unbound: Switch to non-privileged user

Until now unbound was always running as root by default. A DNS resolver can
easily run under a non-privileged user.

Signed-off-by: Michael Hanselmann <public@hansmi.ch>

net/unbound/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.5.9
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -39,6 +39,7 @@ define Package/unbound
   SUBMENU:=IP Addresses and Names
   TITLE+= (daemon)
   DEPENDS+= +libunbound
+  USERID:=unbound:unbound
 endef
 
 define Package/unbound/description
@@ -114,6 +115,7 @@ CONFIGURE_ARGS += \
 	--with-libexpat="$(STAGING_DIR)/usr" \
 	--with-ssl="$(STAGING_DIR)/usr" \
 	--with-pidfile=/var/run/unbound.pid \
+	--with-user=unbound \
 	--without-pthreads
 
 define Package/unbound/conffiles

net/unbound/files/unbound.init

@@ -6,6 +6,12 @@ START=61
 USE_PROCD=1
 
 start_service() {
+	find /etc/unbound \! \( -user unbound -group unbound \) \
+		-exec chown unbound:unbound {} \;
+
+	find /etc/unbound \( -perm +027 -o \! -perm -600 \) \
+		-exec chmod u=rwX,g=rX,o= {} \;
+
 	procd_open_instance
 	procd_set_param command /usr/sbin/unbound
 	procd_append_param command -d # don't daemonize

net/unbound/patches/001-conf.patch

@@ -89,14 +89,6 @@ index ff90e3b..5c20fdf 100644
  
  	# if given, a chroot(2) is done to the given directory.
  	# i.e. you can chroot to the working directory, for example,
-@@ -218,6 +233,7 @@ server:
- 	# and the given username is assumed. Default is user "unbound".
- 	# If you give "" no privileges are dropped.
- 	# username: "@UNBOUND_USERNAME@"
-+	username: ""
- 
- 	# the working directory. The relative files in this config are
- 	# relative to this directory. If you give "" the working directory
 @@ -266,12 +284,15 @@ server:
  	#	positive value: fetch that many targets opportunistically.
  	# Enclose the list of numbers between quotes ("").