unbound:

- update to 1.4.22
- move root.key to /var/lib/unbound
- add icannbundle.pem
- add unbound.cron
- move keys and unbound-anchor to libs subpackage

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@8363 ec354946-7b23-47d6-9f5a-488ba84defc7

u/unbound/unbound-vl.spec

@@ -9,9 +9,11 @@
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 %endif
 
+%define _sharedstatedir /var/lib
+
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
-Version: 1.4.21
+Version: 1.4.22
 Release: 1%{?_dist_release}
 License: BSD
 Url: http://www.unbound.net/
@@ -21,6 +23,12 @@ Source2: unbound.conf
 Source3: unbound.munin
 Source4: dlv.isc.org.key
 Source5: root.key
+Source6: root.anchor
+Source7: icannbundle.pem
+Source8: unbound.cron
+Source9: example.com.key
+Source10: example.com.conf
+Source11: block-example.com.conf
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -115,7 +123,9 @@ Python modules and extensions for unbound
 %if !%{enable_gost}
             --disable-gost \
 %endif
-            --enable-sha2
+            --enable-sha2 --disable-ecdsa \
+	    --with-rootkey-file=%{_sharedstatedir}/unbound/root.key
+
 %{__make} %{?_smp_mflags}
 
 %install
@@ -124,19 +134,29 @@ rm -rf %{buildroot}
 install -d 0755 %{buildroot}%{_initrddir}
 install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound
 install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
+install -m 0755 %{SOURCE7} %{buildroot}%{_sysconfdir}/unbound
+install -d 0755 %{buildroot}%{_sysconfdir}/cron.d
+install -p -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/cron.d/unbound-anchor
+
 %if %{with_munin}
 # Install munin plugin and its softlinks
 install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
 install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound
 install -d 0755 %{buildroot}%{_datadir}/munin/plugins/
 install -m 0755 contrib/unbound_munin_ %{buildroot}%{_datadir}/munin/plugins/unbound
-for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do
+for plugin in unbound_munin_hits unbound_munin_queue \
+              unbound_munin_memory unbound_munin_by_type \
+	      unbound_munin_by_class unbound_munin_by_opcode \
+	      unbound_munin_by_rcode unbound_munin_by_flags \
+	      unbound_munin_histogram; do
     ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin
 done 
 %endif
 
 # install root and DLV key
 install -m 0644 %{SOURCE4} %{SOURCE5} %{buildroot}%{_sysconfdir}/unbound/
+install -d -m 0755 %{buildroot}%{_sharedstatedir}/unbound
+install -m 0644 %{SOURCE6} %{buildroot}%{_sharedstatedir}/unbound/root.key
 
 # remove static library from install (fedora packaging guidelines)
 rm -rf %{buildroot}%{_libdir}/*.la
@@ -146,6 +166,13 @@ rm -rf %{buildroot}%{python_sitelib}/*/*.la
 
 mkdir -p %{buildroot}%{_localstatedir}/run/unbound
 
+# Install directories for easier config file drop in
+install -d -m 0755 %{buildroot}%{_sysconfdir}/unbound/{keys.d,local.d,conf.d}
+install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/unbound/keys.d/
+install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/unbound/conf.d/
+install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/unbound/local.d/
+
+
 %clean
 rm -rf ${RPM_BUILD_ROOT}
 
@@ -156,9 +183,14 @@ rm -rf ${RPM_BUILD_ROOT}
 %attr(0755,root,root) %dir %{_sysconfdir}/%{name}
 %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
+%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d
+%attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key
+%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/conf.d
+%attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf
+%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d
+%attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf
 %{_sbindir}/*
+%exclude %{_sbindir}/unbound-anchor
 %{_mandir}/*/*
 
 %if %{with_python}
@@ -181,8 +213,15 @@ rm -rf ${RPM_BUILD_ROOT}
 
 %files libs
 %defattr(-,root,root,-)
-%{_libdir}/libunbound.so.*
 %doc doc/README doc/LICENSE
+%{_sbindir}/unbound-anchor
+%{_libdir}/libunbound.so.*
+%{_sysconfdir}/%{name}/icannbundle.pem
+%attr(0644,root,root) %{_sysconfdir}/cron.d/unbound-anchor
+%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
+%attr(0644,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.key
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
 
 %pre
 getent group unbound >/dev/null || groupadd -r unbound
@@ -199,7 +238,9 @@ exit 0
 # unbound won't start with a bad location for a DLV key file.
 sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbound.conf
 
-%post libs -p /sbin/ldconfig
+%post libs
+/sbin/ldconfig
+/sbin/runuser  --command="%{_sbindir}/unbound-anchor -a %{_sharedstatedir}/unbound/root.key -c %{_sysconfdir}/unbound/icannbundle.pem"  --shell /bin/sh unbound ||:
 
 %preun
 if [ "$1" -eq 0 ]; then
@@ -212,9 +253,17 @@ if [ "$1" -ge "1" ]; then
   /sbin/service %{name} condrestart >/dev/null 2>&1 || :
 fi
 
-%postun libs -p /sbin/ldconfig
+%postun libs
+/sbin/ldconfig
 
 %changelog
+* Wed Apr 16 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.22-1
+- update to 1.4.22
+- move root.key to /var/lib/unbound
+- add icannbundle.pem from http://data.iana.org/root-anchors/icannbundle.pem
+- add unbound.cron
+- move keys and unbound-anchor to libs subpackage
+
 * Mon Oct 07 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.21-1
 - new upstream release