debian/0000775000000000000000000000000012320565153007172 5ustar debian/unbound-anchor.install0000664000000000000000000000013012310113675013473 0ustar usr/sbin/unbound-anchor usr/sbin usr/share/man/man8/unbound-anchor.8 usr/share/man/man8 debian/compat0000664000000000000000000000000212310113675010365 0ustar 9 debian/unbound-host.install0000664000000000000000000000012312310113675013200 0ustar usr/sbin/unbound-host usr/bin usr/share/man/man1/unbound-host.1 usr/share/man/man1 debian/unbound.init0000664000000000000000000001143112310113675011526 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: unbound # Required-Start: $network $remote_fs $syslog # Required-Stop: $network $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO NAME=unbound DESC="recursive DNS server" DAEMON=/usr/sbin/unbound PIDFILE="/var/run/unbound.pid" test -x $DAEMON || exit 0 test -x ${DAEMON}-checkconf || exit 0 . /lib/lsb/init-functions UNBOUND_ENABLE=true UNBOUND_CONF=/etc/unbound/unbound.conf UNBOUND_BASE_DIR=$(dirname $UNBOUND_CONF) CHROOT_DIR=$(awk '{if ($1 ~ "^chroot" && $2 != "\"\"") print $2}' $UNBOUND_CONF|sed -e "s#\"##g") ROOT_TRUST_ANCHOR_UPDATE=false ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key RESOLVCONF=false RESOLVCONF_FORWARDERS=false if [ -f /etc/default/$NAME ]; then . /etc/default/$NAME case "x$UNBOUND_ENABLE" in xtrue|x1|xyes) UNBOUND_ENABLE=true ;; *) UNBOUND_ENABLE=false ;; esac case "x$ROOT_TRUST_ANCHOR_UPDATE" in xtrue|x1|xyes) ROOT_TRUST_ANCHOR_UPDATE=true ;; *) ROOT_TRUST_ANCHOR_UPDATE=false ;; esac case "x$RESOLVCONF" in xtrue|x1|xyes) RESOLVCONF=true ;; *) RESOLVCONF=false esac case "x$RESOLVCONF_FORWARDERS" in xtrue|x1|xyes) RESOLVCONF_FORWARDERS=true ;; *) RESOLVCONF_FORWARDERS=false esac fi do_resolvconf_start() { if $RESOLVCONF; then if [ -x /sbin/resolvconf ]; then unbound-checkconf $CHROOT_DIR/$UNBOUND_CONF -o interface | ( default=yes while read interface; do default=no if [ "x$interface" = x0.0.0.0 -o "x$interface" = x127.0.0.1 ]; then echo "nameserver 127.0.0.1" elif [ "x$interface" = x::0 -o "x$interface" = x::1 ]; then echo "nameserver ::1" fi done if [ $default = yes ]; then # unbound defaults to listening on localhost echo "nameserver 127.0.0.1" fi ) | /sbin/resolvconf -a lo.unbound fi fi } do_resolvconf_stop() { if $RESOLVCONF; then if [ -x /sbin/resolvconf ]; then /sbin/resolvconf -d lo.unbound fi fi } do_chroot_setup() { if [ -d "$CHROOT_DIR" -a "$CHROOT_DIR" != "$UNBOUND_BASE_DIR" ]; then cd / tar --overwrite -cf - $(echo $UNBOUND_BASE_DIR | sed 's#^/##') | (cd $CHROOT_DIR && tar -xf -) fi } case "$1" in start) if $UNBOUND_ENABLE; then do_chroot_setup if $ROOT_TRUST_ANCHOR_UPDATE; then unbound-anchor -a $ROOT_TRUST_ANCHOR_FILE -v 2>&1 | logger -p daemon.info -t unbound-anchor chown unbound:unbound $ROOT_TRUST_ANCHOR_FILE fi log_daemon_msg "Starting $DESC" "$NAME" if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then do_resolvconf_start log_end_msg 0 else log_end_msg 1 fi else log_warning_msg "Not starting $DESC $NAME, disabled via /etc/default/$NAME" fi ;; stop) if $UNBOUND_ENABLE; then log_daemon_msg "Stopping $DESC" "$NAME" if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME; then do_resolvconf_stop log_end_msg 0 else log_end_msg 1 fi fi ;; restart|force-reload) if $UNBOUND_ENABLE; then log_daemon_msg "Restarting $DESC" "$NAME" start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --retry 5 do_resolvconf_stop if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then do_chroot_setup do_resolvconf_start log_end_msg 0 else log_end_msg 1 fi fi ;; reload) if $UNBOUND_ENABLE; then log_daemon_msg "Reloading $DESC" "$NAME" if start-stop-daemon --stop --pidfile $PIDFILE --signal 1; then do_chroot_setup log_end_msg 0 else log_end_msg 1 fi fi ;; status) status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|status|reload|force-reload}" >&2 exit 1 ;; esac exit 0; debian/resolvconf0000664000000000000000000000201312310113675011266 0ustar #!/bin/sh -e PATH=/usr/sbin:/usr/bin:/sbin:/bin if [ ! -x /usr/sbin/unbound ]; then exit 0 fi if [ ! -f /etc/unbound/unbound_control.key ]; then exit 0 fi if [ ! -x /lib/resolvconf/list-records ]; then exit 1 fi RESOLVCONF_FORWARDERS=false if [ -f /etc/default/unbound ]; then . /etc/default/unbound case "x$RESOLVCONF_FORWARDERS" in xtrue|x1|xyes) RESOLVCONF_FORWARDERS=true ;; *) RESOLVCONF_FORWARDERS=false ;; esac fi if $RESOLVCONF_FORWARDERS; then RESOLVCONF_FILES="$(/lib/resolvconf/list-records)" if [ -n "$RESOLVCONF_FILES" ]; then NS_IPS="$(sed -rne 's/^[[:space:]]*nameserver[[:space:]]+//p' $RESOLVCONF_FILES \ | egrep -v '^(127\.|::1)' | sort -u)" else NS_IPS="" fi if [ -n "$NS_IPS" ]; then FWD="$(echo $NS_IPS | tr '\n' ' ')" unbound-control forward $FWD 1>/dev/null 2>&1 || true else unbound-control forward off 1>/dev/null 2>&1 || true fi fi debian/libunbound-dev.dirs0000664000000000000000000000003712310113675012767 0ustar usr/include usr/share/man/man3 debian/gbp.conf0000664000000000000000000000010512310113675010602 0ustar [buildpackage] pristine-tar = True [import-orig] pristine-tar = True debian/unbound-host.dirs0000664000000000000000000000003312310113675012473 0ustar usr/bin usr/share/man/man1 debian/unbound.doc0000664000000000000000000000005512310113675011330 0ustar doc/CREDITS doc/FEATURES doc/README doc/TODO debian/copyright0000664000000000000000000002472112310113675011130 0ustar This package was debianized by Robert S. Edmonds on Wed, 21 May 2008 14:13:28 -0400. It was downloaded from http://unbound.net/download.html Upstream Author: Wouter Wijngaards, NLnet Labs Copyright: Copyright (C) 2008 Wouter Wijngaards Copyright (C) 2008 NLnet Labs License: This software is open source. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the NLNET LABS nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The Debian packaging is: Copyright (C) 2008-2011 Robert S. Edmonds and is licensed under the GPL version 3, see `/usr/share/common-licenses/GPL-3'. Files: compat/fake-rfc2553.c, compat/fake-rfc2553.h Copyright: 2000-2003 Damien Miller, 1999 WIDE Project License: BSD-3 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: compat/inet_aton.c Copyright: 1983, 1990, 1993 The Regents of the University of California License: BSD-3 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: compat/inet_aton.c Copyright: 1993 Digital Equipment Corporation License: other Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies, and that the name of Digital Equipment Corporation not be used in advertising or publicity pertaining to distribution of the document or software without specific, written prior permission. . THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Files: compat/inet_ntop.c, compat/inet_pton.c Copyright: 1996 Internet Software Consortium License: ISC Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. . THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Files: compat/strlcpy.c Copyright: 1998 Todd C. Miller License: ISC Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. . THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Files: acx_pthread.m4 Copyright: 2006 Steven G. Johnson License: GPL-2+ | other This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . As a special exception, the respective Autoconf Macro's copyright owner gives unlimited permission to copy, distribute and modify the configure scripts that are the output of Autoconf when processing the Macro. You need not follow the terms of the GNU General Public License when using or distributing such scripts, even though portions of the text of the Macro appear in them. The GNU General Public License (GPL) does govern all other use of the material that constitutes the Autoconf Macro. . This special exception to the GPL applies to versions of the Autoconf Macro released by the Autoconf Macro Archive. When you make and distribute a modified version of the Autoconf Macro, you may extend this special exception to the GPL to apply to your modified version as well. Files: util/configparser.h, util/configparser.c Copyright: (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ debian/libunbound2.symbols0000664000000000000000000000161312310113675013025 0ustar libunbound.so.2 libunbound2 #MINVER# ub_cancel@Base 1.4.1 ub_ctx_add_ta@Base 1.4.1 ub_ctx_add_ta_file@Base 1.4.1 ub_ctx_async@Base 1.4.1 ub_ctx_config@Base 1.4.1 ub_ctx_create@Base 1.4.1 ub_ctx_create_event@Base 1.4.22 ub_ctx_data_add@Base 1.4.1 ub_ctx_data_remove@Base 1.4.1 ub_ctx_debuglevel@Base 1.4.1 ub_ctx_debugout@Base 1.4.1 ub_ctx_delete@Base 1.4.1 ub_ctx_get_option@Base 1.4.2 ub_ctx_hosts@Base 1.4.1 ub_ctx_print_local_zones@Base 1.4.1 ub_ctx_resolvconf@Base 1.4.1 ub_ctx_set_event@Base 1.4.22 ub_ctx_set_fwd@Base 1.4.1 ub_ctx_set_option@Base 1.4.1 ub_ctx_trustedkeys@Base 1.4.1 ub_ctx_zone_add@Base 1.4.1 ub_ctx_zone_remove@Base 1.4.1 ub_fd@Base 1.4.1 ub_poll@Base 1.4.1 ub_process@Base 1.4.1 ub_resolve@Base 1.4.1 ub_resolve_async@Base 1.4.1 ub_resolve_event@Base 1.4.22 ub_resolve_free@Base 1.4.1 ub_strerror@Base 1.4.1 ub_version@Base 1.4.16 ub_wait@Base 1.4.1 debian/unbound.conf0000664000000000000000000000051412310113675011510 0ustar # Unbound configuration file for Debian. # # See the unbound.conf(5) man page. # # See /usr/share/doc/unbound/examples/unbound.conf for a commented # reference config file. # # The following line includes additional configuration files from the # /etc/unbound/unbound.conf.d directory. include: "/etc/unbound/unbound.conf.d/*.conf" debian/control0000664000000000000000000000650112317605131010574 0ustar Source: unbound Section: net Priority: optional Maintainer: Robert S. Edmonds Build-Depends: dpkg-dev (>= 1.16.1~), debhelper (>= 9~), dh-autoreconf, doxygen, autoconf, automake, autotools-dev, libtool, flex, bison, libssl-dev, libevent-dev, libexpat1-dev, python-all-dev (>= 2.6.6-3~), swig Standards-Version: 3.9.5 Homepage: https://www.unbound.net/ Vcs-Browser: http://anonscm.debian.org/gitweb/?p=users/edmonds/unbound.git Vcs-Git: git://anonscm.debian.org/users/edmonds/unbound.git Package: unbound Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, unbound-anchor, adduser, openssl Description: validating, recursive, caching DNS resolver Unbound is a recursive-only caching DNS server which can perform DNSSEC validation of results. It implements only a minimal amount of authoritative service to prevent leakage to the root nameservers: forward lookups for localhost, reverse for 127.0.0.1 and ::1, and NXDOMAIN for zones served by AS112. Stub and forward zones are supported. . This package contains the unbound daemon. Package: unbound-anchor Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Replaces: unbound (<< 1.4.13-1) Breaks: unbound (<< 1.4.13-1) Description: utility to securely fetch the root DNS trust anchor unbound-anchor is a utility which securely fetches or updates the root DNS zone trust anchor. A copy of the current root anchor and root update certificate is embedded in unbound-anchor. RFC 5011 trust anchor tracking is performed, with fallback to an SSL fetch if this fails. Package: unbound-host Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: reimplementation of the 'host' command This package provides the 'unbound-host' program that is bundled with the Unbound domain name server. This version differs from the one provided in the package called host, which is from NIKHEF, and bind9-host, which is from ISC, and has a similar but different set of features and options. Package: libunbound2 Section: libs Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: library implementing DNS resolution and validation libunbound performs and validates DNS lookups; it can be used to convert hostnames to IP addresses and back and obtain other information from the DNS. Cryptographic validation of results is performed with DNSSEC. Package: libunbound-dev Section: libdevel Architecture: any Depends: ${misc:Depends}, libunbound2 (= ${binary:Version}) Multi-Arch: same Description: static library, header files, and docs for libunbound Static library, header files, and documentation for libunbound. . libunbound performs and validates DNS lookups; it can be used to convert hostnames to IP addresses and back and obtain other information from the DNS. Cryptographic validation of results is performed with DNSSEC. Package: python-unbound Section: python Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} Description: library implementing DNS resolution and validation (Python bindings) Python extension module for libunbound. . libunbound performs and validates DNS lookups; it can be used to convert hostnames to IP addresses and back and obtain other information from the DNS. Cryptographic validation of results is performed with DNSSEC. debian/libunbound-dev.install0000664000000000000000000000012512310113675013472 0ustar usr/include/unbound.h usr/include usr/share/man/man3/libunbound.3 usr/share/man/man3 debian/root-auto-trust-anchor-file.conf0000664000000000000000000000027612310113675015340 0ustar server: # The following line will configure unbound to perform cryptographic # DNSSEC validation using the root trust anchor. auto-trust-anchor-file: "/var/lib/unbound/root.key" debian/changelog0000664000000000000000000002735412320562763011063 0ustar unbound (1.4.22-1ubuntu4) trusty; urgency=medium * debian/rules: Enable full testsuite. * debian/patches/disable_remote_control_in_tests: Disable remote control in testbound suite so tests succeed. -- Jonathan Davies Mon, 07 Apr 2014 13:45:15 +0000 unbound (1.4.22-1ubuntu3) trusty; urgency=low * debian/patches/disable_chroot_by_default: Readded disable-chroot-by-default functionality (LP: #1303088). * debian/patches/silence_open_files_limit_warning: Readded patch. -- Jonathan Davies Mon, 07 Apr 2014 13:02:09 +0000 unbound (1.4.22-1ubuntu2) trusty; urgency=medium * debian/rules: Set to run unittests. * debian/patches/debian-changes: Removed lingering changes from 1.4.22-1 upload. * debian/patches/disable_sldns_str2wire_rr_buf_tests: Disable test files 3 and 5 (issue reported upstream #572). -- Jonathan Davies Fri, 04 Apr 2014 23:21:00 +0000 unbound (1.4.22-1ubuntu1) trusty; urgency=low * Bring back dh-autoreconf stuff from upload 1.4.21-1ubuntu1. -- Jonathan Davies Fri, 04 Apr 2014 19:37:52 +0000 unbound (1.4.22-1) unstable; urgency=medium * New upstream release. * Drop Build-Dependency on libldns-dev. Unbound no longer relies on libldns. -- Robert S. Edmonds Wed, 12 Mar 2014 13:21:58 -0400 unbound (1.4.21-1) unstable; urgency=low * New upstream release. * Don't compress the example config file in /usr/share/doc/unbound; closes: #722708. * Fully enable hardening options; closes: #709837. (Patch from Simon Deziel.) * Add support for .d style configuration in /etc/unbound/unbound.conf.d; closes: #656549. * Move auto-trust-anchor-file configuration for the root into the new /etc/unbound/unbound.conf.d directory. -- Robert S. Edmonds Thu, 19 Sep 2013 21:45:39 -0400 unbound (1.4.20-1) unstable; urgency=low * New upstream release. - Updates IPv4 address hint for D.ROOT-SERVERS.NET; closes: #697351. * Correct exit code for "/etc/init.d/unbound status"; closes: #685052. (Patch from micah anderson.) * Finish dh_python2 conversion; closes: #697575. (Patch from Micah Gersten.) * Check for multiarch Python headers; closes: #697576. (Patch from Micah Gersten.) * Automatically set up the chroot directory if enabled; closes: #579622. (Patch from Simon Deziel.) -- Robert S. Edmonds Sat, 13 Apr 2013 15:34:47 -0400 unbound (1.4.19-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Fri, 14 Dec 2012 21:33:42 -0500 unbound (1.4.18-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 05 Aug 2012 21:54:05 -0400 unbound (1.4.17-2) unstable; urgency=low * Build-depend on libldns-dev (>= 1.6.13~) for ECDSA support. -- Robert S. Edmonds Mon, 28 May 2012 14:19:57 -0400 unbound (1.4.17-1) unstable; urgency=low * New upstream release; closes: #674434. * Implement 'status' command in init script; closes: #666388. * Fix build system bug that negated fully hardening the build; closes: #658021. (Patch from Simon Ruderich.) * Disable ECDSA support (for now) as this requires a newer ldns than is in the archive. -- Robert S. Edmonds Sun, 27 May 2012 16:41:41 -0400 unbound (1.4.16-2) unstable; urgency=low * Enable hardened build flags; closes: #658021. -- Robert S. Edmonds Sat, 21 Apr 2012 15:35:16 -0400 unbound (1.4.16-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 05 Feb 2012 20:02:24 -0500 unbound (1.4.14-2) unstable; urgency=high * Work around gcc bugs by disabling link time optimization on build architectures that are not i386/amd64. -- Robert S. Edmonds Wed, 21 Dec 2011 15:52:17 -0500 unbound (1.4.14-1) unstable; urgency=high * New upstream release. - CVE-2011-4528. * Call dh_python2 in debian/rules; closes: #652294. -- Robert S. Edmonds Mon, 19 Dec 2011 11:00:46 -0500 unbound (1.4.13-2) unstable; urgency=low * Reduce the run-time dependencies of libunbound and the unbound-* utilities. -- Robert S. Edmonds Sat, 29 Oct 2011 16:16:19 -0400 unbound (1.4.13-1) unstable; urgency=low * New upstream release. * Only install forwarders learned from resolvconf into unbound if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #637198. * Split unbound-anchor utility into separate binary package. * Support multi-arch. * Fix FTBFS with dpkg-dev 1.16.1. -- Robert S. Edmonds Sun, 23 Oct 2011 16:55:45 -0400 unbound (1.4.12-1) unstable; urgency=medium * New upstream release. -- Robert S. Edmonds Mon, 18 Jul 2011 15:56:42 -0400 unbound (1.4.11-1) unstable; urgency=low * New upstream release. * Fix FTBFS with default python >> 2.6; closes: #625520. -- Robert S. Edmonds Sun, 03 Jul 2011 16:32:49 -0400 unbound (1.4.10-1) unstable; urgency=low * New upstream release: - CVE-2011-1922. -- Robert S. Edmonds Wed, 25 May 2011 15:48:34 -0700 unbound (1.4.9-2) unstable; urgency=low * Build-depend on libldns-dev (>= 1.6.9-2~) for GOST support. * Configure without --disable-gost. -- Robert S. Edmonds Sun, 03 Apr 2011 14:31:40 -0400 unbound (1.4.9-1) unstable; urgency=low * New upstream release. * Convert packaging to git. * Configure with --with-pythonmodule. * Configure with --with-pyunbound. * Build new python-unbound package; closes: #542094. * Automatically create and remove remote control key material on package configuration and package purge. * Set default remote control port to 53953 to avoid conflicting with the bind9 package's default use of port 953 for rndc. * Securely fetch or update the root trust anchor at postinst and before starting the unbound daemon if ROOT_TRUST_ANCHOR_UPDATE is set in /etc/default/unbound; closes: #594911. * If unbound is listening on a loopback address, provide this address as a nameserver to resolvconf if RESOLVCONF is enabled in /etc/default/unbound; closes: #562031. * Configure resolvconf discovered nameservers as forwarders if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #567879. * Don't exit from the init script with an error if UNBOUND_ENABLE is not true; default UNBOUND_ENABLE to true if the default file is missing entirely; closes: #618815. * Support /etc/init.d/unbound reload; closes: #620256. -- Robert S. Edmonds Sat, 02 Apr 2011 22:52:16 -0400 unbound (1.4.8-2) unstable; urgency=low * Add build-dependency on libexpat1-dev; closes: #612261. * Install unbound-anchor utility in unbound package. -- Robert S. Edmonds Mon, 07 Feb 2011 16:06:00 -0500 unbound (1.4.8-1) unstable; urgency=low * New upstream release; closes: #611527. * Add /etc/insserv.conf.d/unbound file declaring unbound to be a name daemon; closes: #596488, #600118. -- Robert S. Edmonds Sun, 06 Feb 2011 23:33:04 -0500 unbound (1.4.6-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 15 Aug 2010 18:26:43 -0400 unbound (1.4.5-1) unstable; urgency=low * New upstream release. * Add dependency on openssl to the unbound binary package; closes: #585808. -- Robert S. Edmonds Sun, 20 Jun 2010 16:50:42 -0400 unbound (1.4.4-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Thu, 22 Apr 2010 15:24:06 -0400 unbound (1.4.3-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Thu, 11 Mar 2010 15:55:33 -0500 unbound (1.4.2-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Tue, 09 Mar 2010 14:13:31 -0500 unbound (1.4.1-2) unstable; urgency=low * Invoke dh_installinit with --restart-after-upgrade; closes: #563033. -- Robert S. Edmonds Tue, 29 Dec 2009 21:54:26 -0500 unbound (1.4.1-1) unstable; urgency=low * New upstream release. * Document copyright status of util/configparser.c, util/configparser.h; closes: #552066. * Enable libev support; closes: #552424. -- Robert S. Edmonds Sat, 26 Dec 2009 17:19:10 -0500 unbound (1.4.0-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Fri, 04 Dec 2009 20:32:52 -0800 unbound (1.3.4-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Wed, 07 Oct 2009 12:59:21 -0400 unbound (1.3.3-1) unstable; urgency=low * New upstream release. * Drop .la file from libunbound-dev; closes: #541640. -- Robert S. Edmonds Sun, 23 Aug 2009 13:25:53 -0400 unbound (1.3.2-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Mon, 13 Jul 2009 05:50:47 -0400 unbound (1.3.0-1) unstable; urgency=low * New upstream release; closes: #533613. * Move pid file to /var/run; closes: #533611. * Use "unbound-checkconf -o pidfile" in init script to determine pid file location (thanks Michael Tokarev). -- Robert S. Edmonds Mon, 29 Jun 2009 01:10:00 -0400 unbound (1.2.1-2) unstable; urgency=low * Closes: #527753, #509535. -- Robert S. Edmonds Sat, 09 May 2009 16:46:32 -0400 unbound (1.2.1-1) unstable; urgency=low * New upstream release. * Remove init script chroot setup. -- Robert S. Edmonds Sat, 28 Feb 2009 19:46:09 -0500 unbound (1.0.2-1.2) unstable; urgency=low * Enable unbound by default (Closes: #508884) * Call dh_installinit with --error-handler=true (Closes: #500176) -- Ondřej Surý Tue, 16 Dec 2008 11:54:15 +0100 unbound (1.0.2-1.1) unstable; urgency=low [ Hideki Yamane (Debian-JP) ] * debian/{unbound.init,unbound.default} + set not start by default, to avoid that port 53 blocking by other name servers will cause install problems * debian/unbound.prerm + fix lintian "unbound: maintainer-script-hides-init-failure prerm:5" error [ Ondřej Surý ] * Non-maintainer upload. * Minor tweaks to patched init.d file to make it work. -- Ondřej Surý Mon, 15 Dec 2008 19:54:44 +0100 unbound (1.0.2-1) unstable; urgency=low * New upstream release; + stricter filtering of DNS messages to combat cache poisoning -- Robert S. Edmonds Mon, 25 Aug 2008 01:03:59 -0400 unbound (1.0.1-2) unstable; urgency=low * unbound tries too hard to chroot(); ship a default config that doesn't fail to start on new installs; closes: #492243. -- Robert S. Edmonds Sat, 02 Aug 2008 17:46:24 -0400 unbound (1.0.1-1) unstable; urgency=low * New upstream release. * Drop 'return' from init script; closes: #488650. -- Robert S. Edmonds Wed, 16 Jul 2008 12:38:55 -0400 unbound (1.0.0-3) unstable; urgency=low * Lintian clean; closes: #485438. * Don't chroot by default; note manual syslog configuration in README.Debian; closes: #486303. * Update to policy 3.8.0.0. -- Robert S. Edmonds Sun, 15 Jun 2008 17:25:04 -0400 unbound (1.0.0-2) unstable; urgency=low * Fix Build-Deps. * Split unbound-host into a separate package. -- Robert S. Edmonds Sun, 25 May 2008 16:12:21 -0400 unbound (1.0.0-1) unstable; urgency=low * Initial release; closes: #482277. -- Robert S. Edmonds Wed, 21 May 2008 14:13:28 -0400 debian/rules0000775000000000000000000000560612320562467010266 0ustar #!/usr/bin/make -f #export DH_VERBOSE=1 include /usr/share/dpkg/architecture.mk ifneq ($(DEB_HOST_ARCH), amd64) CONFIGURE_ARGS = --disable-flto endif LIBRARY = libunbound2 export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk override_dh_auto_clean: dh_autoreconf_clean dh_auto_clean clean: dh clean build: build-arch: build-indep: autoreconf: autoreconf -f -i cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub . binary-arch: build dh_testdir dh_autoreconf debian/rules -- autoreconf # first build -- build unbound daemon CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --disable-rpath \ --with-pidfile=/var/run/unbound.pid \ --with-libevent \ --with-pythonmodule \ --with-pyunbound \ $(CONFIGURE_ARGS) $(MAKE) unbound install -D -m 0755 unbound debian/unbound/usr/sbin/unbound # XXX gross hack to prevent python module from linking against everything rm -f _unbound.la sed -i -e 's/^dependency_libs=.*/dependency_libs=''/' libunbound.la make _unbound.la LIBS="" install -D -m 0644 .libs/_unbound.so.2.*.* \ debian/python-unbound/usr/lib/$(shell pyversions -d)/dist-packages/_unbound.so install -m 0644 \ pythonmod/unboundmodule.py \ libunbound/python/unbound.py \ debian/python-unbound/usr/lib/$(shell pyversions -d)/dist-packages $(MAKE) clean # second build -- build libunbound and utilities, without extra dependencies CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --disable-rpath \ --without-libevent \ --without-pythonmodule \ --without-pyunbound \ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) $(MAKE) $(MAKE) test $(MAKE) install DESTDIR="$(CURDIR)/debian/tmp" dh_installdirs dh_installinit --error-handler=true --restart-after-upgrade echo '$$named unbound' > debian/unbound/etc/insserv.conf.d/unbound install -m 0755 debian/resolvconf debian/unbound/etc/resolvconf/update.d/unbound install -m 0644 doc/example.conf debian/unbound/usr/share/doc/unbound/examples/unbound.conf mkdir -p debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH) mv \ debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libunbound.a \ debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libunbound.so \ debian/libunbound-dev/usr/lib/$(DEB_HOST_MULTIARCH) mkdir -p debian/$(LIBRARY)/usr/lib/$(DEB_HOST_MULTIARCH) mv \ debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.* \ debian/$(LIBRARY)/usr/lib/$(DEB_HOST_MULTIARCH) chmod 0644 debian/$(LIBRARY)/usr/lib/$(DEB_HOST_MULTIARCH)/* dh_install dh_installchangelogs dh_installdocs dh_installman dh_python2 --no-guessing-versions dh_strip dh_compress -Xusr/share/doc/unbound/examples/unbound.conf dh_fixperms dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary-indep: binary: binary-arch binary-indep debian/patches/0000755000000000000000000000000012320565145010620 5ustar debian/patches/disable_remote_control_in_tests0000664000000000000000000000130712320565145017174 0ustar Description: Disable remote control in tests. Debian has a patch which enables remote control by default, which breaks the testbound test suite. . This patch disables this remote control setting in the tests. Author: Jonathan Davies --- Origin: vendor Last-Update: <2014-04-07> --- unbound-1.4.22.orig/testcode/testbound.c +++ unbound-1.4.22/testcode/testbound.c @@ -193,6 +193,7 @@ setup_config(FILE* in, int* lineno, int* fprintf(cfg, " username: \"\"\n"); fprintf(cfg, " pidfile: \"\"\n"); fprintf(cfg, " val-log-level: 2\n"); + fprintf(cfg, "remote-control: control-enable: no\n"); while(fgets(line, MAX_LINE_LEN-1, in)) { parse = line; (*lineno)++; debian/patches/disable_sldns_str2wire_rr_buf_tests0000644000000000000000000000213112317664160017773 0ustar Description: Disable unit tests 3 and 5 of rr_test suite. Author: Jonathan Davies --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: vendor Bug: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=572 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1302925 Last-Update: <2014-04-05> --- unbound-1.4.22.orig/testcode/unitldns.c +++ unbound-1.4.22/testcode/unitldns.c @@ -205,9 +205,9 @@ rr_tests(void) { rr_test_file("testdata/test_ldnsrr.1", "testdata/test_ldnsrr.c1"); rr_test_file("testdata/test_ldnsrr.2", "testdata/test_ldnsrr.c2"); - rr_test_file("testdata/test_ldnsrr.3", "testdata/test_ldnsrr.c3"); + /*rr_test_file("testdata/test_ldnsrr.3", "testdata/test_ldnsrr.c3");*/ rr_test_file("testdata/test_ldnsrr.4", "testdata/test_ldnsrr.c4"); - rr_test_file("testdata/test_ldnsrr.5", "testdata/test_ldnsrr.c5"); + /*rr_test_file("testdata/test_ldnsrr.5", "testdata/test_ldnsrr.c5");*/ } void debian/patches/disable_chroot_by_default0000664000000000000000000000474612320525535015736 0ustar Description: Disable chroot by default. Author: Robert S. Edmonds --- unbound-1.4.21.orig/acx_python.m4 +++ unbound-1.4.21/acx_python.m4 @@ -90,7 +90,12 @@ $ac_distutils_result]) if test -n "${python_path}"; then python_path="-I$python_path" fi - PYTHON_CPPFLAGS=$python_path + python_multiarch_path=`$PYTHON -c "import distutils.sysconfig; \ + print distutils.sysconfig.get_python_inc(plat_specific=1);"` + if test -n "${python_multiarch_path}"; then + python_multiarch_path="-I$python_multiarch_path" + fi + PYTHON_CPPFLAGS="$python_path $python_multiarch_path" fi AC_MSG_RESULT([$PYTHON_CPPFLAGS]) AC_SUBST([PYTHON_CPPFLAGS]) --- unbound-1.4.21.orig/doc/unbound.conf.5.in +++ unbound-1.4.21/doc/unbound.conf.5.in @@ -921,7 +921,7 @@ section for options. To setup the corre \fIunbound\-control\-setup\fR(8) utility. .TP 5 .B control\-enable: \fI -The option is used to enable remote control, default is "no". +The option is used to enable remote control, default is "yes". If turned off, the server does not listen for control commands. .TP 5 .B control\-interface: --- unbound-1.4.21.orig/smallapp/unbound-control-setup.sh +++ unbound-1.4.21/smallapp/unbound-control-setup.sh @@ -157,6 +157,6 @@ chmod o-rw $SVR_BASE.pem $SVR_BASE.key $ rm -f request.cfg rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl" -echo "Setup success. Certificates created. Enable in unbound.conf file to use" +echo "Setup success. Certificates created." exit 0 --- unbound-1.4.21.orig/util/config_file.c +++ unbound-1.4.21/util/config_file.c @@ -139,7 +139,7 @@ config_create(void) init_outgoing_availports(cfg->outgoing_avail_ports, 65536); if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; #ifdef HAVE_CHROOT - if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; + if(!(cfg->chrootdir = strdup(""))) goto error_exit; #endif if(!(cfg->directory = strdup(RUN_DIR))) goto error_exit; if(!(cfg->logfile = strdup(""))) goto error_exit; @@ -198,7 +198,7 @@ config_create(void) cfg->local_zones_nodefault = NULL; cfg->local_data = NULL; cfg->python_script = NULL; - cfg->remote_control_enable = 0; + cfg->remote_control_enable = 1; cfg->control_ifs = NULL; cfg->control_port = UNBOUND_CONTROL_PORT; cfg->minimal_responses = 0; debian/patches/silence_open_files_limit_warning0000664000000000000000000000077012320524157017317 0ustar Description: Silence open file limit warning Author: Jonathan Davies Bug-Ubuntu: https://bugs.launchpad.net/bugs/1303088 Last-Update: <2014-04-07> --- unbound-1.4.22.orig/daemon/unbound.c +++ unbound-1.4.22/daemon/unbound.c @@ -280,8 +280,6 @@ checkrlimits(struct config_file* cfg) "ports in config to remove this warning"); return; } - log_warn("increased limit(open files) from %u to %u", - (unsigned)avail, (unsigned)total+10); } #else (void)cfg; debian/patches/series0000644000000000000000000000017712320565032012035 0ustar disable_chroot_by_default disable_sldns_str2wire_rr_buf_tests silence_open_files_limit_warning disable_remote_control_in_tests debian/unbound.default0000664000000000000000000000110512310113675012204 0ustar # If set, the unbound daemon will be started and stopped by the init script. UNBOUND_ENABLE=true # Whether to automatically update the root trust anchor file. ROOT_TRUST_ANCHOR_UPDATE=true # File in which to store the root trust anchor. ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key # If set, the unbound init script will provide unbound's listening # IP addresses as nameservers to resolvconf. RESOLVCONF=true # If set, resolvconf nameservers will be configured as forwarders # to be used by unbound. RESOLVCONF_FORWARDERS=true #DAEMON_OPTS="-c /etc/unbound/unbound.conf" debian/unbound.install0000664000000000000000000000065012310113675012232 0ustar debian/unbound.conf etc/unbound debian/root-auto-trust-anchor-file.conf etc/unbound/unbound.conf.d usr/sbin/unbound-control usr/sbin usr/sbin/unbound-control-setup usr/sbin usr/sbin/unbound-checkconf usr/sbin usr/share/man/man5/unbound.conf.5 usr/share/man/man5 usr/share/man/man8/unbound-checkconf.8 usr/share/man/man8 usr/share/man/man8/unbound-control.8 usr/share/man/man8 usr/share/man/man8/unbound.8 usr/share/man/man8 debian/source/0000775000000000000000000000000012310113675010467 5ustar debian/source/options0000664000000000000000000000002412310113675012101 0ustar single-debian-patch debian/source/format0000664000000000000000000000001412310113675011675 0ustar 3.0 (quilt) debian/unbound.dirs0000664000000000000000000000027412310113675011527 0ustar etc/default etc/insserv.conf.d etc/resolvconf/update.d etc/unbound etc/unbound/unbound.conf.d usr/sbin usr/share/doc/unbound/examples usr/share/man/man5 usr/share/man/man8 var/lib/unbound debian/watch0000664000000000000000000000012212310113675010213 0ustar version=3 http://www.unbound.net/download.html \ downloads/unbound-(.+)\.tar\.gz debian/unbound-anchor.dirs0000664000000000000000000000003412310113675012771 0ustar usr/sbin usr/share/man/man8 debian/unbound.postrm0000664000000000000000000000056012310113675012110 0ustar #!/bin/sh -e if [ "$1" = remove ]; then rm -rf /var/lib/unbound deluser --quiet unbound >/dev/null || true fi if [ "$1" = purge ]; then rm -f /etc/unbound/unbound_control.key \ /etc/unbound/unbound_control.pem \ /etc/unbound/unbound_server.key \ /etc/unbound/unbound_server.pem rm -f /var/lib/unbound/root.key fi #DEBHELPER# debian/unbound.postinst0000664000000000000000000000156512310113675012455 0ustar #!/bin/sh -e ROOT_TRUST_ANCHOR_UPDATE=false ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key if [ -f /etc/default/unbound ]; then . /etc/default/unbound fi if [ "$1" = configure ]; then if ! getent passwd unbound >/dev/null; then adduser --quiet --system --group --no-create-home --home /var/lib/unbound unbound chown unbound:unbound /var/lib/unbound fi if [ -f /etc/default/unbound ]; then . /etc/default/unbound case "x$ROOT_TRUST_ANCHOR_UPDATE" in xtrue|x1|xyes) unbound-anchor -a "$ROOT_TRUST_ANCHOR_FILE" -v 2>&1 | logger -p daemon.info -t unbound-anchor chown unbound:unbound "$ROOT_TRUST_ANCHOR_FILE" || true ;; esac fi if [ ! -f /etc/unbound/unbound_control.key ]; then unbound-control-setup 1>/dev/null 2>&1 || true fi fi #DEBHELPER# debian/unbound.prerm0000664000000000000000000000004612310113675011710 0ustar #!/bin/sh set -e #DEBHELPER# exit 0