Fix unbound directory setup

- Move root.key into /etc/unbound directory - Remove pid file from config, it is baked into the configure options - Make sure unbound does not try to chroot anywhere Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2024-11-22 11:09:46 +01:00 · 2018-06-04 16:25:47 +02:00 · 2018-06-04 16:25:47 +02:00 · 8c76110586
commit 8c76110586
parent 750d53d82d
2 changed files with 3 additions and 6 deletions
--- a/pkg/unbound/build
+++ b/pkg/unbound/build
@ -28,8 +28,6 @@ deploy() {
 	rm -r "$DEPLOY/share"
 	mkdir -p "$DEPLOY/var/lib/unbound"
 	cat_file_override "unbound.conf" > "$DEPLOY/etc/unbound/unbound.conf"
 	split_dev_deploy "$DEPLOY" "$DEVDEPLOY"
@ -46,7 +44,7 @@ deploy() {
 		type=$(echo $line | grep -o -e "<DigestType>[0-9]*</" | grep -o -w "[0-9]*")
 		digest=$(echo $line | grep -o -e "<Digest>[A-F0-9]*</" | grep -o -w "[A-F0-9]*")
-		echo ". IN DS $tag $alg $type $digest" >> "$DEPLOY/var/lib/unbound/root.key"
+		echo ". IN DS $tag $alg $type $digest" >> "$DEPLOY/etc/unbound/root.key"
 	done
 }
--- a/product/router/unbound.conf
+++ b/product/router/unbound.conf
@ -1,6 +1,4 @@
 server:
 	pidfile: "/tmp/unbound.pid"
 	# allow only queries from local machine on port 5353
 	interface: 127.0.0.1
 	access-control: 127.0.0.0/8 allow
@ -10,4 +8,5 @@ server:
 	qname-minimisation: yes
 	# Root trust anchor key file for DNSSEC validation.
-	auto-trust-anchor-file: "/var/lib/unbound/root.key"
+	auto-trust-anchor-file: "/etc/unbound/root.key"
 	chroot: ""