dnsmasq: correct sense & usage of dnsseccheckunsigned

dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.

Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.

Update init script to pass required option in the disabled case.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This commit is contained in:
Kevin Darbyshire-Bryant 2019-11-22 14:04:02 +00:00
parent 0062aad8ec
commit f1ca277405
2 changed files with 3 additions and 2 deletions

View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.80 PKG_UPSTREAM_VERSION:=2.80
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=14 PKG_RELEASE:=15
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq

View File

@ -966,7 +966,8 @@ dnsmasq_start()
[ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck" [ -f "$TIMEVALIDFILE" ] || xappend "--dnssec-no-timecheck"
} }
} }
append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" config_get_bool dnsseccheckunsigned "$cfg" dnsseccheckunsigned 1
[ "$dnsseccheckunsigned" -eq 0 ] && xappend "--dnssec-check-unsigned=no"
} }
config_get addmac "$cfg" addmac 0 config_get addmac "$cfg" addmac 0