Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis
# dnsmasq --dnssec; echo $?
dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
1
DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature. Better be explicit. With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)
So this is just being proactive. on/off choices with uci option
"dnssec" are still available like before
Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.82
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
bootp-*|\
pxe-*)
[ -z "$dnsmasq_has_dhcp" ] ;;
- dnssec-*|\
+ dnssec*|\
trust-anchor)
- [ -z "$dnsmasq_has_dnssec" ] ;;
+ if [ -z "$dnsmasq_has_dnssec" ]; then
+ echo "dnsmasq: \"$opt\" requested, but dnssec support is not available" >&2
+ exit 1
+ fi
+ ;;
tftp-*)
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
projects / openwrt / staging / jow.git / commitdiff