Add dracut module

Dracut module allows unbound to be used as resolver in initramfs. It is set before to network-online.target to ensure that other services which depend on name resolution have general synchronization point when they can expect unbound to be configured and listening. Resolves: RHEL-77613
2025-02-04 10:52:11 +01:00 · 2025-02-04 10:52:11 +01:00 · 66b0ed0714
commit 66b0ed0714
parent 745c62044d
3 changed files with 67 additions and 0 deletions
--- a/module-setup.sh
+++ b/module-setup.sh
@ -0,0 +1,44 @@
+#!/usr/bin/bash
+
+check() {
+    require_binaries unbound unbound-checkconf unbound-control || return 1
+    # the module will be only included if explicitly required either
+    # by configuration or another module
+    return 255
+}
+
+depends() {
+    # because of pid file we need sysusers to create unbound user
+    echo systemd systemd-sysusers
+    return 0
+}
+
+install() {
+    # We have to make unbound wanted by network-online target to make sure
+    # there is a synchronization point when other services are able
+    # to make queries
+    inst_simple "$moddir"/unbound-initrd.conf /etc/systemd/system/unbound.service.d/unbound-initrd.conf
+
+    # /etc and /var/lib do not have its variables
+    inst_multiple -o \
+    "$systemdsystemunitdir"/unbound.service \
+    /etc/unbound/conf.d/remote-control.conf \
+    /etc/unbound/openssl-sha1.conf \
+    /usr/share/unbound/fedora-defaults.conf \
+    /usr/share/unbound/conf.d/*.conf \
+    /etc/unbound/local.d/*.conf \
+    /etc/unbound/keys.d/*.key \
+    /etc/unbound/unbound.conf \
+    /etc/unbound/unbound_control.key \
+    /etc/unbound/unbound_control.pem \
+    /etc/unbound/unbound_server.key \
+    /etc/unbound/unbound_server.pem \
+    "$sysusers"/unbound.conf \
+    "$tmpfilesdir"/unbound.conf \
+    /var/lib/unbound/root.key \
+    unbound \
+    unbound-checkconf \
+    unbound-control
+
+    $SYSTEMCTL -q --root "$initdir" enable unbound.service
+}
--- a/unbound-initrd.conf
+++ b/unbound-initrd.conf
@ -0,0 +1,5 @@
+[Unit]
+Before=network-online.target
+
+[Install]
+WantedBy=network-online.target
--- a/unbound.spec
+++ b/unbound.spec
@ -59,6 +59,8 @@ Source22: unbound-as112-networks.conf
 Source23: unbound-local-root.conf
 Source24: remote-control-include.conf
 Source25: fedora-defaults.conf
+Source26: module-setup.sh
+Source27: unbound-initrd.conf

 # Downstream configuration changes
 Patch1:   unbound-fedora-config.patch
@ -187,6 +189,14 @@ Conflicts: python2-unbound < 1.9.3
 Python 3 modules and extensions for unbound
 %endif

+%package dracut
+Summary: Unbound dracut module
+Requires: dracut%{?_isa}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description dracut
+Unbound dracut module allowing use of Unbound for name resolution
+in initramfs.

 %prep
 %if 0%{?fedora}
@ -380,6 +390,11 @@ install -p -m 0644 %{SOURCE25} %{buildroot}%{_datadir}/%{name}/
 # Link unbound-control-setup.8 manpage to unbound-control.8
 echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8

+# install dracut module
+mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
+
+install -p -m 0755 %{SOURCE26} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
+install -p -m 0644 %{SOURCE27} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound

 %pre libs
 %sysusers_create_compat %{SOURCE20}
@ -513,5 +528,8 @@ popd
 %{_sbindir}/unbound-streamtcp
 %{_mandir}/man1/unbound-*

+%files dracut
+%{_prefix}/lib/dracut/modules.d/99unbound
+
 %changelog
 %autochangelog