From 79e69dc5333d045a5fc61c03f0904effdae384e5 Mon Sep 17 00:00:00 2001
From: Paul Wouters <pwouters@redhat.com>
Date: Mon, 8 Apr 2013 11:04:39 -0400
Subject: [PATCH] * move/rename root key to /var/lib/unbound/root.key

---
 unbound-monthly.cron | 2 +-
 unbound.conf         | 2 +-
 unbound.spec         | 8 ++++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/unbound-monthly.cron b/unbound-monthly.cron
index 6ad3c2c..656189b 100755
--- a/unbound-monthly.cron
+++ b/unbound-monthly.cron
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-/usr/sbin/unbound-anchor -a /etc/unbound/root.anchor -c /etc/unbound/icannbundle.pem
+/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
diff --git a/unbound.conf b/unbound.conf
index 2bb28a0..f2feac6 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -362,7 +362,7 @@ server:
 	#
 	# trusted-keys-file: /etc/unbound/rootkey.bind
 	trusted-keys-file: /etc/unbound/keys.d/*.key
-	auto-trust-anchor-file: "/etc/unbound/root.anchor"
+	auto-trust-anchor-file: "/var/lib/unbound/root.key"
 
 	# Ignore chain of trust. Domain is treated as insecure.
 	# domain-insecure: "example.com"
diff --git a/unbound.spec b/unbound.spec
index ea9739d..44b8c5f 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -154,8 +154,10 @@ install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
 install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/tmpfiles.d/unbound.conf
 
-# install root and DLV key
+# install root and DLV key - we keep a copy of the root key in old location,
+# in case user has changed the configuration and we wouldn't update it there
 install -m 0644 %{SOURCE5} %{SOURCE6} %{SOURCE13} %{buildroot}%{_sysconfdir}/unbound/
+install -m 0644 %{SOURCE13} %{buildroot}%{_libdir}/unbound/
 
 # remove static library from install (fedora packaging guidelines)
 rm %{buildroot}%{_libdir}/*.la
@@ -228,9 +230,11 @@ ln -s %{_mandir}/man8/unbound-control.8 %{buildroot}/%{_mandir}/man8/unbound-con
 %{_libdir}/libunbound.so.*
 %{_sysconfdir}/%{name}/icannbundle.pem
 %{_sysconfdir}/cron.monthly/unbound-anchor
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.anchor
+%attr(0644,root,root) %config(noreplace) %{_libdir}/%{name}/root.key
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
+# just left for backwards compat - format is different! (bind format)
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.anchor
 %doc doc/README doc/LICENSE
 
 %pre