Do not keep keygen running, check certs each time

Rely on condition of unbound-keygen service. If it does stop after generating them, then it will recreate also after restart later. That might be the case if someone removes these certificates. (cherry picked from commit 9cab78fef5) Resolves: rhbz#2094336
2022-06-07 14:17:11 +02:00 · 2022-06-07 14:17:11 +02:00 · d10d20851e
commit d10d20851e
parent b3c3c181b7
2 changed files with 4 additions and 2 deletions
--- a/unbound-keygen.service
+++ b/unbound-keygen.service
@ -13,7 +13,6 @@ Type=oneshot
 Group=unbound
 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/
 ExecStart=/sbin/restorecon /etc/unbound/*
-RemainAfterExit=yes

 [Install]
 WantedBy=multi-user.target
--- a/unbound.spec
+++ b/unbound.spec
@ -30,7 +30,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.16.0
-Release: 1%{?extra_version:.%{extra_version}}%{?dist}
+Release: 2%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://nlnetlabs.nl/projects/unbound/
 Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@ -444,6 +444,9 @@ popd
 %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key

 %changelog
+* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2
+- Restart keygen service before every unbound start (#2094336)
+
 * Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
 - Update to 1.16.0 (#2087120)