diff options
Diffstat (limited to 'package/network/services/dnsmasq/files')
3 files changed, 23 insertions, 22 deletions
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 1a9903e..5f7afdb 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -16,6 +16,7 @@ CONFIGFILE="/var/etc/dnsmasq.conf" HOSTFILE="/tmp/hosts/dhcp" TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf" TIMESTAMPFILE="/etc/dnsmasq.time" +TIMEVALIDFILE="/var/state/dnsmasqsec" xappend() { local value="$1" @@ -235,7 +236,12 @@ dnsmasq() { [ "$dnssec" -gt 0 ] && { xappend "--conf-file=$TRUSTANCHORSFILE" xappend "--dnssec" - xappend "--dnssec-timestamp=$TIMESTAMPFILE" + [ -x /etc/init.d/sysntpd ] && { + /etc/init.d/sysntpd enabled + [ "$?" -ne 0 -o "$(uci_get system.ntp.enabled)" = "1" ] && { + [ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck" + } + } append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" } @@ -627,10 +633,7 @@ start_service() { mkdir -p /var/lib/misc touch /tmp/dhcp.leases - if [ ! -f "$TIMESTAMPFILE" ]; then - touch "$TIMESTAMPFILE" - chown dnsmasq.dnsmasq "$TIMESTAMPFILE" - fi + [ -f "$TIMESTAMPFILE" ] && rm -f "$TIMESTAMPFILE" echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE @@ -709,7 +712,7 @@ start_service() { procd_add_jail dnsmasq ubus log procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers $EXTRA_MOUNT - procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases $TIMESTAMPFILE + procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases procd_close_instance } diff --git a/package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh b/package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh deleted file mode 100644 index 116ab5f..0000000 --- a/package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh +++ /dev/null @@ -1,16 +0,0 @@ -add_dnsmasqsec_conffiles() -{ - local filelist="$1" - - # do NOT include timestamp in a backup, only system upgrade - # dnsmasq restart ensures file timestamp is up to date - if [ -z $NEED_IMAGE ]; then - if [ $(ubus call service list '{"name":"dnsmasq"}' | jsonfilter -e '@.*.instances.instance1.running') = "true" ]; then - /etc/init.d/dnsmasq restart - sleep 1 - echo "/etc/dnsmasq.time" >>$filelist - fi - fi -} - -sysupgrade_init_conffiles="$sysupgrade_init_conffiles add_dnsmasqsec_conffiles" diff --git a/package/network/services/dnsmasq/files/dnsmasqsec.hotplug b/package/network/services/dnsmasq/files/dnsmasqsec.hotplug new file mode 100644 index 0000000..5c69314 --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasqsec.hotplug @@ -0,0 +1,14 @@ +#!/bin/sh + +TIMEVALIDFILE="/var/state/dnsmasqsec" + +[ "$ACTION" = stratum ] || exit 0 + +[ -f "$TIMEVALIDFILE" ] || { + echo "ntpd says time is valid" >$TIMEVALIDFILE + /etc/init.d/dnsmasq enabled && { + pid=$(pidof dnsmasq) + [ "$(readlink /proc/$pid/exe)" = "/usr/sbin/dnsmasq" ] && kill -SIGHUP $pid \ + || /etc/init.d/dnsmasq restart + } +} |