aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBadchay <badchay@protonmail.com>2022-09-04 19:10:21 +0100
committerDave Woodfall <dave@slackbuilds.org>2022-09-04 19:10:21 +0100
commite0749d740cb7c585d95d41bf7b4bc9f2795155ec (patch)
treed5a2699c8ce903006bb6cdfda4fb55e8e4fdc55c
parente6c36a19c71186d4e0b9e7aad6c95bed6b913bae (diff)
network/unbound: Updated for version 1.16.2.
Signed-off-by: Dave Woodfall <dave@slackbuilds.org>
-rw-r--r--network/unbound/README8
-rw-r--r--network/unbound/doinst.sh1
-rw-r--r--network/unbound/rc.unbound32
-rw-r--r--network/unbound/unbound.SlackBuild31
-rw-r--r--network/unbound/unbound.logrotate11
5 files changed, 79 insertions, 4 deletions
diff --git a/network/unbound/README b/network/unbound/README
index 52fdc7c21a7d..6240929aae33 100644
--- a/network/unbound/README
+++ b/network/unbound/README
@@ -13,3 +13,11 @@ not conflict with anything else on SlackBuilds:
groupadd -g 304 unbound
useradd -r -u 304 -g unbound -d /etc/unbound/ -s /sbin/nologin -c \
'Unbound DNS resolver' unbound
+
+Note: As of version 1.16.2, the script was almost entirely rewritten.
+The idea was not only to modernize the script, but also make the
+application more compatible with the Slackware architecture and to
+be as easy to "just install and run the app". Also to note:
+The control app titled unbound-countrol is enabled by
+default but can be disabled in unbound.conf. It's secure, binds
+to localhost and can't be used by non-root users.
diff --git a/network/unbound/doinst.sh b/network/unbound/doinst.sh
index 71e2910fce23..f7243783f544 100644
--- a/network/unbound/doinst.sh
+++ b/network/unbound/doinst.sh
@@ -24,6 +24,7 @@ preserve_perms() {
preserve_perms etc/rc.d/rc.unbound.new
config etc/unbound/unbound.conf.new
+config etc/logrotate.d/unbound.new
# MD5SUM d837bf4c42abb7048c90d720a579f829 is a file hash from the previous initscript.
diff --git a/network/unbound/rc.unbound b/network/unbound/rc.unbound
index c83d27672598..d45d6ff255ac 100644
--- a/network/unbound/rc.unbound
+++ b/network/unbound/rc.unbound
@@ -7,7 +7,25 @@ UNBOUND=/usr/sbin/unbound
CONFIG=/etc/unbound/unbound.conf
PIDFILE=/var/run/unbound/unbound.pid
+# Unbound-control is useful but I'm not going to cram it
+# down your throat. Set this to "yes" to disable unbound-control
+# initial setup.
+DISABLE_UNBOUND_CONTROL="no"
+
+initchecks() {
+ if [ ! -e $(dirname $PIDFILE) ]; then
+ mkdir -p $(dirname $PIDFILE)
+ chown unbound:unbound $(dirname $PIDFILE)
+ fi
+ if [ ! -e $(dirname $CONFIG)/unbound_server.pem ] && [ "$DISABLE_UNBOUND_CONTROL" == "no" ]; then
+ echo "Unbound-control: unbound_server.pem not found."
+ echo "Running initial setup: /usr/sbin/unbound-control-setup"
+ /usr/sbin/unbound-control-setup || exit 1
+ fi
+}
+
start() {
+ initchecks
if [ -r $PIDFILE ]; then
echo 'Unbound is already running!'
return
@@ -27,6 +45,15 @@ stop() {
rm -f $PIDFILE
}
+reload() {
+ if [ ! -r $PIDFILE ]; then
+ echo 'Unbound is not running.'
+ return
+ fi
+ echo "Sending SIGHUP to Unbound..."
+ kill -HUP `cat $PIDFILE`
+}
+
case "$1" in
'start')
start
@@ -39,8 +66,11 @@ case "$1" in
sleep 1
start
;;
+ 'reload')
+ reload
+ ;;
*)
- echo "Usage: $0 {start|stop|restart}"
+ echo "Usage: $0 {start|stop|reload|restart}"
exit 1
;;
esac
diff --git a/network/unbound/unbound.SlackBuild b/network/unbound/unbound.SlackBuild
index 6e7cf095a906..f86ff04a0f3e 100644
--- a/network/unbound/unbound.SlackBuild
+++ b/network/unbound/unbound.SlackBuild
@@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=unbound
VERSION=${VERSION:-1.16.2}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}
@@ -118,7 +118,7 @@ CXXFLAGS="$SLKCFLAGS" \
make
make install DESTDIR=$PKG
-rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libunbound.la
+rm -f --verbose $PKG/usr/lib${LIBDIRSUFFIX}/libunbound.la
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
@@ -133,8 +133,33 @@ cp -a doc/README* doc/FEATURES doc/CREDITS doc/TODO $PKG/usr/doc/$PRGNAM-$VERSIO
head -n 1000 doc/Changelog > $PKG/usr/doc/$PRGNAM-$VERSION/Changelog
touch -r doc/Changelog $PKG/usr/doc/$PRGNAM-$VERSION/Changelog
+# Save the upstream unbound.conf and set some reasonable defaults:
+# 1) Set the default log path to /var/log/unbound/
+# 2) Enable Unbound control interface. It's used for logrotate script
+# but also gives you the power to control your process without
+# restarts/reloads. It binds to localhost and cannot be used by
+# unprivileged users.
+# 3) Change timestamps to ASCII format (from Epoch).
+# 4) Turn off chroot.
+# 5) Disable systemd socket activation.
+cp -a $PKG/etc/unbound/unbound.conf $PKG/etc/unbound/unbound.conf.upstream
+sed -i \
+-e 's/# control-interface:/control-interface:/g' \
+-e 's/# control-enable: no/control-enable: yes/g' \
+-e 's/# log-time-ascii: no/log-time-ascii: yes/g' \
+-e 's/# use-systemd: no/use-systemd: no/g' \
+-e 's/# logfile: ""/logfile: "\/var\/log\/unbound\/unbound.log"/g' \
+-e 's/# chroot: "\/etc\/unbound"/chroot: ""/g' \
+$PKG/etc/unbound/unbound.conf \
+
mkdir -p $PKG/var/run/unbound
-chown $USER:$GROUP $PKG/var/run/unbound/
+mkdir -p $PKG/var/log/unbound
+mkdir -p $PKG/etc/logrotate.d
+
+chown $UB_USER:$UB_GROUP $PKG/var/run/unbound/
+chown $UB_USER:$UB_GROUP $PKG/var/log/unbound/
+
+cp -a $CWD/unbound.logrotate $PKG/etc/logrotate.d/unbound.new
mv $PKG/etc/unbound/unbound.conf $PKG/etc/unbound/unbound.conf.new
install -m 0644 -D $CWD/rc.unbound $PKG/etc/rc.d/rc.unbound.new
diff --git a/network/unbound/unbound.logrotate b/network/unbound/unbound.logrotate
new file mode 100644
index 000000000000..a00c8f095128
--- /dev/null
+++ b/network/unbound/unbound.logrotate
@@ -0,0 +1,11 @@
+/var/log/unbound/unbound.log {
+ su unbound unbound
+ notifempty
+ missingok
+ rotate 7
+ postrotate
+ # Try using unbound-control to start a new log
+ # On fail, fall back to using a HUP signal
+ /usr/sbin/unbound-control log_reopen || bash /etc/rc.d/rc.unbound reload
+ endscript
+}