commit: 354cb17ea56d3061812126b826e76a64e918d8a2
Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 26 01:07:18 2018 +0000
Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
CommitDate: Mon Feb 26 01:07:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=354cb17e
net-dns/unbound: add var/ dir for auto-trust-anchor by default
Package-Manager: Portage-2.3.24, Repoman-2.3.6
...ound-1.6.8-r1.ebuild => unbound-1.6.8-r2.ebuild} | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/net-dns/unbound/unbound-1.6.8-r1.ebuild
b/net-dns/unbound/unbound-1.6.8-r2.ebuild
similarity index 81%
rename from net-dns/unbound/unbound-1.6.8-r1.ebuild
rename to net-dns/unbound/unbound-1.6.8-r2.ebuild
index 07379f933b5..8fda5205f20 100644
--- a/net-dns/unbound/unbound-1.6.8-r1.ebuild
+++ b/net-dns/unbound/unbound-1.6.8-r2.ebuild
@@ -132,4 +132,25 @@ multilib_src_install_all() {
exeinto /usr/share/${PN}
doexe contrib/update-anchor.sh
+
+ # create space for auto-trust-anchor-file...
+ keepdir /etc/unbound/var
+ # ... and point example config to it
+ sed -i '/#
auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,'
"${ED}/etc/unbound/unbound.conf"
+}
+
+pkg_postinst() {
+ # make var/ writable by unbound
+ if [[ -d "${ROOT}/etc/unbound/var" ]]; then
+ chown --no-dereference --from=root unbound:
"${ROOT}/etc/unbound/var"
+ fi
+ einfo ""
+ einfo "If you want unbound to automatically update the root-anchor file
for DNSSEC validation"
+ einfo "set 'auto-trust-anchor-file: /etc/unbound/var/root-anchors.txt'
in /etc/unbound/unbound.conf"
+ einfo "and run"
+ einfo ""
+ einfo " su -s /bin/sh -c '/usr/sbin/unbound-anchor -a
/etc/unbound/var/root-anchors.txt' unbound"
+ einfo ""
+ einfo "as root to create it initially before starting unbound for the
first time after enabling this."
+ einfo ""
}
