diff options
author | Badchay <badchay@protonmail.com> | 2022-09-04 19:10:21 +0100 |
---|---|---|
committer | Dave Woodfall <dave@slackbuilds.org> | 2022-09-04 19:10:21 +0100 |
commit | e0749d740cb7c585d95d41bf7b4bc9f2795155ec (patch) | |
tree | d5a2699c8ce903006bb6cdfda4fb55e8e4fdc55c | |
parent | e6c36a19c71186d4e0b9e7aad6c95bed6b913bae (diff) |
network/unbound: Updated for version 1.16.2.
Signed-off-by: Dave Woodfall <dave@slackbuilds.org>
-rw-r--r-- | network/unbound/README | 8 | ||||
-rw-r--r-- | network/unbound/doinst.sh | 1 | ||||
-rw-r--r-- | network/unbound/rc.unbound | 32 | ||||
-rw-r--r-- | network/unbound/unbound.SlackBuild | 31 | ||||
-rw-r--r-- | network/unbound/unbound.logrotate | 11 |
5 files changed, 79 insertions, 4 deletions
diff --git a/network/unbound/README b/network/unbound/README index 52fdc7c21a7d..6240929aae33 100644 --- a/network/unbound/README +++ b/network/unbound/README @@ -13,3 +13,11 @@ not conflict with anything else on SlackBuilds: groupadd -g 304 unbound useradd -r -u 304 -g unbound -d /etc/unbound/ -s /sbin/nologin -c \ 'Unbound DNS resolver' unbound + +Note: As of version 1.16.2, the script was almost entirely rewritten. +The idea was not only to modernize the script, but also make the +application more compatible with the Slackware architecture and to +be as easy to "just install and run the app". Also to note: +The control app titled unbound-countrol is enabled by +default but can be disabled in unbound.conf. It's secure, binds +to localhost and can't be used by non-root users. diff --git a/network/unbound/doinst.sh b/network/unbound/doinst.sh index 71e2910fce23..f7243783f544 100644 --- a/network/unbound/doinst.sh +++ b/network/unbound/doinst.sh @@ -24,6 +24,7 @@ preserve_perms() { preserve_perms etc/rc.d/rc.unbound.new config etc/unbound/unbound.conf.new +config etc/logrotate.d/unbound.new # MD5SUM d837bf4c42abb7048c90d720a579f829 is a file hash from the previous initscript. diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound index c83d27672598..d45d6ff255ac 100644 --- a/network/unbound/rc.unbound +++ b/network/unbound/rc.unbound @@ -7,7 +7,25 @@ UNBOUND=/usr/sbin/unbound CONFIG=/etc/unbound/unbound.conf PIDFILE=/var/run/unbound/unbound.pid +# Unbound-control is useful but I'm not going to cram it +# down your throat. Set this to "yes" to disable unbound-control +# initial setup. +DISABLE_UNBOUND_CONTROL="no" + +initchecks() { + if [ ! -e $(dirname $PIDFILE) ]; then + mkdir -p $(dirname $PIDFILE) + chown unbound:unbound $(dirname $PIDFILE) + fi + if [ ! -e $(dirname $CONFIG)/unbound_server.pem ] && [ "$DISABLE_UNBOUND_CONTROL" == "no" ]; then + echo "Unbound-control: unbound_server.pem not found." + echo "Running initial setup: /usr/sbin/unbound-control-setup" + /usr/sbin/unbound-control-setup || exit 1 + fi +} + start() { + initchecks if [ -r $PIDFILE ]; then echo 'Unbound is already running!' return @@ -27,6 +45,15 @@ stop() { rm -f $PIDFILE } +reload() { + if [ ! -r $PIDFILE ]; then + echo 'Unbound is not running.' + return + fi + echo "Sending SIGHUP to Unbound..." + kill -HUP `cat $PIDFILE` +} + case "$1" in 'start') start @@ -39,8 +66,11 @@ case "$1" in sleep 1 start ;; + 'reload') + reload + ;; *) - echo "Usage: $0 {start|stop|restart}" + echo "Usage: $0 {start|stop|reload|restart}" exit 1 ;; esac diff --git a/network/unbound/unbound.SlackBuild b/network/unbound/unbound.SlackBuild index 6e7cf095a906..f86ff04a0f3e 100644 --- a/network/unbound/unbound.SlackBuild +++ b/network/unbound/unbound.SlackBuild @@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd) PRGNAM=unbound VERSION=${VERSION:-1.16.2} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} @@ -118,7 +118,7 @@ CXXFLAGS="$SLKCFLAGS" \ make make install DESTDIR=$PKG -rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libunbound.la +rm -f --verbose $PKG/usr/lib${LIBDIRSUFFIX}/libunbound.la find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true @@ -133,8 +133,33 @@ cp -a doc/README* doc/FEATURES doc/CREDITS doc/TODO $PKG/usr/doc/$PRGNAM-$VERSIO head -n 1000 doc/Changelog > $PKG/usr/doc/$PRGNAM-$VERSION/Changelog touch -r doc/Changelog $PKG/usr/doc/$PRGNAM-$VERSION/Changelog +# Save the upstream unbound.conf and set some reasonable defaults: +# 1) Set the default log path to /var/log/unbound/ +# 2) Enable Unbound control interface. It's used for logrotate script +# but also gives you the power to control your process without +# restarts/reloads. It binds to localhost and cannot be used by +# unprivileged users. +# 3) Change timestamps to ASCII format (from Epoch). +# 4) Turn off chroot. +# 5) Disable systemd socket activation. +cp -a $PKG/etc/unbound/unbound.conf $PKG/etc/unbound/unbound.conf.upstream +sed -i \ +-e 's/# control-interface:/control-interface:/g' \ +-e 's/# control-enable: no/control-enable: yes/g' \ +-e 's/# log-time-ascii: no/log-time-ascii: yes/g' \ +-e 's/# use-systemd: no/use-systemd: no/g' \ +-e 's/# logfile: ""/logfile: "\/var\/log\/unbound\/unbound.log"/g' \ +-e 's/# chroot: "\/etc\/unbound"/chroot: ""/g' \ +$PKG/etc/unbound/unbound.conf \ + mkdir -p $PKG/var/run/unbound -chown $USER:$GROUP $PKG/var/run/unbound/ +mkdir -p $PKG/var/log/unbound +mkdir -p $PKG/etc/logrotate.d + +chown $UB_USER:$UB_GROUP $PKG/var/run/unbound/ +chown $UB_USER:$UB_GROUP $PKG/var/log/unbound/ + +cp -a $CWD/unbound.logrotate $PKG/etc/logrotate.d/unbound.new mv $PKG/etc/unbound/unbound.conf $PKG/etc/unbound/unbound.conf.new install -m 0644 -D $CWD/rc.unbound $PKG/etc/rc.d/rc.unbound.new diff --git a/network/unbound/unbound.logrotate b/network/unbound/unbound.logrotate new file mode 100644 index 000000000000..a00c8f095128 --- /dev/null +++ b/network/unbound/unbound.logrotate @@ -0,0 +1,11 @@ +/var/log/unbound/unbound.log { + su unbound unbound + notifempty + missingok + rotate 7 + postrotate + # Try using unbound-control to start a new log + # On fail, fall back to using a HUP signal + /usr/sbin/unbound-control log_reopen || bash /etc/rc.d/rc.unbound reload + endscript +} |