From f4b9017cd9290a74854dee653b8c9c135d4ca4ba Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 4 Dec 2024 14:40:59 +0100 Subject: [PATCH] unbound: make this workaround permanent This bundle file is here for general consumption and the time it has already taken to debug this issue is not justifiable for pursuing the matter any further. Other approaches regarding chroot and directory sharing are likely going to be much more code which would make another solution more fragile as well. While here remove a strange directory in the chroot that is not even used. --- src/etc/inc/plugins.inc.d/unbound.inc | 2 +- src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc index fb3964d06..52994a97c 100644 --- a/src/etc/inc/plugins.inc.d/unbound.inc +++ b/src/etc/inc/plugins.inc.d/unbound.inc @@ -135,7 +135,7 @@ function unbound_generate_config() $python_dir = "/usr/local/lib/{$pythonv}"; $chroot_python_dir = "/var/unbound{$python_dir}"; - $dirs = ['/data', '/dev', '/etc', '/lib', '/run', '/usr', '/usr/local/sbin', '/var/db', '/var/run', $python_dir]; + $dirs = ['/data', '/dev', '/etc', '/lib', '/run', '/usr', '/var/db', '/var/run', $python_dir]; foreach ($dirs as $dir) { mwexecf('/bin/mkdir -p %s', "/var/unbound{$dir}"); diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf b/src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf index e8419ba59..6e77ccaa1 100644 --- a/src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf +++ b/src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf @@ -39,8 +39,6 @@ forward-zone: {% if all_dots|length > 0 %} # Forward zones over TLS server: - # XXX Unbound only looks for a bundle file when OpenSSL will handle all of it??? - #tls-system-cert: yes tls-cert-bundle: /usr/local/etc/ssl/cert.pem {% for domain, dots in all_dots|groupby("domain", default=".") %}