Unbound: Update scripts to build conf file from UCI

-unbound.sh implements the majority of requirements in README.md
-rootzone.sh reloads a small subset for alternate trigger maintenance
-unbound.init sets procd triggers on Unbound and dnsmasq (dhcp) UCI
-two part commit squashed with Makefile included

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>

net/unbound/files/rootzone.sh

@@ -7,9 +7,9 @@
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
-# 
+#
 # Copyright (C) 2016 Eric Luehrsen
 #
 ##############################################################################
@@ -21,15 +21,20 @@
 ##############################################################################
 
 rootzone_uci() {
-  # TODO: Just structure to real UCI coming soon.
-  echo
+  local cfg=$1
+
+  # This will likely be called outside of "start_service()" context
+  config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0
+  config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1
+  config_get UNBOUND_N_ROOT_AGE "$cfg" root_age 30
 }
 
 ##############################################################################
 
 roothints_update() {
-  # TODO: Maybe this will not be implemented.
-  echo
+  # TODO: Might not be implemented. Unbound doesn't natively update hints.
+  # Unbound philosophy is built in root hints are good for machine life.
+  return 0
 }
 
 ##############################################################################
@@ -37,34 +42,38 @@ roothints_update() {
 rootkey_update() {
   local basekey_date rootkey_date rootkey_age filestuff
 
-  # TODO: Just structure to real UCI coming soon.
+
   if [ "$UNBOUND_N_ROOT_AGE" -gt 90 -o "$UNBOUND_B_DNSSEC" -lt 1 ] ; then
     # Feature disabled
     return 0
+
+  elif [ "$UNBOUND_B_NTP_BOOT" -gt 0 -a ! -f "$UNBOUND_TIMEFILE" ] ; then
+    # We don't have time yet
+    return 0
   fi
-   
-  
+
+
   if [ -f /etc/unbound/root.key ] ; then
     basekey_date=$( date -r /etc/unbound/root.key +%s )
-    
+
   else
     # No persistent storage key
     basekey_date=$( date -d 2000-01-01 +%s )
   fi
-  
-  
+
+
   if [ -f "$UNBOUND_KEYFILE" ] ; then
     # Unbound maintains it itself
     rootkey_date=$( date -r $UNBOUND_KEYFILE +%s )
     rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
-    
+
   elif [ -x "$UNBOUND_ANCHOR" ] ; then
     # No tmpfs key - use unbound-anchor
     rootkey_date=$( date -I +%s )
-    rootkey_age=$(( (rootkey_date - basekey_date) / 86440 )) 
+    rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
     $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
-    
-  else 
+
+  else
     # give up
     rootkey_age=0
   fi
@@ -72,23 +81,23 @@ rootkey_update() {
 
   if [ "$rootkey_age" -gt "$UNBOUND_N_ROOT_AGE" ] ; then
     filestuff=$( cat $UNBOUND_KEYFILE )
-    
-      
+
+
     case "$filestuff" in
       *NOERROR*)
         # Header comment for drill and dig
         logger -t unbound -s "root.key updated after $rootkey_age days"
         cp -p $UNBOUND_KEYFILE /etc/unbound/root.key
         ;;
-        
+
       *"state=2 [  VALID  ]"*)
         # Comment inline to key for unbound-anchor
         logger -t unbound -s "root.key updated after $rootkey_age days"
         cp -p $UNBOUND_KEYFILE /etc/unbound/root.key
         ;;
-        
-      *) 
-        logger -t unbound -s "root.key still $rootkey_age days old" 
+
+      *)
+        logger -t unbound -s "root.key still $rootkey_age days old"
         ;;
     esac
   fi
@@ -97,7 +106,11 @@ rootkey_update() {
 ##############################################################################
 
 rootzone_update() {
-  rootzone_uci
+  # Partial UCI fetch for this functional group
+  config_load unbound
+  config_foreach rootzone_uci unbound
+
+  # You need root.hints and root.key to boot strap recursion
   roothints_update
   rootkey_update
 }