From 66b0ed0714ed8f876113a9a83a6c53cd43bf23cf Mon Sep 17 00:00:00 2001
From: Tomas Korbar <tkorbar@redhat.com>
Date: Tue, 4 Feb 2025 10:52:11 +0100
Subject: [PATCH] Add dracut module

Dracut module allows unbound to be used as resolver in initramfs.
It is set before to network-online.target to ensure that other
services which depend on name resolution have general synchronization
point when they can expect unbound to be configured and listening.

Resolves: RHEL-77613
---
 module-setup.sh     | 44 ++++++++++++++++++++++++++++++++++++++++++++
 unbound-initrd.conf |  5 +++++
 unbound.spec        | 18 ++++++++++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 module-setup.sh
 create mode 100644 unbound-initrd.conf

diff --git a/module-setup.sh b/module-setup.sh
new file mode 100644
index 0000000..439bc6d
--- /dev/null
+++ b/module-setup.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/bash
+
+check() {
+    require_binaries unbound unbound-checkconf unbound-control || return 1
+    # the module will be only included if explicitly required either
+    # by configuration or another module
+    return 255
+}
+
+depends() {
+    # because of pid file we need sysusers to create unbound user
+    echo systemd systemd-sysusers
+    return 0
+}
+
+install() {
+    # We have to make unbound wanted by network-online target to make sure
+    # there is a synchronization point when other services are able
+    # to make queries
+    inst_simple "$moddir"/unbound-initrd.conf /etc/systemd/system/unbound.service.d/unbound-initrd.conf
+
+    # /etc and /var/lib do not have its variables
+    inst_multiple -o \
+    "$systemdsystemunitdir"/unbound.service \
+    /etc/unbound/conf.d/remote-control.conf \
+    /etc/unbound/openssl-sha1.conf \
+    /usr/share/unbound/fedora-defaults.conf \
+    /usr/share/unbound/conf.d/*.conf \
+    /etc/unbound/local.d/*.conf \
+    /etc/unbound/keys.d/*.key \
+    /etc/unbound/unbound.conf \
+    /etc/unbound/unbound_control.key \
+    /etc/unbound/unbound_control.pem \
+    /etc/unbound/unbound_server.key \
+    /etc/unbound/unbound_server.pem \
+    "$sysusers"/unbound.conf \
+    "$tmpfilesdir"/unbound.conf \
+    /var/lib/unbound/root.key \
+    unbound \
+    unbound-checkconf \
+    unbound-control
+
+    $SYSTEMCTL -q --root "$initdir" enable unbound.service
+}
diff --git a/unbound-initrd.conf b/unbound-initrd.conf
new file mode 100644
index 0000000..7838b3d
--- /dev/null
+++ b/unbound-initrd.conf
@@ -0,0 +1,5 @@
+[Unit]
+Before=network-online.target
+
+[Install]
+WantedBy=network-online.target
diff --git a/unbound.spec b/unbound.spec
index fd971f6..dc428f5 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -59,6 +59,8 @@ Source22: unbound-as112-networks.conf
 Source23: unbound-local-root.conf
 Source24: remote-control-include.conf
 Source25: fedora-defaults.conf
+Source26: module-setup.sh
+Source27: unbound-initrd.conf
 
 # Downstream configuration changes
 Patch1:   unbound-fedora-config.patch
@@ -187,6 +189,14 @@ Conflicts: python2-unbound < 1.9.3
 Python 3 modules and extensions for unbound
 %endif
 
+%package dracut
+Summary: Unbound dracut module
+Requires: dracut%{?_isa}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description dracut
+Unbound dracut module allowing use of Unbound for name resolution
+in initramfs.
 
 %prep
 %if 0%{?fedora}
@@ -380,6 +390,11 @@ install -p -m 0644 %{SOURCE25} %{buildroot}%{_datadir}/%{name}/
 # Link unbound-control-setup.8 manpage to unbound-control.8
 echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8
 
+# install dracut module
+mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
+
+install -p -m 0755 %{SOURCE26} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
+install -p -m 0644 %{SOURCE27} %{buildroot}%{_prefix}/lib/dracut/modules.d/99unbound
 
 %pre libs
 %sysusers_create_compat %{SOURCE20}
@@ -513,5 +528,8 @@ popd
 %{_sbindir}/unbound-streamtcp
 %{_mandir}/man1/unbound-*
 
+%files dracut
+%{_prefix}/lib/dracut/modules.d/99unbound
+
 %changelog
 %autochangelog