* move/rename root key to /var/lib/unbound/root.key

This commit is contained in:
Paul Wouters 2013-04-08 11:04:39 -04:00
parent b9ddae3b26
commit 79e69dc533
3 changed files with 8 additions and 4 deletions

View File

@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
/usr/sbin/unbound-anchor -a /etc/unbound/root.anchor -c /etc/unbound/icannbundle.pem /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem

View File

@ -362,7 +362,7 @@ server:
# #
# trusted-keys-file: /etc/unbound/rootkey.bind # trusted-keys-file: /etc/unbound/rootkey.bind
trusted-keys-file: /etc/unbound/keys.d/*.key trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/etc/unbound/root.anchor" auto-trust-anchor-file: "/var/lib/unbound/root.key"
# Ignore chain of trust. Domain is treated as insecure. # Ignore chain of trust. Domain is treated as insecure.
# domain-insecure: "example.com" # domain-insecure: "example.com"

View File

@ -154,8 +154,10 @@ install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/tmpfiles.d/unbound.conf install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/tmpfiles.d/unbound.conf
# install root and DLV key # install root and DLV key - we keep a copy of the root key in old location,
# in case user has changed the configuration and we wouldn't update it there
install -m 0644 %{SOURCE5} %{SOURCE6} %{SOURCE13} %{buildroot}%{_sysconfdir}/unbound/ install -m 0644 %{SOURCE5} %{SOURCE6} %{SOURCE13} %{buildroot}%{_sysconfdir}/unbound/
install -m 0644 %{SOURCE13} %{buildroot}%{_libdir}/unbound/
# remove static library from install (fedora packaging guidelines) # remove static library from install (fedora packaging guidelines)
rm %{buildroot}%{_libdir}/*.la rm %{buildroot}%{_libdir}/*.la
@ -228,9 +230,11 @@ ln -s %{_mandir}/man8/unbound-control.8 %{buildroot}/%{_mandir}/man8/unbound-con
%{_libdir}/libunbound.so.* %{_libdir}/libunbound.so.*
%{_sysconfdir}/%{name}/icannbundle.pem %{_sysconfdir}/%{name}/icannbundle.pem
%{_sysconfdir}/cron.monthly/unbound-anchor %{_sysconfdir}/cron.monthly/unbound-anchor
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.anchor %attr(0644,root,root) %config(noreplace) %{_libdir}/%{name}/root.key
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
# just left for backwards compat - format is different! (bind format)
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.anchor
%doc doc/README doc/LICENSE %doc doc/README doc/LICENSE
%pre %pre