Do not keep keygen running, check certs each time

Rely on condition of unbound-keygen service. If it does stop after generating them, then it will recreate also after restart later. That might be the case if someone removes these certificates.
2022-06-07 14:17:11 +02:00 · 2022-06-07 14:17:11 +02:00 · 9cab78fef5
commit 9cab78fef5
parent 2c00b91a49
2 changed files with 4 additions and 2 deletions
--- a/unbound-keygen.service
+++ b/unbound-keygen.service
@ -13,7 +13,6 @@ Type=oneshot
 Group=unbound
 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/
 ExecStart=/sbin/restorecon /etc/unbound/*
-RemainAfterExit=yes

 [Install]
 WantedBy=multi-user.target
--- a/unbound.spec
+++ b/unbound.spec
@ -30,7 +30,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.16.0
-Release: 1%{?extra_version:.%{extra_version}}%{?dist}
+Release: 4%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://nlnetlabs.nl/projects/unbound/
 Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@ -446,6 +446,9 @@ popd
 %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key

 %changelog
+* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-4
+- Restart keygen service before every unbound start
+
 * Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
 - Update to 1.16.0