[RFC PATCH 0/7][dora] misc WR patches

[RFC PATCH 0/7][dora] misc WR patches

[Mark Hatle]

The following patches are various items that we have in our tree, but I
don't believe are generally applicable and should likely -not- be merged
into oe-core.

These are being sent for Yocto Project compliance.

Note a few of these have previous been sent.  The items were resent because
later patches relied on them.

The following changes since commit c303f5ecf7cda1c3b8bb776a6800946c0487cd93:

  Revert "utils.bbclass: Fix override ordering for FILESPATH" (2013-12-03 12:55:47 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib mhatle/dora-misc
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=mhatle/dora-misc

Amy Fong (1):
  native-python: bad interpreter error message

Chen Qi (1):
  bind: add support for read-only rootfs

Junxian.Xiao (1):
  Fix conflict between procps and base-files

Ming Liu (2):
  bind: run in the chrooted jail
  bind: use volatiles for managing /var/ subdirs

Wenzong Fan (1):
  nss: workaround multilib build on 32bit host

Yue Tao (1):
  bind: add init.d/bind status command

 meta/classes/distutils.bbclass                     |  14 ++-
 .../bind-add-init-bind-status-command.patch        |  45 ++++++++
 meta/recipes-connectivity/bind/bind-9.8.1/bind9    |  33 ++++++
 .../init.d-add-support-for-read-only-rootfs.patch  |  70 ++++++++++++
 .../bind/bind-9.8.1/init.d-fix-indentation.patch   |  90 ++++++++++++++++
 .../init.d-normalize-for-volatiles.patch           |  37 +++++++
 .../bind/bind-9.8.1/setup-chroot-hooks.patch       | 119 +++++++++++++++++++++
 .../bind/bind-9.8.1/volatiles.98_bind              |   5 +
 .../bind/bind-9.8.1/volatiles.99_bind-chroot       |  10 ++
 meta/recipes-connectivity/bind/bind_9.8.1.bb       |  31 +++++-
 meta/recipes-extended/procps/procps_3.2.8.bb       |   4 +
 .../nss/files/nss-fix-nsinstall-build.patch        |  35 ++++++
 meta/recipes-support/nss/nss.inc                   |   1 +
 13 files changed, 489 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-add-init-bind-status-command.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind9
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-add-support-for-read-only-rootfs.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-fix-indentation.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/setup-chroot-hooks.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot
 create mode 100644 meta/recipes-support/nss/files/nss-fix-nsinstall-build.patch

-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 1/7][dora] native-python: bad interpreter error message

[Mark Hatle]

From: Amy Fong <Amy.Fong@windriver.com>

-- Sent for YP compliance --

On some builds with really long paths, we can end up exceeding the maximum
length line for an interpreter (man execve: A maximum line length of
127 characters is allowed for the first line in a #!  executable shell
script.)

To avoid this limit, we use env to execute python, with this, we will
be using python that's first found in our PATH.

The former ${bindir}/env is not a good idea for apps requiring native-python
since coreutil*-native may not have been built (${bindir}/env may not exist)
and with long paths, we can end up running into the same issue, hence we
use /usr/bin/env from the host.

Signed-off-by: Amy Fong <Amy.Fong@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 meta/classes/distutils.bbclass | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/meta/classes/distutils.bbclass b/meta/classes/distutils.bbclass
index 8c3a979..b2895b3 100644
--- a/meta/classes/distutils.bbclass
+++ b/meta/classes/distutils.bbclass
@@ -49,7 +49,13 @@ distutils_do_install() {
             for i in ${D}${bindir}/* ; do \
                 if [ ${PN} != "${BPN}-native" ]; then
                 	sed -i -e s:${STAGING_BINDIR_NATIVE}/python-native/python:${bindir}/env\ python:g $i
-		fi
+                else
+                	# The former ${bindir}/env is not a good idea for apps requiring native-python
+                	# since coreutil*-native may not have been built (${bindir}/env may not exist)
+                	# and with long paths, we can end up running into an issue where the
+                	# interpreter line is too long, hence we use /usr/bin/env from the host.
+                	sed -i -e s:${STAGING_BINDIR_NATIVE}/python-native/python:/usr/bin/env\ python:g $i
+                fi
                 sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g $i
             done
         fi
@@ -58,6 +64,12 @@ distutils_do_install() {
             for i in ${D}${sbindir}/* ; do \
                 if [ ${PN} != "${BPN}-native" ]; then
                 	sed -i -e s:${STAGING_BINDIR_NATIVE}/python-native/python:${bindir}/env\ python:g $i
+                else
+                	# The former ${bindir}/env is not a good idea for apps requiring native-python
+                	# since coreutil*-native may not have been built (${bindir}/env may not exist)
+                	# and with long paths, we can end up running into an issue where the
+                	# interpreter line is too long, hence we use /usr/bin/env from the host.
+                	sed -i -e s:${STAGING_BINDIR_NATIVE}/python-native/python:/usr/bin/env\ python:g $i
 		fi
                 sed -i -e s:${STAGING_BINDIR_NATIVE}:${bindir}:g $i
             done
-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 2/7][dora] nss: workaround multilib build on 32bit host

[Mark Hatle]

From: Wenzong Fan <wenzong.fan@windriver.com>

-- Sent for YP compliance --

The nsinstall is a tool that only runs on host to install built files.
It was not included in native tools somehow, while building lib64-nss
on 32bit host, it will fail with errors:

1) On OpenSUSE 11.x 32bit:
* nsinstall.c:1:0: sorry, unimplemented: 64-bit mode not compiled

Since host gcc doesn't configured to support '-m64' option.

2) On Ubuntu 13.x 32bit:
* gcc -o Linux3.4_ppc_glibc_PTH_64_OPT.OBJ/nsinstall.o -c -m64 ...
  nsinstall.c
  In file included from /usr/include/features.h:341:0,
                  from /usr/include/stdio.h:27,
                  from nsinstall.c:8:
  /usr/include/stdc-predef.h:30:26: fatal error: bits/predefs.h: \
  No such file or directory

The nsinstall was built first while nss starting to build, it doesn't
need any cross-compling or multilib build options. We could workaround
this by clean the ARCHFLAG and LDFLAGS from nsinstall's Makefile. But
the correct approach would be pulling the tool into the -native build
and then using the tool for the target build.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 .../nss/files/nss-fix-nsinstall-build.patch        | 35 ++++++++++++++++++++++
 meta/recipes-support/nss/nss.inc                   |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/nss-fix-nsinstall-build.patch

diff --git a/meta/recipes-support/nss/files/nss-fix-nsinstall-build.patch b/meta/recipes-support/nss/files/nss-fix-nsinstall-build.patch
new file mode 100644
index 0000000..866de07
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-fix-nsinstall-build.patch
@@ -0,0 +1,35 @@
+Fix nss multilib build on openSUSE 11.x 32bit
+
+While building lib64-nss on openSUSE 11.x 32bit, the nsinstall will
+fail with error:
+
+* nsinstall.c:1:0: sorry, unimplemented: 64-bit mode not compiled
+
+It caused by the '-m64' option which passed to host gcc.
+
+The nsinstall was built first while nss starting to build, it only runs
+on host to install built files, it doesn't need any cross-compling or
+multilib build options. Just clean the ARCHFLAG and LDFLAGS to fix this
+error.
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+===================================================
+diff --git a/nss/coreconf/nsinstall/Makefile b/nss/coreconf/nsinstall/Makefile
+index 1850bcb..5aee84f 100644
+--- a/nss/coreconf/nsinstall/Makefile
++++ b/nss/coreconf/nsinstall/Makefile
+@@ -18,6 +18,12 @@ INTERNAL_TOOLS  = 1
+ 
+ include $(DEPTH)/coreconf/config.mk
+ 
++# nsinstall is unfit for cross-compiling/multilib-build since it was
++# always run on local host to install built files. This change intends
++# to clean the '-m64' from ARCHFLAG and LDFLAGS.
++ARCHFLAG =
++LDFLAGS =
++
+ ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET)))
+ PROGRAM		=
+ else
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 2b2b668..82d6bc5 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -20,6 +20,7 @@ SRC_URI = "\
 SRC_URI_append_class-target += "\
     file://nss.pc.in \
     file://signlibs.sh \
+    file://nss-fix-nsinstall-build.patch \
 "
 inherit siteinfo
 PR = "r0"
-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 3/7][dora] Fix conflict between procps and base-files

[Mark Hatle]

From: "Junxian.Xiao" <Junxian.Xiao@windriver.com>

-- Sent for YP compliance --

These two packages both install /etc/sysctl.conf, but we should
make sure we will install this file in base-files package.

Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 meta/recipes-extended/procps/procps_3.2.8.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-extended/procps/procps_3.2.8.bb b/meta/recipes-extended/procps/procps_3.2.8.bb
index e4b82e0..03b2b64 100644
--- a/meta/recipes-extended/procps/procps_3.2.8.bb
+++ b/meta/recipes-extended/procps/procps_3.2.8.bb
@@ -23,6 +23,10 @@ EXTRA_OEMAKE = 'CFLAGS="${CFLAGS} -I${STAGING_INCDIR}" \
                 install="install -D" \
                 ldconfig=echo'
 
+ALTERNATIVE_${PN} += "sysctlconf"
+ALTERNATIVE_LINK_NAME[sysctlconf] = "${sysconfdir}/sysctl.conf"
+ALTERNATIVE_PRIORITY[sysctlconf] = "110"
+
 do_install_append () {
 	install -d ${D}${sysconfdir}
 	install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/sysctl.conf
-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 4/7][dora] bind: run in the chrooted jail

[Mark Hatle]

From: Ming Liu <ming.liu@windriver.com>

-- Sent for YP compliance --

1. Introduce bind-chroot package, contains files/directories used as jail.
2. Add hooks to init script for setting up named to run chroot.
3. Setting ROOTDIR in /etc/default/bind9 is needed to run chroot.

These components mainly come from:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/
bind-9.8.2-0.17.rc1.el6_4.4.src.rpm

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
---
 meta/recipes-connectivity/bind/bind-9.8.1/bind9    |  30 ++++++
 .../bind/bind-9.8.1/setup-chroot-hooks.patch       | 119 +++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.8.1.bb       |  26 ++++-
 3 files changed, 172 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind9
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/setup-chroot-hooks.patch

diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind9 b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
new file mode 100644
index 0000000..3d5b69b
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
@@ -0,0 +1,30 @@
+# BIND named process options
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Currently, you can use the following options:
+#
+# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
+#                            you must set up the chroot environment 
+#                            (install the bind-chroot package) before
+#                            doing this.
+#	NOTE:
+#         Those directories are automatically mounted to chroot if they are
+#         empty in the ROOTDIR directory. It will simplify maintenance of your
+#         chroot environment.
+#          - /etc/bind
+#          - /var/run/named
+#          - /var/run/bind
+#          - /var/cache/bind
+#
+#	  Those files are mounted as well if target file doesn't exist in
+#	  chroot.
+#          - /etc/localtime
+#          - /dev/random
+#          - /dev/zero
+#          - /dev/null
+#
+#
+# OPTIONS="whatever"     --  These additional options will be passed to named
+#                            at startup. Don't add -t here, use ROOTDIR instead.
+ROOTDIR="/var/named/chroot"
+OPTIONS="-u bind"
+
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/setup-chroot-hooks.patch b/meta/recipes-connectivity/bind/bind-9.8.1/setup-chroot-hooks.patch
new file mode 100644
index 0000000..3b16c12
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/setup-chroot-hooks.patch
@@ -0,0 +1,119 @@
+bind: Add hooks for setting up named to run chroot
+
+Upstream-Status: Pending
+
+Add chrooted server hooks in init.d.
+
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ init.d |   76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 76 insertions(+)
+
+Index: bind-9.8.1/init.d
+===================================================================
+--- bind-9.8.1.orig/init.d
++++ bind-9.8.1/init.d
+@@ -10,6 +10,55 @@ test -f /etc/default/bind9 && . /etc/def
+ 
+ test -x /usr/sbin/rndc || exit 0
+ 
++if [ -n "$ROOTDIR" ]; then
++    ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`;
++    rdl=`/usr/bin/readlink $ROOTDIR`;
++        if [ -n "$rdl" ]; then
++            ROOTDIR="$rdl";
++        fi;
++fi
++
++ROOTDIR_MOUNT='/etc/bind /var/run/named /var/run/bind /var/cache/bind
++/etc/localtime /dev/random /dev/zero /dev/null'
++
++mount_chroot_conf() {
++  if [ -n "$ROOTDIR" ]; then
++    for all in $ROOTDIR_MOUNT; do
++      # Skip nonexistant files
++      [ -e "$all" ] || continue
++
++      # If mount source is a file
++      if ! [ -d "$all" ]; then
++        # mount it only if it is not present in chroot or it is empty
++        if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
++          touch "$ROOTDIR$all"
++          mount --bind "$all" "$ROOTDIR$all"
++        fi
++      else
++        # Mount source is a directory. Mount it only if directory in chroot is
++        # empty.
++	if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
++          mount --bind "$all" "$ROOTDIR$all"
++	fi
++      fi
++    done
++  fi
++}
++
++umount_chroot_conf() {
++  if [ -n "$ROOTDIR" ]; then
++    for all in $ROOTDIR_MOUNT; do
++      # Check if file is mount target. Do not use /proc/mounts because detecting
++      # of modified mounted files can fail.
++      if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
++        umount "$ROOTDIR$all"
++        # Remove temporary created files
++        [ -f "$all" ] && rm -f "$ROOTDIR$all"
++      fi
++    done
++  fi
++}
++
+ case "$1" in
+     start)
+ 	echo -n "Starting domain name service: named"
+@@ -18,6 +67,7 @@ case "$1" in
+ 	if [ ! -f /etc/bind/rndc.key ]; then
+ 	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+ 	    chown 0640 /etc/bind/rndc.key
++	    chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
+ 	fi
+ 	if [ -f /var/run/named/named.pid ]; then
+ 	    ps `cat /var/run/named/named.pid` > /dev/null && exit 1
+@@ -33,6 +83,31 @@ case "$1" in
+ 	    echo "named binary missing - not starting"
+ 	    exit 1
+ 	fi
++
++	# Handle -c option for chroot jail
++	previous_option='unspecified';
++	for a in $OPTIONS; do
++	    if [ $previous_option = '-c' ]; then
++		named_conf=$a;
++	    fi;
++	    previous_option=$a;
++	done;
++	named_conf=${named_conf:-/etc/bind/named.conf};
++
++	mount_chroot_conf
++
++	# If named is running in the jail, we should check -c option, make sure
++	# it's available for the chrooted server or return a error.  
++	if [[ -n $ROOTDIR && ${named_conf:0:${#ROOTDIR}} != $ROOTDIR && \
++	      ! -r $ROOTDIR$named_conf ]]; then
++	    echo "Cannot find configuration file in jail, put it into $ROOTDIR."
++	    exit 6;
++	fi;
++
++	if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
++	    OPTIONS="${OPTIONS} -t ${ROOTDIR}"
++	fi
++
+ 	if start-stop-daemon --start --quiet --exec /usr/sbin/named \
+ 		--pidfile /var/run/named/named.pid -- $OPTIONS; then
+ 	    if [ -x /sbin/resolvconf ] ; then
+@@ -48,6 +123,7 @@ case "$1" in
+ 	    /sbin/resolvconf -d lo
+ 	fi
+ 	/usr/sbin/rndc stop >/dev/null 2>&1
++	umount_chroot_conf
+ 	echo "."	
+     ;;
+ 
diff --git a/meta/recipes-connectivity/bind/bind_9.8.1.bb b/meta/recipes-connectivity/bind/bind_9.8.1.bb
index 5919c21..b28829b 100644
--- a/meta/recipes-connectivity/bind/bind_9.8.1.bb
+++ b/meta/recipes-connectivity/bind/bind_9.8.1.bb
@@ -6,7 +6,7 @@ LICENSE = "ISC & BSD"
 LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0fbe2a3ab3c68ac3fea3cad13093877c"
 
 DEPENDS = "openssl libcap"
-PR = "r5"
+PR = "r6"
 
 SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://conf.patch \
@@ -19,6 +19,8 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://bind-CVE-2013-2266.patch \
            file://bind-Fix-CVE-2012-4244.patch \
            file://mips1-not-support-opcode.diff \
+           file://bind9 \
+           file://setup-chroot-hooks.patch \
 	   "
 
 SRC_URI[md5sum] = "cf31117c5d35af34d4c0702970ad9fb7"
@@ -33,16 +35,23 @@ EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \
                  --with-openssl=${STAGING_LIBDIR}/.. --with-libxml2=${STAGING_LIBDIR}/.. \
                  --enable-exportlib --with-export-includedir=${includedir} --with-export-libdir=${libdir} \
                "
-inherit autotools update-rc.d
+inherit useradd autotools update-rc.d
 
 INITSCRIPT_NAME = "bind"
 INITSCRIPT_PARAMS = "defaults"
 
 PARALLEL_MAKE = ""
 
-PACKAGES_prepend = "${PN}-utils "
+PACKAGES_prepend = "${PN}-utils ${PN}-chroot "
 FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/nslookup"
 FILES_${PN}-dev += "${bindir}/isc-config.h"
+FILES_${PN}-chroot = "${localstatedir}/named/chroot ${sysconfdir}/default/bind9"
+
+RDEPENDS_${PN} = "bind-chroot"
+
+USERADD_PACKAGES = "${PN}-chroot"
+USERADD_PARAM_${PN}-chroot = "-d ${sysconfdir}/bind -r -s /bin/false -g bind bind"
+GROUPADD_PARAM_${PN}-chroot = "-r bind"
 
 do_install_append() {
 	rm "${D}${bindir}/nslookup"
@@ -53,6 +62,17 @@ do_install_append() {
 	install -d "${D}${sysconfdir}/init.d"
 	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
 	install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+
+	install -d "${D}${sysconfdir}/default"
+	install -m 755 "${WORKDIR}/bind9" "${D}${sysconfdir}/default/bind9"
+
+	# chroot
+	chroot_prefix="${localstatedir}/named/chroot"
+	install -d "${D}${chroot_prefix}/dev"
+	install -d "${D}${chroot_prefix}/etc/bind"
+	install -d "${D}${chroot_prefix}/var/cache/bind"
+	install -d "${D}${chroot_prefix}/var/run/bind"
+	install -d "${D}${chroot_prefix}/var/run/named"
 }
 
 CONFFILES_${PN} = " \
-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 5/7][dora] bind: add support for read-only rootfs

[Mark Hatle]

From: Chen Qi <Qi.Chen@windriver.com>

-- Sent for YP compliance --

This patch adds support for read-only rootfs to the bind service.

Now the init script will check a variable, ALLOW_ROOTFS_READ_ONLY,
to see whether it should start the bind service in a read-only rootfs
or not. The value is by default unset, thus disabling starting bind
service in a read-only rootfs. If the variable is set to "yes", as
stated in the configuration file, the init script would try to make
necessary bind mounts so that the bind service could be started correctly.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/recipes-connectivity/bind/bind-9.8.1/bind9    |  3 +
 .../init.d-add-support-for-read-only-rootfs.patch  | 70 +++++++++++++++++
 .../bind/bind-9.8.1/init.d-fix-indentation.patch   | 90 ++++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.8.1.bb       |  3 +
 4 files changed, 166 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-add-support-for-read-only-rootfs.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-fix-indentation.patch

diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind9 b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
index 3d5b69b..2774334 100644
--- a/meta/recipes-connectivity/bind/bind-9.8.1/bind9
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
@@ -28,3 +28,6 @@
 ROOTDIR="/var/named/chroot"
 OPTIONS="-u bind"
 
+# When using a read-only rootfs additional setup may be required
+# uncomment the following line to make bind start in read-only rootfs
+#ALLOW_ROOTFS_READ_ONLY="yes"
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-add-support-for-read-only-rootfs.patch
new file mode 100644
index 0000000..13166da
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-add-support-for-read-only-rootfs.patch
@@ -0,0 +1,70 @@
+Subject: init.d: add support for read-only rootfs
+
+Upstream-Status: Inappropriate [wrlinux specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 45 insertions(+)
+
+diff --git a/init.d b/init.d
+index 4a1faaa..70e0219 100644
+--- a/init.d
++++ b/init.d
+@@ -6,8 +6,53 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+ 
++test -f /etc/default/rcS && . /etc/default/rcS
+ test -f /etc/default/bind9 && . /etc/default/bind9
+ 
++# This function is here because it's possible that /var and / are on different partitions.
++is_on_read_only_partition () {
++    DIRECTORY=$1
++    dir=`readlink -f $DIRECTORY`
++    while true; do
++	if [ ! -d "$dir" ]; then
++	    echo "ERROR: $dir is not a directory"
++	    exit 1
++	else
++	    for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \
++		END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do
++		[ "$flag" = "FOUND" ] && partition="read-write"
++		[ "$flag" = "ro" ] && { partition="read-only"; break; }
++	    done
++	    if [ "$dir" = "/" -o -n "$partition" ]; then
++		break
++	    else
++		dir=`dirname $dir`
++	    fi
++	fi
++    done
++    [ "$partition" = "read-only" ] && echo "yes" || echo "no"
++}
++
++bind_mount () {
++    olddir=$1
++    newdir=$2
++    mkdir -p $olddir
++    cp -a $newdir/* $olddir
++    mount --bind $olddir $newdir
++}
++
++# Deal with read-only rootfs
++if [ "$ROOTFS_READ_ONLY" = "yes" ]; then
++    if [ "$ALLOW_ROOTFS_READ_ONLY" = "yes" ]; then
++	[ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs"
++	[ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind
++	[ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named
++    else
++	[ "$VERBOSE" != "no" ] && echo "WARN: read-only rootfs, bind service disabled"
++	exit 0
++    fi
++fi
++
+ test -x /usr/sbin/rndc || exit 0
+ 
+ if [ -n "$ROOTDIR" ]; then
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/init.d-fix-indentation.patch b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-fix-indentation.patch
new file mode 100644
index 0000000..0833685
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-fix-indentation.patch
@@ -0,0 +1,90 @@
+Subject: init.d: fix indentation
+
+Upstream-Status: Inappropriate [wrlinux specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 64 ++++++++++++++++++++++++++++++++--------------------------------
+ 1 file changed, 32 insertions(+), 32 deletions(-)
+
+diff --git a/init.d b/init.d
+index ff641ea..4a1faaa 100644
+--- a/init.d
++++ b/init.d
+@@ -22,41 +22,41 @@ ROOTDIR_MOUNT='/etc/bind /var/run/named /var/run/bind /var/cache/bind
+ /etc/localtime /dev/random /dev/zero /dev/null'
+ 
+ mount_chroot_conf() {
+-  if [ -n "$ROOTDIR" ]; then
+-    for all in $ROOTDIR_MOUNT; do
+-      # Skip nonexistant files
+-      [ -e "$all" ] || continue
+-
+-      # If mount source is a file
+-      if ! [ -d "$all" ]; then
+-        # mount it only if it is not present in chroot or it is empty
+-        if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
+-          touch "$ROOTDIR$all"
+-          mount --bind "$all" "$ROOTDIR$all"
+-        fi
+-      else
+-        # Mount source is a directory. Mount it only if directory in chroot is
+-        # empty.
+-	if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
+-          mount --bind "$all" "$ROOTDIR$all"
+-	fi
+-      fi
+-    done
+-  fi
++    if [ -n "$ROOTDIR" ]; then
++	for all in $ROOTDIR_MOUNT; do
++            # Skip nonexistant files
++	    [ -e "$all" ] || continue
++
++            # If mount source is a file
++	    if ! [ -d "$all" ]; then
++                # mount it only if it is not present in chroot or it is empty
++		if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
++		    touch "$ROOTDIR$all"
++		    mount --bind "$all" "$ROOTDIR$all"
++		fi
++	    else
++                # Mount source is a directory. Mount it only if directory in chroot is
++                # empty.
++		if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
++		    mount --bind "$all" "$ROOTDIR$all"
++		fi
++	    fi
++	done
++    fi
+ }
+ 
+ umount_chroot_conf() {
+-  if [ -n "$ROOTDIR" ]; then
+-    for all in $ROOTDIR_MOUNT; do
+-      # Check if file is mount target. Do not use /proc/mounts because detecting
+-      # of modified mounted files can fail.
+-      if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
+-        umount "$ROOTDIR$all"
+-        # Remove temporary created files
+-        [ -f "$all" ] && rm -f "$ROOTDIR$all"
+-      fi
+-    done
+-  fi
++    if [ -n "$ROOTDIR" ]; then
++	for all in $ROOTDIR_MOUNT; do
++            # Check if file is mount target. Do not use /proc/mounts because detecting
++            # of modified mounted files can fail.
++	    if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
++		umount "$ROOTDIR$all"
++                # Remove temporary created files
++		[ -f "$all" ] && rm -f "$ROOTDIR$all"
++	    fi
++	done
++    fi
+ }
+ 
+ case "$1" in
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-connectivity/bind/bind_9.8.1.bb b/meta/recipes-connectivity/bind/bind_9.8.1.bb
index b28829b..66a092c 100644
--- a/meta/recipes-connectivity/bind/bind_9.8.1.bb
+++ b/meta/recipes-connectivity/bind/bind_9.8.1.bb
@@ -21,6 +21,8 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://mips1-not-support-opcode.diff \
            file://bind9 \
            file://setup-chroot-hooks.patch \
+           file://init.d-fix-indentation.patch \
+           file://init.d-add-support-for-read-only-rootfs.patch \
 	   "
 
 SRC_URI[md5sum] = "cf31117c5d35af34d4c0702970ad9fb7"
@@ -58,6 +60,7 @@ do_install_append() {
 	rm "${D}${mandir}/man1/nslookup.1"
 	rmdir "${D}${localstatedir}/run"
 	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+	install -d "${D}${localstatedir}/cache/bind"
 	install -d "${D}${sysconfdir}/bind"
 	install -d "${D}${sysconfdir}/init.d"
 	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 6/7][dora] bind: add init.d/bind status command

[Mark Hatle]

From: Yue Tao <Yue.Tao@windriver.com>

-- Sent for YP compliance --

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../bind-add-init-bind-status-command.patch        | 45 ++++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.8.1.bb       |  3 +-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/bind-add-init-bind-status-command.patch

diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind-add-init-bind-status-command.patch b/meta/recipes-connectivity/bind/bind-9.8.1/bind-add-init-bind-status-command.patch
new file mode 100644
index 0000000..8ed3c56
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind-add-init-bind-status-command.patch
@@ -0,0 +1,45 @@
+--- a/init.d
++++ b/init.d
+@@ -2,6 +2,8 @@
+ 
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ 
++. /etc/init.d/functions
++
+ # for a chrooted server: "-u bind -t /var/lib/named"
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+@@ -104,6 +106,12 @@ umount_chroot_conf() {
+     fi
+ }
+ 
++rhstatus() {
++  [ -x /usr/sbin/rndc ] && /usr/sbin/rndc status;
++  status /usr/sbin/named;
++  return $?
++}
++
+ case "$1" in
+     start)
+ 	echo -n "Starting domain name service: named"
+@@ -172,6 +180,11 @@ case "$1" in
+ 	echo "."	
+     ;;
+ 
++    status)
++	rhstatus;
++	exit $?
++    ;;
++
+     reload)
+ 	/usr/sbin/rndc reload
+     ;;
+@@ -183,7 +196,7 @@ case "$1" in
+     ;;
+     
+     *)
+-	echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
++	echo "Usage: /etc/init.d/bind {start|stop|reload|restart|status|force-reload}" >&2
+ 	exit 1
+     ;;
+ esac
diff --git a/meta/recipes-connectivity/bind/bind_9.8.1.bb b/meta/recipes-connectivity/bind/bind_9.8.1.bb
index 66a092c..45695e4 100644
--- a/meta/recipes-connectivity/bind/bind_9.8.1.bb
+++ b/meta/recipes-connectivity/bind/bind_9.8.1.bb
@@ -6,7 +6,7 @@ LICENSE = "ISC & BSD"
 LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0fbe2a3ab3c68ac3fea3cad13093877c"
 
 DEPENDS = "openssl libcap"
-PR = "r6"
+PR = "r7"
 
 SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://conf.patch \
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://setup-chroot-hooks.patch \
            file://init.d-fix-indentation.patch \
            file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind-add-init-bind-status-command.patch \
 	   "
 
 SRC_URI[md5sum] = "cf31117c5d35af34d4c0702970ad9fb7"
-- 
1.8.1.2.545.g2f19ada

[RFC PATCH 7/7][dora] bind: use volatiles for managing /var/ subdirs

[Mark Hatle]

From: Ming Liu <ming.liu@windriver.com>

-- Sent for YP compliance --

Also changes ownerships of subdirs from root to bind and move chroot
entries to volatiles.

Based on meta-selinux commit: 0c2d3c680b1d43d73e4187f326990ae900b9055b

Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 meta/recipes-connectivity/bind/bind-9.8.1/bind9    | 10 +++---
 .../init.d-normalize-for-volatiles.patch           | 37 ++++++++++++++++++++++
 .../bind/bind-9.8.1/volatiles.98_bind              |  5 +++
 .../bind/bind-9.8.1/volatiles.99_bind-chroot       | 10 ++++++
 meta/recipes-connectivity/bind/bind_9.8.1.bb       | 17 +++++-----
 5 files changed, 65 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot

diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind9 b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
index 2774334..0ca6552 100644
--- a/meta/recipes-connectivity/bind/bind-9.8.1/bind9
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
@@ -2,10 +2,10 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Currently, you can use the following options:
 #
-# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
-#                            you must set up the chroot environment 
-#                            (install the bind-chroot package) before
-#                            doing this.
+# ROOTDIR="/var/run/named-chroot"  --  will run named in a chroot environment.
+#                                      you must set up the chroot environment 
+#                                      (install the bind-chroot package) before
+#                                      doing this.
 #	NOTE:
 #         Those directories are automatically mounted to chroot if they are
 #         empty in the ROOTDIR directory. It will simplify maintenance of your
@@ -25,7 +25,7 @@
 #
 # OPTIONS="whatever"     --  These additional options will be passed to named
 #                            at startup. Don't add -t here, use ROOTDIR instead.
-ROOTDIR="/var/named/chroot"
+ROOTDIR="/var/run/named-chroot"
 OPTIONS="-u bind"
 
 # When using a read-only rootfs additional setup may be required
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
new file mode 100644
index 0000000..bb502c8
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
@@ -0,0 +1,37 @@
+bind: normalize for volatiles changes
+
+Upstream-Status: Pending
+
+init.d needs to be normalized for using volatiles for managing /var/
+subdirs.
+
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ init.d |    8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff -urpN a/init.d b/init.d
+--- a/init.d
++++ b/init.d
+@@ -4,7 +4,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ 
+ . /etc/init.d/functions
+ 
+-# for a chrooted server: "-u bind -t /var/lib/named"
++# for a chrooted server: "-u bind -t /var/run/named-chroot"
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+ 
+@@ -126,12 +126,6 @@ case "$1" in
+ 	    ps `cat /var/run/named/named.pid` > /dev/null && exit 1
+ 	fi
+ 
+-	# dirs under /var/run can go away on reboots.
+-	mkdir -p /var/run/named
+-	mkdir -p /var/cache/bind
+-	chmod 775 /var/run/named
+-	chown root:bind /var/run/named >/dev/null 2>&1 || true
+-
+ 	if [ ! -x /usr/sbin/named ]; then
+ 	    echo "named binary missing - not starting"
+ 	    exit 1
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
new file mode 100644
index 0000000..fa4c4e9
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
@@ -0,0 +1,5 @@
+# <type> <owner> <group> <mode> <path> <linksource>
+d bind bind 0755 /var/run/named none
+d bind bind 0755 /var/run/bind none
+d bind bind 0755 /var/run/bind/run none
+d bind bind 0755 /var/cache/bind none
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot
new file mode 100644
index 0000000..0a150a7
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot
@@ -0,0 +1,10 @@
+# <type> <owner> <group> <mode> <path> <linksource>
+d bind bind 0755 /var/run/named-chroot/dev none
+d bind bind 0755 /var/run/named-chroot/etc none
+d bind bind 0755 /var/run/named-chroot/etc/bind none
+d bind bind 0755 /var/run/named-chroot/var none
+d bind bind 0755 /var/run/named-chroot/var/cache none
+d bind bind 0755 /var/run/named-chroot/var/cache/bind none
+d bind bind 0755 /var/run/named-chroot/var/run none
+d bind bind 0755 /var/run/named-chroot/var/run/bind none
+d bind bind 0755 /var/run/named-chroot/var/run/named none
diff --git a/meta/recipes-connectivity/bind/bind_9.8.1.bb b/meta/recipes-connectivity/bind/bind_9.8.1.bb
index 45695e4..93b41d2 100644
--- a/meta/recipes-connectivity/bind/bind_9.8.1.bb
+++ b/meta/recipes-connectivity/bind/bind_9.8.1.bb
@@ -24,7 +24,10 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://init.d-fix-indentation.patch \
            file://init.d-add-support-for-read-only-rootfs.patch \
            file://bind-add-init-bind-status-command.patch \
-	   "
+           file://volatiles.98_bind \
+           file://volatiles.99_bind-chroot \
+           file://init.d-normalize-for-volatiles.patch \
+           "
 
 SRC_URI[md5sum] = "cf31117c5d35af34d4c0702970ad9fb7"
 SRC_URI[sha256sum] = "02285dc429cb2a6687a1b2446e9ee22c1df27f2577225b05be5092395ee7c92c"
@@ -48,7 +51,7 @@ PARALLEL_MAKE = ""
 PACKAGES_prepend = "${PN}-utils ${PN}-chroot "
 FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/nslookup"
 FILES_${PN}-dev += "${bindir}/isc-config.h"
-FILES_${PN}-chroot = "${localstatedir}/named/chroot ${sysconfdir}/default/bind9"
+FILES_${PN}-chroot = "${sysconfdir}/default/bind9 ${sysconfdir}/default/volatiles/99_bind_chroot"
 
 RDEPENDS_${PN} = "bind-chroot"
 
@@ -70,13 +73,9 @@ do_install_append() {
 	install -d "${D}${sysconfdir}/default"
 	install -m 755 "${WORKDIR}/bind9" "${D}${sysconfdir}/default/bind9"
 
-	# chroot
-	chroot_prefix="${localstatedir}/named/chroot"
-	install -d "${D}${chroot_prefix}/dev"
-	install -d "${D}${chroot_prefix}/etc/bind"
-	install -d "${D}${chroot_prefix}/var/cache/bind"
-	install -d "${D}${chroot_prefix}/var/run/bind"
-	install -d "${D}${chroot_prefix}/var/run/named"
+	install -d ${D}/${sysconfdir}/default/volatiles
+	install -m 644 ${WORKDIR}/volatiles.98_bind ${D}/${sysconfdir}/default/volatiles/98_bind
+	install -m 644 ${WORKDIR}/volatiles.99_bind-chroot ${D}/${sysconfdir}/default/volatiles/99_bind_chroot
 }
 
 CONFFILES_${PN} = " \
-- 
1.8.1.2.545.g2f19ada