diff options
Diffstat (limited to 'network/unbound')
-rw-r--r-- | network/unbound/README | 3 | ||||
-rw-r--r-- | network/unbound/README.SLACKWARE | 63 | ||||
-rw-r--r-- | network/unbound/doinst.sh | 26 | ||||
-rw-r--r-- | network/unbound/rc.unbound | 203 | ||||
-rw-r--r-- | network/unbound/root.hints | 92 | ||||
-rw-r--r-- | network/unbound/unbound.SlackBuild | 96 | ||||
-rw-r--r-- | network/unbound/unbound.info | 12 | ||||
-rw-r--r-- | network/unbound/unbound.logrotate | 11 |
8 files changed, 392 insertions, 114 deletions
diff --git a/network/unbound/README b/network/unbound/README index 3abd246a8b..52fdc7c21a 100644 --- a/network/unbound/README +++ b/network/unbound/README @@ -13,6 +13,3 @@ not conflict with anything else on SlackBuilds: groupadd -g 304 unbound useradd -r -u 304 -g unbound -d /etc/unbound/ -s /sbin/nologin -c \ 'Unbound DNS resolver' unbound - -Optional DNSCrypt support is provided. To enable: - DNSCRYPT=yes ./unbound.SlackBuild diff --git a/network/unbound/README.SLACKWARE b/network/unbound/README.SLACKWARE new file mode 100644 index 0000000000..52179f2869 --- /dev/null +++ b/network/unbound/README.SLACKWARE @@ -0,0 +1,63 @@ +-------- +Welcome and background +-------- + +Unbound SlackBuild script was rewritten as of version 1.16.2. + +As of version 1.16.2 rc.unbound script was made from scratch +to work like other SysVinit scripts. The previous versions +included Red Hat style init script. If for some reason you still +want to use that one, it can be found from the source tarball +contrib directory. It's not supported by this SlackBuild, though. + +-------- +Configuration +-------- + +The main configuration file is located at /etc/unbound/unbound.conf. + +To make the setup as easy as possible, the SlackBuild makes some +changes to the original file so you don't have to spend time +changing some obvious settings, like disabling systemd socket +activation and other stuff that's required for proper functionality +on Slackware. The upstream configuration file is saved to +unbound.conf.upstream. + +Threading is enabled by default. This SlackBuild sets the +num-threads setting to the value of $(nproc). + +By default, we turn on "remote control" which enables the +functionality of unbound-control command. Despite its name, it +binds to localhost (by default) and cannot be used by unprivileged +users as certificate files aren't readable by them. It also allows +logrotating to work properly. + +The logs are kept in /var/log/unbound/. The default settings log +just very basic things (i.e. unbound started or stopped). + +The script also installs a logrotate script to /etc/logrotate.d + +As for resolving and caching, you'll probably want to add +something like this to your /etc/resolv.conf: + + nameserver ::1 + nameserver 127.0.0.1 + options trust-ad + +-------- +Automatic starting/stopping upon system start/shutdown +-------- + +To start Unbound automatically when system is booted, +add the following lines to /etc/rc.d/rc.local: + + if [ -x /etc/rc.d/rc.unbound ]; then + /etc/rc.d/rc.unbound start + fi + +To stop Unbound on system shutdown, add following lines +to /etc/rc.d/rc.local_shutdown + + if [ -x /etc/rc.d/rc.unbound ]; then + /etc/rc.d/rc.unbound stop + fi diff --git a/network/unbound/doinst.sh b/network/unbound/doinst.sh index 2914d5783b..a1aece44fe 100644 --- a/network/unbound/doinst.sh +++ b/network/unbound/doinst.sh @@ -24,3 +24,29 @@ preserve_perms() { preserve_perms etc/rc.d/rc.unbound.new config etc/unbound/unbound.conf.new +config etc/logrotate.d/unbound.new + +if [ -r /etc/logrotate.d/unbound ] && [ $(stat -c "%U:%G" "/etc/logrotate.d/unbound") != "root:root" ]; then + echo "Incorrect permissions detected on /etc/logrotate.d/unbound !" + echo "This will prevent Unbound logrotate script from working." + echo "" + echo "Previous Unbound SlackBuild scripts didn't set this correctly." + echo "" + echo "To fix it, simply run:" + echo "# chown root:root /etc/logrotate.d/unbound" +fi + +echo "----------------------------" +echo "As of Unbound SlackBuild 1.18.0-2 DNSSEC is enabled by default." +echo +echo "You have two options:" +echo +echo "1) Run the following command to setup the root trust anchor (RECOMMENDED!)" +echo "# sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key" +echo +echo "2) Disable DNSSEC and unbound-anchor functionality." +echo "Edit /etc/unbound/unbound.conf, and erase or comment the following line:" +echo 'auto-trust-anchor-file: "/var/lib/unbound/root.key"' +echo +echo "This is a suitable option if you plan to use Unbound simply as a forwarding resolver." +echo "----------------------------" diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound index 49a6c991e8..96e9b9db25 100644 --- a/network/unbound/rc.unbound +++ b/network/unbound/rc.unbound @@ -1,118 +1,147 @@ -#!/bin/sh +#!/bin/bash # -# unbound This shell script takes care of starting and stopping -# unbound (DNS server). -# -# chkconfig: - 14 86 -# description: unbound is a Domain Name Server (DNS) \ -# that is used to resolve host names to IP addresses. - -### BEGIN INIT INFO -# Provides: unbound -# Required-Start: $network $local_fs -# Required-Stop: $network $local_fs -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Should-Start: $syslog -# Should-Stop: $syslog -# Short-Description: unbound recursive Domain Name Server. -# Description: unbound is a Domain Name Server (DNS) -# that is used to resolve host names to IP addresses. -### END INIT INFO +# Slackware initialization script for Unbound. -# Source function library. -. /etc/rc.d/init.d/functions -exec="/usr/sbin/unbound" -config="/etc/unbound/unbound.conf" -pidfile="/var/run/unbound/unbound.pid" -piddir=`dirname $pidfile` +UNBOUND=/usr/sbin/unbound +CONFIG=/etc/unbound/unbound.conf +PIDFILE=/run/unbound/unbound.pid +LOGDIR=/var/log/unbound +KEYFILE=/var/lib/unbound/root.key -[ -x /usr/sbin/dnssec-configure ] && [ -r "$config" ] && - [ /etc/sysconfig/dnssec -nt "$config" ] && \ - /usr/sbin/dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV" +# Unbound-control is useful but I'm not going to cram it +# down your throat. Set this to "yes" to disable unbound-control +# initial setup. Note that you'll need to disable control port +# in unbound.conf so Unbound will actually start. +DISABLE_UNBOUND_CONTROL="no" -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - # /var/run could (and should) be tmpfs - [ -d $piddir ] || mkdir $piddir +# As part of the initial checks, the script makes sure that +# $LOGDIR exists. It's mostly for cases where admin accidentally +# deletes the entire log folder rather than individual logs. +# If you don't use logging at all, have a custom setup or +# just want to skip these checks, set this to "yes". +DISABLE_LOGDIR_CHECKS="no" - if [ -f /var/lib/unbound/root.anchor -a -f /usr/sbin/unbound-anchor ] - then - /sbin/runuser --command="/usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem" --shell /bin/sh unbound +initchecks() { + # If auto-trust-anchor-file is enabled and the keyfile doesn't exists in + # /var/lib/unbound, we won't start the daemon. Most(?) errors can be caught + # by /usr/sbin/unbound executable but this one actually allows Unbound to start - + # - only for it to crash a moment later. Running unbound-checkconf on every start up + # would be useful, but it would make noise every time the daemon starts up. + if [ ! -z "$(unbound-checkconf -o auto-trust-anchor-file)" ] && [ ! -e "$KEYFILE" ]; then + echo "ERROR: $KEYFILE not found, yet auto-trust-anchor-file is enabled in $CONFIG" + echo "ERROR: Refusing to start because Unbound would crash." + echo "ERROR: Please generate Unbound Anchor file with the following command:" + echo " # sh /etc/rc.d/rc.unbound generate-key" + echo + echo "...or comment out auto-trust-anchor-file in $CONFIG." + exit 1 + fi + # Look out for a stale pidfile. If there's one, remove it. + # This shouldn't be necessary unless the system was shutdown uncleanly + # or if Unbound crashes. + if [ -e $PIDFILE ] && [ ! $(pidof unbound) ]; then + echo "Looks like Unbound isn't running but there's a stale pid file." + echo "Removing $PIDFILE" + rm -vf $PIDFILE + fi + # Check that /run/unbound exists. If not, create and chown it. + if [ ! -e $(dirname $PIDFILE) ]; then + mkdir -p $(dirname $PIDFILE) + chown unbound:unbound $(dirname $PIDFILE) fi - - if [ ! -f /etc/unbound/unbound_control.key ] + # Run the initial setup for unbound-control unless it's disabled. + # Mostly relevant for the first time run. + if [ ! -e $(dirname $CONFIG)/unbound_server.pem ] && [ "$DISABLE_UNBOUND_CONTROL" == "no" ]; then + echo "Unbound-control: unbound_server.pem not found." + echo "This is normal for the first run." + echo "Running initial setup to generate certificates: /usr/sbin/unbound-control-setup" + /usr/sbin/unbound-control-setup || exit 1 + echo "Actually... no need to do anything. It's enabled by default on Slackware :-)" + fi + # Deleted the entire log directory by accident? Oh well, bound to happen. + # Let's fix that right away. + if [ "$DISABLE_LOGDIR_CHECKS" == "no" ] then - echo -n $"Generating unbound control key and certificate: " - /usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null - chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem - [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \ - [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/* - echo - else - # old init script created these as root instead of unbound. - if [ -G /etc/unbound/unbound_control.key ] - then - chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem - [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \ - [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/* - echo + if [ ! -d "$LOGDIR" ]; then + echo -n "Unbound log directory not found. Attempting to recreate it... " + mkdir $LOGDIR && echo "Success!" + fi + if [ $(stat -c "%U:%G" "$LOGDIR") != "unbound:unbound" ]; then + echo -n "Fixing permissions on the log folder $LOGDIR... " + chown -R unbound:unbound $LOGDIR && echo "Success!" fi fi +} +anchorkeygen() { + echo "Generating Unbound Anchor keyfile..." + sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key + echo "Done" +} - unbound-checkconf $config > /dev/null - RETVAL=$? - if [ $RETVAL != 0 ] - then - echo "Error in /etc/unbound/unbound.conf, aborted" - exit 6 - fi - - echo -n $"Starting unbound: " +checkconfig() { + echo "Checking Unbound configuration file: $CONFIG" + echo "This will run the command: /usr/sbin/unbound-checkconf" + echo "-----START unbound-checkconf output-----" + /usr/sbin/unbound-checkconf + echo "-----END unbound-checkconf output-----" - # if not running, start it up here - daemon --pidfile=$pidfile $exec -c $config - echo } -stop() { - echo -n $"Stopping unbound: " - # stop it here, often "killproc unbound" - killproc -p $pidfile unbound - echo +start() { + initchecks + if [ -r $PIDFILE ]; then + echo 'Unbound is already running!' + return + else + echo "Starting Unbound..." + $UNBOUND -c $CONFIG || echo "Failed to start! The error messages above might help." + fi } -restart() { - unbound-checkconf $config > /dev/null - RETVAL=$? - if [ $RETVAL != 0 ] - then - echo "Error in /etc/unbound/unbound.conf, aborted" - exit 6 +stop() { + if [ ! -r $PIDFILE ]; then + echo 'Unbound is not running.' + return fi - stop - start + echo "Stopping Unbound..." + kill $(cat $PIDFILE) + rm -f $PIDFILE } reload() { - restart + if [ ! -r $PIDFILE ]; then + echo 'Unbound is not running.' + return + fi + echo "Sending SIGHUP to Unbound..." + kill -HUP $(cat $PIDFILE) } case "$1" in - start) + 'start') start ;; - stop) + 'stop') stop ;; - restart) - restart + 'restart') + stop + sleep 1 + start + ;; + 'generate-key') + anchorkeygen + ;; + 'check-config') + checkconfig + ;; + 'reload') + reload ;; *) - echo $"Usage: $0 {start|stop|restart}" - exit 2 + echo "Usage: $0 {start|stop|reload|restart|generate-key|check-config}" + exit 1 + ;; esac -exit $? diff --git a/network/unbound/root.hints b/network/unbound/root.hints new file mode 100644 index 0000000000..0f1b4ed6a7 --- /dev/null +++ b/network/unbound/root.hints @@ -0,0 +1,92 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: August 14, 2024 +; related version of root zone: 2024081401 +; +; FORMERLY NS.INTERNIC.NET +; +. 3600000 NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2 +B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file
\ No newline at end of file diff --git a/network/unbound/unbound.SlackBuild b/network/unbound/unbound.SlackBuild index ef9c2dbd32..1d986e72fa 100644 --- a/network/unbound/unbound.SlackBuild +++ b/network/unbound/unbound.SlackBuild @@ -1,7 +1,9 @@ #!/bin/bash -# Slackware build script for unbound +# Slackware build script for Unbound +# Copyright 2024 Badchay <badchay@protonmail.com> +# All rights reserved. # Copyright 2020 Gerardo Zamudio <gerardo.zamudio@linux.com> Mexico City, Mexico # All rights reserved. # @@ -25,8 +27,8 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=unbound -VERSION=${VERSION:-1.13.1} -BUILD=${BUILD:-2} +VERSION=${VERSION:-1.21.0} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} @@ -81,6 +83,12 @@ if ! grep -q ^"$UB_USER": /etc/passwd ; then exit 1 fi +# This needs to be set. Otherwise Unbound will build +# against Python 2 on Slackware 15.0. +# Setting this to "3" allows Unbound to build with +# Python 3.9 and 3.11, depending which one is installed. +UNB_PY_VERSION=${UNB_PY_VERSION:-3} + set -e rm -rf $PKG @@ -96,14 +104,9 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -if [ "${DNSCRYPT:-no}" == "yes" ]; then - DNSCRYPT="--enable-dnscrypt" -else - DNSCRYPT="" -fi - CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ +PYTHON_VERSION="$UNB_PY_VERSION" \ ./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ @@ -113,14 +116,23 @@ CXXFLAGS="$SLKCFLAGS" \ --docdir=/usr/doc/$PRGNAM-$VERSION \ --with-libevent \ --with-ssl \ + --enable-dnscrypt \ + --disable-static \ + --enable-sha2 \ + --enable-subnet \ + --with-pythonmodule \ + --with-pyunbound \ --with-username=$UB_USER \ - --with-pidfile=/var/run/unbound/unbound.pid \ + --with-pidfile=/run/unbound/unbound.pid \ + --with-rootkey-file=/var/lib/unbound/root.key \ --build=$ARCH-slackware-linux \ - $DNSCRYPT + --host=$ARCH-slackware-linux \ make make install DESTDIR=$PKG +rm -f --verbose $PKG/usr/lib${LIBDIRSUFFIX}/libunbound.la + find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true @@ -128,19 +140,67 @@ find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a doc/CREDITS doc/FEATURES doc/LICENSE doc/README* $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild - -mkdir -p $PKG/var/run/unbound -chown $USER:$GROUP $PKG/var/run/unbound/ +cp -a doc/README* doc/FEATURES doc/CREDITS doc/TODO $PKG/usr/doc/$PRGNAM-$VERSION + +# Shorten the Changelog and restore its timestamp +head -n 500 doc/Changelog > $PKG/usr/doc/$PRGNAM-$VERSION/Changelog +touch -r doc/Changelog $PKG/usr/doc/$PRGNAM-$VERSION/Changelog + +# Save the upstream unbound.conf and set some reasonable defaults: +# 1) Set the default log path to /var/log/unbound/ +# 2) Enable Unbound control interface. It's used for logrotate script +# but also gives you the power to control your process without +# restarts/reloads. It binds to localhost and cannot be used by +# unprivileged users. +# 3) Change timestamps to ASCII format (from Epoch). +# 4) Turn off chroot. +# 5) Disable systemd socket activation. +# 6) Set num-threads to $(nproc). +# 7) Use root-hints file. +# 8) Set DNS prefetch to "yes". +# 9) Harden against out of zone rrsets (harden-glue). +# 10) Harden against receiving dnssec-stripped data (harden-dnssec-stripped). +# 11) Enable aggressive NSEC, root-key-sentinel and RFC8145 (trust anchor +# signaling). +cp -a $PKG/etc/unbound/unbound.conf $PKG/etc/unbound/unbound.conf.upstream +sed -i \ +-e 's/# control-interface:/control-interface:/g' \ +-e 's/# control-enable: no/control-enable: yes/g' \ +-e 's/# log-time-ascii: no/log-time-ascii: yes/g' \ +-e 's/# use-systemd: no/use-systemd: no/g' \ +-e 's/# logfile: ""/logfile: "\/var\/log\/unbound\/unbound.log"/g' \ +-e 's/# chroot: "\/etc\/unbound"/chroot: ""/g' \ +-e 's/# num-threads: 1/num-threads: '$(nproc)' # Set to the value of nproc by SlackBuild/g' \ +-e 's/# root-hints: ""/root-hints: "\/var\/lib\/unbound\/root.hints"/g' \ +-e 's/# prefetch: no/prefetch: yes/g' \ +-e 's/# harden-glue: yes/harden-glue: yes/g' \ +-e 's/# harden-dnssec-stripped: yes/harden-dnssec-stripped: yes/g' \ +-e 's/# aggressive-nsec: yes/aggressive-nsec: yes/g' \ +-e 's/# trust-anchor-signaling: yes/trust-anchor-signaling: yes/g' \ +-e 's/# root-key-sentinel: yes/root-key-sentinel: yes/g' \ +-e '/# auto-trust-anchor-file: ".*/a\ auto-trust-anchor-file: "/var/lib/unbound/root.key"' \ +$PKG/etc/unbound/unbound.conf \ + +mkdir -p $PKG/run/unbound +mkdir -p $PKG/var/log/unbound +mkdir -p $PKG/var/lib/unbound +mkdir -p $PKG/etc/logrotate.d + +chown $UB_USER:$UB_GROUP $PKG/run/unbound/ +chown $UB_USER:$UB_GROUP $PKG/var/log/unbound/ +chown $UB_USER:$UB_GROUP $PKG/var/lib/unbound/ + +cp -a $CWD/unbound.logrotate $PKG/etc/logrotate.d/unbound.new +cp -a $CWD/root.hints $PKG/var/lib/unbound/root.hints +chown $UB_USER:$UB_GROUP $PKG/var/lib/unbound/root.hints +chown root:root $PKG/etc/logrotate.d/unbound.new mv $PKG/etc/unbound/unbound.conf $PKG/etc/unbound/unbound.conf.new install -m 0644 -D $CWD/rc.unbound $PKG/etc/rc.d/rc.unbound.new -rm -f $PKG/usr/lib*/*.la - mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/network/unbound/unbound.info b/network/unbound/unbound.info index 0d32e3cc39..3998f966fc 100644 --- a/network/unbound/unbound.info +++ b/network/unbound/unbound.info @@ -1,10 +1,10 @@ PRGNAM="unbound" -VERSION="1.13.1" +VERSION="1.21.0" HOMEPAGE="https://nlnetlabs.nl/projects/unbound/about/" -DOWNLOAD="https://nlnetlabs.nl/downloads/unbound/unbound-1.13.1.tar.gz" -MD5SUM="0cd660a40d733acc6e7cce43731cac62" +DOWNLOAD="https://www.nlnetlabs.nl/downloads/unbound/unbound-1.21.0.tar.gz" +MD5SUM="fb7cc7922064bf122941b9f135052d00" DOWNLOAD_x86_64="" MD5SUM_x86_64="" -REQUIRES="ldns" -MAINTAINER="Gerardo Zamudio" -EMAIL="gerardo.zamudio@linux.com" +REQUIRES="" +MAINTAINER="Badchay" +EMAIL="badchay@protonmail.com" diff --git a/network/unbound/unbound.logrotate b/network/unbound/unbound.logrotate new file mode 100644 index 0000000000..a00c8f0951 --- /dev/null +++ b/network/unbound/unbound.logrotate @@ -0,0 +1,11 @@ +/var/log/unbound/unbound.log { + su unbound unbound + notifempty + missingok + rotate 7 + postrotate + # Try using unbound-control to start a new log + # On fail, fall back to using a HUP signal + /usr/sbin/unbound-control log_reopen || bash /etc/rc.d/rc.unbound reload + endscript +} |