Bug 124950 - net-proxy/bfilter-0.10.3 (New Version)
Bug#: 124950 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: enhancement Priority: P2
Resolution: FIXED Assigned To: net-proxy@gentoo.org Reported By: swanson@ukfsn.org
Component: Applications
URL:  http://bfilter.sourceforge.net/
Summary: net-proxy/bfilter-0.10.3 (New Version)
Keywords:  
Status Whiteboard: 
Opened: 2006-03-04 07:01 0000
Description:   Opened: 2006-03-04 07:01 0000 
A new version of BFilter 0.10.3 is available.

This version now includes the droppriv patch. However it has been changed to
require the configuration directory to be within the chroot directory. This
means that /var/empty can no longer be used (along with any sensible mount
settings for /var such as nosuid, nodev and possibly noexec). I've changed the
configuration to use /etc/bfilter by default.

A diff to the existing 0.10.1 ebuild, the bfilter.conf file and an updated man
page are to be attached (which will be submitted upstream).

------- Comment #1 From Alan Swanson 2006-03-04 07:08:35 0000 ------- 
Created an attachment (id=81289) [details]
bfilter.8

Updated man page for bfilter 0.10.3.

------- Comment #2 From Alan Swanson 2006-03-04 07:09:59 0000 ------- 
Created an attachment (id=81290) [details]
bfilter-conf.diff

Change chroot directory in bfilter.conf.

------- Comment #3 From Alan Swanson 2006-03-04 07:13:05 0000 ------- 
Created an attachment (id=81291) [details]
bfilter-0.10.1-0.10.3-ebuild.diff

Patch to the current ebuild. Drops the droppriv patch and the keepdir creation
but readds man page.

Note that the man page has the same name as the one already in portage for
0.9.6 so it would be replaced. However the configuration and usage is different
between 0.9.6 and 0.10.3. Not sure whether you wish to drop 0.9.6 or add the
new man page with a different name but wasnt sure of best option for fiddling
file names prior to doman in ebuild.

------- Comment #4 From Alan Swanson 2006-03-04 07:16:09 0000 ------- 
(From update of attachment 81290 [details])
>--- files/bfilter.conf	2006-02-21 14:39:03.000000000 +0000
>+++ files/bfilter.conf	2005-09-19 06:35:35.000000000 +0100
>@@ -1,4 +1,4 @@
> # Config file for /etc/init.d/bfilter
> 
> # See the bfilter(8) man page for possible options to put here.
>+BFILTER_OPTS="-u bfilter -g bfilter -r /var/empty"
>-BFILTER_OPTS="-u bfilter -g bfilter -r /etc/bfilter"

------- Comment #5 From Alan Swanson 2006-03-04 07:20:33 0000 ------- 
Created an attachment (id=81292) [details]
bfilter-conf-2.diff

Hrmph. Previous patch was reversed.

------- Comment #6 From Alin Năstac 2006-03-05 00:38:59 0000 ------- 
fixed in cvs.

I've also made following changes:
  - init script now creates /etc/bfilter/etc/resolv.conf when -r option is set
  - RDEPEND modifications:
      - dev-libs/ace replaced with >=dev-libs/ace-5.4.6 (I have compiling
errors when compiled against the stable version). Even with this version I have
a bunch of redefinition warnings, but it isn't bfilter's fault (I don't
understand why dev-libs/ace developers choosed to publish PACKAGE_* definitions
in /usr/include).
      - =dev-cpp/gtkmm-2.4* replaced with >=dev-cpp/gtkmm-2.4 (at least it
works with gtkmm-2.8.1)

thanks again for your contribution! you should send the man page to upstream
for inclusion in future versions.

------- Comment #7 From Alan Swanson 2006-03-05 02:47:00 0000 ------- 
Just reopening as it isn't neccessary for resolv.conf to be copied to the
chroot. The gethostbyname call is still being used to read resolv.conf before
chrooting and after doing so resolv.conf is never read again by the process.

------- Comment #8 From Alin Năstac 2006-03-05 06:09:22 0000 ------- 
Then how do you explain errors like this if /etc/bfilter/etc/resolv.conf don't
exist:
The following error was encountered:
    * Could not resolve Hostname "www.google.com" 
Some aspect of the requested URL is incorrect. Possible problems:
    * Hostname does not exist (or has expired)
    * Typo/syntax error in the URL
    * DNS Server problem (in which case you should try again later) 

I didn't made it just becase I like to complicate things, I did it because this
package installs by default with -r /etc/bfilter, setting which don't work (at
least on my computer) unless I copy the resolv.conf.

------- Comment #9 From Alan Swanson 2006-03-05 08:20:17 0000 ------- 
Created an attachment (id=81405) [details]
bfilter-resolv.diff

That's very odd. It'w working over here with any resolv.conf in the chroot
after multiple restarts over two weeks of testing and I have verified it is
chrooted. The author did change the gethostbyname call to "com." instead of
"www.slashdot.com" for some reason. I wonder if that's causing the problem on
your system. Patch attached just in case.

------- Comment #10 From Alin Năstac 2006-03-05 21:56:11 0000 ------- 
nope, still not working.

------- Comment #11 From Alin Năstac 2006-03-06 22:01:07 0000 ------- 
I don't think that missing /etc/resolv.conf will not bother libresolv.so. I
don't recall me having to restart a daemon just because I changed used
nameservers. 

However, calling gethostbyname before chrooting is good because it avoids the
need of copying libresolv.so in the chrooted environment.

Thoughts?

------- Comment #12 From Alin Năstac 2006-03-18 12:49:04 0000 ------- 
I take your silence as an approval.