OpenWrt
/
packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

unbound: update control cert uci processing 

Signed-off-by: Rob Ekl <ekl.rob@gmail.com>
This commit is contained in:
Rob Ekl 2022-09-27 21:05:31 -05:00 committed by Josef Schlehofer
parent 4f3d297e1f
commit 781a74bb85
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/unbound/files/defaults.sh
View File

@ -53,10 +53,10 @@ UB_TIME_FILE=$UB_VARDIR/hotplug.time
UB_SKIP_FILE=$UB_VARDIR/skip.time
# control app keys
UB_CTLKEY_FILE=$UB_ETCDIR/unbound_control.key
UB_CTLPEM_FILE=$UB_ETCDIR/unbound_control.pem
UB_SRVKEY_FILE=$UB_ETCDIR/unbound_server.key
UB_SRVPEM_FILE=$UB_ETCDIR/unbound_server.pem
UB_CTLKEY_FILE=unbound_control.key
UB_CTLPEM_FILE=unbound_control.pem
UB_SRVKEY_FILE=unbound_server.key
UB_SRVPEM_FILE=unbound_server.pem
# similar default SOA / NS RR as Unbound uses for private ARPA zones
UB_XSER=$(( $( date +%s ) / 60 ))

19
net/unbound/files/unbound.sh
View File

@ -295,18 +295,18 @@ unbound_mkdir() {
if [ -x /usr/sbin/unbound-control-setup ] ; then
if [ ! -f $UB_CTLKEY_FILE ] || [ ! -f $UB_CTLPEM_FILE ] \
|| [ ! -f $UB_SRVKEY_FILE ] || [ ! -f $UB_SRVPEM_FILE ] ; then
if [ ! -f $UB_ETCDIR/$UB_CTLKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_CTLPEM_FILE ] \
|| [ ! -f $UB_ETCDIR/$UB_SRVKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_SRVPEM_FILE ] ; then
case "$UB_D_CONTROL" in
[2-3])
# unbound-control-setup for encrypt opt. 2 and 3, but not 4 "static"
/usr/sbin/unbound-control-setup -d $UB_ETCDIR
chown -R unbound:unbound $UB_CTLKEY_FILE $UB_CTLPEM_FILE \
$UB_SRVKEY_FILE $UB_SRVPEM_FILE
chown -R unbound:unbound $UB_ETCDIR/$UB_CTLKEY_FILE $UB_ETCDIR/$UB_CTLPEM_FILE \
$UB_ETCDIR/$UB_SRVKEY_FILE $UB_ETCDIR/$UB_SRVPEM_FILE
chmod 640 $UB_CTLKEY_FILE $UB_CTLPEM_FILE \
$UB_SRVKEY_FILE $UB_SRVPEM_FILE
chmod 640 $UB_ETCDIR/$UB_CTLKEY_FILE $UB_ETCDIR/$UB_CTLPEM_FILE \
$UB_ETCDIR/$UB_SRVKEY_FILE $UB_ETCDIR/$UB_SRVPEM_FILE
;;
esac
fi
@ -338,11 +338,14 @@ unbound_control() {
if [ $UB_D_CONTROL -gt 1 ] ; then
if [ ! -f $UB_CTLKEY_FILE ] || [ ! -f $UB_CTLPEM_FILE ] \
|| [ ! -f $UB_SRVKEY_FILE ] || [ ! -f $UB_SRVPEM_FILE ] ; then
if [ ! -f $UB_ETCDIR/$UB_CTLKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_CTLPEM_FILE ] \
|| [ ! -f $UB_ETCDIR/$UB_SRVKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_SRVPEM_FILE ] ; then
# Key files need to be present; if unbound-control-setup was found, then
# they might have been made during unbound_makedir() above.
UB_D_CONTROL=0
else
cp -a $UB_ETCDIR/$UB_CTLKEY_FILE $UB_ETCDIR/$UB_CTLPEM_FILE \
$UB_ETCDIR/$UB_SRVKEY_FILE $UB_ETCDIR/$UB_SRVPEM_FILE $UB_VARDIR/
fi
fi