ports/opt (2.7): [notify] unbound: update to 1.4.17
commit a7d159b9ac29b56e77fc6fb9f955aeb49da2d843 Author: Juergen Daubert <jue@jue.li> Date: Thu May 24 21:10:54 2012 +0200 [notify] unbound: update to 1.4.17 See the README, default location of the auto-trust-anchor-file has been changed because of bug #443 [1]. [1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=443 diff --git a/unbound/.footprint b/unbound/.footprint index 19dc8f1..d532a12 100644 --- a/unbound/.footprint +++ b/unbound/.footprint @@ -2,6 +2,7 @@ drwxr-xr-x root/root etc/ drwxr-xr-x root/root etc/rc.d/ -rwxr-xr-x root/root etc/rc.d/unbound drwxr-xr-x root/root etc/unbound/ +drwxr-xr-x unbound/unbound etc/unbound/anchor/ -rw-r--r-- root/root etc/unbound/unbound.conf drwxr-xr-x root/root usr/ drwxr-xr-x root/root usr/man/ @@ -21,6 +22,3 @@ drwxr-xr-x root/root usr/sbin/ -rwxr-xr-x root/root usr/sbin/unbound-control -rwxr-xr-x root/root usr/sbin/unbound-control-setup -rwxr-xr-x root/root usr/sbin/unbound-host -drwxr-xr-x root/root var/ -drwxr-xr-x root/root var/lib/ -drwxr-xr-x unbound/unbound var/lib/unbound/ diff --git a/unbound/.md5sum b/unbound/.md5sum index 63a8235..70e3333 100644 --- a/unbound/.md5sum +++ b/unbound/.md5sum @@ -1,3 +1,3 @@ -e7428ed0d19baed02459e2c55660c9b3 ldns-1.6.12.tar.gz +bcada4f2e62aa40fcdd5d73aec46f284 ldns-1.6.13.tar.gz 20a8c112ea3ce0049dfe16f92614185e unbound -5158d03d2ab0a8e60925c7a9b9903631 unbound-1.4.16.tar.gz +812d49064a78c92765970a1364736da7 unbound-1.4.17.tar.gz diff --git a/unbound/Pkgfile b/unbound/Pkgfile index 2c2c4c1..2ab2fb1 100644 --- a/unbound/Pkgfile +++ b/unbound/Pkgfile @@ -4,14 +4,14 @@ # Depends on: openssl expat name=unbound -version=1.4.16 +version=1.4.17 release=1 source=(http://www.unbound.net/downloads/$name-$version.tar.gz - http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.12.tar.gz + http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.13.tar.gz unbound) build () { - cd ldns-1.6.12 + cd ldns-1.6.13 ./configure --disable-shared make @@ -20,16 +20,17 @@ build () { --mandir=/usr/man \ --sysconfdir=/etc \ --with-pidfile=/var/run/unbound.pid \ - --with-rootkey-file=/var/lib/unbound/root.key \ + --with-chroot-dir=/etc/unbound \ + --with-rootkey-file=/etc/unbound/anchor/root.key \ --disable-shared \ --with-username=unbound \ - --with-ldns=../ldns-1.6.12 + --with-ldns=../ldns-1.6.13 make make DESTDIR=$PKG install rm -r $PKG/usr/{lib,include,man/man3} - install -d -o unbound -g unbound $PKG/var/lib/unbound/ + install -d -o unbound -g unbound $PKG/etc/unbound/anchor install -D -m 755 $SRC/unbound $PKG/etc/rc.d/unbound } diff --git a/unbound/README b/unbound/README index 6089402..12d7d15 100644 --- a/unbound/README +++ b/unbound/README @@ -14,9 +14,13 @@ PRE/POST-INSTALL PRECAUTION To enable DNSSEC validation all you have to do is to enable the -"auto-trust-anchor-file" option in /etc/unbound/unbound.conifg. +"auto-trust-anchor-file" option in /etc/unbound/unbound.conf. +Unbound runs as default within a chroot located at /etc/unbound, +therefor the anchor-file has to reside somewhere below the chroot +directory. The default is /etc/unbound/anchor/root.key. + The effective user unbound is running as (default: unbound) needs -write access to /var/lib/unbound to update the trust anchor for +write access to /etc/unbound/anchor to update the trust anchor for DNSSEC validation. Adjust the owner of that directory if you run unbound as a different user.
participants (1)
-
crux@crux.nu