103 lines
3.5 KiB
Plaintext
103 lines
3.5 KiB
Plaintext
# Contributor: Alex Denes <caskd@redxen.eu>
|
|
# Maintainer: Alex Denes <caskd@redxen.eu>
|
|
_svcname=unbound
|
|
|
|
. ../APKBUILD-config.common
|
|
|
|
_dkim_date=2021.03.28
|
|
_dnssec_date=2021.04.05
|
|
pkgver=2021.04.29
|
|
pkgrel=2
|
|
depends="alpine-baselayout ca-certificates-bundle dns-root-hints dnssec-root"
|
|
makedepends="redxen-secret-opendkim-dns~$_dkim_date bind-dnssec-tools redxen-secret-dnssec~$_dnssec_date"
|
|
checkdepends="bind-tools unbound"
|
|
subpackages="$pkgname-acl $pkgname-rctrl $pkgname-internal $pkgname-auth-rx:auth_rx $pkgname-auth-crxn:auth_crxn"
|
|
source="
|
|
includes.conf
|
|
base.conf
|
|
acl.conf
|
|
rctrl.conf
|
|
internal.conf
|
|
|
|
auth-redxen.conf
|
|
auth-crxn.conf
|
|
zones/redxen.eu
|
|
zones/crxn
|
|
"
|
|
options="checkroot"
|
|
builddir="$srcdir"
|
|
|
|
prepare() {
|
|
default_prepare
|
|
# Add everything dynamic
|
|
cat redxen.eu /etc/opendkim/redxen/dns-record /etc/dns/redxen.eu/*.key > redxen.eu-cat
|
|
}
|
|
|
|
# DNSSEC signing happens here
|
|
build() {
|
|
msg "Signing redxen.eu zone"
|
|
dnssec-signzone -K /etc/dns/redxen.eu -f redxen.eu-signed -e "+90d" -o redxen.eu -t redxen.eu-cat
|
|
}
|
|
|
|
check() {
|
|
msg "Checking configuration validity"
|
|
/usr/sbin/unbound-checkconf base.conf
|
|
/usr/sbin/unbound-checkconf acl.conf
|
|
/usr/sbin/unbound-checkconf rctrl.conf
|
|
/usr/sbin/unbound-checkconf internal.conf
|
|
|
|
# Cannot be checked because it expects files in a read-only path, not crucial
|
|
#/usr/sbin/unbound-checkconf auth-zones.conf
|
|
/usr/sbin/named-checkzone redxen.eu ./redxen.eu-signed
|
|
/usr/sbin/named-checkzone crxn ./crxn
|
|
}
|
|
|
|
package() {
|
|
for i in includes.conf base.conf acl.conf rctrl.conf internal.conf auth-redxen.conf auth-crxn.conf; do
|
|
install -Dm644 "$i" "$pkgdir"/etc/unbound/"$i"
|
|
done
|
|
# Unsigned zones
|
|
for i in crxn; do
|
|
install -Dm644 "$i" "$pkgdir"/etc/unbound/zones/"$i"
|
|
done
|
|
# Signed zones
|
|
for i in redxen.eu; do
|
|
install -Dm644 "$i-signed" "$pkgdir"/etc/unbound/zones/"${i%%-signed}"
|
|
install -Dm644 "dsset-$i." "$pkgdir"/etc/dns/"$i"/"dsset-$i."
|
|
done
|
|
}
|
|
|
|
acl() {
|
|
amove etc/unbound/acl.conf
|
|
}
|
|
|
|
rctrl() {
|
|
amove etc/unbound/rctrl.conf
|
|
}
|
|
|
|
internal() {
|
|
amove etc/unbound/internal.conf
|
|
}
|
|
|
|
auth_rx() {
|
|
amove etc/unbound/auth-redxen.conf
|
|
amove etc/unbound/zones/redxen.eu
|
|
# Zone is signed, include the DS key in the package
|
|
amove etc/dns/redxen.eu
|
|
}
|
|
|
|
auth_crxn() {
|
|
amove etc/unbound/auth-crxn.conf
|
|
amove etc/unbound/zones/crxn
|
|
}
|
|
|
|
sha512sums="428b251c4bdd8ca0cd6174b3c76d5fb6acf25734dc75325fd06ce5e867b2ba9c25ddd5d485f17562b7d8cdea62708e04bd44e854d028de9688298cb018b86d54 includes.conf
|
|
d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6ad6834cf14afd6ecb5d9e1497ff2932572fd970750655749 base.conf
|
|
75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4 acl.conf
|
|
d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa rctrl.conf
|
|
1eb7833b06f158f13b7c52ee14cd4e455acd9a8de344d6410092a5de98b1f4a62e209ce1e744cfc1a8afd588d3f54c5ce35a59ca31e3dd0fc16d517975fc6aa1 internal.conf
|
|
28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5 auth-redxen.conf
|
|
91847e65c48e585f298bb766b2b20c43f5380686b594233da3b722962b03f2f4c858bf299b745027dadd184408a87b1e85ebf03b027196756455afea69f79cf9 auth-crxn.conf
|
|
44ffaafac7f0255218aaa1d32e496df3cfa051972b2817aaabe4db802aa1e209f6022546126f93d2b349d431e82380568cfb1f48f2610b9aae4cd047fa26e8d0 redxen.eu
|
|
7a487f4f350310c2f1d3f7bf422352264b8ebe3dec1b5892685c59912aed8542711e253638d30f87e2b9b97144a12222de10ebe23ce6bb54a958ec7e5b35743d crxn"
|