1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
10 groups = System/Daemons
11 url = https://www.nlnetlabs.nl/unbound/
13 summary = A validating, recursive, and caching DNS(SEC) resolver.
16 Unbound is a validating, recursive, and caching DNS(SEC) resolver.
17 The C implementation of Unbound is developed and maintained by NLnet
18 Labs and is based on ideas and algorithms taken from a java prototype
19 developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is
20 designed as a set of modular components, so that also
21 DNSSEC (secure DNS) validation and stub-resolvers are easily possible.
24 source_dl = https://www.unbound.net/downloads/
29 openssl-devel >= 1.0.1h-2
34 configure_options += \
35 --with-conf-file=%{sysconfdir}/%{name}/unbound.conf \
36 --with-pidfile=%{localstatedir}/run/%{name}/%{name}.pid \
37 --with-rootkey-file=%{sharedstatedir}/unbound/root.key \
45 --with-pyunbound PYTHON=%{python3}
57 mkdir -pv %{BUILDROOT}%{localstatedir}/run/%{name}
58 mkdir -pv %{BUILDROOT}%{sharedstatedir}/%{name}
60 # Directory for user specified and additional config files.
61 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/conf.d/
63 # Directory for stub and forward zones.
64 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/local.d/
66 # Directory for trusted-keys-file.
67 mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/keys.d/
69 # Install unbound config file.
70 install -p -m 0664 %{DIR_SOURCE}/%{name}.conf \
71 %{BUILDROOT}%{sysconfdir}/%{name}/
73 # Install pem file for icannbundle.
74 install -p -m 0664 %{DIR_SOURCE}/icannbundle.pem \
75 %{BUILDROOT}%{sysconfdir}/%{name}/
77 # Install root and DLV keys.
78 install -p -m 0644 %{DIR_SOURCE}/root.key \
79 %{BUILDROOT}%{sysconfdir}/%{name}/
80 install -p -m 0664 %{DIR_SOURCE}/dlv.isc.org.key \
81 %{BUILDROOT}%{sysconfdir}/%{name}/
82 install -p -m 0664 %{DIR_SOURCE}/root.anchor \
83 %{BUILDROOT}%{sharedstatedir}/%{name}/root.key
86 chown -R unbound:unbound %{BUILDROOT}%{sharedstatedir}/%{name}/
91 getent group unound >/dev/null || /usr/sbin/groupadd -r unbound
92 getent passwd unbound >/dev/null || /usr/sbin/useradd -r -g unbound \
93 -d %{sysconfdir}/%{name} -s /sbin/nologin unbound
107 %{sysconfdir}/%{name}.conf
111 %{sysconfdir}/%{name}/conf.d/
112 %{sysconfdir}/%{name}/local.d/
113 %{sysconfdir}/%{name}/keys.d/
121 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
123 # Enable root anchor for DNSSEC validation.
124 systemctl enable unbound-anchor.timer >/dev/null 2>&1 || :
128 systemctl --no-reload disable unbound-anchor.timer >/dev/null 2>&1 || :
129 systemctl --no-reload disable unbound-keygen.service >/dev/null 2>&1 || :
130 systemctl --no-reload disable unbound.service >/dev/null 2>&1 || :
131 systemctl stop unbound.service >/dev/null 2>&1 || :
132 systemctl stop unbound-keygen.service >/dev/null 2>&1 || :
136 systemctl daemon-reload >/dev/null 2>&1 || :
140 systemctl daemon-reload >/dev/null 2>&1 || :
141 systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
142 systemctl try-restart unbound.service >/dev/null 2>&1 || :
150 package python3-%{name}
154 package %{name}-devel
158 package %{name}-debuginfo