diff options
author | Klemens Nanni <kn@cvs.openbsd.org> | 2024-10-09 15:42:57 +0000 |
---|---|---|
committer | Klemens Nanni <kn@cvs.openbsd.org> | 2024-10-09 15:42:57 +0000 |
commit | 470512eeb8f856cd8e03e965e26fc42d3ad6681a (patch) | |
tree | 56b857143abd9e4b035da3e1a3f077ee5ef6b107 | |
parent | 60bf470ef25c64a92beef430ae2e5aeb71f3a674 (diff) |
Get trust anchor via unbound-checkconf(8)
This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.
Use that to generate it rather than a best-effort grep/hardcoded path.
OK sthen
-rw-r--r-- | etc/rc.d/unbound | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/etc/rc.d/unbound b/etc/rc.d/unbound index 4429c0bbe12..3d00d122b39 100644 --- a/etc/rc.d/unbound +++ b/etc/rc.d/unbound @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: unbound,v 1.8 2024/09/23 20:44:24 kn Exp $ +# $OpenBSD: unbound,v 1.9 2024/10/09 15:42:56 kn Exp $ daemon="/usr/sbin/unbound" daemon_flags="-c /var/unbound/etc/unbound.conf" @@ -8,8 +8,9 @@ daemon_flags="-c /var/unbound/etc/unbound.conf" . /etc/rc.d/rc.subr rc_pre() { - if grep '^[[:space:]]*auto-trust-anchor-file:' \ - /var/unbound/etc/unbound.conf > /dev/null 2>&1; then + local _anchor=$(/usr/sbin/unbound-checkconf -o auto-trust-anchor-file) + + if [[ -n $_anchor && ! -f $_anchor ]]; then /usr/sbin/unbound-anchor -v fi |