From 9493e27e697dc6084ebb3f9ddf5874ee44a408f1 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Tue, 26 Jun 2018 21:07:59 -0400 Subject: [PATCH 1/2] unbound: clean up domain periods and unnecessary quotes Signed-off-by: Eric Luehrsen --- net/unbound/files/unbound.sh | 52 ++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index a22117751..a1f328e57 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -249,7 +249,7 @@ create_local_zone() { # New Zone! Bundle local-zones: by first two name tiers "abcd.tld." partial=$( echo "$target" | awk -F. '{ j=NF ; i=j-1; print $i"."$j }' ) UNBOUND_LIST_DOMAINS="$UNBOUND_LIST_DOMAINS $partial" - echo " local-zone: $partial. transparent" >> $UNBOUND_CONFFILE + echo " local-zone: $partial transparent" >> $UNBOUND_CONFFILE fi } @@ -561,10 +561,10 @@ unbound_control() { echo " control-use-cert: yes" echo " control-interface: 127.0.0.1" echo " control-interface: ::1" - echo " server-key-file: \"$UNBOUND_SRVKEY_FILE\"" - echo " server-cert-file: \"$UNBOUND_SRVPEM_FILE\"" - echo " control-key-file: \"$UNBOUND_CTLKEY_FILE\"" - echo " control-cert-file: \"$UNBOUND_CTLPEM_FILE\"" + echo " server-key-file: $UNBOUND_SRVKEY_FILE" + echo " server-cert-file: $UNBOUND_SRVPEM_FILE" + echo " control-key-file: $UNBOUND_CTLKEY_FILE" + echo " control-cert-file: $UNBOUND_CTLPEM_FILE" echo } >> $UNBOUND_CONFFILE ;; @@ -579,10 +579,10 @@ unbound_control() { echo " control-use-cert: yes" echo " control-interface: 0.0.0.0" echo " control-interface: ::0" - echo " server-key-file: \"$UNBOUND_SRVKEY_FILE\"" - echo " server-cert-file: \"$UNBOUND_SRVPEM_FILE\"" - echo " control-key-file: \"$UNBOUND_CTLKEY_FILE\"" - echo " control-cert-file: \"$UNBOUND_CTLPEM_FILE\"" + echo " server-key-file: $UNBOUND_SRVKEY_FILE" + echo " server-cert-file: $UNBOUND_SRVPEM_FILE" + echo " control-key-file: $UNBOUND_CTLKEY_FILE" + echo " control-cert-file: $UNBOUND_CTLPEM_FILE" echo } >> $UNBOUND_CONFFILE ;; @@ -615,7 +615,7 @@ unbound_forward() { for fdomain in $UNBOUND_LIST_FORWARD ; do { echo "forward-zone:" - echo " name: \"$fdomain.\"" + echo " name: $fdomain" for fresolver in $resolvers ; do echo " forward-addr: $fresolver" done @@ -650,15 +650,15 @@ unbound_auth_root() { { echo "auth-zone:" - echo " name: \"$realzone\"" + echo " name: $realzone" for server in $axfrservers ; do - echo " master: \"$server\"" + echo " master: $server" done - echo " url: \"$httpserver$zone.zone\"" + echo " url: $httpserver$zone.zone" echo " fallback-enabled: yes" echo " for-downstream: no" echo " for-upstream: yes" - echo " zonefile: \"$zone.zone\"" + echo " zonefile: $zone.zone" echo } >> $UNBOUND_CONFFILE done @@ -680,9 +680,9 @@ unbound_conf() { echo echo "server:" echo " username: unbound" - echo " chroot: \"$UNBOUND_VARDIR\"" - echo " directory: \"$UNBOUND_VARDIR\"" - echo " pidfile: \"$UNBOUND_PIDFILE\"" + echo " chroot: $UNBOUND_VARDIR" + echo " directory: $UNBOUND_VARDIR" + echo " pidfile: $UNBOUND_PIDFILE" echo # No threading echo " num-threads: 1" @@ -783,13 +783,13 @@ unbound_conf() { if [ -f "$UNBOUND_HINTFILE" ] ; then # Optional hints if found - echo " root-hints: \"$UNBOUND_HINTFILE\"" >> $UNBOUND_CONFFILE + echo " root-hints: $UNBOUND_HINTFILE" >> $UNBOUND_CONFFILE fi if [ "$UNBOUND_B_DNSSEC" -gt 0 -a -f "$UNBOUND_KEYFILE" ] ; then { - echo " auto-trust-anchor-file: \"$UNBOUND_KEYFILE\"" + echo " auto-trust-anchor-file: $UNBOUND_KEYFILE" echo } >> $UNBOUND_CONFFILE @@ -989,7 +989,7 @@ unbound_conf() { if [ -n "$UNBOUND_LIST_INSECURE" ] ; then for domain in $UNBOUND_LIST_INSECURE ; do # Except and accept domains without (DNSSEC); work around broken domains - echo " domain-insecure: \"$domain\"" >> $UNBOUND_CONFFILE + echo " domain-insecure: $domain" >> $UNBOUND_CONFFILE done @@ -1072,7 +1072,7 @@ unbound_hostname() { # Hostname as TLD works, but not transparent through recursion echo " domain-insecure: $UNBOUND_TXT_HOSTNAME" echo " private-domain: $UNBOUND_TXT_HOSTNAME" - echo " local-zone: $UNBOUND_TXT_HOSTNAME. static" + echo " local-zone: $UNBOUND_TXT_HOSTNAME static" echo " local-data: \"$UNBOUND_TXT_HOSTNAME. $UNBOUND_XSOA\"" echo " local-data: \"$UNBOUND_TXT_HOSTNAME. $UNBOUND_XNS\"" echo @@ -1091,7 +1091,7 @@ unbound_hostname() { { # Do NOT forward queries with your GLA ip6.arpa echo " domain-insecure: $ifarpa" - echo " local-zone: $ifarpa. $UNBOUND_D_DOMAIN_TYPE" + echo " local-zone: $ifarpa $UNBOUND_D_DOMAIN_TYPE" echo " local-data: \"$ifarpa. $UNBOUND_XSOA\"" echo " local-data: \"$ifarpa. $UNBOUND_XNS\"" echo @@ -1111,7 +1111,7 @@ unbound_hostname() { { # Do NOT forward queries with your ULA ip6.arpa or in-addr.arpa echo " domain-insecure: $ifarpa" - echo " local-zone: $ifarpa. $UNBOUND_D_DOMAIN_TYPE" + echo " local-zone: $ifarpa $UNBOUND_D_DOMAIN_TYPE" echo " local-data: \"$ifarpa. $UNBOUND_XSOA\"" echo " local-data: \"$ifarpa. $UNBOUND_XNS\"" echo @@ -1125,7 +1125,7 @@ unbound_hostname() { # avoid upstream involvement in RFC6762 echo " domain-insecure: local" echo " private-domain: local" - echo " local-zone: local. $UNBOUND_D_DOMAIN_TYPE" + echo " local-zone: local $UNBOUND_D_DOMAIN_TYPE" echo " local-data: \"local. $UNBOUND_XSOA\"" echo " local-data: \"local. $UNBOUND_XNS\"" echo " local-data: \"local. 3600 IN TXT RFC6762\"" @@ -1134,7 +1134,7 @@ unbound_hostname() { # type transparent will permit forward-zone: or stub-zone: clauses echo " domain-insecure: $UNBOUND_TXT_DOMAIN" echo " private-domain: $UNBOUND_TXT_DOMAIN" - echo " local-zone: $UNBOUND_TXT_DOMAIN. $UNBOUND_D_DOMAIN_TYPE" + echo " local-zone: $UNBOUND_TXT_DOMAIN $UNBOUND_D_DOMAIN_TYPE" echo " local-data: \"$UNBOUND_TXT_DOMAIN. $UNBOUND_XSOA\"" echo " local-data: \"$UNBOUND_TXT_DOMAIN. $UNBOUND_XNS\"" echo @@ -1145,7 +1145,7 @@ unbound_hostname() { # likely transparent domain with fordward-zone: clause to next router echo " domain-insecure: $UNBOUND_TXT_DOMAIN" echo " private-domain: $UNBOUND_TXT_DOMAIN" - echo " local-zone: $UNBOUND_TXT_DOMAIN. $UNBOUND_D_DOMAIN_TYPE" + echo " local-zone: $UNBOUND_TXT_DOMAIN $UNBOUND_D_DOMAIN_TYPE" echo ;; esac From 21864670fa1f79b8a6274c6253a84516ceec8d0f Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Mon, 25 Jun 2018 20:40:21 -0400 Subject: [PATCH 2/2] unbound: limit outside script source to init funciton scope Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 4 ++-- net/unbound/files/unbound.init | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 43dea0a20..93856b2bd 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,11 +9,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.7.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE -PKG_MAINTAINER:=Eric Luehrsen +PKG_MAINTAINER:=Eric Luehrsen PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init index ac0dd5806..2f93b4d65 100755 --- a/net/unbound/files/unbound.init +++ b/net/unbound/files/unbound.init @@ -16,10 +16,6 @@ PROG=/usr/sbin/unbound ############################################################################## -. /usr/lib/unbound/unbound.sh - -############################################################################## - boot() { UNBOUND_BOOT=1 start "$@" @@ -34,10 +30,11 @@ start_service() { fi # complex UCI work + . /usr/lib/unbound/unbound.sh unbound_start # standard procd clause - procd_open_instance + procd_open_instance "unbound" procd_set_param command $PROG -d -c $UNBOUND_CONFFILE procd_set_param respawn procd_close_instance @@ -46,6 +43,8 @@ start_service() { ############################################################################## stop_service() { + # clean up + . /usr/lib/unbound/unbound.sh unbound_stop # Wait! on restart Unbound may take time writing closure stats to syslog