From dd7ddbe48c2de44425b74dcf9cff9ecd974878f3 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 26 Apr 2021 15:49:05 +0200
Subject: [PATCH 1/5] unbound: Update version from 1.11.0 to 1.13.1

[Change-log](https://nlnetlabs.nl/projects/unbound/download/#unbound-1-13-1)
---
 unbound.be0 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unbound.be0 b/unbound.be0
index 4330c476d..b765eb3e9 100755
--- a/unbound.be0
+++ b/unbound.be0
@@ -1,6 +1,6 @@
 #!/usr/bin/env beesh
 
-# BEE_VERSION unbound-1.11.0-0
+# BEE_VERSION unbound-1.13.1-0
 
 ## this file was created by bee init and should be executed to build a
 ## bee-package. (Additional hints are located at the end of this file.)

From 238b0e3a4aaa457d4f16b285de4e4aba6b3fbe96 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 3 May 2021 16:29:26 +0200
Subject: [PATCH 2/5] unbound: Create `/var/unbound`

`/usr/sbin/unbound-startup` also takes care of this, but as the location
is defined in the package, create the directory here too.
---
 unbound.be0 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/unbound.be0 b/unbound.be0
index b765eb3e9..ae223de3b 100755
--- a/unbound.be0
+++ b/unbound.be0
@@ -73,6 +73,8 @@ mee_build() {
 
 mee_install_post() {
     start_cmd mv ${D}/etc/unbound/unbound.conf{,.sample}
+
+    start_cmd install -o unbound -m 755 -d ${D}/var/unbound
 }
 
 ###############################################################################

From 2b2d21e22548498ae0a631bc4803a3efbf9d2142 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 3 May 2021 14:20:41 +0200
Subject: [PATCH 3/5] unbound: Store PID file on ephemeral `/run`

The PID is not needed after a reboot, so store it on `/run` where it
gets removed, once the system shuts down.
---
 unbound.be0 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unbound.be0 b/unbound.be0
index ae223de3b..fa8f608ae 100755
--- a/unbound.be0
+++ b/unbound.be0
@@ -56,7 +56,7 @@ SRCURL[0]="https://www.unbound.net/downloads/unbound-${PKGVERSION}.tar.gz"
 mee_configure() {
     bee_configure \
         --disable-static \
-        --with-pidfile="/var/unbound/unbound.pid" \
+        --with-pidfile="/run/unbound.pid" \
         --with-rootkey-file="/var/unbound/root.key"
 }
 

From 8ed314ab1bc6c7d1f52933767e7edf579cdb9303 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 26 Apr 2021 16:18:34 +0200
Subject: [PATCH 4/5] unbound: Enable systemd support and install systemd units
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Install systemd socket and service unit.

`--enable-systemd` is needed, as otherwise [the service unit times
out][1].

Also, as we do not store the trust anchor in `/etc/unbound`, RUNDIR in
Unbound’s terms, add `/var/unbound` to the unit’s read/write path.

This does not have an effect yet, as mxtools installs
`/etc/systemd/system/unbound.service`.

For socket activation `use-systemd: yes` has to be set in the
configuration file.

[1]: https://github.com/NLnetLabs/unbound/issues/56
---
 unbound.be0 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/unbound.be0 b/unbound.be0
index fa8f608ae..a6ab26351 100755
--- a/unbound.be0
+++ b/unbound.be0
@@ -56,6 +56,7 @@ SRCURL[0]="https://www.unbound.net/downloads/unbound-${PKGVERSION}.tar.gz"
 mee_configure() {
     bee_configure \
         --disable-static \
+        --enable-systemd \
         --with-pidfile="/run/unbound.pid" \
         --with-rootkey-file="/var/unbound/root.key"
 }
@@ -73,6 +74,8 @@ mee_build() {
 
 mee_install_post() {
     start_cmd mv ${D}/etc/unbound/unbound.conf{,.sample}
+    start_cmd install -m 644 -D -t ${D}/lib/systemd/system ${B}/contrib/unbound.{service,socket}
+    start_cmd sed -i '/^ReadWritePaths=/ s,$, /var/unbound,' ${B}/contrib/unbound.service
 
     start_cmd install -o unbound -m 755 -d ${D}/var/unbound
 }

From c9508b7d49f83103f3441a586d6d6936a4e0b47f Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Mon, 3 May 2021 13:26:52 +0200
Subject: [PATCH 5/5] unbound: Install auto-trust-anchor-file in
 `/var/lib/unbound`

This matches Debian and Ubuntu.

It does not take any effect yet, as we configure the path in the
configuration file installed by mxtools.
---
 unbound.be0 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/unbound.be0 b/unbound.be0
index a6ab26351..f4796f103 100755
--- a/unbound.be0
+++ b/unbound.be0
@@ -58,7 +58,7 @@ mee_configure() {
         --disable-static \
         --enable-systemd \
         --with-pidfile="/run/unbound.pid" \
-        --with-rootkey-file="/var/unbound/root.key"
+        --with-rootkey-file="/var/lib/unbound/root.key"
 }
 
 mee_build() {
@@ -75,9 +75,9 @@ mee_build() {
 mee_install_post() {
     start_cmd mv ${D}/etc/unbound/unbound.conf{,.sample}
     start_cmd install -m 644 -D -t ${D}/lib/systemd/system ${B}/contrib/unbound.{service,socket}
-    start_cmd sed -i '/^ReadWritePaths=/ s,$, /var/unbound,' ${B}/contrib/unbound.service
+    start_cmd sed -i '/^ReadWritePaths=/ s,$, /var/lib/unbound,' ${B}/contrib/unbound.service
 
-    start_cmd install -o unbound -m 755 -d ${D}/var/unbound
+    start_cmd install -o unbound -m 755 -d ${D}/var/lib/unbound
 }
 
 ###############################################################################