From 35fe2a76d80699eecf2d714a79dccd32913fb664 Mon Sep 17 00:00:00 2001 From: kn Date: Wed, 9 Oct 2024 15:42:56 +0000 Subject: [PATCH] Get trust anchor via unbound-checkconf(8) This tool knows our default config path and '-o auto-trust-anchor-file' prints the actually set path, if any, regardless of whether exists. Use that to generate it rather than a best-effort grep/hardcoded path. OK sthen --- etc/rc.d/unbound | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/etc/rc.d/unbound b/etc/rc.d/unbound index 4429c0bbe12..3d00d122b39 100644 --- a/etc/rc.d/unbound +++ b/etc/rc.d/unbound @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: unbound,v 1.8 2024/09/23 20:44:24 kn Exp $ +# $OpenBSD: unbound,v 1.9 2024/10/09 15:42:56 kn Exp $ daemon="/usr/sbin/unbound" daemon_flags="-c /var/unbound/etc/unbound.conf" @@ -8,8 +8,9 @@ daemon_flags="-c /var/unbound/etc/unbound.conf" . /etc/rc.d/rc.subr rc_pre() { - if grep '^[[:space:]]*auto-trust-anchor-file:' \ - /var/unbound/etc/unbound.conf > /dev/null 2>&1; then + local _anchor=$(/usr/sbin/unbound-checkconf -o auto-trust-anchor-file) + + if [[ -n $_anchor && ! -f $_anchor ]]; then /usr/sbin/unbound-anchor -v fi -- 2.20.1