This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.
Use that to generate it rather than a best-effort grep/hardcoded path.
OK sthen
#!/bin/ksh
#
-# $OpenBSD: unbound,v 1.8 2024/09/23 20:44:24 kn Exp $
+# $OpenBSD: unbound,v 1.9 2024/10/09 15:42:56 kn Exp $
daemon="/usr/sbin/unbound"
daemon_flags="-c /var/unbound/etc/unbound.conf"
. /etc/rc.d/rc.subr
rc_pre() {
- if grep '^[[:space:]]*auto-trust-anchor-file:' \
- /var/unbound/etc/unbound.conf > /dev/null 2>&1; then
+ local _anchor=$(/usr/sbin/unbound-checkconf -o auto-trust-anchor-file)
+
+ if [[ -n $_anchor && ! -f $_anchor ]]; then
/usr/sbin/unbound-anchor -v
fi