ipsechook and unbound-checkconf

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Jul 3 07:15:32 UTC 2017


Hi Paul,

Thanks!  Fixed to check it only if ipsecmod is enabled and present in
module-config.

Best regards, Wouter

On 02/07/17 13:57, Paul Wouters via Unbound-users wrote:
> 
> Hi,
> 
> The unbound-checkconf code checks for the ipsecmod hook to exist:
> 
>     check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook,
> cfg->chrootdir
> ,
>          cfg);
> 
> I want to ship unbound with the ipsecmod module enabled via the
> modules line, but activated via unbound-control. This means that
> the unbound.conf needs no changes when switching from regular mode
> to the mode where it uses the ipsec module for lookups. Currently,
> the ipsecmod hook is checked for, but if people don't have libreswan
> installed, unbound-checkconf fails, and with the systemd service,
> it means unbound won't start.
> 
> I've patched this check out to prevent this.
> 
> Paul
> ps. minor nit: you should rename check_chroot_string() if you use
> it for multiple things, one of which does not involve chroot :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170703/e9552dc7/attachment.bin>


More information about the Unbound-users mailing list