public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

unbound service: do not initialize root cert

Browse Source 
When enableRootTrustAnchor is set to false, there is really no point in
initializing the root key before starting unbound.

Fixes #15605.
This commit is contained in:
Arnold Krille 2016-05-21 13:12:48 +02:00 committed by Franz Pletz
parent d5656873d7
commit bf0e745597
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/unbound.nix
View File

@ -106,8 +106,10 @@ in
preStart = '' preStart = ''
mkdir -m 0755 -p ${stateDir}/dev/ mkdir -m 0755 -p ${stateDir}/dev/
cp ${confFile} ${stateDir}/unbound.conf cp ${confFile} ${stateDir}/unbound.conf
${optionalString cfg.enableRootTrustAnchor ''
${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile}
chown unbound ${stateDir} ${rootTrustAnchorFile} chown unbound ${stateDir} ${rootTrustAnchorFile}
''}
touch ${stateDir}/dev/random touch ${stateDir}/dev/random
${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random
''; '';