unbound: Install trust anchor in /var/lib/unbound

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2016-08-06 15:12:01 +01:00
parent 89b0810b24
commit 76f5c54236
3 changed files with 12 additions and 11 deletions
--- a/config/rootfiles/packages/unbound
+++ b/config/rootfiles/packages/unbound
@@ -65,3 +65,5 @@ usr/sbin/unbound-zone
 #usr/share/man/man8/unbound-control-setup.8
 #usr/share/man/man8/unbound-control.8
 #usr/share/man/man8/unbound.8
+var/lib/unbound
+var/lib/unbound/root.key
--- a/config/unbound/root.key
+++ b/config/unbound/root.key
@@ -1,9 +1 @@
-; autotrust trust anchor file
-;;id: . 1
-;;last_queried: 1467576595 ;;Sun Jul  3 22:09:55 2016
-;;last_success: 1467576595 ;;Sun Jul  3 22:09:55 2016
-;;next_probe_time: 1467616562 ;;Mon Jul  4 09:16:02 2016
-;;query_failed: 0
-;;query_interval: 43200
-;;retry_time: 8640
-.	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1467575383 ;;Sun Jul  3 21:49:43 2016
+.	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -74,7 +74,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		./configure \
 			--prefix=/usr \
 			--sysconfdir=/etc \
-			--with-pidfile=/var/run/unbound.pid
+			--with-pidfile=/var/run/unbound.pid \
+			--with-rootkey-file=/var/lib/unbound/root.key \
 			--disable-static \
 			--with-libevent
 	cd $(DIR_APP) && make $(MAKETUNING)
@@ -84,6 +85,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	mv -v /etc/unbound/unbound.conf /etc/unbound/unbound_org.conf
 	install -v -m 644 $(DIR_SRC)/config/unbound/*.conf /etc/unbound/
 	install -v -m 644 $(DIR_SRC)/config/unbound/root.hints /etc/unbound/
-	install -v -m 644 $(DIR_SRC)/config/unbound/root.key /etc/unbound/
+
+	# Install key
+	-mkdir -pv /var/lib/unbound
+	install -v -m 644 $(DIR_SRC)/config/unbound/root.key \
+		/var/lib/unbound/root.key
+	chown -Rv nobody.nobody /var/lib/unbound
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)