Bug 724 - conf syntax to read files from run directory
conf syntax to read files from run directory
Status: REOPENED
Product: unbound
Classification: Unclassified
Component: server
1.5.6
x86_64 Windows
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-27 07:42 CET by Denis Smirnov
Modified: 2017-02-27 14:32 CET (History)
3 users (show)

See Also:


Attachments
1 case (1.53 KB, text/plain)
2015-11-27 11:10 CET, Denis Smirnov
Details
2 case (1.33 KB, application/octet-stream)
2015-11-27 11:11 CET, Denis Smirnov
Details
3 case (1.33 KB, application/octet-stream)
2015-11-27 11:11 CET, Denis Smirnov
Details
config (1.36 KB, text/plain)
2015-12-01 09:49 CET, Denis Smirnov
Details
configlexer.c generated by flex-2.6.1 (157.96 KB, application/octet-stream)
2017-02-27 14:24 CET, Bruce Dubbs
Details
configlexer.c generated by flex-2.6.3 (159.26 KB, application/octet-stream)
2017-02-27 14:29 CET, Bruce Dubbs
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Smirnov 2015-11-27 07:42:57 CET
For example, server.conf has something like:

server-key-file: unbound_server.key
server-cert-file: unbound_server.pem
control-key-file: unbound_control.key
control-cert-file: unbound_control.pem
logfile: unbound.log

Wish these files could be read from directory where unbound (unbound.exe) runs. This option makes life in Windows more simple where FHS isn't applicable - you can keep all essential files in one place and don't bother about configs when working instance is moved to another place (Unbound is a validating, recursive, caching and portable in 2 meanings dns server)
Comment 1 Wouter Wijngaards 2015-11-27 08:58:25 CET
Hi Denis,

I thought that, on Windows too, unbound does not really change directory itself.  There is a config file item 'directory: ""' where you can change directory.  If you do not set it, unbound stays in the directory where it was started.  If you start unbound from the .exe directory, then that will be the current directory and what you want works?

Is that a solution?

Best regards, Wouter
Comment 2 Denis Smirnov 2015-11-27 11:10:22 CET
Created attachment 303 [details]
1 case
Comment 3 Denis Smirnov 2015-11-27 11:11:15 CET
Created attachment 304 [details]
2 case
Comment 4 Denis Smirnov 2015-11-27 11:11:28 CET
Created attachment 305 [details]
3 case
Comment 5 Denis Smirnov 2015-11-27 11:12:33 CET
>I thought that, on Windows too, unbound does not really change directory itself.
Yes, it doesn't.
>There is a config file item 'directory: ""' where you can change directory.
Thanks for hint, Wouter. It doesn't solve the problem but help to make clever configs.
>If you do not set it, unbound stays in the directory where it was started.  If you start unbound from the .exe directory, then that will be the current directory and what you want works?
unbound is spawned as service throu net start. Service installed via unbound-service-install.
Look at the tests.

1st case: using service.conf
net start unbound
The Unbound DNS validator service is starting.
The Unbound DNS validator service was started successfully.

2nd case: service2.conf
net start unbound
The Unbound DNS validator service is starting.
The Unbound DNS validator service was started successfully.

3rd case: service3.conf
net start unbound
The Unbound DNS validator service is starting.
The Unbound DNS validator service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

I suppose, unbound current working directory is something like C:\Users\Administrator not D:\dns\dns_tools\unbound where unbound is located, because of starting throu net start with administrator rights (and administrator account/profile/home directory).
Comment 6 Wouter Wijngaards 2015-11-27 16:31:38 CET
Hi Denis,

For the net start the executable has to be registered anyway.  That registration process can also note down the working directory?  By putting that in the config file (or perhaps into an included config file?).

If I am wrong about the above stuff, what sort of thing would you need, some sort of special directory: "%EXECUTABLE%" or so that sets the directory to the executable's directory?

Best regards, Wouter
Comment 7 Denis Smirnov 2015-11-27 21:07:46 CET
>For the net start the executable has to be registered anyway.  That registration process can also note down the working directory?  By putting that in the config file (or perhaps into an included config file?).
Some [ir]relevant links for start:
https://msdn.microsoft.com/en-us/library/ms685150%28VS.85%29.aspx
https://technet.microsoft.com/en-us/library/cc951569.aspx
https://stackoverflow.com/questions/884963/what-directory-does-a-windows-service-run-in
After execution of unbound-service-install "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\unbound" registry key is created. Another interesting subkey is:
ImagePath="D:\dns\dns_tools\unbound\unbound.exe" -c "D:\dns\dns_tools\unbound\service.conf" -w service
Service Control Manager start service from %WinDir%\SysWOW64 as mentioned at Stackoverflow.
I just put unbound.log, unbound_control.key, unbound_control.pem, unbound_server.key, unbound_server.pem in %WinDir%\SysWOW64 and successfully run unbound with service3.conf. So, %WinDir%\SysWOW64 is definitely pwd directory from where "D:\dns\dns_tools\unbound\unbound.exe" -c "D:\dns\dns_tools\unbound\service.conf" -w service" command execute.
>If I am wrong about the above stuff, what sort of thing would you need, some sort of special directory: "%EXECUTABLE%" or so that sets the directory to the executable's directory?
directory: "%EXECUTABLE%" is pretty straightforward, i like it.
Comment 8 Wouter Wijngaards 2015-11-30 16:22:14 CET
Hi Denis,

I have implemented the %EXECUTABLE%.  Could you test this?  The code is in the code repository.  I have put a snapshot at:

www.nlnetlabs.nl/~wouter/unbound_setup_1.5.7_20151130.exe
www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151130.zip

I hope this works as you need to.

Best regards, Wouter
Comment 9 Denis Smirnov 2015-11-30 19:40:31 CET
Check the www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151130.zip and test path was 
"D:\ТЕСт тест просто ещё пару названий\ТЕСт тест просто ещё пару названий\ТЕСт тест просто ещё пару названий\ТЕСт тест просто ещё пару названий\unbound" - it's fully works.
Thanks a lot, Wouter. I hope this enhancement does not add too much windows specific code to codebase.
Comment 10 Denis Smirnov 2015-11-30 21:05:06 CET
UPD: after moving to another directory service could not start again.
Log:
>[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] debug: winservice - apply cfg
>[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] debug: setup SSL certificates
>[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] error: Error for server-cert-file: %EXECUTABLE%/unbound_server.pem
>[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:02001003:system library:fopen:No such process
>[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
>[1448913715] C:\Users\denis\Desktop\dns_tools\unbound\unbound.exe[3520:0] error: could not set up remote-control
Comment 11 Wouter Wijngaards 2015-12-01 09:03:16 CET
Hi Denis,

The %EXECUTABLE% only works in the directory: "%EXECUTABLE%" config statement.  It cannot be used in the other statements (make them relative to the working directory).

Best regards, Wouter
Comment 12 Denis Smirnov 2015-12-01 09:45:53 CET
(In reply to Wouter Wijngaards from comment #11)
> Hi Denis,
> 
> The %EXECUTABLE% only works in the directory: "%EXECUTABLE%" config
> statement.  It cannot be used in the other statements (make them relative to
> the working directory).
> 
> Best regards, Wouter

Directory listing:

D:\dns\dns_tools\unbound>dir
 Directory of D:\dns\dns_tools\unbound

01.12.2015  11:34    <DIR>          .
01.12.2015  11:34    <DIR>          ..
30.11.2015  18:18             1 125 create_unbound_ad_servers.cmd
30.11.2015  18:18            26 392 example.conf
16.11.2015  23:55            17 435 icannbundle.pem
30.11.2015  18:18             1 498 LICENSE
17.11.2015  23:32             3 170 named.root
30.11.2015  18:18             3 695 README.txt
17.11.2015  23:25               769 root.key
01.12.2015  11:35             1 393 service.conf
30.11.2015  18:18         2 681 856 unbound-anchor.exe
30.11.2015  18:18         2 274 816 unbound-checkconf.exe
30.11.2015  18:18             6 018 unbound-control-setup.cmd
30.11.2015  18:18         2 103 296 unbound-control.exe
30.11.2015  18:18         2 336 768 unbound-host.exe
30.11.2015  18:18            29 696 unbound-service-install.exe
30.11.2015  18:18            28 160 unbound-service-remove.exe
30.11.2015  18:18                47 unbound-website.url
30.11.2015  18:18         2 625 024 unbound.exe
01.12.2015  11:36             3 364 unbound.log
30.11.2015  18:18             2 623 unbound_cache.cmd
27.11.2015  12:28             1 277 unbound_control.key
27.11.2015  12:28               802 unbound_control.pem
27.11.2015  12:28             1 281 unbound_server.key
27.11.2015  12:28               790 unbound_server.pem
30.11.2015  18:18             2 526 warmup.cmd
              24 File(s)     12 153 821 bytes
               2 Dir(s)  217 618 345 984 bytes free
Comment 13 Denis Smirnov 2015-12-01 09:49:33 CET
Created attachment 306 [details]
config
Comment 14 Denis Smirnov 2015-12-01 09:51:10 CET
unbound-checkconf.exe service.conf
%EXECUTABLE%: No such file or directory
[1448959676] unbound-checkconf[5088:0] fatal error: bad chdir directory

checkconf does not know about recent changes.
Comment 15 Denis Smirnov 2015-12-01 09:57:22 CET
Pay no regard to the path - currently testing on another machine with config in attachment 306 [details], but same error.

>[1448959434] D:\dns\dns_tools\unbound\unbound.exe[1708:0] error: Error for server-cert-file: %EXECUTABLE%/unbound_server.pem
>[1448959434] D:\dns\dns_tools\unbound\unbound.exe[1708:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:02001003:system library:fopen:No such process
>[1448959434] D:\dns\dns_tools\unbound\unbound.exe[1708:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
>[1448959434] D:\dns\dns_tools\unbound\unbound.exe[1708:0] error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
>[1448959434] D:\dns\dns_tools\unbound\unbound.exe[1708:0] error: could not set up remote-control
Comment 16 Wouter Wijngaards 2015-12-01 10:16:45 CET
Hi Denis,

Yes it is broken, fix is in the works, buildling a snapshot now.

Best regards, Wouter
Comment 17 Wouter Wijngaards 2015-12-01 10:20:37 CET
Hi Denis,

New version, checkconf should work and also the error you report about the %EXECUTABLE%/filename being tried.

www.nlnetlabs.nl/~wouter/unbound_setup_1.5.7_20151201.exe
www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151201.zip

(so far, in the code, a simple 'adjust_for_windows()' call in two places.)

Best regards,
   Wouter
Comment 18 Denis Smirnov 2015-12-01 11:25:30 CET
Finally it works. Check with the path "D:\dns\dns_tools\ТЕСт тест просто ещё пару названий\ТЕСт тест просто ещё пару на
званий\ТЕСт тест просто ещё пару названий\ТЕСт тест просто ещё пару названий\unb
ound"
And last, i believe, note about unbound-service-install.
If path contain non latin (cyrillic in my case) symbols Program Compatibility Assistant window appears after executing unbound-service-install. unbound-service-install fully working but such little annoying fault. Something like http://cdn5.howtogeek.com/wp-content/uploads/2009/09/1pca.png
Comment 19 Wouter Wijngaards 2015-12-01 14:08:56 CET
Hi Denis,

Does this remove the program assistant thing?:

Only unbound-service-install.exe and unbound-service-remove.exe have changed.  They no longer attempt to print to stdout.

www.nlnetlabs.nl/~wouter/unbound_setup_1.5.7_20151201_2.exe
www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151201_2.zip

Best regards, Wouter
Comment 20 Denis Smirnov 2015-12-01 21:40:04 CET
(In reply to Wouter Wijngaards from comment #19)
> Hi Denis,
> 
> Does this remove the program assistant thing?:
> 
> Only unbound-service-install.exe and unbound-service-remove.exe have
> changed.  They no longer attempt to print to stdout.
> 
> www.nlnetlabs.nl/~wouter/unbound_setup_1.5.7_20151201_2.exe
> www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151201_2.zip
> 
> Best regards, Wouter

1) New build does not solve problem.
2) unbound-service-remove.exe is not affected
3) Seems, I confuse you, Wouter. PCA appears even if path contain latin only symbol (i.e. all time. I did not notice that because I'v already added some unbound-service-install.exe to PCA exclusions. They are stored in HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted in fact).

Look at https://stackoverflow.com/questions/1577412/program-compatibility-assistant-thinks-my-app-is-an-installer

> Actually, Windows just checks the filename for words like "setup" or "install" to determine if something is an installer or not. Yes, it's dumb... Can something be done about it? I wonder... Good Q, though. – Wim ten Brink Oct 16 '09 at 11:05
It's hilarious.

Manifests' update solve the fault, i think. Get from https://social.msdn.microsoft.com/Forums/azure/en-US/07cbfc3a-bced-45b7-80d2-a9d32a7c95d4/supportedos-manifest-for-windows-10?forum=windowsgeneraldevelopmentissues

<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  <application> 
    <!--This Id value indicates the application supports Windows Vista/Server 2008 functionality -->
    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> 
    <!--This Id value indicates the application supports Windows 7/Server 2008 R2 functionality-->
    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
    <!--This Id value indicates the application supports Windows 8/Server 2012 functionality-->
    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
    <!-- This Id value indicates the application supports Windows Blue/Server 2012 R2 functionality-->            
    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
    <!-- This Id value indicates the application supports Windows Threshold functionality-->            
    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
  </application>
</compatibility>

Full description of manifest format - https://msdn.microsoft.com/en-us/library/aa374191.aspx
Comment 21 Wouter Wijngaards 2015-12-02 10:47:54 CET
Hi Denis,

Thank you for researching those useful links!  There was already a Vista-UAC manifest for that executable.  Added the xml you gave, and here is the executables:

www.nlnetlabs.nl/~wouter/unbound_setup_1.5.7_20151202.exe
www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151202.zip

Best regards, Wouter
Comment 22 Denis Smirnov 2015-12-02 17:07:38 CET
unbound-1.5.7_20151202 fix PCA windows after unbound-service-install.exe
And last, really last request - could you put changelog to setup and zip bundle?
Comment 23 Wouter Wijngaards 2015-12-02 18:55:22 CET
Hi Denis,

Of course.  Thank you very much for testing.

Best regards, Wouter
Comment 24 Denis Smirnov 2015-12-08 00:11:25 CET
unbound-control.exe stats
[1449526954] unbound-control[1864:0] error: Could not open C:\Program Files\Unbound\service.conf: No such file or directory
[1449526954] unbound-control[1864:0] fatal error: could not read config file

unbound-control use hardcoded path for service.conf. I think, it's better to use present working directory for blind probe than hardcoded path.

unbound-control -c service.conf stats
error: Error setting up SSL_CTX client key and cert
5488:error:02001003:system library:fopen:No such process:bss_file.c:391:fopen('%EXECUTABLE%/unbound_control.pem','rb')
5488:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
5488:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:682:

And does not know about %EXECUTABLE%.
Does it have proper fix at all? unbound-control and unbound itself can be placed in different directories in theory but %EXECUTABLE% is calculated by unbound after start.
Comment 25 Wouter Wijngaards 2015-12-08 09:24:01 CET
Hi Denis,

If you compile unbound yourself, you can set the path that it tries with ./configure --with-conf-file=path and set the current directory to try.

Fixed EXECUTABLE replacement for unbound-control.  (It sets it to the directory of unbound-control.exe).

www.nlnetlabs.nl/~wouter/unbound_setup_1.5.7_20151208.exe
www.nlnetlabs.nl/~wouter/unbound-1.5.7_20151208.zip

Best regards, Wouter
Comment 26 Bruce Dubbs 2017-02-27 14:24:47 CET
Created attachment 375 [details]
configlexer.c generated by flex-2.6.1

Works correctly.
Comment 27 Bruce Dubbs 2017-02-27 14:29:39 CET
Created attachment 376 [details]
configlexer.c generated by flex-2.6.3

unbound fails to find ub_c_lex, ub_c_in, or ub_c_lex_destroy when linking the unbound executable
Comment 28 Bruce Dubbs 2017-02-27 14:32:33 CET
Sorry.  Those attachments should have gone to bug 1223.