From 76f5c54236fdb2714fbb6d890a7b079d5aa4f9fc Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 6 Aug 2016 15:12:01 +0100 Subject: [PATCH] unbound: Install trust anchor in /var/lib/unbound Signed-off-by: Michael Tremer --- config/rootfiles/packages/unbound | 2 ++ config/unbound/root.key | 10 +--------- lfs/unbound | 11 +++++++++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/config/rootfiles/packages/unbound b/config/rootfiles/packages/unbound index dad3b74db5..f23ac80256 100644 --- a/config/rootfiles/packages/unbound +++ b/config/rootfiles/packages/unbound @@ -65,3 +65,5 @@ usr/sbin/unbound-zone #usr/share/man/man8/unbound-control-setup.8 #usr/share/man/man8/unbound-control.8 #usr/share/man/man8/unbound.8 +var/lib/unbound +var/lib/unbound/root.key diff --git a/config/unbound/root.key b/config/unbound/root.key index fb540e3f93..0c36abea2a 100644 --- a/config/unbound/root.key +++ b/config/unbound/root.key @@ -1,9 +1 @@ -; autotrust trust anchor file -;;id: . 1 -;;last_queried: 1467576595 ;;Sun Jul 3 22:09:55 2016 -;;last_success: 1467576595 ;;Sun Jul 3 22:09:55 2016 -;;next_probe_time: 1467616562 ;;Mon Jul 4 09:16:02 2016 -;;query_failed: 0 -;;query_interval: 43200 -;;retry_time: 8640 -. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1467575383 ;;Sun Jul 3 21:49:43 2016 +. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} diff --git a/lfs/unbound b/lfs/unbound index ac350b92a4..35b5b79994 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -74,7 +74,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ./configure \ --prefix=/usr \ --sysconfdir=/etc \ - --with-pidfile=/var/run/unbound.pid + --with-pidfile=/var/run/unbound.pid \ + --with-rootkey-file=/var/lib/unbound/root.key \ --disable-static \ --with-libevent cd $(DIR_APP) && make $(MAKETUNING) @@ -84,6 +85,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) mv -v /etc/unbound/unbound.conf /etc/unbound/unbound_org.conf install -v -m 644 $(DIR_SRC)/config/unbound/*.conf /etc/unbound/ install -v -m 644 $(DIR_SRC)/config/unbound/root.hints /etc/unbound/ - install -v -m 644 $(DIR_SRC)/config/unbound/root.key /etc/unbound/ + + # Install key + -mkdir -pv /var/lib/unbound + install -v -m 644 $(DIR_SRC)/config/unbound/root.key \ + /var/lib/unbound/root.key + chown -Rv nobody.nobody /var/lib/unbound + @rm -rf $(DIR_APP) @$(POSTBUILD) -- 2.39.2