debug_enabled
DEPFLAG
UNBOUND_USERNAME
+UNBOUND_ROOTCERT_FILE
+UNBOUND_ROOTKEY_FILE
UNBOUND_PIDFILE
UNBOUND_SHARE_DIR
UNBOUND_CHROOT_DIR
with_chroot_dir
with_share_dir
with_pidfile
+with_rootkey_file
+with_rootcert_file
with_username
enable_checking
enable_debug
enable_sha2
enable_gost
with_libevent
+with_libexpat
enable_staticexe
enable_lock_checks
enable_alloc_checks
same as share/unbound)
--with-pidfile=filename set default pathname to unbound pidfile (default
run-dir/unbound.pid)
+ --with-rootkey-file=filename
+ set default pathname to root key file (default
+ run-dir/root.key). This file is read and written.
+ --with-rootcert-file=filename
+ set default pathname to root update certificate file
+ (default run-dir/icannbundle.pem). This file need
+ not exist if you are content with the builtin.
--with-username=user set default user that unbound changes to (default
user is unbound)
--with-pic try to use only PIC/non-PIC objects [default=use
/usr/lib /usr/pkg /usr/sfw /usr or you can specify
an explicit path). Slower, but allows use of large
outgoing port ranges.
+ --with-libexpat=path specify explicit path for libexpat.
--with-ldns=PATH specify prefix of path of ldns library to use
--with-ldns-builtin forces use of package included with this one
+# Check whether --with-rootkey-file was given.
+if test "${with_rootkey_file+set}" = set; then :
+ withval=$with_rootkey_file; UNBOUND_ROOTKEY_FILE="$withval"
+else
+ if test $on_mingw = no; then
+ UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
+else
+ UNBOUND_ROOTKEY_FILE=""
+fi
+
+fi
+
+
+hdr_rkey="`echo $UNBOUND_ROOTKEY_FILE | sed -e 's/\\\\/\\\\\\\\/g'`"
+
+
+cat >>confdefs.h <<_ACEOF
+#define ROOT_ANCHOR_FILE "$hdr_rkey"
+_ACEOF
+
+
+
+# Check whether --with-rootcert-file was given.
+if test "${with_rootcert_file+set}" = set; then :
+ withval=$with_rootcert_file; UNBOUND_ROOTCERT_FILE="$withval"
+else
+ if test $on_mingw = no; then
+ UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
+else
+ UNBOUND_ROOTCERT_FILE=""
+fi
+
+fi
+
+
+hdr_rpem="`echo $UNBOUND_ROOTCERT_FILE | sed -e 's/\\\\/\\\\\\\\/g'`"
+
+
+cat >>confdefs.h <<_ACEOF
+#define ROOT_CERT_FILE "$hdr_rpem"
+_ACEOF
+
+
+
# Check whether --with-username was given.
if test "${with_username+set}" = set; then :
withval=$with_username; UNBOUND_USERNAME="$withval"
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6758: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6815: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6761: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6818: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6764: output\"" >&5)
+ (eval echo "\"\$as_me:6821: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7969 "configure"' > conftest.$ac_ext
+ echo '#line 8026 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9229: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9286: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9233: \$? = $ac_status" >&5
+ echo "$as_me:9290: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9568: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9625: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9572: \$? = $ac_status" >&5
+ echo "$as_me:9629: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9673: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9730: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9677: \$? = $ac_status" >&5
+ echo "$as_me:9734: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9728: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9785: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9732: \$? = $ac_status" >&5
+ echo "$as_me:9789: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12098 "configure"
+#line 12155 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12194 "configure"
+#line 12251 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
fi
# check for libexpat
+
+# Check whether --with-libexpat was given.
+if test "${with_libexpat+set}" = set; then :
+ withval=$with_libexpat;
+else
+ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
$as_echo_n "checking for libexpat... " >&6; }
found_libexpat="no"
-for dir in /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr; do
+for dir in $withval ; do
if test -f "$dir/include/expat.h"; then
found_libexpat="yes"
if test "$dir" != "/usr"; then
ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid)
AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location])
+AC_ARG_WITH(rootkey-file,
+ AC_HELP_STRING([--with-rootkey-file=filename],
+ [set default pathname to root key file (default run-dir/root.key). This file is read and written.]),
+ UNBOUND_ROOTKEY_FILE="$withval",
+if test $on_mingw = no; then
+ UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
+else
+ UNBOUND_ROOTKEY_FILE=""
+fi
+)
+AC_SUBST(UNBOUND_ROOTKEY_FILE)
+ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey)
+AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location])
+
+AC_ARG_WITH(rootcert-file,
+ AC_HELP_STRING([--with-rootcert-file=filename],
+ [set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]),
+ UNBOUND_ROOTCERT_FILE="$withval",
+if test $on_mingw = no; then
+ UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
+else
+ UNBOUND_ROOTCERT_FILE=""
+fi
+)
+AC_SUBST(UNBOUND_ROOTCERT_FILE)
+ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem)
+AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location])
+
AC_ARG_WITH(username,
AC_HELP_STRING([--with-username=user],
[set default user that unbound changes to (default user is unbound)]),
fi
# check for libexpat
+AC_ARG_WITH(libexpat, AC_HELP_STRING([--with-libexpat=path],
+ [specify explicit path for libexpat.]),
+ [ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ])
AC_MSG_CHECKING(for libexpat)
found_libexpat="no"
-for dir in /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr; do
+for dir in $withval ; do
if test -f "$dir/include/expat.h"; then
found_libexpat="yes"
dnl assume /usr is in default path.
.nf
# in the init scripts.
# provide or update the root anchor (if necessary)
- unbound-anchor -a "/usr/local/etc/unbound/root.key"
+ unbound-anchor -a "@UNBOUND_ROOTKEY_FILE@"
# start validating resolver
# the unbound.conf contains:
- # auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
+ # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
unbound -c unbound.conf
.fi
.P
.TP
.B \-a \fIfile
The root anchor key file, that is read in and written out.
-Default is /usr/local/etc/unbound/root.key.
+Default is @UNBOUND_ROOTKEY_FILE@.
If the file does not exist, or is empty, a builtin root key is written to it.
.TP
.B \-c \fIfile
The root update certificate file, that is read in.
-Default is /usr/local/etc/unbound/icannbundle.pem.
+Default is @UNBOUND_ROOTCERT_FILE@.
If the file does not exist, or is empty, a builtin certificate is used.
.TP
.B \-u \fIname
Or something more suitable for your operational environment.
.SH "FILES"
.TP
-.I /usr/local/etc/unbound/root.key
+.I @UNBOUND_ROOTKEY_FILE@
The root anchor file, updated with 5011 tracking, and read and written to.
+The file is created if it does not exist.
.TP
-.I /usr/local/etc/unbound/icannbundle.pem
+.I @UNBOUND_ROOTCERT_FILE@
The trusted self\-signed certificate that is used to verify the downloaded
-DNSSEC root trust anchor.
+DNSSEC root trust anchor. You can update it by fetching it from
+https://data.iana.org/root\-anchors/icannbundle.pem (and validate it).
+If the file does not exist or is empty, a builtin version is used.
.TP
.I https://data.iana.org/root\-anchors/root\-anchors.xml
Source for the root key information.
.TP
.I https://data.iana.org/root\-anchors/root\-anchors.p7s
Signature on the root key information.
-.TP
-.I https://data.iana.org/root\-anchors/icannbundle.pem
-Source for the certificate used.
.SH "SEE ALSO"
\fIunbound.conf\fR(5),
\fIunbound\fR(8).
projects / thirdparty / unbound.git / commitdiff
