') then
- write_net_listen('0.0.0.0', port, kind)
- end
- if addr:match('^::1$') then
- write_net_listen('127.0.0.1', port, kind)
- end
- end
- end
- end
- return
-end
-
-for _, socket in pairs(sockets) do
- local ipv6only = false
- local ipv6only_f = io.open(upg_dir..'/'..socket.file..'.v6only', 'r')
- if ipv6only_f ~= nil then
- ipv6only = true
- io.close(ipv6only_f)
- end
- local sockinfo = io.open(upg_dir..'/'..socket.file, 'r')
- if sockinfo ~= nil then
- for line in sockinfo:lines() do
- convert(line, socket.kind, ipv6only)
- end
- end
-end
-
-outfile:write("\n")
-
-io.close(outfile)
-os.exit(0)
projects / thirdparty / knot-resolver.git / commitdiff
