Bug 927551

Summary:	net-dns/knot: some OpenRC service script improvements
Product:	Gentoo Linux	Reporter:	Michael Orlitzky <mjo>
Component:	Current packages	Assignee:	Pierre-Olivier Mercier <nemunaire>
Status:	RESOLVED FIXED
Severity:	normal	CC:	proxy-maint
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/40838
Whiteboard:
Package list:		Runtime testing required:	---

Description Michael Orlitzky gentoo-dev

2024-03-22 18:09:30 UTC

I'm in the market for a new DNS server, and was poking around in net-dns/knot. I noticed a few things in the OpenRC init script that could probably be improved. Some are covered in the OpenRC service script guide: https://github.com/OpenRC/openrc/blob/master/service-script-guide.md

I'll start with the easy ones:

0. /var/run should be /run these days.

1. "need net" is probably not right (see the service script guide).

2. The permissions on /var/lib/knot/ should be set in the ebuild and not using checkpath since that location is persistent.

3. The "checkpath" can go in start_pre() to avoid having to copy/paste the start-stop-daemon call.

The hard one has to do with the PID file. There are two potential sources for a PID file:

1. start-stop-daemon, which runs as root:root and creates the PID file as root:root when either --make-pidfile is used, or command_background=true is set. Neither of those is true at the moment, so all you get is the PID file from...

2. knotd, which runs as knot:knot and creates the PID file as knot:knot in /var/run/knot, which is writable by the "knot" user anyway.

The second one (i.e. what you're currently using) poses a risk if start-stop-daemon is used to kill the process. Specifically, if the "knot" user can write to the PID file and if root is stopping the daemon with start-stop-daemon, then "knot" can put "1" into the PID file and cause the server to reboot, something only root should be able to do.

There are a few ways to sort this out that I see. First would be to eliminate the fallback to start-stop-daemon when stopping the daemon. Then you'll never try to stop it as root. Second would be to use a separate pid file for start-stop-daemon, at /run/knot.pid, via --make-pidfile. They would both contain the same information, but one would be safe to kill as root. Finally, the best option is probably to let OpenRC put the daemon into the background so that knotd never tries to create its own PID file. Something like the following -- only lightly tested, since I first tried knot about half an hour ago:

#!/sbin/openrc-run
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

command=/usr/sbin/knotd
command_background=true
pidfile="/run/${SVCNAME}.pid"
required_files=/etc/knot/knot.conf
extra_started_commands="reload"
description_reload="Reload configuration and changed zones."

start_pre() {
checkpath -d -m 0750 -o knot:knot /var/run/knot
}

reload() {
checkconfig || return $?
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP --pidfile "${pidfile}"
eend $?
}

Comment 1 Larry the Git Cow gentoo-dev

2024-12-01 14:30:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcca5763b643aa91a8d05f7529beaf98c34db11c

commit bcca5763b643aa91a8d05f7529beaf98c34db11c
Author:     PPN-SD <nicolas.parlant@parhuet.fr>
AuthorDate: 2024-09-07 22:39:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-12-01 14:28:11 +0000

    net-dns/knot: add 3.4.2
    
    new module: authsignal
    
    useflag:
    * dbus: useflag added to support libdbus including when systemd is installed
    * +doc: useflag enabled by default because pregenerated manpages are no longer provided by upstream
    * idn1: useflag removed, deprecated
    * pkcs#11: useflag added
    
    scripts:
    * use upstream service for systemd
    * new openrc init script (knot-1.init):
        use background to create a root-owned pid file
        add checkconfig
    * use knot.tmpfile for permissions:
        /run/knot (pidfile created by knotd)
        /var/lib/knot (default database, template ...)
    
    Bug: https://bugs.gentoo.org/927551
    Closes: https://bugs.gentoo.org/920681
    Signed-off-by: PPN-SD <nicolas.parlant@parhuet.fr>
    Closes: https://github.com/gentoo/gentoo/pull/39066
    Signed-off-by: Sam James <sam@gentoo.org>

 net-dns/knot/Manifest           |   1 +
 net-dns/knot/files/knot-1.init  |  42 ++++++++++
 net-dns/knot/files/knot.tmpfile |   2 +
 net-dns/knot/knot-3.4.2.ebuild  | 166 ++++++++++++++++++++++++++++++++++++++++
 net-dns/knot/metadata.xml       |   9 +++
 5 files changed, 220 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2025-03-10 02:54:24 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8229050b30cca4eb144a99b5b83db7078fba8d02

commit 8229050b30cca4eb144a99b5b83db7078fba8d02
Author:     Nicolas PARLANT <nicolas.parlant@parhuet.fr>
AuthorDate: 2025-03-01 18:45:10 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-03-10 02:48:03 +0000

    net-dns/knot: clean old
    
    drop:
    * 3.2.9-r1 as 3.2.X is no more active
    * 3.4.3-r2 after 3.4.4 got stabilized
    
    useflags desc:
    * remove libidn2 (3.2.9 only)
    * switch geoip to global
    
    Closes: https://bugs.gentoo.org/927551
    Closes: https://bugs.gentoo.org/913202
    Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
    Closes: https://github.com/gentoo/gentoo/pull/40838
    Signed-off-by: Sam James <sam@gentoo.org>

 net-dns/knot/Manifest             |   2 -
 net-dns/knot/files/knot-1.service |  17 ----
 net-dns/knot/files/knot.init      |  41 --------
 net-dns/knot/knot-3.2.9-r1.ebuild | 126 -----------------------
 net-dns/knot/knot-3.4.3-r2.ebuild | 204 --------------------------------------
 net-dns/knot/metadata.xml         |   7 --
 6 files changed, 397 deletions(-)