blob: a1aece44feeeb15a6448038252b985bfed8cc996 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
config() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
# If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
# toss the redundant copy
rm $NEW
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
preserve_perms() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
if [ -e $OLD ]; then
cp -a $OLD ${NEW}.incoming
cat $NEW > ${NEW}.incoming
mv ${NEW}.incoming $NEW
fi
config $NEW
}
preserve_perms etc/rc.d/rc.unbound.new
config etc/unbound/unbound.conf.new
config etc/logrotate.d/unbound.new
if [ -r /etc/logrotate.d/unbound ] && [ $(stat -c "%U:%G" "/etc/logrotate.d/unbound") != "root:root" ]; then
echo "Incorrect permissions detected on /etc/logrotate.d/unbound !"
echo "This will prevent Unbound logrotate script from working."
echo ""
echo "Previous Unbound SlackBuild scripts didn't set this correctly."
echo ""
echo "To fix it, simply run:"
echo "# chown root:root /etc/logrotate.d/unbound"
fi
echo "----------------------------"
echo "As of Unbound SlackBuild 1.18.0-2 DNSSEC is enabled by default."
echo
echo "You have two options:"
echo
echo "1) Run the following command to setup the root trust anchor (RECOMMENDED!)"
echo "# sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key"
echo
echo "2) Disable DNSSEC and unbound-anchor functionality."
echo "Edit /etc/unbound/unbound.conf, and erase or comment the following line:"
echo 'auto-trust-anchor-file: "/var/lib/unbound/root.key"'
echo
echo "This is a suitable option if you plan to use Unbound simply as a forwarding resolver."
echo "----------------------------"
|