From d830cb08826dc593406d9003d061016061b6c3c4 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Thu, 5 May 2016 12:25:53 +0100 Subject: [PATCH] dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp. --- package/network/services/dnsmasq/Makefile | 2 ++ .../dnsmasq/files/dnsmasqsec-add-conffiles.sh | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 3f12a40cd3..f0aba1af44 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -151,6 +151,8 @@ $(call Package/dnsmasq/install,$(1)) ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),) $(INSTALL_DIR) $(1)/usr/share/dnsmasq $(INSTALL_DATA) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq + $(INSTALL_DIR) $(1)/lib/upgrade + $(INSTALL_BIN) ./files/dnsmasqsec-add-conffiles.sh $(1)/lib/upgrade endif endef diff --git a/package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh b/package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh new file mode 100644 index 0000000000..116ab5f8cf --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasqsec-add-conffiles.sh @@ -0,0 +1,16 @@ +add_dnsmasqsec_conffiles() +{ + local filelist="$1" + + # do NOT include timestamp in a backup, only system upgrade + # dnsmasq restart ensures file timestamp is up to date + if [ -z $NEED_IMAGE ]; then + if [ $(ubus call service list '{"name":"dnsmasq"}' | jsonfilter -e '@.*.instances.instance1.running') = "true" ]; then + /etc/init.d/dnsmasq restart + sleep 1 + echo "/etc/dnsmasq.time" >>$filelist + fi + fi +} + +sysupgrade_init_conffiles="$sysupgrade_init_conffiles add_dnsmasqsec_conffiles"