1 |
idl0r 13/07/29 19:31:14 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: bind-9.9.3_p2.ebuild bind-9.8.5_p2.ebuild |
5 |
Removed: bind-9.8.5_p1.ebuild bind-9.9.2_p1.ebuild |
6 |
bind-9.9.3_p1.ebuild |
7 |
Log: |
8 |
Version bumps, cleanup. Fixes CVE-2013-4854 |
9 |
|
10 |
(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key B427ABC8) |
11 |
|
12 |
Revision Changes Path |
13 |
1.459 net-dns/bind/ChangeLog |
14 |
|
15 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.459&view=markup |
16 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.459&content-type=text/plain |
17 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?r1=1.458&r2=1.459 |
18 |
|
19 |
Index: ChangeLog |
20 |
=================================================================== |
21 |
RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v |
22 |
retrieving revision 1.458 |
23 |
retrieving revision 1.459 |
24 |
diff -u -r1.458 -r1.459 |
25 |
--- ChangeLog 13 Jul 2013 11:43:26 -0000 1.458 |
26 |
+++ ChangeLog 29 Jul 2013 19:31:14 -0000 1.459 |
27 |
@@ -1,6 +1,14 @@ |
28 |
# ChangeLog for net-dns/bind |
29 |
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 |
30 |
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.458 2013/07/13 11:43:26 pacho Exp $ |
31 |
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.459 2013/07/29 19:31:14 idl0r Exp $ |
32 |
+ |
33 |
+*bind-9.9.3_p2 (29 Jul 2013) |
34 |
+*bind-9.8.5_p2 (29 Jul 2013) |
35 |
+ |
36 |
+ 29 Jul 2013; Christian Ruppert <idl0r@g.o> -bind-9.8.5_p1.ebuild, |
37 |
+ +bind-9.8.5_p2.ebuild, -bind-9.9.2_p1.ebuild, -bind-9.9.3_p1.ebuild, |
38 |
+ +bind-9.9.3_p2.ebuild: |
39 |
+ Version bumps, cleanup. Fixes CVE-2013-4854 |
40 |
|
41 |
13 Jul 2013; Pacho Ramos <pacho@g.o> +files/generate-rndc-key.sh, |
42 |
+files/named.conf, +files/named.service, bind-9.9.3_p1.ebuild: |
43 |
|
44 |
|
45 |
|
46 |
1.1 net-dns/bind/bind-9.9.3_p2.ebuild |
47 |
|
48 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p2.ebuild?rev=1.1&view=markup |
49 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p2.ebuild?rev=1.1&content-type=text/plain |
50 |
|
51 |
Index: bind-9.9.3_p2.ebuild |
52 |
=================================================================== |
53 |
# Copyright 1999-2013 Gentoo Foundation |
54 |
# Distributed under the terms of the GNU General Public License v2 |
55 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.3_p2.ebuild,v 1.1 2013/07/29 19:31:14 idl0r Exp $ |
56 |
|
57 |
# Re dlz/mysql and threads, needs to be verified.. |
58 |
# MySQL uses thread local storage in its C api. Thus MySQL |
59 |
# requires that each thread of an application execute a MySQL |
60 |
# thread initialization to setup the thread local storage. |
61 |
# This is impossible to do safely while staying within the DLZ |
62 |
# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
63 |
# Because of this BIND MUST only run with a single thread when |
64 |
# using the MySQL driver. |
65 |
|
66 |
EAPI="4" |
67 |
|
68 |
PYTHON_DEPEND="python? 2:2.7 3" |
69 |
SUPPORT_PYTHON_ABIS="1" |
70 |
|
71 |
inherit python eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd |
72 |
|
73 |
MY_PV="${PV/_p/-P}" |
74 |
MY_PV="${MY_PV/_rc/rc}" |
75 |
MY_P="${PN}-${MY_PV}" |
76 |
|
77 |
SDB_LDAP_VER="1.1.0-fc14" |
78 |
|
79 |
# bind-9.8.0-P1-geoip-1.3.patch |
80 |
GEOIP_PV=1.3 |
81 |
#GEOIP_PV_AGAINST="${MY_PV}" |
82 |
GEOIP_PV_AGAINST="9.9.2" |
83 |
GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}" |
84 |
GEOIP_PATCH_A="${GEOIP_P}.patch" |
85 |
GEOIP_DOC_A="bind-geoip-1.3-readme.txt" |
86 |
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/" |
87 |
|
88 |
RRL_PV="${MY_PV}" |
89 |
|
90 |
# GeoIP: http://bind-geoip.googlecode.com/ |
91 |
# DNS RRL: http://www.redbarn.org/dns/ratelimits/ |
92 |
# SDB-LDAP: http://bind9-ldap.bayour.com/ |
93 |
|
94 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
95 |
HOMEPAGE="http://www.isc.org/software/bind" |
96 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
97 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 ) |
98 |
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A} |
99 |
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} ) |
100 |
sdb-ldap? ( |
101 |
http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 |
102 |
) |
103 |
rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )" |
104 |
|
105 |
LICENSE="ISC BSD BSD-2 HPND JNIC openssl" |
106 |
SLOT="0" |
107 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
108 |
IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc |
109 |
postgres python rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml" |
110 |
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
111 |
|
112 |
REQUIRED_USE="postgres? ( dlz ) |
113 |
berkdb? ( dlz ) |
114 |
mysql? ( dlz !threads ) |
115 |
odbc? ( dlz ) |
116 |
ldap? ( dlz ) |
117 |
sdb-ldap? ( dlz ) |
118 |
gost? ( ssl ) |
119 |
threads? ( caps )" |
120 |
|
121 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
122 |
mysql? ( >=virtual/mysql-4.0 ) |
123 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
124 |
ldap? ( net-nds/openldap ) |
125 |
idn? ( net-dns/idnkit ) |
126 |
postgres? ( dev-db/postgresql-base ) |
127 |
caps? ( >=sys-libs/libcap-2.1.0 ) |
128 |
xml? ( dev-libs/libxml2 ) |
129 |
geoip? ( >=dev-libs/geoip-1.4.6 ) |
130 |
gssapi? ( virtual/krb5 ) |
131 |
sdb-ldap? ( net-nds/openldap ) |
132 |
gost? ( >=dev-libs/openssl-1.0.0[-bindist] ) |
133 |
python? ( virtual/python-argparse )" |
134 |
|
135 |
RDEPEND="${DEPEND} |
136 |
selinux? ( sec-policy/selinux-bind ) |
137 |
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
138 |
|
139 |
S="${WORKDIR}/${MY_P}" |
140 |
|
141 |
pkg_setup() { |
142 |
ebegin "Creating named group and user" |
143 |
enewgroup named 40 |
144 |
enewuser named 40 -1 /etc/bind named |
145 |
eend ${?} |
146 |
|
147 |
if use python; then |
148 |
python_pkg_setup |
149 |
fi |
150 |
} |
151 |
|
152 |
src_prepare() { |
153 |
# Adjusting PATHs in manpages |
154 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
155 |
sed -i \ |
156 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
157 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
158 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
159 |
"${i}" || die "sed failed, ${i} doesn't exist" |
160 |
done |
161 |
|
162 |
if use dlz; then |
163 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
164 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
165 |
if use mysql && has_version ">=dev-db/mysql-5"; then |
166 |
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
167 |
fi |
168 |
|
169 |
if use odbc; then |
170 |
epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch" |
171 |
fi |
172 |
|
173 |
# sdb-ldap patch as per bug #160567 |
174 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
175 |
# New patch take from bug 302735 |
176 |
if use sdb-ldap; then |
177 |
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
178 |
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
179 |
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
180 |
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
181 |
fi |
182 |
fi |
183 |
|
184 |
# should be installed by bind-tools |
185 |
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die |
186 |
|
187 |
if use geoip; then |
188 |
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die |
189 |
sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
190 |
-e 's:RELEASEVER=:RELEASEVER=2:' \ |
191 |
${GEOIP_PATCH_A} || die |
192 |
# sed -i -e 's:RELEASEVER=2:RELEASEVER=3:' ${GEOIP_PATCH_A} || die |
193 |
epatch ${GEOIP_PATCH_A} |
194 |
fi |
195 |
|
196 |
if use rrl; then |
197 |
cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die |
198 |
# sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
199 |
# -e 's:^ RELEASEVER=: RELEASEVER=1:' \ |
200 |
# rl-${RRL_PV}.patch || die |
201 |
|
202 |
# Response Rate Limiting (DNS RRL) - bug 434650 |
203 |
epatch rl-${RRL_PV}.patch |
204 |
fi |
205 |
|
206 |
# Disable tests for now, bug 406399 |
207 |
sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die |
208 |
|
209 |
# bug #220361 |
210 |
rm aclocal.m4 |
211 |
rm -rf libtool.m4/ |
212 |
eautoreconf |
213 |
} |
214 |
|
215 |
src_configure() { |
216 |
local myconf="" |
217 |
|
218 |
if use urandom; then |
219 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
220 |
else |
221 |
myconf="${myconf} --with-randomdev=/dev/random" |
222 |
fi |
223 |
|
224 |
use geoip && myconf="${myconf} --with-geoip" |
225 |
|
226 |
# bug #158664 |
227 |
# gcc-specs-ssp && replace-flags -O[23s] -O |
228 |
|
229 |
# To include db.h from proper path |
230 |
use berkdb && append-flags "-I$(db_includedir)" |
231 |
|
232 |
export BUILD_CC=$(tc-getBUILD_CC) |
233 |
econf \ |
234 |
--sysconfdir=/etc/bind \ |
235 |
--localstatedir=/var \ |
236 |
--with-libtool \ |
237 |
$(use_enable threads) \ |
238 |
$(use_with dlz dlopen) \ |
239 |
$(use_with dlz dlz-filesystem) \ |
240 |
$(use_with dlz dlz-stub) \ |
241 |
$(use_with postgres dlz-postgres) \ |
242 |
$(use_with mysql dlz-mysql) \ |
243 |
$(use_with berkdb dlz-bdb) \ |
244 |
$(use_with ldap dlz-ldap) \ |
245 |
$(use_with odbc dlz-odbc) \ |
246 |
$(use_with ssl openssl "${EPREFIX}"/usr) \ |
247 |
$(use_with ssl ecdsa) \ |
248 |
$(use_with idn) \ |
249 |
$(use_enable ipv6) \ |
250 |
$(use_with xml libxml2) \ |
251 |
$(use_enable xml newstats) \ |
252 |
$(use_with gssapi) \ |
253 |
$(use_enable rpz rpz-nsip) \ |
254 |
$(use_enable rpz rpz-nsdname) \ |
255 |
$(use_enable caps linux-caps) \ |
256 |
$(use_with gost) \ |
257 |
$(use_enable filter-aaaa) \ |
258 |
$(use_with python) \ |
259 |
--without-readline \ |
260 |
${myconf} |
261 |
|
262 |
# $(use_enable static-libs static) \ |
263 |
|
264 |
# bug #151839 |
265 |
echo '#undef SO_BSDCOMPAT' >> config.h |
266 |
} |
267 |
|
268 |
src_install() { |
269 |
emake DESTDIR="${D}" install |
270 |
|
271 |
dodoc CHANGES FAQ README |
272 |
|
273 |
if use idn; then |
274 |
dodoc contrib/idn/README.idnkit |
275 |
fi |
276 |
|
277 |
if use doc; then |
278 |
dodoc doc/arm/Bv9ARM.pdf |
279 |
|
280 |
docinto misc |
281 |
dodoc doc/misc/* |
282 |
|
283 |
# might a 'html' useflag make sense? |
284 |
docinto html |
285 |
dohtml -r doc/arm/* |
286 |
|
287 |
docinto contrib |
288 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
289 |
contrib/nanny/nanny.pl |
290 |
|
291 |
# some handy-dandy dynamic dns examples |
292 |
pushd "${D}"/usr/share/doc/${PF} 1>/dev/null |
293 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
294 |
popd 1>/dev/null |
295 |
fi |
296 |
|
297 |
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A} |
298 |
|
299 |
insinto /etc/bind |
300 |
newins "${FILESDIR}"/named.conf-r6 named.conf |
301 |
|
302 |
# ftp://ftp.rs.internic.net/domain/named.cache: |
303 |
insinto /var/bind |
304 |
doins "${FILESDIR}"/named.cache |
305 |
|
306 |
insinto /var/bind/pri |
307 |
newins "${FILESDIR}"/127.zone-r1 127.zone |
308 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
309 |
|
310 |
newinitd "${FILESDIR}"/named.init-r12 named |
311 |
newconfd "${FILESDIR}"/named.confd-r6 named |
312 |
|
313 |
if use gost; then |
314 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
315 |
else |
316 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
317 |
fi |
318 |
|
319 |
newenvd "${FILESDIR}"/10bind.env 10bind |
320 |
|
321 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
322 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
323 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* |
324 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
325 |
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
326 |
|
327 |
# bug 405251, library archives aren't properly handled by --enable/disable-static |
328 |
if ! use static-libs; then |
329 |
find "${D}" -type f -name '*.la' -delete || die |
330 |
fi |
331 |
|
332 |
if use python; then |
333 |
install_python_tools() { |
334 |
python_convert_shebangs $PYTHON_ABI bin/python/dnssec-checkds |
335 |
exeinto /usr/sbin |
336 |
newexe bin/python/dnssec-checkds dnssec-checkds-${PYTHON_ABI} |
337 |
} |
338 |
python_execute_function install_python_tools |
339 |
|
340 |
rm -f "${D}/usr/sbin/dnssec-checkds" |
341 |
python_generate_wrapper_scripts "${D}usr/sbin/dnssec-checkds" |
342 |
fi |
343 |
|
344 |
# bug 450406 |
345 |
dosym named.cache /var/bind/root.cache |
346 |
|
347 |
dosym /var/bind/pri /etc/bind/pri |
348 |
dosym /var/bind/sec /etc/bind/sec |
349 |
dosym /var/bind/dyn /etc/bind/dyn |
350 |
keepdir /var/bind/{pri,sec,dyn} |
351 |
|
352 |
dodir /var/{run,log}/named |
353 |
|
354 |
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn} |
355 |
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
356 |
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
357 |
fperms 0750 /etc/bind /var/bind/pri |
358 |
fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn} |
359 |
|
360 |
systemd_dounit "${FILESDIR}/named.service" |
361 |
systemd_dotmpfilesd "${FILESDIR}/named.conf" |
362 |
exeinto /usr/libexec |
363 |
doexe "${FILESDIR}/generate-rndc-key.sh" |
364 |
} |
365 |
|
366 |
pkg_postinst() { |
367 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
368 |
if use urandom; then |
369 |
einfo "Using /dev/urandom for generating rndc.key" |
370 |
/usr/sbin/rndc-confgen -r /dev/urandom -a |
371 |
echo |
372 |
else |
373 |
einfo "Using /dev/random for generating rndc.key" |
374 |
/usr/sbin/rndc-confgen -a |
375 |
echo |
376 |
fi |
377 |
chown root:named /etc/bind/rndc.key |
378 |
chmod 0640 /etc/bind/rndc.key |
379 |
fi |
380 |
|
381 |
einfo |
382 |
einfo "You can edit /etc/conf.d/named to customize named settings" |
383 |
einfo |
384 |
use mysql || use postgres || use ldap && { |
385 |
elog "If your named depends on MySQL/PostgreSQL or LDAP," |
386 |
elog "uncomment the specified rc_named_* lines in your" |
387 |
elog "/etc/conf.d/named config to ensure they'll start before bind" |
388 |
einfo |
389 |
} |
390 |
einfo "If you'd like to run bind in a chroot AND this is a new" |
391 |
einfo "install OR your bind doesn't already run in a chroot:" |
392 |
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
393 |
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
394 |
einfo |
395 |
|
396 |
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
397 |
if [[ -n ${CHROOT} ]]; then |
398 |
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
399 |
elog "To enable the old behaviour (without using mount) uncomment the" |
400 |
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
401 |
elog "If you decide to use the new/default method, ensure to make backup" |
402 |
elog "first and merge your existing configs/zones to /etc/bind and" |
403 |
elog "/var/bind because bind will now mount the needed directories into" |
404 |
elog "the chroot dir." |
405 |
fi |
406 |
|
407 |
ewarn |
408 |
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache" |
409 |
ewarn "you may need to fix your named.conf!" |
410 |
ewarn |
411 |
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems" |
412 |
ewarn "To fix the permissions do:" |
413 |
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}" |
414 |
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
415 |
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
416 |
ewarn "chmod 0750 /etc/bind /var/bind/pri" |
417 |
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}" |
418 |
ewarn |
419 |
} |
420 |
|
421 |
pkg_config() { |
422 |
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
423 |
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
424 |
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
425 |
|
426 |
if [[ -z "${CHROOT}" ]]; then |
427 |
eerror "This config script is designed to automate setting up" |
428 |
eerror "a chrooted bind/named. To do so, please first uncomment" |
429 |
eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
430 |
die "Unset CHROOT" |
431 |
fi |
432 |
if [[ -d "${CHROOT}" ]]; then |
433 |
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
434 |
ewarn "To enable the old behaviour (without using mount) uncomment the" |
435 |
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
436 |
ewarn |
437 |
ewarn "${CHROOT} already exists... some things might become overridden" |
438 |
ewarn "press CTRL+C if you don't want to continue" |
439 |
sleep 10 |
440 |
fi |
441 |
|
442 |
echo; einfo "Setting up the chroot directory..." |
443 |
|
444 |
mkdir -m 0750 -p ${CHROOT} |
445 |
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} |
446 |
mkdir -m 0750 -p ${CHROOT}/etc/bind |
447 |
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} |
448 |
# As of bind 9.8.0 |
449 |
if has_version net-dns/bind[gost]; then |
450 |
if [ "$(get_libdir)" = "lib64" ]; then |
451 |
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
452 |
ln -s lib64 ${CHROOT}/usr/lib |
453 |
else |
454 |
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
455 |
fi |
456 |
fi |
457 |
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind |
458 |
|
459 |
mknod ${CHROOT}/dev/null c 1 3 |
460 |
chmod 0666 ${CHROOT}/dev/null |
461 |
|
462 |
mknod ${CHROOT}/dev/zero c 1 5 |
463 |
chmod 0666 ${CHROOT}/dev/zero |
464 |
|
465 |
if use urandom; then |
466 |
mknod ${CHROOT}/dev/urandom c 1 9 |
467 |
chmod 0666 ${CHROOT}/dev/urandom |
468 |
else |
469 |
mknod ${CHROOT}/dev/random c 1 8 |
470 |
chmod 0666 ${CHROOT}/dev/random |
471 |
fi |
472 |
|
473 |
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
474 |
cp -a /etc/bind ${CHROOT}/etc/ |
475 |
cp -a /var/bind ${CHROOT}/var/ |
476 |
fi |
477 |
|
478 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
479 |
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
480 |
fi |
481 |
|
482 |
elog "You may need to add the following line to your syslog-ng.conf:" |
483 |
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
484 |
} |
485 |
|
486 |
|
487 |
|
488 |
1.1 net-dns/bind/bind-9.8.5_p2.ebuild |
489 |
|
490 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p2.ebuild?rev=1.1&view=markup |
491 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p2.ebuild?rev=1.1&content-type=text/plain |
492 |
|
493 |
Index: bind-9.8.5_p2.ebuild |
494 |
=================================================================== |
495 |
# Copyright 1999-2013 Gentoo Foundation |
496 |
# Distributed under the terms of the GNU General Public License v2 |
497 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.8.5_p2.ebuild,v 1.1 2013/07/29 19:31:14 idl0r Exp $ |
498 |
|
499 |
# Re dlz/mysql and threads, needs to be verified.. |
500 |
# MySQL uses thread local storage in its C api. Thus MySQL |
501 |
# requires that each thread of an application execute a MySQL |
502 |
# thread initialization to setup the thread local storage. |
503 |
# This is impossible to do safely while staying within the DLZ |
504 |
# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
505 |
# Because of this BIND MUST only run with a single thread when |
506 |
# using the MySQL driver. |
507 |
|
508 |
EAPI="4" |
509 |
|
510 |
inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use user |
511 |
|
512 |
MY_PV="${PV/_p/-P}" |
513 |
MY_PV="${MY_PV/_rc/rc}" |
514 |
MY_P="${PN}-${MY_PV}" |
515 |
|
516 |
SDB_LDAP_VER="1.1.0-fc14" |
517 |
|
518 |
# bind-9.8.0-P1-geoip-1.3.patch |
519 |
GEOIP_PV=1.3 |
520 |
#GEOIP_PV_AGAINST="${MY_PV}" |
521 |
GEOIP_PV_AGAINST="9.8.3-P1" |
522 |
GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}" |
523 |
GEOIP_PATCH_A="${GEOIP_P}.patch" |
524 |
GEOIP_DOC_A="bind-geoip-1.3-readme.txt" |
525 |
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/" |
526 |
|
527 |
RRL_PV="${MY_PV}" |
528 |
|
529 |
# GeoIP: http://bind-geoip.googlecode.com/ |
530 |
# DNS RRL: http://www.redbarn.org/dns/ratelimits/ |
531 |
# SDB-LDAP: http://bind9-ldap.bayour.com/ |
532 |
|
533 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
534 |
HOMEPAGE="http://www.isc.org/software/bind" |
535 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
536 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 ) |
537 |
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A} |
538 |
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} ) |
539 |
sdb-ldap? ( |
540 |
http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 |
541 |
) |
542 |
rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )" |
543 |
|
544 |
LICENSE="ISC BSD BSD-2 HPND JNIC openssl" |
545 |
SLOT="0" |
546 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
547 |
IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc |
548 |
postgres rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml" |
549 |
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
550 |
|
551 |
REQUIRED_USE="postgres? ( dlz ) |
552 |
berkdb? ( dlz ) |
553 |
mysql? ( dlz !threads ) |
554 |
odbc? ( dlz ) |
555 |
ldap? ( dlz ) |
556 |
sdb-ldap? ( dlz ) |
557 |
gost? ( ssl ) |
558 |
threads? ( caps )" |
559 |
|
560 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
561 |
mysql? ( >=virtual/mysql-4.0 ) |
562 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
563 |
ldap? ( net-nds/openldap ) |
564 |
idn? ( net-dns/idnkit ) |
565 |
postgres? ( dev-db/postgresql-base ) |
566 |
caps? ( >=sys-libs/libcap-2.1.0 ) |
567 |
xml? ( dev-libs/libxml2 ) |
568 |
geoip? ( >=dev-libs/geoip-1.4.6 ) |
569 |
gssapi? ( virtual/krb5 ) |
570 |
sdb-ldap? ( net-nds/openldap ) |
571 |
gost? ( >=dev-libs/openssl-1.0.0[-bindist] )" |
572 |
|
573 |
RDEPEND="${DEPEND} |
574 |
selinux? ( sec-policy/selinux-bind ) |
575 |
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
576 |
|
577 |
S="${WORKDIR}/${MY_P}" |
578 |
|
579 |
pkg_setup() { |
580 |
ebegin "Creating named group and user" |
581 |
enewgroup named 40 |
582 |
enewuser named 40 -1 /etc/bind named |
583 |
eend ${?} |
584 |
} |
585 |
|
586 |
src_prepare() { |
587 |
# Adjusting PATHs in manpages |
588 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
589 |
sed -i \ |
590 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
591 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
592 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
593 |
"${i}" || die "sed failed, ${i} doesn't exist" |
594 |
done |
595 |
|
596 |
if use dlz; then |
597 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
598 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
599 |
if use mysql && has_version ">=dev-db/mysql-5"; then |
600 |
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
601 |
fi |
602 |
|
603 |
if use odbc; then |
604 |
epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch" |
605 |
fi |
606 |
|
607 |
# sdb-ldap patch as per bug #160567 |
608 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
609 |
# New patch take from bug 302735 |
610 |
if use sdb-ldap; then |
611 |
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
612 |
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
613 |
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
614 |
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
615 |
fi |
616 |
fi |
617 |
|
618 |
# should be installed by bind-tools |
619 |
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die |
620 |
|
621 |
if use geoip; then |
622 |
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die |
623 |
# sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
624 |
# -e 's:RELEASEVER=:RELEASEVER=1:' \ |
625 |
# ${GEOIP_PATCH_A} || die |
626 |
sed -i -e 's:RELEASEVER=1:RELEASEVER=2:' \ |
627 |
${GEOIP_PATCH_A} || die |
628 |
epatch ${GEOIP_PATCH_A} |
629 |
fi |
630 |
|
631 |
if use rrl; then |
632 |
cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die |
633 |
# sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
634 |
# -e 's:^ RELEASEVER=: RELEASEVER=1:' \ |
635 |
# rl-${RRL_PV}.patch || die |
636 |
|
637 |
# Response Rate Limiting (DNS RRL) - bug 434650 |
638 |
epatch rl-${RRL_PV}.patch |
639 |
fi |
640 |
|
641 |
# Disable tests for now, bug 406399 |
642 |
sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die |
643 |
|
644 |
# bug #220361 |
645 |
rm aclocal.m4 |
646 |
rm -rf libtool.m4/ |
647 |
eautoreconf |
648 |
} |
649 |
|
650 |
src_configure() { |
651 |
local myconf="" |
652 |
|
653 |
if use urandom; then |
654 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
655 |
else |
656 |
myconf="${myconf} --with-randomdev=/dev/random" |
657 |
fi |
658 |
|
659 |
use geoip && myconf="${myconf} --with-geoip" |
660 |
|
661 |
# bug #158664 |
662 |
# gcc-specs-ssp && replace-flags -O[23s] -O |
663 |
|
664 |
# To include db.h from proper path |
665 |
use berkdb && append-flags "-I$(db_includedir)" |
666 |
|
667 |
export BUILD_CC=$(tc-getBUILD_CC) |
668 |
econf \ |
669 |
--sysconfdir=/etc/bind \ |
670 |
--localstatedir=/var \ |
671 |
--with-libtool \ |
672 |
$(use_enable threads) \ |
673 |
$(use_with dlz dlopen) \ |
674 |
$(use_with dlz dlz-filesystem) \ |
675 |
$(use_with dlz dlz-stub) \ |
676 |
$(use_with postgres dlz-postgres) \ |
677 |
$(use_with mysql dlz-mysql) \ |
678 |
$(use_with berkdb dlz-bdb) \ |
679 |
$(use_with ldap dlz-ldap) \ |
680 |
$(use_with odbc dlz-odbc) \ |
681 |
$(use_with ssl openssl "${EPREFIX}"/usr) \ |
682 |
$(use_with ssl ecdsa) \ |
683 |
$(use_with idn) \ |
684 |
$(use_enable ipv6) \ |
685 |
$(use_with xml libxml2) \ |
686 |
$(use_with gssapi) \ |
687 |
$(use_enable rpz rpz-nsip) \ |
688 |
$(use_enable rpz rpz-nsdname) \ |
689 |
$(use_enable caps linux-caps) \ |
690 |
$(use_with gost) \ |
691 |
$(use_enable filter-aaaa) \ |
692 |
${myconf} |
693 |
|
694 |
# bug #151839 |
695 |
echo '#undef SO_BSDCOMPAT' >> config.h |
696 |
} |
697 |
|
698 |
src_install() { |
699 |
emake DESTDIR="${D}" install |
700 |
|
701 |
dodoc CHANGES FAQ README |
702 |
|
703 |
if use idn; then |
704 |
dodoc contrib/idn/README.idnkit |
705 |
fi |
706 |
|
707 |
if use doc; then |
708 |
dodoc doc/arm/Bv9ARM.pdf |
709 |
|
710 |
docinto misc |
711 |
dodoc doc/misc/* |
712 |
|
713 |
# might a 'html' useflag make sense? |
714 |
docinto html |
715 |
dohtml -r doc/arm/* |
716 |
|
717 |
docinto contrib |
718 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
719 |
contrib/nanny/nanny.pl |
720 |
|
721 |
# some handy-dandy dynamic dns examples |
722 |
pushd "${D}"/usr/share/doc/${PF} 1>/dev/null |
723 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
724 |
popd 1>/dev/null |
725 |
fi |
726 |
|
727 |
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A} |
728 |
|
729 |
insinto /etc/bind |
730 |
newins "${FILESDIR}"/named.conf-r6 named.conf |
731 |
|
732 |
# ftp://ftp.rs.internic.net/domain/named.cache: |
733 |
insinto /var/bind |
734 |
doins "${FILESDIR}"/named.cache |
735 |
|
736 |
insinto /var/bind/pri |
737 |
newins "${FILESDIR}"/127.zone-r1 127.zone |
738 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
739 |
|
740 |
newinitd "${FILESDIR}"/named.init-r12 named |
741 |
newconfd "${FILESDIR}"/named.confd-r6 named |
742 |
|
743 |
if use gost; then |
744 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
745 |
else |
746 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
747 |
fi |
748 |
|
749 |
newenvd "${FILESDIR}"/10bind.env 10bind |
750 |
|
751 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
752 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
753 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* |
754 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
755 |
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
756 |
|
757 |
# bug 405251, library archives aren't properly handled by --enable/disable-static |
758 |
if ! use static-libs; then |
759 |
find "${D}" -type f -name '*.la' -delete || die |
760 |
fi |
761 |
|
762 |
# bug 450406 |
763 |
dosym named.cache /var/bind/root.cache |
764 |
|
765 |
dosym /var/bind/pri /etc/bind/pri |
766 |
dosym /var/bind/sec /etc/bind/sec |
767 |
dosym /var/bind/dyn /etc/bind/dyn |
768 |
keepdir /var/bind/{pri,sec,dyn} |
769 |
|
770 |
dodir /var/{run,log}/named |
771 |
|
772 |
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn} |
773 |
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
774 |
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
775 |
fperms 0750 /etc/bind /var/bind/pri |
776 |
fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn} |
777 |
} |
778 |
|
779 |
pkg_postinst() { |
780 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
781 |
if use urandom; then |
782 |
einfo "Using /dev/urandom for generating rndc.key" |
783 |
/usr/sbin/rndc-confgen -r /dev/urandom -a |
784 |
echo |
785 |
else |
786 |
einfo "Using /dev/random for generating rndc.key" |
787 |
/usr/sbin/rndc-confgen -a |
788 |
echo |
789 |
fi |
790 |
chown root:named /etc/bind/rndc.key |
791 |
chmod 0640 /etc/bind/rndc.key |
792 |
fi |
793 |
|
794 |
einfo |
795 |
einfo "You can edit /etc/conf.d/named to customize named settings" |
796 |
einfo |
797 |
use mysql || use postgres || use ldap && { |
798 |
elog "If your named depends on MySQL/PostgreSQL or LDAP," |
799 |
elog "uncomment the specified rc_named_* lines in your" |
800 |
elog "/etc/conf.d/named config to ensure they'll start before bind" |
801 |
einfo |
802 |
} |
803 |
einfo "If you'd like to run bind in a chroot AND this is a new" |
804 |
einfo "install OR your bind doesn't already run in a chroot:" |
805 |
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
806 |
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
807 |
einfo |
808 |
|
809 |
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
810 |
if [[ -n ${CHROOT} ]]; then |
811 |
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
812 |
elog "To enable the old behaviour (without using mount) uncomment the" |
813 |
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
814 |
elog "If you decide to use the new/default method, ensure to make backup" |
815 |
elog "first and merge your existing configs/zones to /etc/bind and" |
816 |
elog "/var/bind because bind will now mount the needed directories into" |
817 |
elog "the chroot dir." |
818 |
fi |
819 |
|
820 |
ewarn |
821 |
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache" |
822 |
ewarn "you may need to fix your named.conf!" |
823 |
ewarn |
824 |
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems" |
825 |
ewarn "To fix the permissions do:" |
826 |
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}" |
827 |
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
828 |
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
829 |
ewarn "chmod 0750 /etc/bind /var/bind/pri" |
830 |
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}" |
831 |
ewarn |
832 |
} |
833 |
|
834 |
pkg_config() { |
835 |
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
836 |
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
837 |
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
838 |
|
839 |
if [[ -z "${CHROOT}" ]]; then |
840 |
eerror "This config script is designed to automate setting up" |
841 |
eerror "a chrooted bind/named. To do so, please first uncomment" |
842 |
eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
843 |
die "Unset CHROOT" |
844 |
fi |
845 |
if [[ -d "${CHROOT}" ]]; then |
846 |
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
847 |
ewarn "To enable the old behaviour (without using mount) uncomment the" |
848 |
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
849 |
ewarn |
850 |
ewarn "${CHROOT} already exists... some things might become overridden" |
851 |
ewarn "press CTRL+C if you don't want to continue" |
852 |
sleep 10 |
853 |
fi |
854 |
|
855 |
echo; einfo "Setting up the chroot directory..." |
856 |
|
857 |
mkdir -m 0750 -p ${CHROOT} |
858 |
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} |
859 |
mkdir -m 0750 -p ${CHROOT}/etc/bind |
860 |
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} |
861 |
# As of bind 9.8.0 |
862 |
if has_version net-dns/bind[gost]; then |
863 |
if [ "$(get_libdir)" = "lib64" ]; then |
864 |
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
865 |
ln -s lib64 ${CHROOT}/usr/lib |
866 |
else |
867 |
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
868 |
fi |
869 |
fi |
870 |
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind |
871 |
|
872 |
mknod ${CHROOT}/dev/null c 1 3 |
873 |
chmod 0666 ${CHROOT}/dev/null |
874 |
|
875 |
mknod ${CHROOT}/dev/zero c 1 5 |
876 |
chmod 0666 ${CHROOT}/dev/zero |
877 |
|
878 |
if use urandom; then |
879 |
mknod ${CHROOT}/dev/urandom c 1 9 |
880 |
chmod 0666 ${CHROOT}/dev/urandom |
881 |
else |
882 |
mknod ${CHROOT}/dev/random c 1 8 |
883 |
chmod 0666 ${CHROOT}/dev/random |
884 |
fi |
885 |
|
886 |
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
887 |
cp -a /etc/bind ${CHROOT}/etc/ |
888 |
cp -a /var/bind ${CHROOT}/var/ |
889 |
fi |
890 |
|
891 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
892 |
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
893 |
fi |
894 |
|
895 |
elog "You may need to add the following line to your syslog-ng.conf:" |
896 |
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
897 |
} |