[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 05dae1b7cba0839489abbda5b8ee101715568268

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 05dae1b7cba0839489abbda5b8ee101715568268
@ 2026-05-28 10:40 Michael Tremer
  0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-05-28 10:40 UTC (permalink / raw)
  To: ipfire-scm

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  05dae1b7cba0839489abbda5b8ee101715568268 (commit)
       via  c1982d0c28adf8821c1ada7253937b032c106413 (commit)
       via  dffd327d5f981174cc8153cb4dea5a233ebfac2c (commit)
       via  25e3cefb09fd2e65734a43bfdc00ec513a699879 (commit)
      from  c3dafd6356f43a5a7ea4401b8408955ae95a8158 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 05dae1b7cba0839489abbda5b8ee101715568268
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu May 28 12:37:22 2026 +0200

    knot resolver: Tolerate empty CSV values
    
    The Perl code that is generating the CSV might sometimes omit some
    fields so they will be nil instead of being an empty string.
    
    This change makes the code work for either.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit c1982d0c28adf8821c1ada7253937b032c106413
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu May 28 12:33:02 2026 +0200

    knot resolver: Fix typo in applying RPZ tags
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit dffd327d5f981174cc8153cb4dea5a233ebfac2c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu May 28 12:01:28 2026 +0200

    knot resolver: Move RPZs into /var/lib/knot-resolver/zones
    
    This is deliberately not backed up since there zones will have to be
    fetched in their entirety anyways.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 25e3cefb09fd2e65734a43bfdc00ec513a699879
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu May 28 11:31:55 2026 +0200

    initscripts: waitfordns: Remove debugging output
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/knot-resolver/config.lua       | 24 ++++++++++++++----------
 config/rootfiles/common/knot-resolver |  1 +
 lfs/knot-resolver                     |  4 ++++
 src/initscripts/system/waitfordns     |  1 -
 src/scripts/update-rpzs               |  2 +-
 5 files changed, 20 insertions(+), 12 deletions(-)

Difference in files:
diff --git a/config/knot-resolver/config.lua b/config/knot-resolver/config.lua
index e95a3c8b2..8786d8ff0 100644
--- a/config/knot-resolver/config.lua
+++ b/config/knot-resolver/config.lua
@@ -423,7 +423,7 @@ function config.load_rpzs()
 		local name, status, comment, enabled_zones, custom_acl = unpack(fields)
 
 		if status == "on" then
-			local path = string.format("/var/cache/knot-resolver/rpzs/%s.zone", name)
+			local path = string.format("/var/lib/knot-resolver/zones/%s.zone", name)
 
 			-- Ensure the zone exists
 			if io.open(path) then
@@ -455,23 +455,27 @@ function config.load_rpzs()
 				assert(C.kr_rule_zonefile(rpz) == 0)
 
 				-- Apply zone ACLs
-				for zone in enabled_zones:gmatch("[^|]+") do
-					local subnet = get_zone(zone)
+				if enabled_zones then
+					for zone in enabled_zones:gmatch("[^|]+") do
+						local subnet = get_zone(zone)
 
-					if subnet then
-						add_tag(views, subnet, tag)
+						if subnet then
+							add_tag(views, subnet, tag)
+						end
 					end
 				end
 
 				-- Apply custom ACLs
-				for subnet in custom_acl:gmatch("[^|]+") do
-					if subnet then
-						add_tag(views, subnet, tag)
+				if custom_acl then
+					for subnet in custom_acl:gmatch("[^|]+") do
+						if subnet then
+							add_tag(views, subnet, tag)
+						end
 					end
 				end
 
 				-- Load it globally if no ACLs have been defined
-				if enabled_zones == "" and custom_acl == "" then
+				if not enabled_zones and not custom_acl then
 					add_tag(views, "0.0.0.0/0", tag)
 				end
 			end
@@ -479,7 +483,7 @@ function config.load_rpzs()
 	end
 
 	-- Apply views
-	for subnet, tag in ipairs(views) do
+	for subnet, tags in pairs(views) do
 		assert(C.kr_view_insert_action(subnet, "",
 			0, policy.COMBINE({ policy.TAGS_ASSIGN(tags) })) == 0)
 	end
diff --git a/config/rootfiles/common/knot-resolver b/config/rootfiles/common/knot-resolver
index 11f90b165..a64cfd4ad 100644
--- a/config/rootfiles/common/knot-resolver
+++ b/config/rootfiles/common/knot-resolver
@@ -272,3 +272,4 @@ var/cache/knot-resolver
 var/lib/knot-resolver
 var/lib/knot-resolver/leases.db
 var/lib/knot-resolver/root.keys
+var/lib/knot-resolver/zones
diff --git a/lfs/knot-resolver b/lfs/knot-resolver
index eae063e40..3d7d65c74 100644
--- a/lfs/knot-resolver
+++ b/lfs/knot-resolver
@@ -117,6 +117,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Change the ownership of /var/lib/knot-resolver
 	chown knot-resolver:knot-resolver /var/lib/knot-resolver
 
+	# Create a directory for zone files
+	-mkdir -pv /var/lib/knot-resolver/zones
+	chown knot-resolver:knot-resolver /var/lib/knot-resolver/zones
+
 	# Create cache directory
 	-mkdir -pv /var/cache/knot-resolver
 	chown knot-resolver:knot-resolver /var/cache/knot-resolver
diff --git a/src/initscripts/system/waitfordns b/src/initscripts/system/waitfordns
index 82ba96679..f353db778 100644
--- a/src/initscripts/system/waitfordns
+++ b/src/initscripts/system/waitfordns
@@ -41,7 +41,6 @@ wait_for_dns() {
 	local i=0
 
 	while [ "${i}" -lt "${timeout}" ]; do
-		echo "${i}"
 		if kdig "${args[@]}" >/dev/null 2>&1; then
 			return 0
 		fi
diff --git a/src/scripts/update-rpzs b/src/scripts/update-rpzs
index f8cf313a8..24d40c255 100644
--- a/src/scripts/update-rpzs
+++ b/src/scripts/update-rpzs
@@ -19,7 +19,7 @@
 #                                                                             #
 ###############################################################################
 
-readonly SYNC_PATH="/var/cache/knot-resolver/rpzs"
+readonly SYNC_PATH="/var/lib/knot-resolver/zones"
 
 readonly ZONE_SYNC_ARGS=(
 	# Be quiet


hooks/post-receive
--
IPFire 2.x development tree


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-05-28 10:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-28 10:40 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 05dae1b7cba0839489abbda5b8ee101715568268 Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox