From 4abd8a925d01d9c017df0929cd606872b3703acc Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Mon, 9 Mar 2009 20:36:02 +0000 Subject: [PATCH] - add DNSSEC support to initscript, enabled it per default - add requires dnssec-conf --- unbound.init | 5 +++++ unbound.spec | 15 ++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/unbound.init b/unbound.init index db1b3d3..6d9e766 100644 --- a/unbound.init +++ b/unbound.init @@ -28,9 +28,14 @@ pidfile="/var/run/unbound/unbound.pid" piddir=`dirname $pidfile` [ -e /etc/sysconfig/unbound ] && . /etc/sysconfig/unbound +[ -e /etc/sysconfig/dnssec ] && . /etc/sysconfig/dnssec lockfile=/var/lock/subsys/unbound +[ -x /usr/sbin/dnssec-configure ] && [ -r "$config" ] && + [ /etc/sysconfig/dnssec -nt "$config" ] && \ + /usr/sbin/dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV" + start() { [ -x $exec ] || exit 5 [ -f $config ] || exit 6 diff --git a/unbound.spec b/unbound.spec index c3e070a..806e6b4 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,7 +1,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.2.1 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz @@ -18,6 +18,7 @@ Requires(preun): initscripts Requires(postun): initscripts Requires: ldns >= 1.5.0 Requires(pre): shadow-utils +Requires: dnssec-conf # Is this obsolete? #Provides: caching-nameserver @@ -125,12 +126,16 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ -c "Unbound DNS resolver" unbound exit 0 -%post +%post +# Enable DNSSEC per default +if [ "$1" -eq 1 ]; then + [ -x /usr/sbin/dnssec-configure ] && \ + dnssec-configure -u --norestart --dnssec=on --dlv=off > /dev/null 2>&1 +fi /sbin/chkconfig --add %{name} %post libs -p /sbin/ldconfig - %preun if [ "$1" -eq 0 ]; then /sbin/service %{name} stop >/dev/null 2>&1 @@ -145,6 +150,10 @@ fi %postun libs -p /sbin/ldconfig %changelog +* Mon Mar 09 2009 Adam Tkac - 1.2.1-3 +- add DNSSEC support to initscript and enabled it per default +- add requires dnssec-conf + * Wed Feb 25 2009 Fedora Release Engineering - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild