From ee9cf790887a108cec9e29c2c68d915b2009b797 Mon Sep 17 00:00:00 2001 From: Badchay Date: Fri, 8 Mar 2024 06:52:19 +0700 Subject: network/unbound: Updated for version 1.19.2. Signed-off-by: Willy Sudiarto Raharjo --- network/unbound/rc.unbound | 60 ++++++++++++++++++++++++++++++-------- network/unbound/root.hints | 4 +-- network/unbound/unbound.SlackBuild | 4 +-- network/unbound/unbound.info | 6 ++-- 4 files changed, 55 insertions(+), 19 deletions(-) (limited to 'network') diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound index f4c9f1223a..3c31faf4ef 100644 --- a/network/unbound/rc.unbound +++ b/network/unbound/rc.unbound @@ -7,6 +7,7 @@ UNBOUND=/usr/sbin/unbound CONFIG=/etc/unbound/unbound.conf PIDFILE=/run/unbound/unbound.pid LOGDIR=/var/log/unbound +KEYFILE=/var/lib/unbound/root.key # Unbound-control is useful but I'm not going to cram it # down your throat. Set this to "yes" to disable unbound-control @@ -22,15 +23,29 @@ DISABLE_UNBOUND_CONTROL="no" DISABLE_LOGDIR_CHECKS="no" initchecks() { - # Look out for a stale pidfile. If there's one, remove it. - # This shouldn't be necessary unless the system was shutdown uncleanly - # or if Unbound crashes. - if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then - echo "Looks like Unbound isn't running but there's a stale pid file." - echo "Removing $PIDFILE" - rm -vf $PIDFILE - fi - # Check that /run/unbound exists. If not, create and chown it. + # If auto-trust-anchor-file is enabled and the keyfile doesn't exists in + # /var/lib/unbound, we won't start the daemon. Most(?) errors can be caught + # by /usr/sbin/unbound executable but this one actually allows Unbound to start - + # - only for it to crash a moment later. Running unbound-checkconf on every start up + # would be useful, but it would make noise every time the daemon starts up. + if [ ! -z "$(unbound-checkconf -o auto-trust-anchor-file)" ] && [ ! -e "$KEYFILE" ]; then + echo "ERROR: $KEYFILE not found, yet auto-trust-anchor-file is enabled in $CONFIG" + echo "ERROR: Refusing to start because Unbound would crash." + echo "ERROR: Please generate Unbound Anchor file with the following command:" + echo " # sh /etc/rc.d/rc.unbound generate-key" + echo + echo "...or comment out auto-trust-anchor-file in $CONFIG." + exit 1 + fi + # Look out for a stale pidfile. If there's one, remove it. + # This shouldn't be necessary unless the system was shutdown uncleanly + # or if Unbound crashes. + if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then + echo "Looks like Unbound isn't running but there's a stale pid file." + echo "Removing $PIDFILE" + rm -vf $PIDFILE + fi + # Check that /run/unbound exists. If not, create and chown it. if [ ! -e $(dirname $PIDFILE) ]; then mkdir -p $(dirname $PIDFILE) chown unbound:unbound $(dirname $PIDFILE) @@ -42,6 +57,7 @@ initchecks() { echo "This is normal for the first run." echo "Running initial setup to generate certificates: /usr/sbin/unbound-control-setup" /usr/sbin/unbound-control-setup || exit 1 + echo "Actually... no need to do anything. It's enabled by default on Slackware :-)" fi # Deleted the entire log directory by accident? Oh well, bound to happen. # Let's fix that right away. @@ -56,6 +72,20 @@ initchecks() { chown -R unbound:unbound $LOGDIR && echo "Success!" fi fi +} + +anchorkeygen() { + echo "Generating Unbound Anchor keyfile..." + sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key + echo "Done" +} + +checkconfig() { + echo "Checking Unbound configuration file: $CONFIG" + echo "This will run the command: /usr/sbin/unbound-checkconf" + echo "-----START unbound-checkconf output-----" + /usr/sbin/unbound-checkconf + echo "-----END unbound-checkconf output-----" } @@ -65,7 +95,7 @@ start() { echo 'Unbound is already running!' return else - echo "Starting Unbound DNS validating resolver..." + echo "Starting Unbound..." $UNBOUND -c $CONFIG || echo "Failed to start! The error messages above might help." fi } @@ -75,7 +105,7 @@ stop() { echo 'Unbound is not running.' return fi - echo "Stopping Unbound DNS validating resolver..." + echo "Stopping Unbound..." kill `cat $PIDFILE` rm -f $PIDFILE } @@ -101,11 +131,17 @@ case "$1" in sleep 1 start ;; + 'generate-key') + anchorkeygen + ;; + 'check-config') + checkconfig + ;; 'reload') reload ;; *) - echo "Usage: $0 {start|stop|reload|restart}" + echo "Usage: $0 {start|stop|reload|restart|generate-key|check-config}" exit 1 ;; esac diff --git a/network/unbound/root.hints b/network/unbound/root.hints index 364d85a5d3..6f262498f1 100644 --- a/network/unbound/root.hints +++ b/network/unbound/root.hints @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: February 15, 2024 -; related version of root zone: 2024021501 +; last update: March 07, 2024 +; related version of root zone: 2024030701 ; ; FORMERLY NS.INTERNIC.NET ; diff --git a/network/unbound/unbound.SlackBuild b/network/unbound/unbound.SlackBuild index ced66350de..e62c1f58b5 100644 --- a/network/unbound/unbound.SlackBuild +++ b/network/unbound/unbound.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for Unbound -# Copyright 2022 Badchay +# Copyright 2024 Badchay # All rights reserved. # Copyright 2020 Gerardo Zamudio Mexico City, Mexico # All rights reserved. @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=unbound -VERSION=${VERSION:-1.19.1} +VERSION=${VERSION:-1.19.2} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} diff --git a/network/unbound/unbound.info b/network/unbound/unbound.info index 3950b9fb26..93863c886d 100644 --- a/network/unbound/unbound.info +++ b/network/unbound/unbound.info @@ -1,8 +1,8 @@ PRGNAM="unbound" -VERSION="1.19.1" +VERSION="1.19.2" HOMEPAGE="https://nlnetlabs.nl/projects/unbound/about/" -DOWNLOAD="https://www.nlnetlabs.nl/downloads/unbound/unbound-1.19.1.tar.gz" -MD5SUM="73ca28029afc478639506b7d86076944" +DOWNLOAD="https://www.nlnetlabs.nl/downloads/unbound/unbound-1.19.2.tar.gz" +MD5SUM="dca860b940fa3ce6ec8c4542ea83a275" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" -- cgit v1.2.3-80-g2a13