LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6570 Commits
1 Branch
46 MiB
Tree: 66360ddd82
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66360ddd82'
${ noResults }
openwrt-packages-dist/net/unbound/files/unbound.sh

126 lines
3.5 KiB
Raw Normal View History

Unbound: Add scripts to manage root.key in tmpfs -Unbound RFC 5011 is busy and writes frequently -RFC 5011 creates working files in same directory -DNSSEC root.key managed in /var/lib/unbound -Protect against flash ROM wear out in /etc/unbound -Scripts will copy back every 7 days instead Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
8 years ago
 
  1. #!/bin/sh

  2. ##############################################################################
  3. #
  4. # This program is free software; you can redistribute it and/or modify
  5. # it under the terms of the GNU General Public License version 2 as
  6. # published by the Free Software Foundation.
  7. #
  8. # This program is distributed in the hope that it will be useful,
  9. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11. # GNU General Public License for more details.
  12. # 
  13. # Copyright (C) 2016 Eric Luehrsen
  14. #
  15. ##############################################################################
  16. #
  17. # TODO: This file will build the UCI for Unbound. This iteration only puts
  18. # our default unbound configuration and root.key into /var/lib/unbound.
  19. #
  20. ##############################################################################
  21. 

  22. # TODO: Just default definitions versus real UCI coming soon.
  23. UNBOUND_B_MAN_CONF=1
  24. UNBOUND_B_DNSSEC=1
  25. UNBOUND_N_ROOT_AGE=7
  26. 

  27. ##############################################################################
  28. 

  29. UNBOUND_ANCHOR=/usr/bin/unbound-anchor
  30. UNBOUND_CONTROL=/usr/bin/unbound-control
  31. 

  32. UNBOUND_LIBDIR=/usr/lib/unbound
  33. 

  34. UNBOUND_PIDFILE=/var/run/unbound.pid
  35. 

  36. UNBOUND_VARDIR=/var/lib/unbound
  37. UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
  38. UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
  39. UNBOUND_HINTFILE=$UNBOUND_VARDIR/root.hints
  40. UNBOUND_CHECKFILE=$UNBOUND_VARDIR/unbound.check
  41. 

  42. ##############################################################################
  43. 

  44. . /lib/functions.sh
  45. . /lib/functions/network.sh
  46. 

  47. . $UNBOUND_LIBDIR/rootzone.sh
  48. 

  49. ##############################################################################
  50. 

  51. unbound_mkdir() {
  52.   mkdir -p $UNBOUND_VARDIR
  53.   
  54.   
  55.   if [ -f /etc/unbound/root.hints ] ; then
  56.     # Your own local copy of root.hints
  57.     cp -p /etc/unbound/root.hints $UNBOUND_HINTFILE
  58.     
  59.   elif [ -f /usr/share/dns/root.hints ] ; then
  60.     # Debian-like package dns-root-data
  61.     cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE
  62.     
  63.   else
  64.     logger -t unbound -s "iterator will use built-in root hints"
  65.   fi
  66.   
  67.   
  68.   if [ -f /etc/unbound/root.key ] ; then
  69.     # Your own local copy of a root.key
  70.     cp -p /etc/unbound/root.key $UNBOUND_KEYFILE
  71.       
  72.   elif [ -f /usr/share/dns/root.key ] ; then
  73.     # Debian-like package dns-root-data
  74.     cp -p /usr/share/dns/root.key $UNBOUND_KEYFILE
  75.       
  76.   elif [ -x "$UNBOUND_ANCHOR" ] ; then 
  77.     $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
  78.         
  79.   else
  80.     logger -t unbound -s "validator will use built-in trust anchor"
  81.   fi
  82. }
  83. 

  84. ##############################################################################
  85. 

  86. unbound_conf() {
  87.   # TODO: Just structure to real UCI coming soon.
  88.   if [ "$UNBOUND_B_MAN_CONF" -gt 0 -a -f /etc/unbound/unbound.conf ] ; then
  89.     # You don't want UCI and use your own manual configuration
  90.     cp -p /etc/unbound/unbound.conf $UNBOUND_CONFFILE
  91.   fi
  92. }
  93. 

  94. ##############################################################################
  95. 

  96. unbound_own() {
  97.   # Debug UCI
  98.   {
  99.     echo "# $UNBOUND_CHECKFILE generated by UCI $( date )"
  100.     echo
  101.     set | grep ^UNBOUND_
  102.   } > $UNBOUND_CHECKFILE
  103.     
  104.   
  105.   if [ ! -f "$UNBOUND_CONFFILE" ] ; then
  106.     # if somehow this happened
  107.     touch $UNBOUND_CONFFILE
  108.   fi
  109.   
  110.   
  111.   # Ensure Access
  112.   chown -R unbound:unbound $UNBOUND_VARDIR
  113.   chmod 775 $UNBOUND_VARDIR
  114.   chmod 664 $UNBOUND_VARDIR/*
  115. }
  116. 

  117. ##############################################################################
  118. 

  119. unbound_prepare() {
  120.   unbound_mkdir
  121.   unbound_conf
  122.   unbound_own
  123. }
  124. 

  125. ##############################################################################
  126.