1 |
commit: 75fcd1e0092ab0132cb453dcfbcb509a37b6bfbd |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Oct 5 02:51:06 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Oct 5 02:52:32 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75fcd1e0 |
7 |
|
8 |
net-dns/dnssec-root: bump, add trust anchors from 2017-02-03 |
9 |
|
10 |
- Ebuild rewritten |
11 |
- EAPI bumped to EAPI=7 |
12 |
|
13 |
Package-Manager: Portage-2.3.50, Repoman-2.3.11 |
14 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
15 |
|
16 |
net-dns/dnssec-root/Manifest | 3 + |
17 |
net-dns/dnssec-root/dnssec-root-20150403.ebuild | 4 +- |
18 |
net-dns/dnssec-root/dnssec-root-20170203.ebuild | 79 +++++++++++++++++++++++++ |
19 |
3 files changed, 84 insertions(+), 2 deletions(-) |
20 |
|
21 |
diff --git a/net-dns/dnssec-root/Manifest b/net-dns/dnssec-root/Manifest |
22 |
index 414d55341d7..04cdb296d91 100644 |
23 |
--- a/net-dns/dnssec-root/Manifest |
24 |
+++ b/net-dns/dnssec-root/Manifest |
25 |
@@ -2,6 +2,9 @@ DIST Kjqmt7v-20100715.csr 765 BLAKE2B 7bb224d49a340d583c3bcfce7b8f9b1c12cb955998 |
26 |
DIST Kjqmt7v-20150504.crt 974 BLAKE2B 24a4edd7638e14dd0983ea160f20613980342b78d8de0c9e7891e0b06c94c84e31ec2391cc40b745d1415310d6be0d11f415701feca288e253446101aeac886a SHA512 98adfc6a5d37c632eda9f642449ecd6c1bf1d49ebed2750cfe3bd99629b4935f51ecc4aafbd6ea69595b2f2cb15887bd9a1647aa255a564263f5c7b648c7adf1 |
27 |
DIST icann-20110715.pgp 3401 BLAKE2B 0f1eabed0ab0d5ec78c5387c7f2b3a13a1da12643d6b60e39766d18ac603ef673e204bd7df5d600fa53cdbf51fcff5dfe6b690cddc3559cae95405ca96e7b391 SHA512 5fba8334850f2ae753f4f8a30d1e6c62abc341ece2dc83df4bc0f6db2b91ae68942c0d2a38eab3d33b5b91640cd1cf0970777225c15d5f961884c00077d539a2 |
28 |
DIST icannbundle-20150504.pem 17435 BLAKE2B 3e532398142ebf62dc52174c4c705ebdd6a634a67e7ce6c1e0a38d41fdab548afd1b0b75f58481d69578fd0fd97b236c62fdbe65efc3ced132115826eff695d4 SHA512 f9b9e43ad71608921d1e79f25cd98ca8c712256d4e31b04035a9aac7b46f3ec951089ca23e84500c5901d53afb66991a30818b4cd6f6de6885a107f486f56994 |
29 |
+DIST icannbundle-20170203.pem 13026 BLAKE2B 36f760c69e8e22036d7d927071be25508b6906838f0f468900385d5a3b9ce301c5688f9bdcab471abc5445a14bfbbe34ecb39ca131b01d9e6bbebcc3f1481241 SHA512 6a8b8bec6d104d31253a8acafc1694a095714537a39a4dc53a379ac900c83715f85d75ea7322de430557691ff31ec95ae5104f47b050da3568dd68377c2d5767 |
30 |
DIST root-anchors-20100715.asc 189 BLAKE2B b709f2f67cd3e197fcaf0ac2556434ff0b4fd86114084e3281f27b70ecb4770b81f22d22f46c6173f0eef384ce5440685af8e77b75c576ce55e8dbdc79d86c49 SHA512 e9c86b897d7e8edb979cba4bebe353b7c7f21b4061cd6f571c8671b02e73c2ea0b78a980169fa7d40987b9e962a0f1ba17dbb392b5ec6ad14fedce65a139c913 |
31 |
DIST root-anchors-20100715.xml 418 BLAKE2B 71e809ed74c25283ea1db36707be57965d5b2dd28e6bf055851866746455bbc672e87b310b38b069936545a6ce99dbf67b1d542d78ef3ef84b76b31bd129ea8d SHA512 bca506c852bc83aa9d04ed0b52bef6d0baec745e466292273d52f49fd73cec73db4c6d55a9921fe086c7edc618f3ab21dc03146b6d617644495b3926e262e572 |
32 |
DIST root-anchors-20150504.p7s 5001 BLAKE2B 088dc39160013dbc63a82fcb7666c7c73707958dddbaf730ea212a038301549ce19109ec2b11962a0855f864bc8675142b21aa65884be9eecdf5b9b9898e4f36 SHA512 af188871f2ef7f9efb0d3f4822754e962fb921d62de925823f90a0c7dbe80b7a0188534adbdb324680ae981912968fcfa851eb72fb37694df8701fd749e7ff51 |
33 |
+DIST root-anchors-20170203.p7s 4095 BLAKE2B 21c3d482cd2faa7dd85b45385b4dd4a00c8f0f5e8060a9f99df4e309e6d11bd77ae2dcc68d51eefed685dc48e9bba578ef885a6058ee3862072cdc156d254c1f SHA512 caecf5fbe3b0db140ed506fc7a3711e89e1fc2dacbdc7aefb36766f07af4c97c42466000e51bc2e9cd46a3764ccd482b93da448861aaed90a0f5cf13103b4792 |
34 |
+DIST root-anchors-20170203.xml 651 BLAKE2B 0f2321e27cfbf88fecee0840db3b3265c6f062753b8a15d972dca12c19fdfea616470fe200b7ec4cb069553f532b6464a2784d56636d9096956eabc496eb4a6e SHA512 a0799cf2d5bec0d527d511e016a075ffd0af450eda010a4c780f7e12b2218ec577576137703cf1413352d3aac3cfda945a8a830dbb3618557f5e629049d763f4 |
35 |
|
36 |
diff --git a/net-dns/dnssec-root/dnssec-root-20150403.ebuild b/net-dns/dnssec-root/dnssec-root-20150403.ebuild |
37 |
index 658f6733f18..7ecb2da667e 100644 |
38 |
--- a/net-dns/dnssec-root/dnssec-root-20150403.ebuild |
39 |
+++ b/net-dns/dnssec-root/dnssec-root-20150403.ebuild |
40 |
@@ -1,4 +1,4 @@ |
41 |
-# Copyright 1999-2017 Gentoo Foundation |
42 |
+# Copyright 1999-2018 Gentoo Authors |
43 |
# Distributed under the terms of the GNU General Public License v2 |
44 |
|
45 |
EAPI=5 |
46 |
@@ -23,7 +23,7 @@ SRC_URI="http://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${DA |
47 |
|
48 |
LICENSE="public-domain" |
49 |
SLOT="0" |
50 |
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-macos" |
51 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-macos" |
52 |
IUSE="test" |
53 |
|
54 |
RDEPEND="" |
55 |
|
56 |
diff --git a/net-dns/dnssec-root/dnssec-root-20170203.ebuild b/net-dns/dnssec-root/dnssec-root-20170203.ebuild |
57 |
new file mode 100644 |
58 |
index 00000000000..b91a0948970 |
59 |
--- /dev/null |
60 |
+++ b/net-dns/dnssec-root/dnssec-root-20170203.ebuild |
61 |
@@ -0,0 +1,79 @@ |
62 |
+# Copyright 1999-2018 Gentoo Authors |
63 |
+# Distributed under the terms of the GNU General Public License v2 |
64 |
+ |
65 |
+EAPI="7" |
66 |
+ |
67 |
+DESCRIPTION="The DNSSEC root key(s)" |
68 |
+HOMEPAGE="https://www.iana.org/dnssec/" |
69 |
+SRC_URI="https://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${PV}.xml |
70 |
+ https://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-${PV}.p7s |
71 |
+ https://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-${PV}.pem" |
72 |
+ |
73 |
+LICENSE="public-domain" |
74 |
+SLOT="0" |
75 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-macos" |
76 |
+IUSE="" |
77 |
+ |
78 |
+RDEPEND="" |
79 |
+DEPEND="dev-perl/XML-XPath" |
80 |
+ |
81 |
+src_unpack() { |
82 |
+ mkdir "${S}" || die |
83 |
+ |
84 |
+ cp -t "${S}" "${DISTDIR}"/root-anchors-${PV}.{p7s,xml} "${DISTDIR}"/icannbundle-${PV}.pem || die |
85 |
+} |
86 |
+ |
87 |
+src_prepare() { |
88 |
+ mv root-anchors-${PV}.xml root-anchors.xml || die |
89 |
+ mv root-anchors-${PV}.p7s root-anchors.p7s || die |
90 |
+ mv icannbundle-${PV}.pem icannbundle.pem || die |
91 |
+ |
92 |
+ if has_version "dev-libs/openssl" ; then |
93 |
+ # Signature validating is optional: |
94 |
+ # - We are already downloading SRC, signature file & CA from same URI |
95 |
+ # - We store checksums for distfiles |
96 |
+ einfo "dev-libs/openssl is available, will validate signature of root-anchors.xml" |
97 |
+ openssl smime -verify \ |
98 |
+ -content root-anchors.xml \ |
99 |
+ -in root-anchors.p7s -inform der \ |
100 |
+ -CAfile icannbundle.pem || die "OpenSSL S/Mime verify failed" |
101 |
+ else |
102 |
+ einfo "dev-libs/openssl is not available, skipping optional validation root-anchors.xml" |
103 |
+ fi |
104 |
+ |
105 |
+ default |
106 |
+} |
107 |
+ |
108 |
+src_compile() { |
109 |
+ local KEYTAGS="" ALGORITHMS="" DIGESTTYPES="" DIGESTS="" i=1 |
110 |
+ |
111 |
+ KEYTAGS=$(xpath -q -e '/TrustAnchor/KeyDigest/KeyTag/node()' root-anchors.xml) |
112 |
+ ALGORITHMS=$(xpath -q -e '/TrustAnchor/KeyDigest/Algorithm/node()' root-anchors.xml) |
113 |
+ DIGESTTYPES=$(xpath -q -e '/TrustAnchor/KeyDigest/DigestType/node()' root-anchors.xml) |
114 |
+ DIGESTS=$(xpath -q -e '/TrustAnchor/KeyDigest/Digest/node()' root-anchors.xml) |
115 |
+ while [ 1 ] ; do |
116 |
+ KEYTAG=$(echo ${KEYTAGS} | cut -d" " -f$i) |
117 |
+ [[ "${KEYTAG}" != "" ]] || break |
118 |
+ |
119 |
+ ALGORITHM=$(echo ${ALGORITHMS} | cut -d" " -f$i) |
120 |
+ [[ "${ALGORITHM}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing algorithm" |
121 |
+ |
122 |
+ DIGESTTYPE=$(echo ${DIGESTTYPES} | cut -d" " -f$i) |
123 |
+ [[ "${DIGESTTYPE}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest type" |
124 |
+ |
125 |
+ DIGEST=$(echo ${DIGESTS} | cut -d" " -f$i) |
126 |
+ [[ "${DIGEST}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest" |
127 |
+ |
128 |
+ echo ". IN DS $KEYTAG $ALGORITHM $DIGESTTYPE $DIGEST" >> root-anchors.txt |
129 |
+ i=`expr $i + 1` |
130 |
+ done |
131 |
+ |
132 |
+ if [[ ! -s "root-anchors.txt" ]] ; then |
133 |
+ die "Sanity check failed: root-anchors.txt is empty or does not exist!" |
134 |
+ fi |
135 |
+} |
136 |
+ |
137 |
+src_install() { |
138 |
+ insinto /etc/dnssec |
139 |
+ doins root-anchors.{p7s,txt,xml} icannbundle.pem |
140 |
+} |