network/unbound: Updated for version 1.19.2.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
author: Badchay 2024-03-08 00:52:19 +0100
committer: Willy Sudiarto Raharjo 2024-03-09 00:18:13 +0100
commit: ee9cf790887a108cec9e29c2c68d915b2009b797 (patch)
tree: 6bd507a854ebcd9cd07560b1cca017c6682a0ec6 /network
parent: bd4c2707556976ed58aa1d29b0ad890e97ed88d5 (diff)
download: slackbuilds-ee9cf790887a108cec9e29c2c68d915b2009b797.tar.gz
4 files changed, 55 insertions, 19 deletions
diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound
index f4c9f1223a..3c31faf4ef 100644
--- a/network/unbound/rc.unbound
+++ b/network/unbound/rc.unbound
@@ -7,6 +7,7 @@ UNBOUND=/usr/sbin/unbound
 CONFIG=/etc/unbound/unbound.conf
 PIDFILE=/run/unbound/unbound.pid
 LOGDIR=/var/log/unbound
+KEYFILE=/var/lib/unbound/root.key
 
 # Unbound-control is useful but I'm not going to cram it
 # down your throat. Set this to "yes" to disable unbound-control
@@ -22,15 +23,29 @@ DISABLE_UNBOUND_CONTROL="no"
 DISABLE_LOGDIR_CHECKS="no"
 
 initchecks() {
-    # Look out for a stale pidfile. If there's one, remove it.
-    # This shouldn't be necessary unless the system was shutdown uncleanly
-    # or if Unbound crashes.
-    if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then
-       echo "Looks like Unbound isn't running but there's a stale pid file."
-       echo "Removing $PIDFILE"
-       rm -vf $PIDFILE
-    fi
-    # Check that /run/unbound exists. If not, create and chown it.
+   # If auto-trust-anchor-file is enabled and the keyfile doesn't exists in
+   # /var/lib/unbound, we won't start the daemon. Most(?) errors can be caught
+   # by /usr/sbin/unbound executable but this one actually allows Unbound to start -
+   # - only for it to crash a moment later. Running unbound-checkconf on every start up
+   # would be useful, but it would make noise every time the daemon starts up.
+   if [ ! -z "$(unbound-checkconf -o auto-trust-anchor-file)" ] && [ ! -e "$KEYFILE" ]; then
+     echo "ERROR: $KEYFILE not found, yet auto-trust-anchor-file is enabled in $CONFIG"
+     echo "ERROR: Refusing to start because Unbound would crash."
+     echo "ERROR: Please generate Unbound Anchor file with the following command:"
+     echo "       # sh /etc/rc.d/rc.unbound generate-key"
+     echo
+     echo "...or comment out auto-trust-anchor-file in $CONFIG."
+     exit 1
+   fi
+   # Look out for a stale pidfile. If there's one, remove it.
+   # This shouldn't be necessary unless the system was shutdown uncleanly
+   # or if Unbound crashes.
+   if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then
+      echo "Looks like Unbound isn't running but there's a stale pid file."
+      echo "Removing $PIDFILE"
+      rm -vf $PIDFILE
+   fi
+   # Check that /run/unbound exists. If not, create and chown it.
     if [ ! -e $(dirname $PIDFILE) ]; then
         mkdir -p $(dirname $PIDFILE)
         chown unbound:unbound $(dirname $PIDFILE)
@@ -42,6 +57,7 @@ initchecks() {
         echo "This is normal for the first run."
         echo "Running initial setup to generate certificates: /usr/sbin/unbound-control-setup"
         /usr/sbin/unbound-control-setup || exit 1
+        echo "Actually... no need to do anything. It's enabled by default on Slackware :-)"
     fi
     # Deleted the entire log directory by accident? Oh well, bound to happen.
     # Let's fix that right away.
@@ -56,6 +72,20 @@ initchecks() {
         chown -R unbound:unbound $LOGDIR && echo "Success!"
         fi
     fi
+}
+
+anchorkeygen() {
+     echo "Generating Unbound Anchor keyfile..."
+     sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key
+     echo "Done"
+}
+
+checkconfig() {
+    echo "Checking Unbound configuration file: $CONFIG"
+    echo "This will run the command: /usr/sbin/unbound-checkconf"
+    echo "-----START unbound-checkconf output-----"
+    /usr/sbin/unbound-checkconf
+    echo "-----END unbound-checkconf output-----"
 
 }
 
@@ -65,7 +95,7 @@ start() {
         echo 'Unbound is already running!'
         return
     else
-	echo "Starting Unbound DNS validating resolver..."
+	echo "Starting Unbound..."
         $UNBOUND -c $CONFIG || echo "Failed to start! The error messages above might help."
     fi
 }
@@ -75,7 +105,7 @@ stop() {
         echo 'Unbound is not running.'
         return
     fi
-    echo "Stopping Unbound DNS validating resolver..."
+    echo "Stopping Unbound..."
     kill `cat $PIDFILE`
     rm -f $PIDFILE
 }
@@ -101,11 +131,17 @@ case "$1" in
 	sleep 1
         start
         ;;
+    'generate-key')
+        anchorkeygen
+        ;;
+    'check-config')
+        checkconfig
+        ;;
     'reload')
         reload
         ;;
     *)
-        echo "Usage: $0 {start|stop|reload|restart}"
+        echo "Usage: $0 {start|stop|reload|restart|generate-key|check-config}"
         exit 1
         ;;
 esac
diff --git a/network/unbound/root.hints b/network/unbound/root.hints
index 364d85a5d3..6f262498f1 100644
--- a/network/unbound/root.hints
+++ b/network/unbound/root.hints
@@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:     February 15, 2024
-;       related version of root zone:     2024021501
+;       last update:     March 07, 2024
+;       related version of root zone:     2024030701
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;
diff --git a/network/unbound/unbound.SlackBuild b/network/unbound/unbound.SlackBuild
index ced66350de..e62c1f58b5 100644
--- a/network/unbound/unbound.SlackBuild
+++ b/network/unbound/unbound.SlackBuild
@@ -2,7 +2,7 @@
 
 # Slackware build script for Unbound
 
-# Copyright 2022 Badchay <badchay@protonmail.com>
+# Copyright 2024 Badchay <badchay@protonmail.com>
 # All rights reserved.
 # Copyright 2020 Gerardo Zamudio <gerardo.zamudio@linux.com> Mexico City, Mexico
 # All rights reserved.
@@ -27,7 +27,7 @@
 cd $(dirname $0) ; CWD=$(pwd)
 
 PRGNAM=unbound
-VERSION=${VERSION:-1.19.1}
+VERSION=${VERSION:-1.19.2}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
 PKGTYPE=${PKGTYPE:-tgz}
diff --git a/network/unbound/unbound.info b/network/unbound/unbound.info
index 3950b9fb26..93863c886d 100644
--- a/network/unbound/unbound.info
+++ b/network/unbound/unbound.info
@@ -1,8 +1,8 @@
 PRGNAM="unbound"
-VERSION="1.19.1"
+VERSION="1.19.2"
 HOMEPAGE="https://nlnetlabs.nl/projects/unbound/about/"
-DOWNLOAD="https://www.nlnetlabs.nl/downloads/unbound/unbound-1.19.1.tar.gz"
-MD5SUM="73ca28029afc478639506b7d86076944"
+DOWNLOAD="https://www.nlnetlabs.nl/downloads/unbound/unbound-1.19.2.tar.gz"
+MD5SUM="dca860b940fa3ce6ec8c4542ea83a275"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES=""
author	Badchay	2024-03-08 00:52:19 +0100
committer	Willy Sudiarto Raharjo	2024-03-09 00:18:13 +0100
commit	ee9cf790887a108cec9e29c2c68d915b2009b797 (patch)
tree	6bd507a854ebcd9cd07560b1cca017c6682a0ec6 /network
parent	bd4c2707556976ed58aa1d29b0ad890e97ed88d5 (diff)
download	slackbuilds-ee9cf790887a108cec9e29c2c68d915b2009b797.tar.gz