rpms/unbound
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Add dracut module

Browse Source 
Dracut module allows unbound to be used as resolver in initramfs.
It is set before to network-online.target to ensure that other
services which depend on name resolution have general synchronization
point when they can expect unbound to be configured and listening.

Resolves: RHEL-77789
This commit is contained in:
Tomas Korbar 2025-02-04 16:03:16 +01:00
parent 5f33f4aeb8
commit 5a222abf4d
3 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
module-setup.sh Normal file
View File

@ -0,0 +1,44 @@
#!/usr/bin/bash
check() {
require_binaries unbound unbound-checkconf unbound-control || return 1
# the module will be only included if explicitly required either
# by configuration or another module
return 255
}
depends() {
# because of pid file we need sysusers to create unbound user
echo systemd systemd-sysusers
return 0
}
install() {
# We have to make unbound wanted by network-online target to make sure
# there is a synchronization point when other services are able
# to make queries
inst_simple "$moddir"/unbound-initrd.conf /etc/systemd/system/unbound.service.d/unbound-initrd.conf
# /etc and /var/lib do not have its variables
inst_multiple -o \
"$systemdsystemunitdir"/unbound.service \
/etc/unbound/conf.d/remote-control.conf \
/etc/unbound/openssl-sha1.conf \
/usr/share/unbound/fedora-defaults.conf \
/usr/share/unbound/conf.d/*.conf \
/etc/unbound/local.d/*.conf \
/etc/unbound/keys.d/*.key \
/etc/unbound/unbound.conf \
/etc/unbound/unbound_control.key \
/etc/unbound/unbound_control.pem \
/etc/unbound/unbound_server.key \
/etc/unbound/unbound_server.pem \
"$sysusers"/unbound.conf \
"$tmpfilesdir"/unbound.conf \
/var/lib/unbound/root.key \
unbound \
unbound-checkconf \
unbound-control
$SYSTEMCTL -q --root "$initdir" enable unbound.service
}

5
unbound-initrd.conf Normal file
View File

@ -0,0 +1,5 @@
[Unit]
Before=network-online.target
[Install]
WantedBy=network-online.target

24
unbound.spec
View File

@ -30,7 +30,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound Name: unbound
Version: 1.16.2 Version: 1.16.2
Release: 9%{?extra_version:.%{extra_version}}%{?dist} Release: 10%{?extra_version:.%{extra_version}}%{?dist}
License: BSD License: BSD
Url: https://nlnetlabs.nl/projects/unbound/ Url: https://nlnetlabs.nl/projects/unbound/
Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@ -54,6 +54,8 @@ Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_vers
Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key
Source21: remote-control.conf Source21: remote-control.conf
Source22: unbound-local-root.conf Source22: unbound-local-root.conf
Source23: module-setup.sh
Source24: unbound-initrd.conf
# https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 # https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554
Patch1: unbound-1.16-CVE-2022-3204.patch Patch1: unbound-1.16-CVE-2022-3204.patch
@ -162,6 +164,14 @@ Conflicts: python2-unbound < 1.9.3
Python 3 modules and extensions for unbound Python 3 modules and extensions for unbound
%endif %endif
%package dracut
Summary: Unbound dracut module
Requires: dracut%{?_isa}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description dracut
Unbound dracut module allowing use of Unbound for name resolution
in initramfs.
%prep %prep
%if 0%{?fedora} %if 0%{?fedora}
@ -328,6 +338,11 @@ ln -s ../unbound-local-root.conf %{buildroot}%{_sysconfdir}/unbound/conf.d/unbou
# Link unbound-control-setup.8 manpage to unbound-control.8 # Link unbound-control-setup.8 manpage to unbound-control.8
echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8 echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8
# install dracut module
mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
install -p -m 0755 %{SOURCE23} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
install -p -m 0644 %{SOURCE24} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
%pre libs %pre libs
getent group unbound >/dev/null || groupadd -r unbound getent group unbound >/dev/null || groupadd -r unbound
@ -460,7 +475,14 @@ popd
# just left for backwards compat with user changed unbound.conf files - format is different! # just left for backwards compat with user changed unbound.conf files - format is different!
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%files dracut
%{_prefix}/lib/dracut/modules.d/99unbound
%changelog %changelog
* Tue Feb 04 2025 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-10
- Add dracut module
- Resolves: RHEL-77789
* Tue Feb 04 2025 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-9 * Tue Feb 04 2025 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-9
- Move automatic root zone fetching to drop-in - Move automatic root zone fetching to drop-in
- Resolves: RHEL-77788 - Resolves: RHEL-77788