From c43b8a63260d3c974ae33328c81cd73c5e0d9474 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sun, 7 Sep 2014 19:34:39 +0100
Subject: Debian package: use dns-root-data.

---
 debian/changelog |  2 ++
 debian/control   |  1 +
 debian/init      | 10 ++++++++++
 3 files changed, 13 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 9e69c2d..6d0c62e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 dnsmasq (2.72-1) unstable; urgency=low
 
    * New upstream.
+   * If dns-root-data package is installed, use it to set the DNSSEC
+     trust anchor(s). Recommend dns-root-data. (closes: #760460)
 
  -- Simon Kelley <simon@thekelleys.org.uk>  Fri, 20 May 2014 21:01:11 +0000
 
diff --git a/debian/control b/debian/control
index e7f2080..641f5cc 100644
--- a/debian/control
+++ b/debian/control
@@ -28,6 +28,7 @@ Architecture: any
 Depends: adduser, ${shlibs:Depends}
 Breaks: dnsmasq (<< 2.63-1~)
 Replaces: dnsmasq (<< 2.63-1~)
+Recommends: dns-root-data
 Description: Small caching DNS proxy and DHCP/TFTP server
  This package contains the dnsmasq executable and documentation, but
  not the infrastructure required to run it as a system daemon. For
diff --git a/debian/init b/debian/init
index 808c6c1..f4df909 100644
--- a/debian/init
+++ b/debian/init
@@ -104,6 +104,16 @@ fi
 
 DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service"
 
+# If the dns-root-data package is installed, then the trust anchors will be 
+# available in $ROOT_DS, in BIND zone-file format. Reformat as dnsmasq
+# --trust-anchor options.
+
+ROOT_DS="/usr/share/dns/root.ds"
+
+if [ -f $ROOT_DS ]; then
+   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" 
+fi
+
 start()
 {
         # Return
-- 
cgit v1.2.1