diff options
| author | Rob Ekl <ekl.rob@gmail.com> | 2022-09-27 21:05:31 -0500 |
|---|---|---|
| committer | Josef Schlehofer <pepe.schlehofer@gmail.com> | 2022-10-09 21:39:43 +0200 |
| commit | 781a74bb85345ff738c041c6cc98b3e51138262e (patch) | |
| tree | 40ec3ecbc595270eb6f72c0601a2f737c0272873 /net | |
| parent | 4f3d297e1fafe0354be16205c4489b5be79040fc (diff) | |
unbound: update control cert uci processing
Signed-off-by: Rob Ekl <ekl.rob@gmail.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/unbound/files/defaults.sh | 8 | ||||
| -rw-r--r-- | net/unbound/files/unbound.sh | 19 |
2 files changed, 15 insertions, 12 deletions
diff --git a/net/unbound/files/defaults.sh b/net/unbound/files/defaults.sh index 4478ae6ed..c26461b6e 100644 --- a/net/unbound/files/defaults.sh +++ b/net/unbound/files/defaults.sh @@ -53,10 +53,10 @@ UB_TIME_FILE=$UB_VARDIR/hotplug.time UB_SKIP_FILE=$UB_VARDIR/skip.time # control app keys -UB_CTLKEY_FILE=$UB_ETCDIR/unbound_control.key -UB_CTLPEM_FILE=$UB_ETCDIR/unbound_control.pem -UB_SRVKEY_FILE=$UB_ETCDIR/unbound_server.key -UB_SRVPEM_FILE=$UB_ETCDIR/unbound_server.pem +UB_CTLKEY_FILE=unbound_control.key +UB_CTLPEM_FILE=unbound_control.pem +UB_SRVKEY_FILE=unbound_server.key +UB_SRVPEM_FILE=unbound_server.pem # similar default SOA / NS RR as Unbound uses for private ARPA zones UB_XSER=$(( $( date +%s ) / 60 )) diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 419248f7e..0857f7d59 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -295,18 +295,18 @@ unbound_mkdir() { if [ -x /usr/sbin/unbound-control-setup ] ; then - if [ ! -f $UB_CTLKEY_FILE ] || [ ! -f $UB_CTLPEM_FILE ] \ - || [ ! -f $UB_SRVKEY_FILE ] || [ ! -f $UB_SRVPEM_FILE ] ; then + if [ ! -f $UB_ETCDIR/$UB_CTLKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_CTLPEM_FILE ] \ + || [ ! -f $UB_ETCDIR/$UB_SRVKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_SRVPEM_FILE ] ; then case "$UB_D_CONTROL" in [2-3]) # unbound-control-setup for encrypt opt. 2 and 3, but not 4 "static" /usr/sbin/unbound-control-setup -d $UB_ETCDIR - chown -R unbound:unbound $UB_CTLKEY_FILE $UB_CTLPEM_FILE \ - $UB_SRVKEY_FILE $UB_SRVPEM_FILE + chown -R unbound:unbound $UB_ETCDIR/$UB_CTLKEY_FILE $UB_ETCDIR/$UB_CTLPEM_FILE \ + $UB_ETCDIR/$UB_SRVKEY_FILE $UB_ETCDIR/$UB_SRVPEM_FILE - chmod 640 $UB_CTLKEY_FILE $UB_CTLPEM_FILE \ - $UB_SRVKEY_FILE $UB_SRVPEM_FILE + chmod 640 $UB_ETCDIR/$UB_CTLKEY_FILE $UB_ETCDIR/$UB_CTLPEM_FILE \ + $UB_ETCDIR/$UB_SRVKEY_FILE $UB_ETCDIR/$UB_SRVPEM_FILE ;; esac fi @@ -338,11 +338,14 @@ unbound_control() { if [ $UB_D_CONTROL -gt 1 ] ; then - if [ ! -f $UB_CTLKEY_FILE ] || [ ! -f $UB_CTLPEM_FILE ] \ - || [ ! -f $UB_SRVKEY_FILE ] || [ ! -f $UB_SRVPEM_FILE ] ; then + if [ ! -f $UB_ETCDIR/$UB_CTLKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_CTLPEM_FILE ] \ + || [ ! -f $UB_ETCDIR/$UB_SRVKEY_FILE ] || [ ! -f $UB_ETCDIR/$UB_SRVPEM_FILE ] ; then # Key files need to be present; if unbound-control-setup was found, then # they might have been made during unbound_makedir() above. UB_D_CONTROL=0 + else + cp -a $UB_ETCDIR/$UB_CTLKEY_FILE $UB_ETCDIR/$UB_CTLPEM_FILE \ + $UB_ETCDIR/$UB_SRVKEY_FILE $UB_ETCDIR/$UB_SRVPEM_FILE $UB_VARDIR/ fi fi |