LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Merge pull request #6352 from EricLuehrsen/unbound_20180625 

unbound: limit outside script source to init funciton scope
lilik-openwrt-22.03
Hannu Nyman 6 years ago
committed by GitHub
parent
1929265024 21864670fa
commit
1fe8bc9495
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 33 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      net/unbound/Makefile
  2. +4
    -5
      net/unbound/files/unbound.init
  3. +26
    -26
      net/unbound/files/unbound.sh

+ 2
- 2
net/unbound/Makefile View File

@ -9,11 +9,11 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
PKG_VERSION:=1.7.3
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@hotmail.com>
PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads


+ 4
- 5
net/unbound/files/unbound.init View File

@ -16,10 +16,6 @@ PROG=/usr/sbin/unbound
##############################################################################
. /usr/lib/unbound/unbound.sh
##############################################################################
boot() {
UNBOUND_BOOT=1
start "$@"
@ -34,10 +30,11 @@ start_service() {
fi
# complex UCI work
. /usr/lib/unbound/unbound.sh
unbound_start
# standard procd clause
procd_open_instance
procd_open_instance "unbound"
procd_set_param command $PROG -d -c $UNBOUND_CONFFILE
procd_set_param respawn
procd_close_instance
@ -46,6 +43,8 @@ start_service() {
##############################################################################
stop_service() {
# clean up
. /usr/lib/unbound/unbound.sh
unbound_stop
# Wait! on restart Unbound may take time writing closure stats to syslog


+ 26
- 26
net/unbound/files/unbound.sh View File

@ -249,7 +249,7 @@ create_local_zone() {
# New Zone! Bundle local-zones: by first two name tiers "abcd.tld."
partial=$( echo "$target" | awk -F. '{ j=NF ; i=j-1; print $i"."$j }' )
UNBOUND_LIST_DOMAINS="$UNBOUND_LIST_DOMAINS $partial"
echo " local-zone: $partial. transparent" >> $UNBOUND_CONFFILE
echo " local-zone: $partial transparent" >> $UNBOUND_CONFFILE
fi
}
@ -561,10 +561,10 @@ unbound_control() {
echo " control-use-cert: yes"
echo " control-interface: 127.0.0.1"
echo " control-interface: ::1"
echo " server-key-file: \"$UNBOUND_SRVKEY_FILE\""
echo " server-cert-file: \"$UNBOUND_SRVPEM_FILE\""
echo " control-key-file: \"$UNBOUND_CTLKEY_FILE\""
echo " control-cert-file: \"$UNBOUND_CTLPEM_FILE\""
echo " server-key-file: $UNBOUND_SRVKEY_FILE"
echo " server-cert-file: $UNBOUND_SRVPEM_FILE"
echo " control-key-file: $UNBOUND_CTLKEY_FILE"
echo " control-cert-file: $UNBOUND_CTLPEM_FILE"
echo
} >> $UNBOUND_CONFFILE
;;
@ -579,10 +579,10 @@ unbound_control() {
echo " control-use-cert: yes"
echo " control-interface: 0.0.0.0"
echo " control-interface: ::0"
echo " server-key-file: \"$UNBOUND_SRVKEY_FILE\""
echo " server-cert-file: \"$UNBOUND_SRVPEM_FILE\""
echo " control-key-file: \"$UNBOUND_CTLKEY_FILE\""
echo " control-cert-file: \"$UNBOUND_CTLPEM_FILE\""
echo " server-key-file: $UNBOUND_SRVKEY_FILE"
echo " server-cert-file: $UNBOUND_SRVPEM_FILE"
echo " control-key-file: $UNBOUND_CTLKEY_FILE"
echo " control-cert-file: $UNBOUND_CTLPEM_FILE"
echo
} >> $UNBOUND_CONFFILE
;;
@ -615,7 +615,7 @@ unbound_forward() {
for fdomain in $UNBOUND_LIST_FORWARD ; do
{
echo "forward-zone:"
echo " name: \"$fdomain.\""
echo " name: $fdomain"
for fresolver in $resolvers ; do
echo " forward-addr: $fresolver"
done
@ -650,15 +650,15 @@ unbound_auth_root() {
{
echo "auth-zone:"
echo " name: \"$realzone\""
echo " name: $realzone"
for server in $axfrservers ; do
echo " master: \"$server\""
echo " master: $server"
done
echo " url: \"$httpserver$zone.zone\""
echo " url: $httpserver$zone.zone"
echo " fallback-enabled: yes"
echo " for-downstream: no"
echo " for-upstream: yes"
echo " zonefile: \"$zone.zone\""
echo " zonefile: $zone.zone"
echo
} >> $UNBOUND_CONFFILE
done
@ -680,9 +680,9 @@ unbound_conf() {
echo
echo "server:"
echo " username: unbound"
echo " chroot: \"$UNBOUND_VARDIR\""
echo " directory: \"$UNBOUND_VARDIR\""
echo " pidfile: \"$UNBOUND_PIDFILE\""
echo " chroot: $UNBOUND_VARDIR"
echo " directory: $UNBOUND_VARDIR"
echo " pidfile: $UNBOUND_PIDFILE"
echo
# No threading
echo " num-threads: 1"
@ -783,13 +783,13 @@ unbound_conf() {
if [ -f "$UNBOUND_HINTFILE" ] ; then
# Optional hints if found
echo " root-hints: \"$UNBOUND_HINTFILE\"" >> $UNBOUND_CONFFILE
echo " root-hints: $UNBOUND_HINTFILE" >> $UNBOUND_CONFFILE
fi
if [ "$UNBOUND_B_DNSSEC" -gt 0 -a -f "$UNBOUND_KEYFILE" ] ; then
{
echo " auto-trust-anchor-file: \"$UNBOUND_KEYFILE\""
echo " auto-trust-anchor-file: $UNBOUND_KEYFILE"
echo
} >> $UNBOUND_CONFFILE
@ -989,7 +989,7 @@ unbound_conf() {
if [ -n "$UNBOUND_LIST_INSECURE" ] ; then
for domain in $UNBOUND_LIST_INSECURE ; do
# Except and accept domains without (DNSSEC); work around broken domains
echo " domain-insecure: \"$domain\"" >> $UNBOUND_CONFFILE
echo " domain-insecure: $domain" >> $UNBOUND_CONFFILE
done
@ -1072,7 +1072,7 @@ unbound_hostname() {
# Hostname as TLD works, but not transparent through recursion
echo " domain-insecure: $UNBOUND_TXT_HOSTNAME"
echo " private-domain: $UNBOUND_TXT_HOSTNAME"
echo " local-zone: $UNBOUND_TXT_HOSTNAME. static"
echo " local-zone: $UNBOUND_TXT_HOSTNAME static"
echo " local-data: \"$UNBOUND_TXT_HOSTNAME. $UNBOUND_XSOA\""
echo " local-data: \"$UNBOUND_TXT_HOSTNAME. $UNBOUND_XNS\""
echo
@ -1091,7 +1091,7 @@ unbound_hostname() {
{
# Do NOT forward queries with your GLA ip6.arpa
echo " domain-insecure: $ifarpa"
echo " local-zone: $ifarpa. $UNBOUND_D_DOMAIN_TYPE"
echo " local-zone: $ifarpa $UNBOUND_D_DOMAIN_TYPE"
echo " local-data: \"$ifarpa. $UNBOUND_XSOA\""
echo " local-data: \"$ifarpa. $UNBOUND_XNS\""
echo
@ -1111,7 +1111,7 @@ unbound_hostname() {
{
# Do NOT forward queries with your ULA ip6.arpa or in-addr.arpa
echo " domain-insecure: $ifarpa"
echo " local-zone: $ifarpa. $UNBOUND_D_DOMAIN_TYPE"
echo " local-zone: $ifarpa $UNBOUND_D_DOMAIN_TYPE"
echo " local-data: \"$ifarpa. $UNBOUND_XSOA\""
echo " local-data: \"$ifarpa. $UNBOUND_XNS\""
echo
@ -1125,7 +1125,7 @@ unbound_hostname() {
# avoid upstream involvement in RFC6762
echo " domain-insecure: local"
echo " private-domain: local"
echo " local-zone: local. $UNBOUND_D_DOMAIN_TYPE"
echo " local-zone: local $UNBOUND_D_DOMAIN_TYPE"
echo " local-data: \"local. $UNBOUND_XSOA\""
echo " local-data: \"local. $UNBOUND_XNS\""
echo " local-data: \"local. 3600 IN TXT RFC6762\""
@ -1134,7 +1134,7 @@ unbound_hostname() {
# type transparent will permit forward-zone: or stub-zone: clauses
echo " domain-insecure: $UNBOUND_TXT_DOMAIN"
echo " private-domain: $UNBOUND_TXT_DOMAIN"
echo " local-zone: $UNBOUND_TXT_DOMAIN. $UNBOUND_D_DOMAIN_TYPE"
echo " local-zone: $UNBOUND_TXT_DOMAIN $UNBOUND_D_DOMAIN_TYPE"
echo " local-data: \"$UNBOUND_TXT_DOMAIN. $UNBOUND_XSOA\""
echo " local-data: \"$UNBOUND_TXT_DOMAIN. $UNBOUND_XNS\""
echo
@ -1145,7 +1145,7 @@ unbound_hostname() {
# likely transparent domain with fordward-zone: clause to next router
echo " domain-insecure: $UNBOUND_TXT_DOMAIN"
echo " private-domain: $UNBOUND_TXT_DOMAIN"
echo " local-zone: $UNBOUND_TXT_DOMAIN. $UNBOUND_D_DOMAIN_TYPE"
echo " local-zone: $UNBOUND_TXT_DOMAIN $UNBOUND_D_DOMAIN_TYPE"
echo
;;
esac


Write Preview
Loading…
Cancel
Save