testing/unbound: various fixes to user/group and init.d

* create unbound user/group properly
 * relocate pid file to /var/run
 * make unbound user own /etc/unbound and the pidfile directory
 * have init.d automatically refresh the root dnssec key if possible
 * remove *.la files

testing/unbound/APKBUILD

@@ -2,8 +2,10 @@
 # Maintainer:
 pkgname=unbound
 pkgver=1.4.10
-pkgrel=2
+pkgrel=3
 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
+pkgusers="unbound"
+pkggroups="unbound"
 url="http://unbound.net/"
 arch="all"
 license="Custom"
@@ -13,8 +15,8 @@ makedepends="$depends_dev"
 install="$pkgname.pre-install"
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://unbound.net/downloads/unbound-$pkgver.tar.gz
-unbound.initd
-unbound.confd"
+	unbound.initd
+	unbound.confd"
 
 _builddir="$srcdir"/unbound-$pkgver
 prepare() {
@@ -34,7 +36,11 @@ build() {
 		--mandir=/usr/share/man \
 		--infodir=/usr/share/info \
 		--localstatedir=/var \
+		--with-pidfile=/var/run/unbound/unbound.pid \
+		--with-pic \
+		--with-username=unbound \
 		--with-libevent \
+		--with-ldns \
 		|| return 1
 	make || return 1
 }
@@ -42,12 +48,15 @@ build() {
 package() {
 	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
+	rm "$pkgdir"/usr/lib/*.la || return 1
         install -m755 -D "$srcdir"/unbound.initd \
                 "$pkgdir"/etc/init.d/unbound || return 1
         install -m644 -D "$srcdir"/unbound.confd \
                 "$pkgdir"/etc/conf.d/unbound || return 1
+	install -d -o unbound -g unbound "$pkgdir"/var/run/unbound
+	chown unbound:unbound -R "$pkgdir"/etc/unbound
 }
 
 md5sums="6bbae378db76abfe0bd72c404e484597  unbound-1.4.10.tar.gz
-941663107bfd428f54d2cad11b0cefc9  unbound.initd
+455b7893a08e2f3e4ebce923e97c9724  unbound.initd
 10f8a73d14160571acea41fc89d914e7  unbound.confd"

testing/unbound/unbound.initd

@@ -7,6 +7,7 @@ opts="${opts} checkconfig reload"
 
 UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound}
 UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf}
+UNBOUND_ANCHOR=${UNBOUND_ANCHOR:-/usr/sbin/unbound-anchor}
 UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf}
 
 depend() {
@@ -18,12 +19,14 @@ depend() {
 
 checkconfig() {
 	UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}")
+	UNBOUND_USER=$("${UNBOUND_CHECKCONF}" -o username "${UNBOUND_CONFFILE}")
 	return $?
 }
 
 start() {
 	checkconfig || return $?
 	ebegin "Starting unbound"
+	su -c "${UNBOUND_ANCHOR}" -s /bin/sh ${UNBOUND_USER}
 	start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \
 		--exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}"
 	eend $?

testing/unbound/unbound.pre-install

@@ -1,4 +1,5 @@
 #!/bin/sh
 
-adduser -H -s /bin/false -D unbound 2>/dev/null
+addgroup -S unbound 2>/dev/null
+adduser -S -s /bin/false -D -H -h /etc/unbound -G unbound -g "Unbound user" unbound 2>/dev/null
 exit 0