aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2020-12-21 21:59:41 +0100
committerJakub Jirutka <jakub@jirutka.cz>2021-06-10 13:37:25 +0200
commit27627cb2d9d87d727d1b69162f47fe75c45bb752 (patch)
tree794108b36c699bf23b188d201a7e2ac9547c4d62
parent8502223963cf4f3cc420ad716c3bc518bc657d99 (diff)
downloadaports-27627cb2d9d87d727d1b69162f47fe75c45bb752.tar.gz
aports-27627cb2d9d87d727d1b69162f47fe75c45bb752.tar.bz2
aports-27627cb2d9d87d727d1b69162f47fe75c45bb752.tar.xz
main/unbound: remove dependency on dns-root-hints
The dns-root-hints dependency has been introduced in [1]. Strictly speaking dns-root-hints is not necessary as unbound provides builtin root hints. This change switches to using the builtin root hints by default, thereby avoiding installation of a cron and a dependency on gnupg. If desired, users can still manually install and configure dns-root-hints with unbound. See #11324 for further information on this topic. [1]: https://github.com/alpinelinux/aports/pull/5950
-rw-r--r--main/unbound/APKBUILD14
-rw-r--r--main/unbound/conf.patch19
-rw-r--r--main/unbound/migrate-dnscache-to-unbound1
3 files changed, 13 insertions, 21 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 6f5726b11a..272936d93b 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -4,14 +4,14 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=unbound
pkgver=1.13.1
-pkgrel=1
+pkgrel=2
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
url="http://unbound.net/"
arch="all"
license="BSD-3-Clause"
-depends="dns-root-hints dnssec-root"
+depends="dnssec-root"
depends_dev="expat-dev"
-_depends_migrate="/bin/sh apk-tools dns-root-hints openrc"
+_depends_migrate="/bin/sh apk-tools openrc"
makedepends="$depends_dev libevent-dev openssl-dev python3-dev swig linux-headers"
checkdepends="bind-tools ldns-tools"
install="$pkgname.pre-install"
@@ -78,10 +78,6 @@ package() {
cd "$pkgdir"
- mkdir -p ./etc/unbound
- rm -f ./etc/unbound/root.hints
- ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints
-
install -Dm755 "$srcdir"/unbound.initd ./etc/init.d/unbound
install -Dm644 "$srcdir"/unbound.confd ./etc/conf.d/unbound
}
@@ -117,7 +113,7 @@ migrate() {
}
sha512sums="f4d26dca28dbcc33a5e65a55147fa01077c331292e88b6a87798cb6c3d4edb0515015d131fd893c92b74d22d9998a640f0adce404e6192d61ebe69a6a599287c unbound-1.13.1.tar.gz
-10e76b0c0e256cf81d55a6f089644693feb94bd2470730bcbcedb5f340397d2316f3a9ee57adc3d5e84e83cc26109c8cb48f6e2e3bfdbd186e40071b7b4284f1 conf.patch
-0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59 migrate-dnscache-to-unbound
+05fec1829dfb5279f35a76eeab768d88b6dffee4477b1db693360021969bdcc89e309f71ea6cc63e0f921b1fc223a073b97892be2095ed93d7da917a59e09d00 conf.patch
+7ab3f57ade3fe8add60bfce208efccc968728fac5c94c759c34aaa09aa71e0da06dd7c24ae0fecf9e2ccc869594226d68b24fe2b0a0b161b833e22c0de1b03b6 migrate-dnscache-to-unbound
c8e29190a7ab2803bb528fcc008d9788c1d46ca96abd7273023778068156aa65330a99af76a755929d24dfa936a3900bd400368ddf7b89fb3bcef29dbaa32683 unbound.initd
0ceae15d69deb24baa16990226de31fe743d84779a2595f31b4910b46ef925fc132cec1683d0a06141f707d9cbe517d731015702c60d9df4958ccfb9abd5a23f unbound.confd"
diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch
index d43b3d2dd3..e92cc37365 100644
--- a/main/unbound/conf.patch
+++ b/main/unbound/conf.patch
@@ -1,6 +1,7 @@
---- a/doc/example.conf.in
-+++ b/doc/example.conf.in
-@@ -337,12 +337,9 @@
+diff -upr unbound-1.13.0.orig/doc/example.conf.in unbound-1.13.0/doc/example.conf.in
+--- unbound-1.13.0.orig/doc/example.conf.in 2020-12-21 09:58:04.154390497 +0100
++++ unbound-1.13.0/doc/example.conf.in 2020-12-21 09:58:53.094583255 +0100
+@@ -355,9 +355,6 @@ server:
# print log lines that say why queries return SERVFAIL to clients.
# log-servfail: no
@@ -9,12 +10,8 @@
-
# file to read root hints from.
# get one from https://www.internic.net/domain/named.cache
-- # root-hints: ""
-+ root-hints: /usr/share/dns-root-hints/named.root
-
- # enable to not answer id.server and hostname.bind queries.
- # hide-identity: no
-@@ -489,7 +486,7 @@
+ # root-hints: ""
+@@ -507,7 +504,7 @@ server:
# you start unbound (i.e. in the system boot scripts). And enable:
# Please note usage of unbound-anchor root anchor is at your own risk
# and under the terms of our LICENSE (see that file in the source).
@@ -23,7 +20,7 @@
# trust anchor signaling sends a RFC8145 key tag query after priming.
# trust-anchor-signaling: yes
-@@ -506,7 +503,7 @@
+@@ -519,7 +516,7 @@ server:
# with several entries, one file per entry.
# Zone file format, with DS and DNSKEY entries.
# Note this gets out of date, use auto-trust-anchor-file please.
@@ -32,7 +29,7 @@
# Trusted key for validation. DS or DNSKEY. specify the RR on a
# single line, surrounded by "". TTL is ignored. class is IN default.
-@@ -841,12 +838,13 @@
+@@ -900,12 +897,13 @@ dynlib:
remote-control:
# Enable remote control with unbound-control(8) here.
# set up the keys and certificates with unbound-control-setup.
diff --git a/main/unbound/migrate-dnscache-to-unbound b/main/unbound/migrate-dnscache-to-unbound
index 368504f7f6..03b34cd950 100644
--- a/main/unbound/migrate-dnscache-to-unbound
+++ b/main/unbound/migrate-dnscache-to-unbound
@@ -14,7 +14,6 @@ to_subnet() {
gen_config() {
echo "# Config generated by $0, $(date)"
echo "server:"
- echo -e "\troot-hints: /usr/share/dns-root-hints/named.root\n"
[ -n "$IP" ] && echo -e "\tinterface: $IP\n"
[ -n "$IPSEND" ] && echo -e "\toutgoing-interface: $IPSEND\n"