Get trust anchor via unbound-checkconf(8)
authorkn <kn@openbsd.org>
Wed, 9 Oct 2024 15:42:56 +0000 (15:42 +0000)
committerkn <kn@openbsd.org>
Wed, 9 Oct 2024 15:42:56 +0000 (15:42 +0000)
This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.

Use that to generate it rather than a best-effort grep/hardcoded path.

OK sthen

etc/rc.d/unbound

index 4429c0b..3d00d12 100644 (file)
@@ -1,6 +1,6 @@
 #!/bin/ksh
 #
-# $OpenBSD: unbound,v 1.8 2024/09/23 20:44:24 kn Exp $
+# $OpenBSD: unbound,v 1.9 2024/10/09 15:42:56 kn Exp $
 
 daemon="/usr/sbin/unbound"
 daemon_flags="-c /var/unbound/etc/unbound.conf"
@@ -8,8 +8,9 @@ daemon_flags="-c /var/unbound/etc/unbound.conf"
 . /etc/rc.d/rc.subr
 
 rc_pre() {
-       if grep '^[[:space:]]*auto-trust-anchor-file:' \
-            /var/unbound/etc/unbound.conf > /dev/null 2>&1; then
+       local _anchor=$(/usr/sbin/unbound-checkconf -o auto-trust-anchor-file)
+
+       if [[ -n $_anchor && ! -f $_anchor ]]; then
                /usr/sbin/unbound-anchor -v
        fi