diff --git a/unbound/.footprint b/unbound/.footprint index 3d691f1b3..eef3d1558 100644 --- a/unbound/.footprint +++ b/unbound/.footprint @@ -2,6 +2,7 @@ drwxr-xr-x root/root etc/ drwxr-xr-x root/root etc/rc.d/ -rwxr-xr-x root/root etc/rc.d/unbound drwxr-xr-x root/root etc/unbound/ +-rw-r--r-- unbound/root etc/unbound/root.key (EMPTY) -rw-r--r-- root/root etc/unbound/unbound.conf drwxr-xr-x root/root usr/ drwxr-xr-x root/root usr/man/ @@ -10,11 +11,13 @@ drwxr-xr-x root/root usr/man/man1/ drwxr-xr-x root/root usr/man/man5/ -rw-r--r-- root/root usr/man/man5/unbound.conf.5.gz drwxr-xr-x root/root usr/man/man8/ +-rw-r--r-- root/root usr/man/man8/unbound-anchor.8.gz -rw-r--r-- root/root usr/man/man8/unbound-checkconf.8.gz -rw-r--r-- root/root usr/man/man8/unbound-control.8.gz -rw-r--r-- root/root usr/man/man8/unbound.8.gz drwxr-xr-x root/root usr/sbin/ -rwxr-xr-x root/root usr/sbin/unbound +-rwxr-xr-x root/root usr/sbin/unbound-anchor -rwxr-xr-x root/root usr/sbin/unbound-checkconf -rwxr-xr-x root/root usr/sbin/unbound-control -rwxr-xr-x root/root usr/sbin/unbound-control-setup diff --git a/unbound/.md5sum b/unbound/.md5sum index 1166b9ea4..01e7cee4c 100644 --- a/unbound/.md5sum +++ b/unbound/.md5sum @@ -1,2 +1,2 @@ -c6f00a730330cb5a47a72538817aea78 unbound -2cdcfe0ca45373c6b22e274560ae9943 unbound-1.4.6.tar.gz +20a8c112ea3ce0049dfe16f92614185e unbound +97ee3c4a9877ff725fad23e31ecadfe0 unbound-1.4.7.tar.gz diff --git a/unbound/Pkgfile b/unbound/Pkgfile index 7d561c507..73c387b50 100644 --- a/unbound/Pkgfile +++ b/unbound/Pkgfile @@ -1,10 +1,10 @@ # Description: Validating, recursive, and caching DNS resolver # URL: http://unbound.net/index.html # Maintainer: Juergen Daubert, jue at crux dot nu -# Depends on: openssl +# Depends on: openssl expat name=unbound -version=1.4.6 +version=1.4.7 release=1 source=(http://unbound.net/downloads/$name-$version.tar.gz unbound) @@ -17,12 +17,18 @@ build () { --sysconfdir=/etc \ --with-pidfile=/var/run/unbound.pid \ --disable-shared \ - --with-username=nobody + --with-username=unbound \ + --with-ldns-builtin make -C ldns-src make make DESTDIR=$PKG install rm -r $PKG/usr/{lib,include,man/man3} + + sed -i '314s/# //' $PKG/etc/unbound/unbound.conf + touch $PKG/etc/unbound/root.key + chown unbound $PKG/etc/unbound/root.key + install -D -m 755 $SRC/unbound $PKG/etc/rc.d/unbound } diff --git a/unbound/README b/unbound/README new file mode 100644 index 000000000..0239d0bc6 --- /dev/null +++ b/unbound/README @@ -0,0 +1,20 @@ +README for unbound 1.* + +REQUIREMENTS + +PRE/POST-INSTALL + +1. Create a user/group unbound with a unused id < 99 or run the + provided pre-install script: + + 'groupadd -g 41 unbound' + 'useradd -u 41 -g unbound -d /etc/unbound -s /bin/false unbound' + 'passwd -l unbound' + +PRECAUTION + +The effective user unbound is running as (default: unbound) needs +write access for /etc/unbound/root.key to update the trust anchor +for DNSSEC validation. Adjust the user of that file if you run +unbound as a different user. + diff --git a/unbound/pre-install b/unbound/pre-install new file mode 100644 index 000000000..7fe762d1f --- /dev/null +++ b/unbound/pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +getent group unbound || /usr/sbin/groupadd -g 41 unbound +getent passwd unbound || /usr/sbin/useradd -g unbound -u 41 -d /etc/unbound -s /bin/false unbound +/usr/bin/passwd -l unbound + diff --git a/unbound/unbound b/unbound/unbound index 206f95f6e..990b6b1d3 100644 --- a/unbound/unbound +++ b/unbound/unbound @@ -5,6 +5,7 @@ case $1 in start) + /usr/sbin/unbound-anchor /usr/sbin/unbound ;; stop)