From 47323af3dfd5afe38ebd90f550ad5d7dc078e860 Mon Sep 17 00:00:00 2001
From: wouter <wouter@14dc9c71-5cc2-e011-b339-0019d10b89f4>
Date: Thu, 12 Mar 2015 15:37:44 +0000
Subject: [PATCH] - Patches from Tomas Hozza (7): dnssec-trigger-script:
Fix wrong default value in configuration dnssec-trigger-script: Fix
formatting errors dnssec-trigger-script: Remove unused class Allow
to select the default Python interpretter during build Fix
01-dnssec-trigger NOT to hardcode shell path dnssec-trigger-script: Fix
typo when adding search domains dnssec-trigger-control-setup: Use 3072
bit keys
git-svn-id: http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk@693 14dc9c71-5cc2-e011-b339-0019d10b89f4
---
01-dnssec-trigger.in | 2 +-
Changelog | 10 ++++++++++
Makefile.in | 3 +++
config.h.in | 3 +++
configure | 25 +++++++++++++++++++++++++
configure.ac | 10 ++++++++++
dnssec-trigger-control-setup.sh.in | 4 +++-
dnssec-trigger-script.in | 21 +++++----------------
8 files changed, 60 insertions(+), 18 deletions(-)
diff --git a/01-dnssec-trigger.in b/01-dnssec-trigger.in
index f410723..8ece20e 100644
--- a/01-dnssec-trigger.in
+++ b/01-dnssec-trigger.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!0SHELL0
#
# Script to notify dnssec-trigger that the DNS configuration in NetworkManager
# may have changed.
diff --git a/Makefile.in b/Makefile.in
index 8d4de79..5b356fc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -20,6 +20,7 @@ endif
SHELL=@SHELL@
VERSION=@PACKAGE_VERSION@
+PYTHON=@PYTHON@
srcdir=@srcdir@
prefix=@prefix@
exec_prefix=@exec_prefix@
@@ -223,6 +225,7 @@ networkmanager-hook: 01-dnssec-trigger dnssec-trigger-script
dnssec-trigger-script: $(srcdir)/dnssec-trigger-script.in Makefile
cp $< $@
+ sed -e 's?0PYTHON0?$(PYTHON)?' < $(srcdir)/dnssec-trigger-script.in > $@
chmod +x $@
osx/RiggerStatusItem/log.c: $(srcdir)/riggerd/log.c osx/RiggerStatusItem
diff --git a/config.h.in b/config.h.in
index e79b245..022d056 100644
--- a/config.h.in
+++ b/config.h.in
@@ -258,6 +258,9 @@
/* default pidfile name for dnssec-trigger */
#undef PIDFILE
+/* default Python interpreter path for all Python scripts */
+#undef PYTHON
+
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
diff --git a/configure b/configure
index 2082a49..a53d6b2 100755
--- a/configure
+++ b/configure
@@ -626,6 +626,7 @@ DATE
LDNSLIBS
ldnsdir
unbound_control_path
+PYTHON
pidfile
configfile
uidir
@@ -718,6 +719,7 @@ with_keydir
with_uidir
with_configfile
with_pidfile
+with_python
with_unbound_control
with_ldns
enable_rpath
@@ -1383,6 +1385,8 @@ Optional Packages:
keydir/dnssec-trigger.conf
--with-pidfile=path set the pidfile to use, default
/var/run/dnssec-trigger.pid
+ --with-python=path set the path to Python interpreter to use for Python
+ scripts, defaults /usr/bin/python
--with-unbound-control=path
set the unbound-control to use, default what
configure finds in its path
@@ -7336,6 +7340,27 @@ _ACEOF
+# Check whether --with-python was given.
+if test "${with_python+set}" = set; then :
+ withval=$with_python;
+else
+ withval=""
+fi
+
+PYTHON="/usr/bin/python"
+if test -n "$withval"; then
+ PYTHON="$withval"
+fi
+python_esc="`echo $PYTHON | sed -e 's/\\\\/\\\\\\\\/g'`"
+
+
+cat >>confdefs.h <<_ACEOF
+#define PYTHON "$python_esc"
+_ACEOF
+
+
+
+
# Check whether --with-unbound-control was given.
if test "${with_unbound_control+set}" = set; then :
withval=$with_unbound_control;
diff --git a/configure.ac b/configure.ac
index 1f9967b..4c1c716 100644
--- a/configure.ac
+++ b/configure.ac
@@ -504,6 +504,16 @@ ACX_ESCAPE_BACKSLASH($pidfile, pidfile_esc)
AC_DEFINE_UNQUOTED([PIDFILE], ["$pidfile_esc"], [default pidfile name for dnssec-trigger])
AC_SUBST(pidfile)
+AC_ARG_WITH([python], AC_HELP_STRING([--with-python=path],
+[set the path to Python interpreter to use for Python scripts, defaults /usr/bin/python]),, withval="")
+PYTHON="/usr/bin/python"
+if test -n "$withval"; then
+ PYTHON="$withval"
+fi
+ACX_ESCAPE_BACKSLASH($PYTHON, python_esc)
+AC_DEFINE_UNQUOTED([PYTHON], ["$python_esc"], [default Python interpreter path for all Python scripts])
+AC_SUBST(PYTHON)
+
AC_ARG_WITH([unbound-control], AC_HELP_STRING([--with-unbound-control=path],
[set the unbound-control to use, default what configure finds in its path]),, withval="")
AC_MSG_CHECKING([for unbound-control])
diff --git a/dnssec-trigger-control-setup.sh.in b/dnssec-trigger-control-setup.sh.in
index 7d0387a..7cc305a 100644
--- a/dnssec-trigger-control-setup.sh.in
+++ b/dnssec-trigger-control-setup.sh.in
@@ -48,7 +48,9 @@ CLIENTNAME=dnssec-trigger-control
DAYS=7200
# size of keys in bits
-BITS=1536
+# recommendation for new systems is to use at least 3072 bits
+# http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
+BITS=3072
# hash algorithm
HASH=sha256
diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in
index 830baa9..7bf6c2e 100644
--- a/dnssec-trigger-script.in
+++ b/dnssec-trigger-script.in
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!0PYTHON0
# -*- coding: utf-8 -*-
"""
@author: Tomas Hozza <thozza@redhat.com>
@@ -57,7 +57,7 @@ class Config:
"use_vpn_global_forwarders": False,
"use_resolv_conf_symlink": False,
"use_resolv_secure_conf_symlink": False,
- "use_private_address_ranges": TRUE,
+ "use_private_address_ranges": True,
"set_search_domains": False,
"keep_positive_answers": False,
}
@@ -86,7 +86,7 @@ class Config:
config = Config()
if config.debug:
- log.setLevel(logging.DEBUG);
+ log.setLevel(logging.DEBUG)
class ConnectionList:
"""List of NetworkManager active connections"""
@@ -186,7 +186,7 @@ class Connection:
pass
try:
self.servers += [self.ip6_to_str(connection.get_ip6_config().get_nameserver(i))
- for i in range(connection.get_ip6_config().get_num_nameservers())]
+ for i in range(connection.get_ip6_config().get_num_nameservers())]
except AttributeError:
pass
@@ -353,17 +353,6 @@ class Store:
zone_file.write("{}\n".format(zone))
os.rename(self.path_tmp, self.path)
-class GlobalForwarders:
- def __init__(self):
- self.cache = set()
- try:
- with open(self.path) as zone_file:
- for line in zone_file:
- line = line.strip()
- if line:
- self.cache.add(line)
- except IOError:
- pass
class Application:
resolvconf = "/etc/resolv.conf"
@@ -490,7 +479,7 @@ class Application:
Called by dnssec-trigger.
"""
- if config.add_search_domains:
+ if config.set_search_domains:
zones = set(sum((connection.zones for connection in ConnectionList(self.client)), []))
log.info("Search domains: " + ' '.join(zones))
self.resolvconf_localhost_contents = self.__class__.resolvconf_localhost_contents
--
2.1.0