1 |
commit: ac625d83618ff356fd4485e7bfd70eb0dbb7b3e8 |
2 |
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Sep 29 20:22:28 2020 +0000 |
4 |
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Sep 29 20:25:58 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac625d83 |
7 |
|
8 |
net-dns/bind: fix USE=geoip to provide GeoIP again! |
9 |
|
10 |
Upstream dropped support for the older GeoIP library, forcing a move to |
11 |
the new library (previously you could chose either one). |
12 |
|
13 |
However, the ebuild was not updated to reflect that if you needed GeoIP |
14 |
functionality still, you had to update your USE flags. Trim out old |
15 |
parts of the ebuild, and force users to add USE=geoip2. |
16 |
|
17 |
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> |
18 |
|
19 |
net-dns/bind/bind-9.16.6-r3.ebuild | 388 +++++++++++++++++++++++++++++++++++++ |
20 |
1 file changed, 388 insertions(+) |
21 |
|
22 |
diff --git a/net-dns/bind/bind-9.16.6-r3.ebuild b/net-dns/bind/bind-9.16.6-r3.ebuild |
23 |
new file mode 100644 |
24 |
index 00000000000..ff2089ac70a |
25 |
--- /dev/null |
26 |
+++ b/net-dns/bind/bind-9.16.6-r3.ebuild |
27 |
@@ -0,0 +1,388 @@ |
28 |
+# Copyright 1999-2020 Gentoo Authors |
29 |
+# Distributed under the terms of the GNU General Public License v2 |
30 |
+ |
31 |
+# Re dlz/mysql and threads, needs to be verified.. |
32 |
+# MySQL uses thread local storage in its C api. Thus MySQL |
33 |
+# requires that each thread of an application execute a MySQL |
34 |
+# thread initialization to setup the thread local storage. |
35 |
+# This is impossible to do safely while staying within the DLZ |
36 |
+# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
37 |
+# Because of this BIND MUST only run with a single thread when |
38 |
+# using the MySQL driver. |
39 |
+ |
40 |
+EAPI=7 |
41 |
+ |
42 |
+PYTHON_COMPAT=( python3_{6..9} ) |
43 |
+ |
44 |
+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use systemd |
45 |
+ |
46 |
+MY_PV="${PV/_p/-P}" |
47 |
+MY_PV="${MY_PV/_rc/rc}" |
48 |
+MY_P="${PN}-${MY_PV}" |
49 |
+ |
50 |
+SDB_LDAP_VER="1.1.0-fc14" |
51 |
+ |
52 |
+RRL_PV="${MY_PV}" |
53 |
+ |
54 |
+# SDB-LDAP: http://bind9-ldap.bayour.com/ |
55 |
+ |
56 |
+DESCRIPTION="Berkeley Internet Name Domain - Name Server" |
57 |
+HOMEPAGE="https://www.isc.org/software/bind" |
58 |
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz |
59 |
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )" |
60 |
+ |
61 |
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" |
62 |
+SLOT="0" |
63 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" |
64 |
+# -berkdb by default re bug 602682 |
65 |
+IUSE="-berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi |
66 |
+json ldap libressl lmdb mysql odbc postgres python selinux static-libs |
67 |
+urandom xml +zlib" |
68 |
+# sdb-ldap - patch broken |
69 |
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
70 |
+ |
71 |
+# Upstream dropped the old geoip library, but the BIND configuration for using |
72 |
+# GeoIP remained the same. |
73 |
+REQUIRED_USE=" |
74 |
+ postgres? ( dlz ) |
75 |
+ berkdb? ( dlz ) |
76 |
+ mysql? ( dlz ) |
77 |
+ odbc? ( dlz ) |
78 |
+ ldap? ( dlz ) |
79 |
+ dnsrps? ( dlz ) |
80 |
+ python? ( ${PYTHON_REQUIRED_USE} ) |
81 |
+" |
82 |
+ |
83 |
+DEPEND=" |
84 |
+ acct-group/named |
85 |
+ acct-user/named |
86 |
+ !libressl? ( dev-libs/openssl:=[-bindist] ) |
87 |
+ libressl? ( dev-libs/libressl:= ) |
88 |
+ mysql? ( dev-db/mysql-connector-c:0= ) |
89 |
+ odbc? ( >=dev-db/unixODBC-2.2.6 ) |
90 |
+ ldap? ( net-nds/openldap ) |
91 |
+ postgres? ( dev-db/postgresql:= ) |
92 |
+ caps? ( >=sys-libs/libcap-2.1.0 ) |
93 |
+ xml? ( dev-libs/libxml2 ) |
94 |
+ geoip? ( dev-libs/libmaxminddb ) |
95 |
+ geoip2? ( dev-libs/libmaxminddb ) |
96 |
+ gssapi? ( virtual/krb5 ) |
97 |
+ json? ( dev-libs/json-c:= ) |
98 |
+ lmdb? ( dev-db/lmdb ) |
99 |
+ zlib? ( sys-libs/zlib ) |
100 |
+ dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) |
101 |
+ python? ( |
102 |
+ ${PYTHON_DEPS} |
103 |
+ dev-python/ply[${PYTHON_USEDEP}] |
104 |
+ ) |
105 |
+ dev-libs/libuv:= |
106 |
+" |
107 |
+ |
108 |
+RDEPEND="${DEPEND} |
109 |
+ selinux? ( sec-policy/selinux-bind ) |
110 |
+ sys-process/psmisc" |
111 |
+ |
112 |
+S="${WORKDIR}/${MY_P}" |
113 |
+ |
114 |
+PATCHES=( |
115 |
+ # should fix https://bugs.gentoo.org/741162 taken from: |
116 |
+ # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4073 |
117 |
+ "${FILESDIR}/bind-9.16.6-bug-741162.patch" |
118 |
+ |
119 |
+ "${FILESDIR}/ldap-library-path-on-multilib-machines.patch" |
120 |
+) |
121 |
+ |
122 |
+# bug 479092, requires networking |
123 |
+# bug 710840, cmocka fails LDFLAGS='-Wl,-O1' |
124 |
+#RESTRICT="test" |
125 |
+ |
126 |
+src_prepare() { |
127 |
+ default |
128 |
+ |
129 |
+ # should be installed by bind-tools |
130 |
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die |
131 |
+ |
132 |
+ # Disable tests for now, bug 406399 |
133 |
+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die |
134 |
+ |
135 |
+ # bug #220361 |
136 |
+ rm aclocal.m4 || die |
137 |
+ rm -rf libtool.m4/ || die |
138 |
+ eautoreconf |
139 |
+ |
140 |
+ use python && python_copy_sources |
141 |
+} |
142 |
+ |
143 |
+src_configure() { |
144 |
+ bind_configure --without-python |
145 |
+ use python && python_foreach_impl python_configure |
146 |
+} |
147 |
+ |
148 |
+bind_configure() { |
149 |
+ local myeconfargs=( |
150 |
+ AR="$(type -P $(tc-getAR))" |
151 |
+ --prefix="${EPREFIX}"/usr |
152 |
+ --sysconfdir=/etc/bind |
153 |
+ --localstatedir=/var |
154 |
+ --with-libtool |
155 |
+ --enable-full-report |
156 |
+ --without-readline |
157 |
+ --with-openssl="${EPREFIX}"/usr |
158 |
+ --without-cmocka |
159 |
+ $(use_enable caps linux-caps) |
160 |
+ $(use_enable dnsrps) |
161 |
+ $(use_enable dnstap) |
162 |
+ $(use_enable fixed-rrset) |
163 |
+ # $(use_enable static-libs static) |
164 |
+ $(use_with berkdb dlz-bdb) |
165 |
+ $(use_with dlz dlopen) |
166 |
+ $(use_with dlz dlz-filesystem) |
167 |
+ $(use_with dlz dlz-stub) |
168 |
+ $(use_with gssapi) |
169 |
+ $(use_with json json-c) |
170 |
+ $(use_with ldap dlz-ldap) |
171 |
+ $(use_with mysql dlz-mysql) |
172 |
+ $(use_with odbc dlz-odbc) |
173 |
+ $(use_with postgres dlz-postgres) |
174 |
+ $(use_with lmdb) |
175 |
+ $(use_with xml libxml2) |
176 |
+ $(use_with zlib) |
177 |
+ "${@}" |
178 |
+ ) |
179 |
+ # This is for users to start to migrate back to USE=geoip, rather than |
180 |
+ # USE=geoip2 |
181 |
+ if use geoip ; then |
182 |
+ myeconfargs+=( $(use_with geoip maxminddb) ) |
183 |
+ elif use geoip2 ; then |
184 |
+ myeconfargs+=( $(use_with geoip2 maxminddb) ) |
185 |
+ else |
186 |
+ myeconfargs+=( --without-maxminddb ) |
187 |
+ fi |
188 |
+ |
189 |
+ # bug #158664 |
190 |
+# gcc-specs-ssp && replace-flags -O[23s] -O |
191 |
+ |
192 |
+ # To include db.h from proper path |
193 |
+ use berkdb && append-flags "-I$(db_includedir)" |
194 |
+ |
195 |
+ export BUILD_CC=$(tc-getBUILD_CC) |
196 |
+ econf "${myeconfargs[@]}" |
197 |
+ |
198 |
+ # bug #151839 |
199 |
+ echo '#undef SO_BSDCOMPAT' >> config.h |
200 |
+} |
201 |
+ |
202 |
+python_configure() { |
203 |
+ pushd "${BUILD_DIR}" >/dev/null || die |
204 |
+ bind_configure --with-python |
205 |
+ popd >/dev/null || die |
206 |
+} |
207 |
+ |
208 |
+src_compile() { |
209 |
+ default |
210 |
+ use python && python_foreach_impl python_compile |
211 |
+} |
212 |
+ |
213 |
+python_compile() { |
214 |
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die |
215 |
+ emake |
216 |
+ popd >/dev/null || die |
217 |
+} |
218 |
+ |
219 |
+src_install() { |
220 |
+ default |
221 |
+ |
222 |
+ # don't create /var/run |
223 |
+ rmdir "${ED}"/var/run || die |
224 |
+ |
225 |
+ dodoc CHANGES README |
226 |
+ |
227 |
+ if use doc; then |
228 |
+ docinto misc |
229 |
+ dodoc -r doc/misc/ |
230 |
+ |
231 |
+ # might a 'html' useflag make sense? |
232 |
+ docinto html |
233 |
+ dodoc -r doc/arm/ |
234 |
+ |
235 |
+ docinto contrib |
236 |
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} |
237 |
+ |
238 |
+ # some handy-dandy dynamic dns examples |
239 |
+ pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die |
240 |
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
241 |
+ popd 1>/dev/null || die |
242 |
+ fi |
243 |
+ |
244 |
+ insinto /etc/bind |
245 |
+ newins "${FILESDIR}"/named.conf-r8 named.conf |
246 |
+ |
247 |
+ # ftp://ftp.rs.internic.net/domain/named.cache: |
248 |
+ insinto /var/bind |
249 |
+ newins "${FILESDIR}"/named.cache-r3 named.cache |
250 |
+ |
251 |
+ insinto /var/bind/pri |
252 |
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
253 |
+ |
254 |
+ newinitd "${FILESDIR}"/named.init-r13 named |
255 |
+ newconfd "${FILESDIR}"/named.confd-r7 named |
256 |
+ |
257 |
+ newenvd "${FILESDIR}"/10bind.env 10bind |
258 |
+ |
259 |
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools |
260 |
+ rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die |
261 |
+ rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die |
262 |
+ rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die |
263 |
+ rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die |
264 |
+ for tool in dsfromkey importkey keyfromlabel keygen \ |
265 |
+ revoke settime signzone verify; do |
266 |
+ rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die |
267 |
+ rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die |
268 |
+ done |
269 |
+ |
270 |
+ # bug 405251, library archives aren't properly handled by --enable/disable-static |
271 |
+ if ! use static-libs; then |
272 |
+ find "${ED}" -type f -name '*.a' -delete || die |
273 |
+ fi |
274 |
+ |
275 |
+ # bug 405251 |
276 |
+ find "${ED}" -type f -name '*.la' -delete || die |
277 |
+ |
278 |
+ use python && python_foreach_impl python_install |
279 |
+ |
280 |
+ # bug 450406 |
281 |
+ dosym named.cache /var/bind/root.cache |
282 |
+ |
283 |
+ dosym ../../var/bind/pri /etc/bind/pri |
284 |
+ dosym ../../var/bind/sec /etc/bind/sec |
285 |
+ dosym ../../var/bind/dyn /etc/bind/dyn |
286 |
+ keepdir /var/bind/{pri,sec,dyn} /var/log/named |
287 |
+ |
288 |
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} |
289 |
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} |
290 |
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} |
291 |
+ fperms 0750 /etc/bind /var/bind/pri |
292 |
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn} |
293 |
+ |
294 |
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service |
295 |
+ systemd_dotmpfilesd "${FILESDIR}"/named.conf |
296 |
+ exeinto /usr/libexec |
297 |
+ doexe "${FILESDIR}/generate-rndc-key.sh" |
298 |
+} |
299 |
+ |
300 |
+python_install() { |
301 |
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die |
302 |
+ emake DESTDIR="${D}" install |
303 |
+ python_scriptinto /usr/sbin |
304 |
+ python_doscript dnssec-{checkds,coverage} |
305 |
+ python_optimize |
306 |
+ popd >/dev/null || die |
307 |
+} |
308 |
+ |
309 |
+pkg_postinst() { |
310 |
+ if [ ! -f '/etc/bind/rndc.key' ]; then |
311 |
+ if use urandom; then |
312 |
+ einfo "Using /dev/urandom for generating rndc.key" |
313 |
+ /usr/sbin/rndc-confgen -r /dev/urandom -a |
314 |
+ echo |
315 |
+ else |
316 |
+ einfo "Using /dev/random for generating rndc.key" |
317 |
+ /usr/sbin/rndc-confgen -a |
318 |
+ echo |
319 |
+ fi |
320 |
+ chown root:named /etc/bind/rndc.key || die |
321 |
+ chmod 0640 /etc/bind/rndc.key || die |
322 |
+ fi |
323 |
+ |
324 |
+ einfo |
325 |
+ einfo "You can edit /etc/conf.d/named to customize named settings" |
326 |
+ einfo |
327 |
+ use mysql || use postgres || use ldap && { |
328 |
+ elog "If your named depends on MySQL/PostgreSQL or LDAP," |
329 |
+ elog "uncomment the specified rc_named_* lines in your" |
330 |
+ elog "/etc/conf.d/named config to ensure they'll start before bind" |
331 |
+ einfo |
332 |
+ } |
333 |
+ einfo "If you'd like to run bind in a chroot AND this is a new" |
334 |
+ einfo "install OR your bind doesn't already run in a chroot:" |
335 |
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
336 |
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
337 |
+ einfo |
338 |
+ |
339 |
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
340 |
+ if [[ -n ${CHROOT} ]]; then |
341 |
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
342 |
+ elog "To enable the old behaviour (without using mount) uncomment the" |
343 |
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
344 |
+ elog "If you decide to use the new/default method, ensure to make backup" |
345 |
+ elog "first and merge your existing configs/zones to /etc/bind and" |
346 |
+ elog "/var/bind because bind will now mount the needed directories into" |
347 |
+ elog "the chroot dir." |
348 |
+ fi |
349 |
+} |
350 |
+ |
351 |
+pkg_config() { |
352 |
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
353 |
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
354 |
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
355 |
+ |
356 |
+ if [[ -z "${CHROOT}" ]]; then |
357 |
+ eerror "This config script is designed to automate setting up" |
358 |
+ eerror "a chrooted bind/named. To do so, please first uncomment" |
359 |
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
360 |
+ die "Unset CHROOT" |
361 |
+ fi |
362 |
+ if [[ -d "${CHROOT}" ]]; then |
363 |
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
364 |
+ ewarn "To enable the old behaviour (without using mount) uncomment the" |
365 |
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
366 |
+ ewarn |
367 |
+ ewarn "${CHROOT} already exists... some things might become overridden" |
368 |
+ ewarn "press CTRL+C if you don't want to continue" |
369 |
+ sleep 10 |
370 |
+ fi |
371 |
+ |
372 |
+ echo; einfo "Setting up the chroot directory..." |
373 |
+ |
374 |
+ mkdir -m 0750 -p ${CHROOT} || die |
375 |
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die |
376 |
+ mkdir -m 0750 -p ${CHROOT}/etc/bind || die |
377 |
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die |
378 |
+ |
379 |
+ chown root:named \ |
380 |
+ ${CHROOT} \ |
381 |
+ ${CHROOT}/var/{bind,log/named} \ |
382 |
+ ${CHROOT}/run/named/ \ |
383 |
+ ${CHROOT}/etc/bind \ |
384 |
+ || die |
385 |
+ |
386 |
+ mknod ${CHROOT}/dev/null c 1 3 || die |
387 |
+ chmod 0666 ${CHROOT}/dev/null || die |
388 |
+ |
389 |
+ mknod ${CHROOT}/dev/zero c 1 5 || die |
390 |
+ chmod 0666 ${CHROOT}/dev/zero || die |
391 |
+ |
392 |
+ if use urandom; then |
393 |
+ mknod ${CHROOT}/dev/urandom c 1 9 || die |
394 |
+ chmod 0666 ${CHROOT}/dev/urandom || die |
395 |
+ else |
396 |
+ mknod ${CHROOT}/dev/random c 1 8 || die |
397 |
+ chmod 0666 ${CHROOT}/dev/random || die |
398 |
+ fi |
399 |
+ |
400 |
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
401 |
+ cp -a /etc/bind ${CHROOT}/etc/ || die |
402 |
+ cp -a /var/bind ${CHROOT}/var/ || die |
403 |
+ fi |
404 |
+ |
405 |
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
406 |
+ if use geoip; then |
407 |
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die |
408 |
+ elif use geoip2; then |
409 |
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die |
410 |
+ fi |
411 |
+ fi |
412 |
+ |
413 |
+ elog "You may need to add the following line to your syslog-ng.conf:" |
414 |
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
415 |
+} |