From 9cab78fef5ee1fcddb20eecc465d0b7cac7d9a03 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik@redhat.com>
Date: Jun 07 2022 12:17:11 +0000
Subject: Do not keep keygen running, check certs each time


Rely on condition of unbound-keygen service. If it does stop after
generating them, then it will recreate also after restart later. That
might be the case if someone removes these certificates.

---

diff --git a/unbound-keygen.service b/unbound-keygen.service
index f5e6535..b169002 100644
--- a/unbound-keygen.service
+++ b/unbound-keygen.service
@@ -13,7 +13,6 @@ Type=oneshot
 Group=unbound
 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/
 ExecStart=/sbin/restorecon /etc/unbound/*
-RemainAfterExit=yes
 
 [Install]
 WantedBy=multi-user.target
diff --git a/unbound.spec b/unbound.spec
index ac8f03c..6627b48 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -30,7 +30,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.16.0
-Release: 1%{?extra_version:.%{extra_version}}%{?dist}
+Release: 4%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: https://nlnetlabs.nl/projects/unbound/
 Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@@ -446,6 +446,9 @@ popd
 %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
 
 %changelog
+* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-4
+- Restart keygen service before every unbound start
+
 * Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
 - Update to 1.16.0