Fix outdated DNSSEC trust anchors and unused makedepends (!1) · Merge requests · Arch Linux / Packaging / Packages / dnssec-anchors

Summary

This merge request implements a complete solution for the DNSSEC trust anchor issues identified in #2 (closed) .

Changes Made

Added build() function that generates fresh DNSSEC trust anchors using unbound-anchor and unbound-host
Filtered trust anchor generation to use only KSK records (flag 257) to eliminate SEP bit warnings
Updated package version to 20250523-1
Removed static 2019 trust anchor file dependency
Removed obsolete dnssec-anchors-versioned.sh script (functionality integrated into build)

Testing Results

Verified DNSSEC validation works correctly (ad flag present for valid domains)
Confirmed dnssec-failed.org returns SERVFAIL as expected
Eliminated "flags 256 instead of 257" warnings in knot-resolver logs
New trust anchors contain proper KSK records with flag 257

Issues Resolved

Closes #2 (closed) Closes #77100 (unused makedepends)

Implementation

Restores dynamic trust anchor generation during package build using the proven logic from the existing dnssec-anchors-versioned.sh script, properly integrated into the PKGBUILD build process.

Admin message

Fix outdated DNSSEC trust anchors and unused makedepends

Summary

Changes Made

Testing Results

Issues Resolved

Implementation

Merge request reports