From 438b0e489d276bdf77d566fc74c597c049970072 Mon Sep 17 00:00:00 2001
From: Paul Wouters <pwouters@fedoraproject.org>
Date: Wed, 11 Mar 2009 19:17:12 +0000
Subject: [PATCH] - enable DNSSEC only if it is enabled in sysconfig/dnssec

---
 unbound.spec | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/unbound.spec b/unbound.spec
index 806e6b4..3a3223c 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -1,7 +1,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.2.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -127,12 +127,16 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
 exit 0
 
 %post
-# Enable DNSSEC per default
-if [ "$1" -eq 1 ]; then
-    [ -x /usr/sbin/dnssec-configure ] && \
-	dnssec-configure -u --norestart --dnssec=on --dlv=off > /dev/null 2>&1
-fi
 /sbin/chkconfig --add %{name}
+# Check DNSSEC settings if this is a fresh install
+if [ "$1" -eq 1 ]; then
+  if [ -r /etc/sysconfig/dnssec ]; then
+    . /etc/sysconfig/dnssec
+    [ -x /usr/sbin/dnssec-configure ] && \
+      dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV" > \
+        /dev/null 2>&1
+  fi;
+fi
 
 %post libs -p /sbin/ldconfig
 
@@ -150,6 +154,9 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4
+- enable DNSSEC only if it is enabled in sysconfig/dnssec
+
 * Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3
 - add DNSSEC support to initscript and enabled it per default
 - add requires dnssec-conf