diff options
| -rw-r--r-- | main/unbound/APKBUILD | 6 | ||||
| -rw-r--r-- | main/unbound/conf.patch | 25 | ||||
| -rw-r--r-- | main/unbound/unbound.initd | 8 |
3 files changed, 30 insertions, 9 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD index f49be9db85..12c958e4fb 100644 --- a/main/unbound/APKBUILD +++ b/main/unbound/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=unbound pkgver=1.9.5 -pkgrel=0 +pkgrel=1 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" @@ -109,7 +109,7 @@ migrate() { } sha512sums="0b198b49165b25c93899ca41fead67c479e5b6fd255f7e2af6930f4b9898c73d8a72caf376fce9a2a33199d0764db58388371c3fdbd442999ddfdb0b8b5394ea unbound-1.9.5.tar.gz -f9b90c6e717f99f3927a20320c5ec9e666af9eb4ad732520cd6de12c9ea98375c44dbbc598bef955a7c0243fbce0b29d9015ccc85b909b62509967cd8976a3c8 conf.patch +42ed61f8023a52a11fdb1eacb32b0c62f14b7b11d6b5f1f51f2e3627da401ea47212bd308be61821880d791166043184914cd1a43c9069a61140f7a1f0bb10ab conf.patch 0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59 migrate-dnscache-to-unbound -8ceabe5efcccfa1d9e210a8166de60ce218ea0261b9edf620524f33216786fad64d6cd8551255942091ee171247222a49a99a1a1ca1999d43fff00ccb17b6276 unbound.initd +39d0afdd436a8ccbdb9584590a0c50808d1f7f9edf952266bdd911878b6d85df30c133df38a45445d631eebc40a5cb1171cd53b99eccc468102dc2301c987b1c unbound.initd 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71 unbound.confd" diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch index f7ad7515dc..dbf4140d47 100644 --- a/main/unbound/conf.patch +++ b/main/unbound/conf.patch @@ -1,8 +1,8 @@ --- a/doc/example.conf.in +++ b/doc/example.conf.in -@@ -308,12 +308,9 @@ - # timetoresolve, fromcache and responsesize. - # log-replies: no +@@ -337,12 +337,9 @@ + # print log lines that say why queries return SERVFAIL to clients. + # log-servfail: no - # the pid file. Can be an absolute path outside of chroot/work dir. - # pidfile: "@UNBOUND_PIDFILE@" @@ -14,7 +14,7 @@ # enable to not answer id.server and hostname.bind queries. # hide-identity: no -@@ -450,7 +447,7 @@ +@@ -489,7 +486,7 @@ # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). @@ -23,7 +23,7 @@ # trust anchor signaling sends a RFC8145 key tag query after priming. # trust-anchor-signaling: yes -@@ -464,7 +461,7 @@ +@@ -506,7 +503,7 @@ # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. @@ -32,3 +32,18 @@ # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. +@@ -841,12 +838,13 @@ + remote-control: + # Enable remote control with unbound-control(8) here. + # set up the keys and certificates with unbound-control-setup. +- # control-enable: no ++ control-enable: yes + + # what interfaces are listened to for remote control. + # give 0.0.0.0 and ::0 to listen to all interfaces. + # set to an absolute path to use a unix local name pipe, certificates + # are not used for that, so key and cert files need not be present. ++ control-interface: /run/unbound/control.sock + # control-interface: 127.0.0.1 + # control-interface: ::1 + diff --git a/main/unbound/unbound.initd b/main/unbound/unbound.initd index 9fba36cff7..136ce01ccf 100644 --- a/main/unbound/unbound.initd +++ b/main/unbound/unbound.initd @@ -32,7 +32,13 @@ checkconfig() { } start_pre() { - checkconfig + checkconfig || return 1 + + local i; for i in $(/usr/sbin/unbound-checkconf -o control-interface "$cfgfile"); do + case "$i" in + */*) test -d "$i" || checkpath -d -m 750 -o unbound:unbound "$(dirname "$i")" || return 1 + esac + done } reload() { |