diff options
| author | Sören Tempel <soeren+git@soeren-tempel.net> | 2020-12-21 21:59:41 +0100 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2021-06-10 13:37:25 +0200 |
| commit | 27627cb2d9d87d727d1b69162f47fe75c45bb752 (patch) | |
| tree | 794108b36c699bf23b188d201a7e2ac9547c4d62 | |
| parent | 8502223963cf4f3cc420ad716c3bc518bc657d99 (diff) | |
main/unbound: remove dependency on dns-root-hints
The dns-root-hints dependency has been introduced in [1]. Strictly
speaking dns-root-hints is not necessary as unbound provides builtin
root hints. This change switches to using the builtin root hints by
default, thereby avoiding installation of a cron and a dependency on
gnupg. If desired, users can still manually install and configure
dns-root-hints with unbound.
See #11324 for further information on this topic.
[1]: https://github.com/alpinelinux/aports/pull/5950
| -rw-r--r-- | main/unbound/APKBUILD | 14 | ||||
| -rw-r--r-- | main/unbound/conf.patch | 19 | ||||
| -rw-r--r-- | main/unbound/migrate-dnscache-to-unbound | 1 |
3 files changed, 13 insertions, 21 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD index 6f5726b11a1..272936d93b3 100644 --- a/main/unbound/APKBUILD +++ b/main/unbound/APKBUILD @@ -4,14 +4,14 @@ # Maintainer: Jakub Jirutka <jakub@jirutka.cz> pkgname=unbound pkgver=1.13.1 -pkgrel=1 +pkgrel=2 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" license="BSD-3-Clause" -depends="dns-root-hints dnssec-root" +depends="dnssec-root" depends_dev="expat-dev" -_depends_migrate="/bin/sh apk-tools dns-root-hints openrc" +_depends_migrate="/bin/sh apk-tools openrc" makedepends="$depends_dev libevent-dev openssl-dev python3-dev swig linux-headers" checkdepends="bind-tools ldns-tools" install="$pkgname.pre-install" @@ -78,10 +78,6 @@ package() { cd "$pkgdir" - mkdir -p ./etc/unbound - rm -f ./etc/unbound/root.hints - ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints - install -Dm755 "$srcdir"/unbound.initd ./etc/init.d/unbound install -Dm644 "$srcdir"/unbound.confd ./etc/conf.d/unbound } @@ -117,7 +113,7 @@ migrate() { } sha512sums="f4d26dca28dbcc33a5e65a55147fa01077c331292e88b6a87798cb6c3d4edb0515015d131fd893c92b74d22d9998a640f0adce404e6192d61ebe69a6a599287c unbound-1.13.1.tar.gz -10e76b0c0e256cf81d55a6f089644693feb94bd2470730bcbcedb5f340397d2316f3a9ee57adc3d5e84e83cc26109c8cb48f6e2e3bfdbd186e40071b7b4284f1 conf.patch -0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59 migrate-dnscache-to-unbound +05fec1829dfb5279f35a76eeab768d88b6dffee4477b1db693360021969bdcc89e309f71ea6cc63e0f921b1fc223a073b97892be2095ed93d7da917a59e09d00 conf.patch +7ab3f57ade3fe8add60bfce208efccc968728fac5c94c759c34aaa09aa71e0da06dd7c24ae0fecf9e2ccc869594226d68b24fe2b0a0b161b833e22c0de1b03b6 migrate-dnscache-to-unbound c8e29190a7ab2803bb528fcc008d9788c1d46ca96abd7273023778068156aa65330a99af76a755929d24dfa936a3900bd400368ddf7b89fb3bcef29dbaa32683 unbound.initd 0ceae15d69deb24baa16990226de31fe743d84779a2595f31b4910b46ef925fc132cec1683d0a06141f707d9cbe517d731015702c60d9df4958ccfb9abd5a23f unbound.confd" diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch index d43b3d2dd3e..e92cc373652 100644 --- a/main/unbound/conf.patch +++ b/main/unbound/conf.patch @@ -1,6 +1,7 @@ ---- a/doc/example.conf.in -+++ b/doc/example.conf.in -@@ -337,12 +337,9 @@ +diff -upr unbound-1.13.0.orig/doc/example.conf.in unbound-1.13.0/doc/example.conf.in +--- unbound-1.13.0.orig/doc/example.conf.in 2020-12-21 09:58:04.154390497 +0100 ++++ unbound-1.13.0/doc/example.conf.in 2020-12-21 09:58:53.094583255 +0100 +@@ -355,9 +355,6 @@ server: # print log lines that say why queries return SERVFAIL to clients. # log-servfail: no @@ -9,12 +10,8 @@ - # file to read root hints from. # get one from https://www.internic.net/domain/named.cache -- # root-hints: "" -+ root-hints: /usr/share/dns-root-hints/named.root - - # enable to not answer id.server and hostname.bind queries. - # hide-identity: no -@@ -489,7 +486,7 @@ + # root-hints: "" +@@ -507,7 +504,7 @@ server: # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). @@ -23,7 +20,7 @@ # trust anchor signaling sends a RFC8145 key tag query after priming. # trust-anchor-signaling: yes -@@ -506,7 +503,7 @@ +@@ -519,7 +516,7 @@ server: # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. @@ -32,7 +29,7 @@ # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. -@@ -841,12 +838,13 @@ +@@ -900,12 +897,13 @@ dynlib: remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. diff --git a/main/unbound/migrate-dnscache-to-unbound b/main/unbound/migrate-dnscache-to-unbound index 368504f7f64..03b34cd9505 100644 --- a/main/unbound/migrate-dnscache-to-unbound +++ b/main/unbound/migrate-dnscache-to-unbound @@ -14,7 +14,6 @@ to_subnet() { gen_config() { echo "# Config generated by $0, $(date)" echo "server:" - echo -e "\troot-hints: /usr/share/dns-root-hints/named.root\n" [ -n "$IP" ] && echo -e "\tinterface: $IP\n" [ -n "$IPSEND" ] && echo -e "\toutgoing-interface: $IPSEND\n" |