From d10d20851ef6757c20279b3c7846ca3f3d0a71a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 7 Jun 2022 14:17:11 +0200
Subject: [PATCH] Do not keep keygen running, check certs each time

Rely on condition of unbound-keygen service. If it does stop after
generating them, then it will recreate also after restart later. That
might be the case if someone removes these certificates.

(cherry picked from commit 9cab78fef5ee1fcddb20eecc465d0b7cac7d9a03)

Resolves: rhbz#2094336
---
 unbound-keygen.service | 1 -
 unbound.spec           | 5 ++++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/unbound-keygen.service b/unbound-keygen.service
index f5e6535..b169002 100644
--- a/unbound-keygen.service
+++ b/unbound-keygen.service
@@ -13,7 +13,6 @@ Type=oneshot
 Group=unbound
 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/
 ExecStart=/sbin/restorecon /etc/unbound/*
-RemainAfterExit=yes
 
 [Install]
 WantedBy=multi-user.target
diff --git a/unbound.spec b/unbound.spec
index 675400f..f4b80cd 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -30,7 +30,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.16.0
-Release: 1%{?extra_version:.%{extra_version}}%{?dist}
+Release: 2%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://nlnetlabs.nl/projects/unbound/
 Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@@ -444,6 +444,9 @@ popd
 %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
 
 %changelog
+* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2
+- Restart keygen service before every unbound start (#2094336)
+
 * Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
 - Update to 1.16.0 (#2087120)