717760 – net-dns/bind-9.16.1 : postinst rndc.key logic is STILL wrong, potentially causing postinst failure

Bug 717760 - net-dns/bind-9.16.1 : postinst rndc.key logic is STILL wrong, potentially causing postinst failure

Summary: net-dns/bind-9.16.1 : postinst rndc.key logic is STILL wrong, potentially cau...

Status:	RESOLVED DUPLICATE of bug 701032

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Mikle Kolyada (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-16 21:07 UTC by Phil Stracchino (Unix Ronin)
Modified:	2021-01-20 15:47 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Phil Stracchino (Unix Ronin) 2020-04-16 21:07:05 UTC

The logic in pkg_postinst is still wrong.

What it looks like now:

pkg_postinst() {
	if [ ! -f '/etc/bind/rndc.key' ]; then
		if use urandom; then

Why this is wrong:

There are two possible configuration files that may contain the key, rndc.conf and rndc.key.  The build does not create rndc.conf.  If rndc.conf exists, then
(a) it has been created by the user and should be presumed to be correct,
(b) rndc will prefer rndc.conf over rndc.key,
and
(c) rndc will emit a warning IF BOTH rndc.conf and rndc.key exist, then go ahead and use rndc.conf ANYWAY.

However, if rndc.conf already exists, but rndc.key does not, *which is a correct configuration*, then this code will:
1. create an unnecessary and unwanted rndc.key file that will never be used,
and
2. cause a warning every time rndc is invoked.


What it SHOULD look like:

pkg_postinst() {
	if [ ! -f '/etc/bind/rndc.key' && !  -f '/etc/bind/rndc.conf' ]; then
		if use urandom; then

Why this is right:

It creates rndc.key IF AND ONLY IF NEITHER rndc.key NOR the preferred rndc.conf already exists.


The confgen call in pkg_postinst also fails if rndc.conf already exists, causing the build to fail in pkg_postinst.



Reproducible: Always

Actual Results:  
The ebuild fails in postinst if rndc.conf already exists

Expected Results:  
If rndc.conf already exists, postinst should not attempt to create rndc.key which, in this case, will never be used anyway

Please see #691786, #701032

Comment 1 Tomáš Mózes 2020-04-17 04:31:55 UTC

+1

Comment 2 Jonas Stein gentoo-dev

2020-04-19 13:58:00 UTC

If you write "STILL" do you want to reference a specific bug, which was (not) fixed?
I do not know, what +1 should mean in this context. Please write a clear statement.

Comment 3 Tomáš Mózes 2020-04-19 14:41:44 UTC

(In reply to Jonas Stein from comment #2)
> If you write "STILL" do you want to reference a specific bug, which was
> (not) fixed?
> I do not know, what +1 should mean in this context. Please write a clear
> statement.

That I'm having the same issue.

Comment 4 Tomáš Mózes 2020-04-19 14:43:36 UTC

https://bugs.gentoo.org/701032

Comment 5 Phil Stracchino (Unix Ronin) 2020-04-19 15:26:57 UTC

(In reply to Jonas Stein from comment #2)
> If you write "STILL" do you want to reference a specific bug, which was
> (not) fixed?
> I do not know, what +1 should mean in this context. Please write a clear
> statement.

Jonas, I referenced #691786 (against 9.14.4, where I first reported the problem), and #701032 (against 9.15.5).  I even offered a patch in 701032.

Comment 6 Sam James archtester

2020-06-08 04:22:10 UTC

 * FAILED postinst: 1
 * ERROR: net-dns/bind-9.14.12::gentoo failed (postinst phase):
 *   (no error message)
 *
 * Call stack:
 *     ebuild.sh, line 125:  Called pkg_postinst
 *   environment, line 3064:  Called die
 * The specific snippet of code:
 *           chown root:named /etc/bind/rndc.key || die;
 *

I don't have /etc/bind.

Comment 7 Mikle Kolyada (RETIRED) archtester

2021-01-20 15:47:37 UTC


*** This bug has been marked as a duplicate of bug 701032 ***