Mail archive
alpine-aports

[alpine-aports] [PATCH] main/unbound: use trust-anchor-file by default

From: Sören Tempel <soeren+git_at_soeren-tempel.net>
Date: Mon, 16 Nov 2015 14:45:40 +0100

---
 main/unbound/APKBUILD   |  8 ++++----
 main/unbound/conf.patch | 31 +++++++++++++++++++++++++++++--
 2 files changed, 33 insertions(+), 6 deletions(-)
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index 2422dd4..7a52cff 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
_at_@ -3,7 +3,7 @@
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=unbound
 pkgver=1.5.6
-pkgrel=3
+pkgrel=4
 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
 pkgusers="unbound"
 pkggroups="unbound"
_at_@ -96,21 +96,21 @@ migrate() {
 }
 
 md5sums="691a34abd8e9257dd65b70f28326c1f0  unbound-1.5.6.tar.gz
-d354705e7a468b7fad5e19ff5bd1bceb  conf.patch
+ac71ed8daf79787a0689ae3971bf4350  conf.patch
 deb0a18f2250caa53750ee2cecac71e9  swig.patch
 c1c71cd0e7f9630536a2abf2513c675d  update-unbound-root-hints
 5340681e5ec1a1fd47a0de27f5c03c21  migrate-dnscache-to-unbound
 b2afc34d106e104730b63876c9a07caf  root.hints
 b98eded68339fc605ec7e6cbb50e5aa3  unbound.initd"
 sha256sums="ad3823f5895f59da9e408ea273fcf81d8a76914c18864fba256d7f140b83e404  unbound-1.5.6.tar.gz
-d95a6b37cce224ab37dadb6dae973992f718c229740bd72ab0edc72cc8e23d84  conf.patch
+127f4b97a4200d47265cad6970ba17784e57883c7cb0f7104cfbc7979bd9efc3  conf.patch
 d131e19129744f7014167d8701cb39c8358269a89b317b8a74dacfd267e1f516  swig.patch
 0db3ca197b62901fab984cb2559925adbf3307ccd1dca3e1dd69cd1642ff0a36  update-unbound-root-hints
 582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0  migrate-dnscache-to-unbound
 9de827bda7ddb3b8d3fac2db56c0fe65a67772a12a874c75091ae8e3f2b31c73  root.hints
 d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7  unbound.initd"
 sha512sums="2477e3f00b8f5a3a4661ff20b0bc0d1d56c8a65cc6ab9f1308ae86f41c67a998af68d3ac5ba6c9c22a25a251f0410eaf9fee82911bcb3a3e82ffb6383e28dcf7  unbound-1.5.6.tar.gz
-3c611842fa022f2d3c68293d14a683d92d81d124b78561a27818d761684496d9d97551aeca5582709f5ff2cd717b626d6bf4864d58de10e23ce3a07d4129af6c  conf.patch
+a63b849b7bcd923e5ae648ea2a805beed2529afcb8363dd8ee968b964b8bf731f5d2579bc6126619cb1865a498c39e1e0dd7a0f93fecc27569aa5425d6af9ca9  conf.patch
 7d2666363be7156b26fd857459492f6e78fbc24bd6923dd51477e09df938d8c617035e4aa8bf91ffcde384e2dff8225eced14d7aaa7690e3a95b34c5f21eaf7d  swig.patch
 0f80b507a8f71b0c00729501d861657ce91a57024cd1963c150d0630c71eccceba370d6e732ff39bb807713672550d87a8c8ecdb9fce6b8b4386c12689603700  update-unbound-root-hints
 b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131  migrate-dnscache-to-unbound
diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch
index 5224e05..dcac701 100644
--- a/main/unbound/conf.patch
+++ b/main/unbound/conf.patch
_at_@ -1,6 +1,15 @@
 diff -upr unbound-1.5.6.orig/doc/example.conf.in unbound-1.5.6/doc/example.conf.in
---- unbound-1.5.6.orig/doc/example.conf.in	2015-11-16 12:39:39.031890692 +0100
-+++ unbound-1.5.6/doc/example.conf.in	2015-11-16 12:40:05.452566815 +0100
+--- unbound-1.5.6.orig/doc/example.conf.in	2015-11-16 14:42:32.068772139 +0100
++++ unbound-1.5.6/doc/example.conf.in	2015-11-16 14:42:55.639731588 +0100
+_at_@ -212,7 +212,7 @@ server:
+ 	# How to do this is specific to your OS.
+ 	#
+ 	# If you give "" no chroot is performed. The path must not end in a /.
+-	# chroot: "_at_UNBOUND_CHROOT_DIR@"
++	chroot: ""
+ 
+ 	# if given, user privileges are dropped (after binding port),
+ 	# and the given username is assumed. Default is user "unbound".
 _at_@ -243,7 +243,7 @@ server:
  
  	# file to read root hints from.
_at_@ -10,3 +19,21 @@ diff -upr unbound-1.5.6.orig/doc/example.conf.in unbound-1.5.6/doc/example.conf.
  
  	# enable to not answer id.server and hostname.bind queries.
  	# hide-identity: no
+_at_@ -361,7 +361,7 @@ server:
+ 	# you start unbound (i.e. in the system boot scripts).  And enable:
+ 	# Please note usage of unbound-anchor root anchor is at your own risk
+ 	# and under the terms of our LICENSE (see that file in the source).
+-	# auto-trust-anchor-file: "_at_UNBOUND_ROOTKEY_FILE@"
++	# auto-trust-anchor-file: ""
+ 
+ 	# File with DLV trusted keys. Same format as trust-anchor-file.
+ 	# There can be only one DLV configured, it is trusted from root down.
+_at_@ -372,7 +372,7 @@ server:
+ 	# with several entries, one file per entry.
+ 	# Zone file format, with DS and DNSKEY entries.
+ 	# Note this gets out of date, use auto-trust-anchor-file please.
+-	# trust-anchor-file: ""
++	trust-anchor-file: "_at_UNBOUND_ROOTKEY_FILE@"
+ 	
+ 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
+ 	# single line, surrounded by "". TTL is ignored. class is IN default.
-- 
2.6.3
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Mon Nov 16 2015 - 14:45:40 GMT