-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: unbound Version: 1.4.4-1 Tags: patch
The script "unbound-control-setup" use the openssl command to generate a
self-signed certificate but openssl package is not a dependency of
unbound package. The "unbound-control-setup"
Furthermore, I think that the script "unbound-control-setup" could be
called by the postinst script of "unbound" to ease the use of
"unbound-control". The script "unbound-control-setup" generates
self-signed certificates and does not require user intervention.
That way to make unbound-control work the user would only need to add
this to /etc/unbound/unbound.conf :
remote-control:
control-enable: yes
The file generated by unbound-control-setup have those permissions :
- -rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_control.key
- -rw-r----- 1 root unbound 627 Dec 18 17:30 unbound_control.pem
- -rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_server.key
- -rw-r----- 1 root unbound 619 Dec 18 17:30 unbound_server.pem
The patch I have attach includes the dependency fix and the addition to
the postinst script. For more information, see original bug report
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/498359
Thank you
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFMFW/7Y3L2KTPqDLwRArnBAKDTheGHyGwGvjRleExTmEiiJ91W4QCfaHwi
VYFXGPjMD/Do9TtawBE65UM=
=4TGo
-----END PGP SIGNATURE-----
diff -u unbound-1.4.4/debian/unbound.postinst unbound-1.4.4/debian/unbound.postinst
--- unbound-1.4.4/debian/unbound.postinst
+++ unbound-1.4.4/debian/unbound.postinst
@@ -4,6 +4,10 @@
if ! getent passwd unbound >/dev/null; then
adduser --quiet --system --group --no-create-home --home /var/lib/unbound unbound
chown unbound:unbound /var/lib/unbound
+ /usr/sbin/unbound-control-setup >/dev/null 2>&1 && (chown root:unbound /etc/unbound/unbound_control.key \
+ /etc/unbound/unbound_control.pem \
+ /etc/unbound/unbound_server.key \
+ /etc/unbound/unbound_server.pem)
fi
fi
diff -u unbound-1.4.4/debian/changelog unbound-1.4.4/debian/changelog
--- unbound-1.4.4/debian/changelog
+++ unbound-1.4.4/debian/changelog
@@ -1,3 +1,12 @@
+unbound (1.4.4-2) lucid; urgency=low
+
+ * Add missing dependency on openssl used by unbound-control-setup
+ (LP: #498359)
+ * Add a postinst script to autogenerate a certificate
+ for unbound-control.
+
+ -- Simon Deziel <simon.dez...@gmail.com> Sun, 13 Jun 2010 18:28:11 -0400
+
unbound (1.4.4-1) unstable; urgency=low
* New upstream release.
diff -u unbound-1.4.4/debian/control unbound-1.4.4/debian/control
--- unbound-1.4.4/debian/control
+++ unbound-1.4.4/debian/control
@@ -13,7 +13,7 @@
Package: unbound
Section: net
Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
+Depends: ${misc:Depends}, ${shlibs:Depends}, adduser, openssl
Description: validating, recursive, caching DNS resolver
Unbound is a recursive-only caching DNS server which can perform DNSSEC
validation of results. It implements only a minimal amount of authoritative
fix_dep_and_unbound-control-setup.diff.sig
Description: Binary data
