[OpenWrt-Devel] [PATCH] dnsmasq: correct sense & usage of dnsseccheckunsigned

Kevin Darbyshire-Bryant ldir at darbyshire-bryant.me.uk
Fri Nov 22 12:45:52 EST 2019 

dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.

Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.

Update init script to pass required option in the disabled case.

Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
---
 package/network/services/dnsmasq/Makefile           | 2 +-
 package/network/services/dnsmasq/files/dnsmasq.init | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index a1b51896a9..c57a837e9e 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=dnsmasq
 PKG_UPSTREAM_VERSION:=2.80
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=14
+PKG_RELEASE:=15
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 1054f7a12a..94a069f1ac 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -966,7 +966,8 @@ dnsmasq_start()
 				[ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck"
 			}
 		}
-		append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned"
+		config_get_bool dnsseccheckunsigned "$cfg" dnsseccheckunsigned 1
+		[ "$dnsseccheckunsigned" -eq 0 ] && xappend "--dnssec-check-unsigned=no"
 	}
 
 	config_get addmac "$cfg" addmac 0
-- 
2.21.0 (Apple Git-122.2)


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list