diff --git a/net/unbound/Makefile b/net/unbound/Makefile index e88c11e581..abb098e1e3 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.5.9 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -39,6 +39,7 @@ define Package/unbound SUBMENU:=IP Addresses and Names TITLE+= (daemon) DEPENDS+= +libunbound + USERID:=unbound:unbound endef define Package/unbound/description @@ -114,6 +115,7 @@ CONFIGURE_ARGS += \ --with-libexpat="$(STAGING_DIR)/usr" \ --with-ssl="$(STAGING_DIR)/usr" \ --with-pidfile=/var/run/unbound.pid \ + --with-user=unbound \ --without-pthreads define Package/unbound/conffiles diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index 8c1304e2dd..7ad2e7c74c 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -6,6 +6,12 @@ START=61 USE_PROCD=1 start_service() { + find /etc/unbound \! \( -user unbound -group unbound \) \ + -exec chown unbound:unbound {} \; + + find /etc/unbound \( -perm +027 -o \! -perm -600 \) \ + -exec chmod u=rwX,g=rX,o= {} \; + procd_open_instance procd_set_param command /usr/sbin/unbound procd_append_param command -d # don't daemonize diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index 352fe942ce..3b612bcd18 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -89,14 +89,6 @@ index ff90e3b..5c20fdf 100644 # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, -@@ -218,6 +233,7 @@ server: - # and the given username is assumed. Default is user "unbound". - # If you give "" no privileges are dropped. - # username: "@UNBOUND_USERNAME@" -+ username: "" - - # the working directory. The relative files in this config are - # relative to this directory. If you give "" the working directory @@ -266,12 +284,15 @@ server: # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes ("").