The original script used a different /var/run/dnssec-trigger directory layout. The upgrade should translate the old layout to the new layout without the need to restart unbound. This is the last thing that needs to be done before an update for Fedora 20.
Created attachment 910419 [details] fix
Fix doesn't work because it relies on dnssec-triggerd restart cleaning up correctly and then setting up the configuration again, which doesn't happen. With dnssec-trigger-0.12-6.fc20, the following happens... systemctl stop dnssec-triggerd: * remove all connection configuration from unbound * perform /etc/resolv.conf cleanup actions systemctl start dnssec-triggerd: * convert format of the zones store * perform /etc/resolv.conf prepare actions I identified the following problems: 1) when upgrading, the cleanup code run at 'stop' still works with the old format 2) the newly started instance doesn't run dnssec-trigger-script --update which is necessary to set up initial configuration
(In reply to Pavel Šimerda (pavlix) from comment #2) > 1) when upgrading, the cleanup code run at 'stop' still works with the old > format This could be fixed by moving the conversion to the cleanup phase instead of the prepare phase. Thus the new package would provide a proper cleanup for the old data as well. > 2) the newly started instance doesn't run dnssec-trigger-script --update > which is necessary to set up initial configuration This is a separate issue that needs to be solved regardless.
Created attachment 911414 [details] additional fix to handle the legacy format in cleanup, not prepare
(In reply to Pavel Šimerda (pavlix) from comment #3) > (In reply to Pavel Šimerda (pavlix) from comment #2) > > 1) when upgrading, the cleanup code run at 'stop' still works with the old > > format > > This could be fixed by moving the conversion to the cleanup phase instead of > the prepare phase. Thus the new package would provide a proper cleanup for > the old data as well. Fixed. > > 2) the newly started instance doesn't run dnssec-trigger-script --update > > which is necessary to set up initial configuration > > This is a separate issue that needs to be solved regardless. In fact it did run it, but it failed. Filed as bug #1112248.
dnssec-trigger-0.12-12.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/dnssec-trigger-0.12-12.fc20
Package dnssec-trigger-0.12-12.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing dnssec-trigger-0.12-12.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-7942/dnssec-trigger-0.12-12.fc20 then log in and leave karma (feedback).
dnssec-trigger-0.12-13.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/dnssec-trigger-0.12-13.fc20
dnssec-trigger-0.12-13.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.