diff options
Diffstat (limited to 'net-dns/unbound/files')
-rw-r--r-- | net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch | 6 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound-1.6.3-pkg-config.patch | 11 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound-r1.confd | 36 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound-r1.initd | 137 |
4 files changed, 190 insertions, 0 deletions
diff --git a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch index c4c0ffa3d6d1..85879db3cf28 100644 --- a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch +++ b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch @@ -1,3 +1,9 @@ +To avoid below error messages like + + [23109:0] error: Could not open autotrust file for writing, /etc/dnssec/root-anchors.txt: Permission denied + +set 'trust-anchor-file' to same value in 'auto-trust-anchor-file'. + diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in --- unbound-1.5.7.orig/doc/example.conf.in 2015-12-10 08:59:18.000000000 +0100 +++ unbound-1.5.7/doc/example.conf.in 2016-01-05 04:08:01.666760015 +0100 diff --git a/net-dns/unbound/files/unbound-1.6.3-pkg-config.patch b/net-dns/unbound/files/unbound-1.6.3-pkg-config.patch new file mode 100644 index 000000000000..36adac8dc112 --- /dev/null +++ b/net-dns/unbound/files/unbound-1.6.3-pkg-config.patch @@ -0,0 +1,11 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -95,6 +95,8 @@ AC_SUBST(LIBUNBOUND_CURRENT) + AC_SUBST(LIBUNBOUND_REVISION) + AC_SUBST(LIBUNBOUND_AGE) + ++PKG_PROG_PKG_CONFIG ++ + CFLAGS="$CFLAGS" + AC_AIX + if test "$ac_cv_header_minix_config_h" = "yes"; then diff --git a/net-dns/unbound/files/unbound-r1.confd b/net-dns/unbound/files/unbound-r1.confd new file mode 100644 index 000000000000..c86c65c64962 --- /dev/null +++ b/net-dns/unbound/files/unbound-r1.confd @@ -0,0 +1,36 @@ +# /etc/conf.d/unbound + +# Configuration file +#UNBOUND_CONFFILE="/etc/unbound/unbound.conf" + +# PID file +# This is a fallback value which should NOT be changed. If you ever need +# to change PID file, please change value in configuration file instead! +#UNBOUND_PIDFILE="/run/unbound.pid" + +# You can use this configuration option to pass additional options to the +# start-stop-daemon, see start-stop-daemon(8) for more details. +# Per default we wait 1000ms after we have started the service to ensure +# that the daemon is really up and running. +#UNBOUND_SSDARGS="--wait 1000" + +# The termination timeout (start-stop-daemon parameter "retry") ensures +# that the service will be terminated within a given time (25 + 5 seconds +# per default) when you are stopping the service. +#UNBOUND_TERMTIMEOUT="TERM/25/KILL/5" + +# Options to unbound +# See unbound(8) for more details +# Notes: +# * Do not specify another CONFIGFILE but use the variable above to change the location +#UNBOUND_OPTS="" + +# If you want to preserve unbound's cache, set the following variable to +# a non-zero value. In this case unbound's cache will be dumped to disk +# before shutdown and loaded right after start. +# To be able to dump and load cache you have to set up keys (use `unbound-control-setup`) +# and need to set 'control-enable: yes' in your configuration! +# WARNING: If you don't know what you are doing you should NOT use this +# feature. Loading the cache with old or wrong data can result in +# old or wrong data being returned to clients. +#UNBOUND_PRESERVE_CACHE="" diff --git a/net-dns/unbound/files/unbound-r1.initd b/net-dns/unbound/files/unbound-r1.initd new file mode 100644 index 000000000000..54886d1f47ad --- /dev/null +++ b/net-dns/unbound/files/unbound-r1.initd @@ -0,0 +1,137 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +UNBOUND_BINARY=${UNBOUND_BINARY:-"/usr/sbin/unbound"} +UNBOUND_CACHEFILE=${UNBOUND_CACHEFILE:-"/var/lib/unbound/${SVCNAME}.cache"} +UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-"/usr/sbin/unbound-checkconf"} +UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-"/etc/unbound/${SVCNAME}.conf"} +UNBOUND_CONTROL=${UNBOUND_CONTROL:-"/usr/sbin/unbound-control"} +UNBOUND_PIDFILE=${UNBOUND_PIDFILE:-"/run/unbound.pid"} +UNBOUND_SSDARGS=${UNBOUND_SSDARGS:-"--wait 1000"} +UNBOUND_TERMTIMEOUT=${UNBOUND_TERMTIMEOUT:-"TERM/25/KILL/5"} +UNBOUND_OPTS=${UNBOUND_OPTS:-""} +UNBOUND_LOAD_CACHE_TIMEOUT=${UNBOUND_LOAD_CACHE_TIMEOUT:-"30"} + +getconfig() { + local key="$1" + local value_default="$2" + local value= + + if service_started ; then + value="$(service_get_value "${key}")" + fi + + if [ -z "${value}" ] && [ -n "${UNBOUND_CONFFILE}" ] && [ -r "${UNBOUND_CONFFILE}" ] ; then + value=$("${UNBOUND_CHECKCONF}" -o ${key} "${UNBOUND_CONFFILE}") + fi + + if [ -z "${value}" ] ; then + # Value not explicitly set in the configfile or configfile does not exist + # or is not readable + echo "${value_default}" + else + echo "${value}" + fi + + return 0 +} + +command=${UNBOUND_BINARY} +command_args="${UNBOUND_OPTS} -c \"${UNBOUND_CONFFILE}\"" +start_stop_daemon_args="${UNBOUND_SSDARGS}" +pidfile="$(getconfig pidfile /run/unbound.pid)" +retry="${UNBOUND_TERMTIMEOUT}" + +required_files="${UNBOUND_CONFFILE}" + +name="unbound daemon" +extra_commands="configtest" +extra_started_commands="reload save_cache" +description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address." +description_configtest="Run syntax tests for configuration files only." +description_reload="Kills all children and reloads the configuration." +description_save_cache="Saves the current cache to disk." + +depend() { + use net logger + provide dns + after auth-dns +} + +configtest() { + local _config_status= + + ebegin "Checking ${SVCNAME} configuration" + "${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" 1>/dev/null 2>&1 + _config_status=$? + + if [ ${_config_status} -ne 0 ] ; then + # Run command again but this time we will show the output + # Ugly, but ... + "${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" + else + if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then + local _is_control_enabled=$(getconfig control-enable no) + if [ "${_is_control_enabled}" != "yes" ] ; then + eerror "Cannot preserve cache: control-enable is 'no' in the config file!" + _config_status=2 + fi + fi + fi + + eend ${_config_status} "failed, please correct errors above" +} + +save_cache() { + if [ "${RC_CMD}" != "restart" ] ; then + UNBOUND_PRESERVE_CACHE=1 configtest || return 1 + fi + + ebegin "Saving cache to '${UNBOUND_CACHEFILE}'" + ${UNBOUND_CONTROL} -c "${UNBOUND_CONFFILE}" dump_cache > "${UNBOUND_CACHEFILE}" + eend $? +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ] ; then + configtest || return 1 + fi +} + +start_post() { + if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then + if [ -s "${UNBOUND_CACHEFILE}" ] ; then + ebegin "Loading cache from '${UNBOUND_CACHEFILE}'" + # Loading cache can fail which would block this runscript. + # Using `timeout` from coreutils will be our safeguard ... + timeout -k 5 ${UNBOUND_LOAD_CACHE_TIMEOUT} ${UNBOUND_CONTROL} -q -c "${UNBOUND_CONFFILE}" load_cache < "${UNBOUND_CACHEFILE}" + eend $? + else + ewarn "Loading cache from '${UNBOUND_CACHEFILE}' skipped: File does not exists or is empty!" + fi + fi + + # It is not a fatal error if preserved cache could not be loaded + return 0 +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ] ; then + configtest || return 1 + fi + + if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then + save_cache + fi + + # It is not a fatal error if cache cannot be preserved + return 0 +} + +reload() { + configtest || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} |