From fd01a5515dcafe1b5476368410008c78fb4097cd Mon Sep 17 00:00:00 2001 From: Tomas Korbar Date: Mon, 10 Feb 2025 21:42:34 +0100 Subject: [PATCH] Add possibility to disable unbound-anchor by file presence Resolves: RHEL-78694 --- tmpfiles-unbound.conf | 2 +- unbound.service | 2 +- unbound.spec | 8 ++++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tmpfiles-unbound.conf b/tmpfiles-unbound.conf index bb88f01..c09cc75 100644 --- a/tmpfiles-unbound.conf +++ b/tmpfiles-unbound.conf @@ -1 +1 @@ -D /run/unbound 0755 unbound unbound - +D /run/unbound 0775 unbound root - diff --git a/unbound.service b/unbound.service index a3d9209..ce4aaa9 100644 --- a/unbound.service +++ b/unbound.service @@ -11,7 +11,7 @@ Wants=nss-lookup.target Type=notify EnvironmentFile=-/etc/sysconfig/unbound ExecStartPre=/usr/sbin/unbound-checkconf -ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_UNBOUND_ANCHOR" == "yes" ]; then /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R; else echo "Updates of root keys with unbound-anchor is disabled"; fi' +ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_UNBOUND_ANCHOR" == "yes" ] && [ ! -f /run/unbound/anchor-disable ]; then /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R; else echo "Updates of root keys with unbound-anchor is disabled"; fi' ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS ExecReload=/usr/sbin/unbound-control reload diff --git a/unbound.spec b/unbound.spec index 02b65f2..db86a78 100644 --- a/unbound.spec +++ b/unbound.spec @@ -30,7 +30,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.16.2 -Release: 15%{?extra_version:.%{extra_version}}%{?dist} +Release: 16%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://nlnetlabs.nl/projects/unbound/ Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz @@ -401,7 +401,7 @@ popd %doc doc/CREDITS doc/FEATURES %{_unitdir}/%{name}.service %{_unitdir}/%{name}-keygen.service -%attr(0755,unbound,unbound) %dir %{_rundir}/%{name} +%attr(0775,unbound,root) %dir %{_rundir}/%{name} %attr(0644,root,root) %{_tmpfilesdir}/unbound.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound-local-root.conf @@ -481,6 +481,10 @@ popd %{_prefix}/lib/dracut/modules.d/99unbound %changelog +* Mon Feb 10 2025 Tomas Korbar - 1.16.2-16 +- Add possibility to disable unbound-anchor by file presence +- Resolves: RHEL-78694 + * Sun Feb 09 2025 Tomas Korbar - 1.16.2-15 - Add sysusers support needed to propagate user to initramfs - Resolves: RHEL-77789