-
Notifications
You must be signed in to change notification settings - Fork 159
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dnsmasq: add support for dnssec-timestamp file located on a read-only…
… filesystem Refs #163
- Loading branch information
Showing
1 changed file
with
81 additions
and
0 deletions.
There are no files selected for viewing
81 changes: 81 additions & 0 deletions
81
make/dnsmasq/patches/030-support_dnssec_timestamp_on_readonly_fs.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| --- src/dnsmasq.c | ||
| +++ src/dnsmasq.c | ||
| @@ -1457,8 +1457,7 @@ | ||
| /* update timestamp file on TERM if time is considered valid */ | ||
| if (daemon->back_to_the_future) | ||
| { | ||
| - if (utimes(daemon->timestamp_file, NULL) == -1) | ||
| - my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); | ||
| + update_timestamp_amtime(); | ||
| } | ||
| #endif | ||
|
|
||
| --- src/dnsmasq.h | ||
| +++ src/dnsmasq.h | ||
| @@ -1060,6 +1060,7 @@ | ||
| #ifdef HAVE_DNSSEC | ||
| struct ds_config *ds; | ||
| char *timestamp_file; | ||
| + int timestamp_file_is_on_readonly_fs; | ||
| #endif | ||
|
|
||
| /* globally used stuff for DNS */ | ||
| @@ -1230,6 +1231,7 @@ | ||
| size_t filter_rrsigs(struct dns_header *header, size_t plen); | ||
| unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name); | ||
| int setup_timestamp(void); | ||
| +void update_timestamp_amtime(void); /* sets atime and mtime of the timestamp_file to the current time */ | ||
|
|
||
| /* crypto.c */ | ||
| const struct nettle_hash *hash_find(char *name); | ||
| --- src/dnssec.c | ||
| +++ src/dnssec.c | ||
| @@ -145,6 +145,7 @@ | ||
| struct stat statbuf; | ||
|
|
||
| daemon->back_to_the_future = 0; | ||
| + daemon->timestamp_file_is_on_readonly_fs = 0; | ||
|
|
||
| if (!daemon->timestamp_file) | ||
| return 0; | ||
| @@ -156,8 +157,7 @@ | ||
| if (difftime(timestamp_time, time(0)) <= 0) | ||
| { | ||
| /* time already OK, update timestamp, and do key checking from the start. */ | ||
| - if (utimes(daemon->timestamp_file, NULL) == -1) | ||
| - my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); | ||
| + update_timestamp_amtime(); | ||
| daemon->back_to_the_future = 1; | ||
| return 0; | ||
| } | ||
| @@ -185,6 +185,20 @@ | ||
| return -1; | ||
| } | ||
|
|
||
| +void update_timestamp_amtime(void) | ||
| +{ | ||
| + if (!daemon->timestamp_file || daemon->timestamp_file_is_on_readonly_fs) | ||
| + return; | ||
| + | ||
| + if (utimes(daemon->timestamp_file, NULL) == -1) { | ||
| + if (errno == EROFS) { | ||
| + daemon->timestamp_file_is_on_readonly_fs = 1; | ||
| + } else { | ||
| + my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); | ||
| + } | ||
| + } | ||
| +} | ||
| + | ||
| /* Check whether today/now is between date_start and date_end */ | ||
| static int check_date_range(u32 date_start, u32 date_end) | ||
| { | ||
| @@ -202,8 +216,7 @@ | ||
| { | ||
| if (daemon->back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0) | ||
| { | ||
| - if (utimes(daemon->timestamp_file, NULL) != 0) | ||
| - my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); | ||
| + update_timestamp_amtime(); | ||
|
|
||
| my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps.")); | ||
| daemon->back_to_the_future = 1; |