bind: remove -r option for rndc-confgen

The named service fail to start as below: # systemctl status named.service named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2020-09-16 06:07:49 UTC; 9s ago Process: 134206 ExecStartPre=/usr/sbin/generate-rndc-key.sh (code=exited, status=1/FAILURE) Sep 16 06:07:49 intel-x86-64 systemd[1]: Starting Berkeley Internet Name Domain (DNS)... Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134206]: Generating /etc/bind/rndc.key: Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134207]: rndc-confgen: The -r option has been deprecated. Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134208]: chown: cannot access '/etc/bind/rndc.key': No such file or directory Sep 16 06:07:49 intel-x86-64 generate-rndc-key.sh[134209]: chmod: cannot access '/etc/bind/rndc.key': No such file or directory Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE Sep 16 06:07:49 intel-x86-64 systemd[1]: named.service: Failed with result 'exit-code'. Sep 16 06:07:49 intel-x86-64 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). It is because fail to execute "/usr/sbin/generate-rndc-key.sh" as -r is deprecated since bind 9.13.x and the random function changes in [1], so remove -r option to fix the above issue. DNSSEC validation is now active by default after bind upgrade to 9.16.x, but it is not in 9.11.x. So disable DNSSEC validation explicitly to silence below message. Sep 18 03:21:37 intel-x86-64 named[23272]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out [1]: https://gitlab.isc.org/isc-projects/bind9/-/commit/3a4f820d625c214cfb21f5e6d18ce9160d2a193b (From OE-Core rev: 884cc4196c75b5107082a188cf5f7a4dee4fc5c3) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Mingli Yu <mingli.yu@windriver.com> 2020-09-20 23:37:58 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-21 23:54:39 +0100
commit: d48416574749bdcbf83510bfaa8899209f09bf7e (patch)
tree: 0628e22a76d178a9e2d5fbe79ceeec1c9b8dfa34 /meta
parent: 8d28f2ecc8f0209892c79d5d8ba5e78ebee0d7b2 (diff)
download: poky-d48416574749bdcbf83510bfaa8899209f09bf7e.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
index ef915c0ae5..633e29c0e6 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
@@ -2,7 +2,7 @@
 if [ ! -s /etc/bind/rndc.key ]; then
    echo -n "Generating /etc/bind/rndc.key:"
-    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+    /usr/sbin/rndc-confgen -a -b 512
    chown root:bind /etc/bind/rndc.key
    chmod 0640 /etc/bind/rndc.key
 fi
diff --git a/meta/recipes-connectivity/bind/bind_9.16.5.bb b/meta/recipes-connectivity/bind/bind_9.16.5.bb
index 103192490a..eb263c2eda 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.5.bb
@@ -34,7 +34,7 @@ PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
 PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
 PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
-EXTRA_OECONF = " --with-libtool --disable-devpoll --enable-epoll \
+EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \
                 --with-gssapi=no --with-lmdb=no --with-zlib \
                 --sysconfdir=${sysconfdir}/bind \
                 --with-openssl=${STAGING_DIR_HOST}${prefix} \
author	Mingli Yu <mingli.yu@windriver.com>	2020-09-20 23:37:58 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-09-21 23:54:39 +0100
commit	d48416574749bdcbf83510bfaa8899209f09bf7e (patch)
tree	0628e22a76d178a9e2d5fbe79ceeec1c9b8dfa34 /meta
parent	8d28f2ecc8f0209892c79d5d8ba5e78ebee0d7b2 (diff)
download	poky-d48416574749bdcbf83510bfaa8899209f09bf7e.tar.gz

diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh index ef915c0ae5..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
@@ -2,7 +2,7 @@
2		2
3	if [ ! -s /etc/bind/rndc.key ]; then	3	if [ ! -s /etc/bind/rndc.key ]; then
4	echo -n "Generating /etc/bind/rndc.key:"	4	echo -n "Generating /etc/bind/rndc.key:"
5	/usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom	5	/usr/sbin/rndc-confgen -a -b 512
6	chown root:bind /etc/bind/rndc.key	6	chown root:bind /etc/bind/rndc.key
7	chmod 0640 /etc/bind/rndc.key	7	chmod 0640 /etc/bind/rndc.key
8	fi	8	fi


diff --git a/meta/recipes-connectivity/bind/bind_9.16.5.bb b/meta/recipes-connectivity/bind/bind_9.16.5.bb index 103192490a..eb263c2eda 100644 --- a/meta/recipes-connectivity/bind/bind_9.16.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.16.5.bb
@@ -34,7 +34,7 @@ PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
34	PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"	34	PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
35	PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"	35	PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
36		36
37	EXTRA_OECONF = " --with-libtool --disable-devpoll --enable-epoll \	37	EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \
38	--with-gssapi=no --with-lmdb=no --with-zlib \	38	--with-gssapi=no --with-lmdb=no --with-zlib \
39	--sysconfdir=${sysconfdir}/bind \	39	--sysconfdir=${sysconfdir}/bind \
40	--with-openssl=${STAGING_DIR_HOST}${prefix} \	40	--with-openssl=${STAGING_DIR_HOST}${prefix} \