config() {
  NEW="$1"
  OLD="$(dirname $NEW)/$(basename $NEW .new)"
  # If there's no config file by that name, mv it over:
  if [ ! -r $OLD ]; then
    mv $NEW $OLD
  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
    # toss the redundant copy
    rm $NEW
  fi
  # Otherwise, we leave the .new copy for the admin to consider...
}

preserve_perms() {
  NEW="$1"
  OLD="$(dirname $NEW)/$(basename $NEW .new)"
  if [ -e $OLD ]; then
    cp -a $OLD ${NEW}.incoming
    cat $NEW > ${NEW}.incoming
    mv ${NEW}.incoming $NEW
  fi
  config $NEW
}

preserve_perms etc/rc.d/rc.unbound.new
config etc/unbound/unbound.conf.new
config etc/logrotate.d/unbound.new

if [ -r /etc/logrotate.d/unbound ] && [ $(stat -c "%U:%G" "/etc/logrotate.d/unbound") != "root:root" ]; then
 echo "Incorrect permissions detected on /etc/logrotate.d/unbound !"
 echo "This will prevent Unbound logrotate script from working."
 echo ""
 echo "Previous Unbound SlackBuild scripts didn't set this correctly."
 echo ""
 echo "To fix it, simply run:"
 echo "# chown root:root /etc/logrotate.d/unbound"
fi

echo "----------------------------"
echo "As of Unbound SlackBuild 1.18.0-2 DNSSEC is enabled by default."
echo
echo "You have two options:"
echo
echo "1) Run the following command to setup the root trust anchor (RECOMMENDED!)"
echo "# sudo -u unbound unbound-anchor -f /etc/resolv.conf -R -a /var/lib/unbound/root.key"
echo
echo "2) Disable DNSSEC and unbound-anchor functionality."
echo "Edit /etc/unbound/unbound.conf, and erase or comment the following line:"
echo 'auto-trust-anchor-file: "/var/lib/unbound/root.key"'
echo
echo "This is a suitable option if you plan to use Unbound simply as a forwarding resolver."
echo "----------------------------"