- Unbound exits with a fatal error when the auto-trust-anchor-file

  fails to be writable.  This is seconds after startup.  You can
  load a readonly auto-trust-anchor-file with trust-anchor-file.
  The file has to be writable to notice the trust anchor change,
  without it, a trust anchor change will be unnoticed and the system
  will then become unoperable.

git-svn-id: file:///svn/unbound/trunk@3387 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index cfde10135d337aaae554e174aae150d5c47d95e0..e0dd8f96b11d1120e08d32de4c649aa3a42871c3 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,11 @@
 7 April 2015: Wouter
        - Libunbound skips dos-line-endings from etc/hosts.
+       - Unbound exits with a fatal error when the auto-trust-anchor-file
+         fails to be writable.  This is seconds after startup.  You can
+         load a readonly auto-trust-anchor-file with trust-anchor-file.
+         The file has to be writable to notice the trust anchor change,
+         without it, a trust anchor change will be unnoticed and the system
+         will then become unoperable.
 
 2 April 2015: Wouter
        - Fix #660: Fix interface-automatic broken in the presence of

diff --git a/validator/autotrust.c b/validator/autotrust.c
index bb5723468ff596591201df298a4474d3128e43a8..d90eec9eb0d16b6a7c145f3d7d4d24e04c33ed82 100644 (file)
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -1184,7 +1184,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
        verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf);
        out = fopen(tempf, "w");
        if(!out) {
-               log_err("could not open autotrust file for writing, %s: %s",
+               fatal_exit("could not open autotrust file for writing, %s: %s",
                        tempf, strerror(errno));
                return;
        }
@@ -1192,11 +1192,11 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
                /* failed to write contents (completely) */
                fclose(out);
                unlink(tempf);
-               log_err("could not completely write: %s", fname);
+               fatal_exit("could not completely write: %s", fname);
                return;
        }
        if(fclose(out) != 0) {
-               log_err("could not complete write: %s: %s",
+               fatal_exit("could not complete write: %s: %s",
                        fname, strerror(errno));
                unlink(tempf);
                return;
@@ -1207,7 +1207,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
        (void)unlink(fname); /* windows does not replace file with rename() */
 #endif
        if(rename(tempf, fname) < 0) {
-               log_err("rename(%s to %s): %s", tempf, fname, strerror(errno));
+               fatal_exit("rename(%s to %s): %s", tempf, fname, strerror(errno));
        }
 }