dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)
authorHenrique de Moraes Holschuh <henrique@nic.br>
Sun, 1 Mar 2020 03:08:43 +0000 (00:08 -0300)
committerHans Dedecker <dedeckeh@gmail.com>
Sat, 25 Apr 2020 18:51:46 +0000 (20:51 +0200)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.

Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router.  dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.

The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time.  DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.

A missing system.ntp.enabled UCI node is required for the bug to show
up.  The reasons for why it would be missing in the first place were not
investigated.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 556b8581a15c855b2de0efbea6b625ab16cc9daf)

package/network/services/dnsmasq/Makefile
package/network/services/dnsmasq/files/dnsmasq.init

index ad95ccd65d435b65d02bf8b3f2321f900ad666ea..d31f4c7e63751d7592fb36b10a6d476931fda06b 100644 (file)
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=dnsmasq
 PKG_UPSTREAM_VERSION:=2.80
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=16
+PKG_RELEASE:=16.1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
index 408103c6e5488bef19a39fca64cb20800d4ae514..06d83b06deb15538d3a096f1b5dc2371c3f1b18c 100644 (file)
@@ -963,10 +963,9 @@ dnsmasq_start()
                xappend "--conf-file=$TRUSTANCHORSFILE"
                xappend "--dnssec"
                [ -x /etc/init.d/sysntpd ] && {
-                       /etc/init.d/sysntpd enabled
-                       [ "$?" -ne 0 -o "$(uci_get system.ntp.enabled)" = "1" ] && {
+                       if /etc/init.d/sysntpd enabled || [ "$(uci_get system.ntp.enabled)" = "1" ] ; then
                                [ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck"
-                       }
+                       fi
                }
                append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned"
        }