rpm: change permission on config directory to read-only
RPM package uses RFC 5011 to update DNSSEC TA in
/etc/knot-resolver/root.keys. This requires the
/etc/knot-resolver/ config directory to be writable by
- disable RFC 5011, make
/etc/knot-resolver/root.keysread-only. This would require a package update when TAs are rolled over.
- move the TA file to a more appropriate location, e.g.