From 8c76110586d8f19c2cf43b1fe1c42844ba85a232 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@tele2.at>
Date: Mon, 4 Jun 2018 16:25:47 +0200
Subject: [PATCH] Fix unbound directory setup

 - Move root.key into /etc/unbound directory
 - Remove pid file from config, it is baked into the configure options
 - Make sure unbound does not try to chroot anywhere

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
---
 pkg/unbound/build           | 4 +---
 product/router/unbound.conf | 5 ++---
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/pkg/unbound/build b/pkg/unbound/build
index 396ee9a..46e2348 100644
--- a/pkg/unbound/build
+++ b/pkg/unbound/build
@@ -28,8 +28,6 @@ deploy() {
 
 	rm -r "$DEPLOY/share"
 
-	mkdir -p "$DEPLOY/var/lib/unbound"
-
 	cat_file_override "unbound.conf" > "$DEPLOY/etc/unbound/unbound.conf"
 
 	split_dev_deploy "$DEPLOY" "$DEVDEPLOY"
@@ -46,7 +44,7 @@ deploy() {
 		type=$(echo $line | grep -o -e "<DigestType>[0-9]*</" | grep -o -w "[0-9]*")
 		digest=$(echo $line | grep -o -e "<Digest>[A-F0-9]*</" | grep -o -w "[A-F0-9]*")
 
-		echo ". IN DS $tag $alg $type $digest" >> "$DEPLOY/var/lib/unbound/root.key"
+		echo ". IN DS $tag $alg $type $digest" >> "$DEPLOY/etc/unbound/root.key"
 	done
 }
 
diff --git a/product/router/unbound.conf b/product/router/unbound.conf
index 5efb4a0..9212700 100644
--- a/product/router/unbound.conf
+++ b/product/router/unbound.conf
@@ -1,6 +1,4 @@
 server:
-	pidfile: "/tmp/unbound.pid"
-
 	# allow only queries from local machine on port 5353
 	interface: 127.0.0.1
 	access-control: 127.0.0.0/8 allow
@@ -10,4 +8,5 @@ server:
 	qname-minimisation: yes
 
 	# Root trust anchor key file for DNSSEC validation.
-	auto-trust-anchor-file: "/var/lib/unbound/root.key"
+	auto-trust-anchor-file: "/etc/unbound/root.key"
+	chroot: ""