This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 9bc17600521eabca8238fc9116d1fae47800a6af (commit) from 256070e92fed192f80c0c4fcdbbf9102fdc8e6b4 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 9bc17600521eabca8238fc9116d1fae47800a6af Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 17 13:46:51 2019 +0000
unbound: Drop certificates for local control connection
These are a cause of worry because they are sometimes generated with an invalid timestamp and therefore render unbound being unusable.
There is no strong reason to use self-signed certificates for extra security here.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/128/filelists/files | 2 ++ config/rootfiles/core/128/update.sh | 1 + config/unbound/unbound.conf | 6 +----- src/initscripts/system/unbound | 5 ----- 4 files changed, 4 insertions(+), 10 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/128/filelists/files b/config/rootfiles/core/128/filelists/files index 1998a08c0..9a34f756b 100644 --- a/config/rootfiles/core/128/filelists/files +++ b/config/rootfiles/core/128/filelists/files @@ -5,8 +5,10 @@ var/ipfire/langs etc/rc.d/helper/aws-setup etc/rc.d/init.d/aws etc/rc.d/init.d/firewall +etc/rc.d/init.d/unbound etc/ssl/openssl.cnf etc/sysctl.conf +etc/unbound/unbound.conf srv/web/ipfire/cgi-bin/proxy.cgi usr/local/bin/xt_geoip_update var/ipfire/ovpn/openssl/ovpn.cnf diff --git a/config/rootfiles/core/128/update.sh b/config/rootfiles/core/128/update.sh index dc185ed70..99c036d60 100644 --- a/config/rootfiles/core/128/update.sh +++ b/config/rootfiles/core/128/update.sh @@ -62,6 +62,7 @@ if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then fi /etc/init.d/sshd restart /etc/init.d/apache restart +/etc/init.d/unbound restart
# This update needs a reboot... touch /var/run/need_reboot diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index 2cc5bab8a..e20c3330d 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -83,12 +83,8 @@ server:
remote-control: control-enable: yes - control-use-cert: yes + control-use-cert: no control-interface: 127.0.0.1 - server-key-file: "/etc/unbound/unbound_server.key" - server-cert-file: "/etc/unbound/unbound_server.pem" - control-key-file: "/etc/unbound/unbound_control.key" - control-cert-file: "/etc/unbound/unbound_control.pem"
# Import any local configurations include: "/etc/unbound/local.d/*.conf" diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 08007f50a..2ef994e96 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -507,11 +507,6 @@ case "$1" in
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- # Create control keys at first run - if [ ! -r "/etc/unbound/unbound_control.key" ]; then - unbound-control-setup -d /etc/unbound &>/dev/null - fi - # Update configuration files write_tuning_conf write_forward_conf
hooks/post-receive -- IPFire 2.x development tree