We also move the initscript for also to src/initscripts/packages
and use this new macro to install the initscript
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Till now all init scripts going into src/initscripts/init.d so they are
installed by the lfs file initscripts. Because of that they also appear
in the rootfile of the "package" initscripts.
This has some disadvantages:
- the initscripts of the packages appear in the 3 rootfiles (one for
each arch) which are annoying because for every package with an
initscript 4 rootfiles (the 3 of the initscript package + the rootfile
of the package) are important.
- The rootfiles for a package are installed by lfs/initscripts but this
should happen only in the build of the package
To solve this issues all rootfiles for the core system are moved into
src/initscripts/init.d/common. Only the initscript in this directory are
installed by lfs/initscripts. So all initscripts for packages are
located in src/initscripts/init.d and are not installed by
lfs/initscripts.
So only the initscripts of the system appear in the 3 rootfiles of the
initscripts package. The initscript of a package appear only in the
rootfile of the package. This makes the maintaining of initscript
easier.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Some networks have equipment that fails to forward DNS queries
with EDNS and the DO bit set. They might even lose the replies.
This patch will adjust unbound so that it will not try to receive
too large replies and falls back to TCP earlier. This creates
some higher load on the DNS servers but at least gives us
working DNS.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The previous version aborted when the validation test
suceeded, but this is not always sufficient in case a
provider filters any DNSKEY, DS or RRSIG records.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
DNSSec need the correct time to validate the zones so we need
a workaround to init the time without dns.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
These are traditionally used for Windows domains and should not
be used for that. However if they are used like this, DNSSEC
validation cannot be used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a work around to prevent not working dns
resolution if the time jumps before the DNSSec signing key.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
unbound does not append the local domain to the request
any more (like dnsmasq did). Therefore, the client needs
to do that if desired.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
unbound has some trouble with validating DNSSEC-enabled
domains when the upstream name server is stripping signatures
from the authoritative responses.
This script now checks that, removes any broken upstream
name servers from the list and prints a warning.
If all name servers fail the test, unbound falls back
into recursor mode.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This is the update of libvirt to the latest version 2.1.
The most important change from a packager view is the new virtlogd
daemon.
This daemon handles the qemu output and wrote it to log files.
The require some changes:
- A new init script to start, stop restart the daemon called virtlogd.
The daemon is restart with SIGUSR1 (this is important because the daemon
keeps all pipelines etc. open).
This introduces a problem with the uninstall.sh install.sh script.
It is not possible to stop the daemon while virtual machines are
running, so the script update.sh execute from now not uninstall.sh and
install.sh instead it contains all steps from uninstall.sh install.sh
expect the start / stop routine for virtlogd. The daemon is just
restarted after the update, which makes sure that all changes take
effect.
- new symlinks in the uninstall.sh and install.sh script and some root
file changes because of the new virtlogd init script.
- the archive format changes from tar.gz to tar.xz
For Changelogs see:
https://libvirt.org/news-2015.htmlhttps://libvirt.org/news.html (2017 and later:
https://libvirt.org/news-2016.html )
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If the kernel module vhot_net is loaded, the performance of virtio
networking is better then without vhost_net.
So the module is loaded before libvirtd ist started to get the benefit
of vhost_net.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
