Fix service crash after installation (Closes: #859419)
This commit prevents the enforcer and signer daemons from being automatically started until the user has configured them. I believe that this is the cleanest way to solve this issue: we ship the upstream configuration files unmodified, with all the helpful comments and none of the nested ones, but we do not start the daemons until the user has configured them.
The init.d startup scripts and systemd service files check for the existence of
/etc/opendnssec/prevent-startup, that's similar to what ssh does with
/etc/ssh/sshd_not_to_be_run. This is documented in the
README.Debian file and as a debconf note showed on fresh installs. The note isn't shown on upgrades, I assume that in this case OpenDNSSEC is already configured.
I'm quite confident that this thing works as expected, but it's possible that I might have forgotten some corner cases.
One issue is that the test for
/etc/opendnssec/prevent-startup doesn't work if the init.d scripts are called with "restart" or "reload" as first argument. I raised bug #920847 against the
sysvinit package with a patch. I hope that this is just a minor inconvenience for now. I'm open for suggestions meanwhile of course.