[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#985616: marked as done (Document change to unbound ".d" config file fragment behavior)



Your message dated Wed, 24 Mar 2021 19:51:39 +0100
with message-id <68cd497b-3b16-97ea-ac88-5211a341ffe6@debian.org>
and subject line Re: Bug#985616: Document change to unbound ".d" config file fragment behavior
has caused the Debian Bug report #985616,
regarding Document change to unbound ".d" config file fragment behavior
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
985616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985616
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release-notes
Severity: normal

Hi,

During the bullseye release cycle the default /etc/unbound/unbound.conf
file was changed to use the newly introduced "include-toplevel:"
directive rather than the "include:" directive. This should probably be
mentioned in the bullseye release notes because it will break
configurations where the user added a clauseless config file fragment to
/etc/unbound/unbound.conf.d/.

The text from /usr/share/doc/unbound/NEWS.Debian.gz about this change is
quoted below.

Thanks!


unbound (1.11.0-1) unstable; urgency=medium

  The default Debian config file shipped in the unbound package has changed
  from using the "include:" directive to using the "include-toplevel:"
  directive in order to include the config file fragments in
  /etc/unbound/unbound.conf.d/*.conf into the unbound configuration.

  The "include-toplevel:" directive has been newly introduced in unbound
  1.11.0 and it requires that any included config file fragment begin its own
  clause (e.g., "server:").

  The existing "include:" directive that was used in previous Debian releases
  of the unbound package only performed textual inclusion, and it was possible
  to construct a set of config file fragments that depended on the presence or
  ordering of specific config file fragments in order to parse correctly. For
  instance, a config file fragment could have specified an option that can
  only appear in the "server:" clause, and rely on a previously included
  config file fragment to begin that clause. This behavior is no longer
  allowed by the use of the "include-toplevel:" directive because it is not
  robust against config file fragments being added, removed, or reordered.

  If you are upgrading the unbound package and you have installed any config
  file fragments into /etc/unbound/unbound.conf.d/ you should check that each
  config file fragment begins its own clause (e.g., "server:") and update each
  config file fragment as necessary to be compatible with the behavior of the
  "include-toplevel:" directive.

  If needed, the previous behavior can be restored by changing the following
  line in /etc/unbound/unbound.conf:

      include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

  to its previous setting:

      include: "/etc/unbound/unbound.conf.d/*.conf"

 -- Robert Edmonds <edmonds@debian.org>  Sun, 09 Aug 2020 19:39:01 -0400


-- 
Robert Edmonds
edmonds@debian.org

--- End Message ---
--- Begin Message ---
Hi,

On 24-03-2021 06:50, Justin B Rye wrote:
> Paul Gevers wrote:
>>>   <section id="unbound-config-file-handling">
>>>     <title>Config file fragment handling in unbound</title>
>>>     <para>
>>>       The DNS resolver <systemitem role="package">unbound</systemitem>
>>>       has changed the way it handles configuration file fragments. If
>>>       you are relying on an <literal>include:</literal> directive to
>>>       merge several fragments into a valid configuration, you should
>>>       read <ulink
>>>       url="https://sources.debian.org/src/unbound/1.13.1-1/debian/NEWS/";>the
>>
>> To be slightly more robust, should we replace 1.13.1-1 with bullseye?
>> https://sources.debian.org/src/unbound/bullseye/debian/NEWS/ seems to
>> work as intended.
> 
> Good idea!

Pushed.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---

Reply to: