diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 8549f6191c..abb098e1e3 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.5.8 -PKG_RELEASE:=1 +PKG_VERSION:=1.5.9 +PKG_RELEASE:=3 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -17,7 +17,7 @@ PKG_MAINTAINER:=Michael Hanselmann PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_MD5SUM:=1c34282bae0c625b86374ee9caaef6f7 +PKG_MD5SUM:=0cefa62c1690b4db18583db84bff00e3 PKG_BUILD_DEPENDS:=libexpat PKG_BUILD_PARALLEL:=1 @@ -39,6 +39,7 @@ define Package/unbound SUBMENU:=IP Addresses and Names TITLE+= (daemon) DEPENDS+= +libunbound + USERID:=unbound:unbound endef define Package/unbound/description @@ -113,6 +114,8 @@ CONFIGURE_ARGS += \ --enable-allsymbols \ --with-libexpat="$(STAGING_DIR)/usr" \ --with-ssl="$(STAGING_DIR)/usr" \ + --with-pidfile=/var/run/unbound.pid \ + --with-user=unbound \ --without-pthreads define Package/unbound/conffiles @@ -121,14 +124,14 @@ endef define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/ endef define Package/unbound/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) \ + $(INSTALL_BIN) \ $(PKG_INSTALL_DIR)/usr/sbin/unbound \ $(PKG_INSTALL_DIR)/usr/sbin/unbound-checkconf \ $(1)/usr/sbin/ @@ -137,34 +140,33 @@ define Package/unbound/install $(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \ $(1)/etc/unbound/ $(INSTALL_CONF) ./files/root.key $(1)/etc/unbound/ - $(INSTALL_CONF) ./files/named.cache $(1)/etc/unbound/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/unbound.init $(1)/etc/init.d/unbound endef define Package/unbound-anchor/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/ endef define Package/unbound-control/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control $(1)/usr/sbin/ endef define Package/unbound-control-setup/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control-setup $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control-setup $(1)/usr/sbin/ endef define Package/unbound-host/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-host $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/unbound-host $(1)/usr/sbin/ endef define Package/libunbound/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/ endef $(eval $(call BuildPackage,unbound)) diff --git a/net/unbound/files/named.cache b/net/unbound/files/named.cache deleted file mode 100644 index 9cc20228c8..0000000000 --- a/net/unbound/files/named.cache +++ /dev/null @@ -1,90 +0,0 @@ -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . " -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: November 05, 2014 -; related version of root zone: 2014110501 -; -; formerly NS.INTERNIC.NET -; -. 3600000 NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 -; End of file diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index 4e700e4458..7ad2e7c74c 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -1,14 +1,20 @@ #!/bin/sh /etc/rc.common -#Copyright (C) 2010 Ondrej Caletka +# Copyright (C) 2016 Michael Hanselmann + START=61 -start () { - unbound -} +USE_PROCD=1 -stop () { - PIDFILE='/var/run/unbound.pid' - if [ -f $PIDFILE ] ; then - kill $(cat $PIDFILE) - fi +start_service() { + find /etc/unbound \! \( -user unbound -group unbound \) \ + -exec chown unbound:unbound {} \; + + find /etc/unbound \( -perm +027 -o \! -perm -600 \) \ + -exec chmod u=rwX,g=rX,o= {} \; + + procd_open_instance + procd_set_param command /usr/sbin/unbound + procd_append_param command -d # don't daemonize + procd_set_param respawn + procd_close_instance } diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index eab0df3757..3b612bcd18 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -89,27 +89,6 @@ index ff90e3b..5c20fdf 100644 # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, -@@ -218,6 +233,7 @@ server: - # and the given username is assumed. Default is user "unbound". - # If you give "" no privileges are dropped. - # username: "@UNBOUND_USERNAME@" -+ username: "" - - # the working directory. The relative files in this config are - # relative to this directory. If you give "" the working directory -@@ -240,10 +256,12 @@ server: - - # the pid file. Can be an absolute path outside of chroot/work dir. - # pidfile: "@UNBOUND_PIDFILE@" -+ pidfile: "/var/run/unbound.pid" - - # file to read root hints from. - # get one from https://www.internic.net/domain/named.cache - # root-hints: "" -+ root-hints: "/etc/unbound/named.cache" - - # enable to not answer id.server and hostname.bind queries. - # hide-identity: no @@ -266,12 +284,15 @@ server: # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes ("").