Build Unbound on ARM64

I have a pretty cool little cluster of ARM64 based Fire3 LTS computers I use for mini kubernetes clusters and generally running support services. I wanted to implement encrypted DNS for my local network without deploying a pre-built solution like pi-hole. This is the process I used to build package a newer version of Unbound than was available in the debian repos for deployment on the Fire3 cluster.

Build Unbound

BUILD_DIR="/usr/src/unbound"
UNBOUND_DIR="/opt/unbound"
LIBRESSL_VERSION="3.3.3"
LIBEVENT_VERSION="2.1.12"
UNBOUND_VERSION="1.13.1" 
apt install libexpat1-dev build-essential -y
wget https://www.nlnetlabs.nl/downloads/unbound/unbound-${UNBOUND_VERSION}.tar.gz
wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz
wget https://github.com/libevent/libevent/releases/download/release-${LIBEVENT_VERSION}-stable/libevent-${LIBEVENT_VERSION}-stable.tar.gz
tar xf libressl-${LIBRESSL_VERSION}.tar.gz
tar xf libevent-${LIBEVENT_VERSION}-stable.tar.gz
tar xf unbound-${UNBOUND_VERSION}.tar.gz

cd libressl-${LIBRESSL_VERSION}
./configure --prefix ${UNBOUND_DIR}
make -j6
make install
cd ..
cd libevent-${LIBEVENT_VERSION}-stable
CPPFLAGS="-I${UNBOUND_DIR}/include" LDFLAGS="-L${UNBOUND_DIR}/lib" ./configure --prefix=${UNBOUND_DIR}
make -j6
make install
cd ..
cd unbound-${UNBOUND_VERSION}
./configure --with-libevent=${UNBOUND_DIR} --with-ssl=${UNBOUND_DIR} --prefix ${UNBOUND_DIR}
make -j6
make install
cd ..

Copy the built code to usr/src

rsync -av ${UNBOUND_DIR}/ ${BUILD_DIR}${UNBOUND_DIR}

Building the deb package

  • Deploy the DEBIAN directory into ${BUILD_DIR} 
mkdir ${BUILD_DIR}/DEBIAN
# Deploy the contents of the control file to ${BUILD_DIR}/DEBIAN/control
  • Deploy systemd files into ${BUILD_DIR}
mkdir -p ${BUILD_DIR}/etc/systemd/system
# Deploy the contents of Systemd Unit File to ${BUILD_DIR}/etc/systemd/system/unbound.service
  • Run the package command
dpkg-deb --build /usr/src/unbound

Support files

Control file

Package: unbound
Version: 1.9.6-custom2
Section: custom
Priority: optional
Architecture: arm64
Essential: no
Maintainer: trog.dev
Description: Custom build of unbound statically linked to libressl and libevent

Systemd Unit File

# etc/systemd/system/unbound.service
[Unit]
Description=Unbound recursive DNS service.
After=network-online.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/opt/unbound/etc/unbound/unbound.pid
ExecStartPre=/opt/unbound/sbin/unbound-checkconf -f /opt/unbound/etc/unbound/unbound.conf
ExecStart=/opt/unbound/sbin/unbound

[Install]
WantedBy=multi-user.target