Debian package: use dns-root-data.

diff --git a/debian/changelog b/debian/changelog
index 9e69c2de10c35e1d35fa5b446827157cf9706f3b..6d0c62e94fac811e7c284bf46c27eb747e3e8d63 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 dnsmasq (2.72-1) unstable; urgency=low
 
    * New upstream.
+   * If dns-root-data package is installed, use it to set the DNSSEC
+     trust anchor(s). Recommend dns-root-data. (closes: #760460)
 
  -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 20 May 2014 21:01:11 +0000
 

diff --git a/debian/control b/debian/control
index e7f2080dcc76aa3b310b52aaac7ad66e93bbb431..641f5ccc3fd7447f47ff5740412b675f364a303e 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -28,6 +28,7 @@ Architecture: any
 Depends: adduser, ${shlibs:Depends}
 Breaks: dnsmasq (<< 2.63-1~)
 Replaces: dnsmasq (<< 2.63-1~)
+Recommends: dns-root-data
 Description: Small caching DNS proxy and DHCP/TFTP server
  This package contains the dnsmasq executable and documentation, but
  not the infrastructure required to run it as a system daemon. For

diff --git a/debian/init b/debian/init
index 808c6c12a86cf750aaba633f18ccf3e0bbb0e522..f4df909524b474e772205da020cbe026bf152e22 100644 (file)
--- a/debian/init
+++ b/debian/init
@@ -104,6 +104,16 @@ fi
 
 DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service"
 
+# If the dns-root-data package is installed, then the trust anchors will be 
+# available in $ROOT_DS, in BIND zone-file format. Reformat as dnsmasq
+# --trust-anchor options.
+
+ROOT_DS="/usr/share/dns/root.ds"
+
+if [ -f $ROOT_DS ]; then
+   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" 
+fi
+
 start()
 {
         # Return