Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Christian Ruppert (idl0r)" <idl0r@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-dns/bind: bind-9.9.3_p2.ebuild ChangeLog bind-9.8.5_p2.ebuild bind-9.8.5_p1.ebuild bind-9.9.2_p1.ebuild bind-9.9.3_p1.ebuild
Date: Mon, 29 Jul 2013 19:31:21
Message-Id: 20130729193114.5BC792171C@flycatcher.gentoo.org
1 idl0r 13/07/29 19:31:14
2
3 Modified: ChangeLog
4 Added: bind-9.9.3_p2.ebuild bind-9.8.5_p2.ebuild
5 Removed: bind-9.8.5_p1.ebuild bind-9.9.2_p1.ebuild
6 bind-9.9.3_p1.ebuild
7 Log:
8 Version bumps, cleanup. Fixes CVE-2013-4854
9
10 (Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key B427ABC8)
11
12 Revision Changes Path
13 1.459 net-dns/bind/ChangeLog
14
15 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.459&view=markup
16 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.459&content-type=text/plain
17 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?r1=1.458&r2=1.459
18
19 Index: ChangeLog
20 ===================================================================
21 RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v
22 retrieving revision 1.458
23 retrieving revision 1.459
24 diff -u -r1.458 -r1.459
25 --- ChangeLog 13 Jul 2013 11:43:26 -0000 1.458
26 +++ ChangeLog 29 Jul 2013 19:31:14 -0000 1.459
27 @@ -1,6 +1,14 @@
28 # ChangeLog for net-dns/bind
29 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
30 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.458 2013/07/13 11:43:26 pacho Exp $
31 +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.459 2013/07/29 19:31:14 idl0r Exp $
32 +
33 +*bind-9.9.3_p2 (29 Jul 2013)
34 +*bind-9.8.5_p2 (29 Jul 2013)
35 +
36 + 29 Jul 2013; Christian Ruppert <idl0r@g.o> -bind-9.8.5_p1.ebuild,
37 + +bind-9.8.5_p2.ebuild, -bind-9.9.2_p1.ebuild, -bind-9.9.3_p1.ebuild,
38 + +bind-9.9.3_p2.ebuild:
39 + Version bumps, cleanup. Fixes CVE-2013-4854
40
41 13 Jul 2013; Pacho Ramos <pacho@g.o> +files/generate-rndc-key.sh,
42 +files/named.conf, +files/named.service, bind-9.9.3_p1.ebuild:
43
44
45
46 1.1 net-dns/bind/bind-9.9.3_p2.ebuild
47
48 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p2.ebuild?rev=1.1&view=markup
49 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p2.ebuild?rev=1.1&content-type=text/plain
50
51 Index: bind-9.9.3_p2.ebuild
52 ===================================================================
53 # Copyright 1999-2013 Gentoo Foundation
54 # Distributed under the terms of the GNU General Public License v2
55 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.3_p2.ebuild,v 1.1 2013/07/29 19:31:14 idl0r Exp $
56
57 # Re dlz/mysql and threads, needs to be verified..
58 # MySQL uses thread local storage in its C api. Thus MySQL
59 # requires that each thread of an application execute a MySQL
60 # thread initialization to setup the thread local storage.
61 # This is impossible to do safely while staying within the DLZ
62 # driver API. This is a limitation caused by MySQL, and not the DLZ API.
63 # Because of this BIND MUST only run with a single thread when
64 # using the MySQL driver.
65
66 EAPI="4"
67
68 PYTHON_DEPEND="python? 2:2.7 3"
69 SUPPORT_PYTHON_ABIS="1"
70
71 inherit python eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
72
73 MY_PV="${PV/_p/-P}"
74 MY_PV="${MY_PV/_rc/rc}"
75 MY_P="${PN}-${MY_PV}"
76
77 SDB_LDAP_VER="1.1.0-fc14"
78
79 # bind-9.8.0-P1-geoip-1.3.patch
80 GEOIP_PV=1.3
81 #GEOIP_PV_AGAINST="${MY_PV}"
82 GEOIP_PV_AGAINST="9.9.2"
83 GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}"
84 GEOIP_PATCH_A="${GEOIP_P}.patch"
85 GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
86 GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
87
88 RRL_PV="${MY_PV}"
89
90 # GeoIP: http://bind-geoip.googlecode.com/
91 # DNS RRL: http://www.redbarn.org/dns/ratelimits/
92 # SDB-LDAP: http://bind9-ldap.bayour.com/
93
94 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
95 HOMEPAGE="http://www.isc.org/software/bind"
96 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
97 doc? ( mirror://gentoo/dyndns-samples.tbz2 )
98 geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
99 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
100 sdb-ldap? (
101 http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
102 )
103 rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )"
104
105 LICENSE="ISC BSD BSD-2 HPND JNIC openssl"
106 SLOT="0"
107 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
108 IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc
109 postgres python rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml"
110 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
111
112 REQUIRED_USE="postgres? ( dlz )
113 berkdb? ( dlz )
114 mysql? ( dlz !threads )
115 odbc? ( dlz )
116 ldap? ( dlz )
117 sdb-ldap? ( dlz )
118 gost? ( ssl )
119 threads? ( caps )"
120
121 DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
122 mysql? ( >=virtual/mysql-4.0 )
123 odbc? ( >=dev-db/unixODBC-2.2.6 )
124 ldap? ( net-nds/openldap )
125 idn? ( net-dns/idnkit )
126 postgres? ( dev-db/postgresql-base )
127 caps? ( >=sys-libs/libcap-2.1.0 )
128 xml? ( dev-libs/libxml2 )
129 geoip? ( >=dev-libs/geoip-1.4.6 )
130 gssapi? ( virtual/krb5 )
131 sdb-ldap? ( net-nds/openldap )
132 gost? ( >=dev-libs/openssl-1.0.0[-bindist] )
133 python? ( virtual/python-argparse )"
134
135 RDEPEND="${DEPEND}
136 selinux? ( sec-policy/selinux-bind )
137 || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
138
139 S="${WORKDIR}/${MY_P}"
140
141 pkg_setup() {
142 ebegin "Creating named group and user"
143 enewgroup named 40
144 enewuser named 40 -1 /etc/bind named
145 eend ${?}
146
147 if use python; then
148 python_pkg_setup
149 fi
150 }
151
152 src_prepare() {
153 # Adjusting PATHs in manpages
154 for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
155 sed -i \
156 -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
157 -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
158 -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
159 "${i}" || die "sed failed, ${i} doesn't exist"
160 done
161
162 if use dlz; then
163 # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
164 # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
165 if use mysql && has_version ">=dev-db/mysql-5"; then
166 epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
167 fi
168
169 if use odbc; then
170 epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch"
171 fi
172
173 # sdb-ldap patch as per bug #160567
174 # Upstream URL: http://bind9-ldap.bayour.com/
175 # New patch take from bug 302735
176 if use sdb-ldap; then
177 epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
178 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
179 cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
180 cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
181 fi
182 fi
183
184 # should be installed by bind-tools
185 sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
186
187 if use geoip; then
188 cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
189 sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
190 -e 's:RELEASEVER=:RELEASEVER=2:' \
191 ${GEOIP_PATCH_A} || die
192 # sed -i -e 's:RELEASEVER=2:RELEASEVER=3:' ${GEOIP_PATCH_A} || die
193 epatch ${GEOIP_PATCH_A}
194 fi
195
196 if use rrl; then
197 cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die
198 # sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
199 # -e 's:^ RELEASEVER=: RELEASEVER=1:' \
200 # rl-${RRL_PV}.patch || die
201
202 # Response Rate Limiting (DNS RRL) - bug 434650
203 epatch rl-${RRL_PV}.patch
204 fi
205
206 # Disable tests for now, bug 406399
207 sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
208
209 # bug #220361
210 rm aclocal.m4
211 rm -rf libtool.m4/
212 eautoreconf
213 }
214
215 src_configure() {
216 local myconf=""
217
218 if use urandom; then
219 myconf="${myconf} --with-randomdev=/dev/urandom"
220 else
221 myconf="${myconf} --with-randomdev=/dev/random"
222 fi
223
224 use geoip && myconf="${myconf} --with-geoip"
225
226 # bug #158664
227 # gcc-specs-ssp && replace-flags -O[23s] -O
228
229 # To include db.h from proper path
230 use berkdb && append-flags "-I$(db_includedir)"
231
232 export BUILD_CC=$(tc-getBUILD_CC)
233 econf \
234 --sysconfdir=/etc/bind \
235 --localstatedir=/var \
236 --with-libtool \
237 $(use_enable threads) \
238 $(use_with dlz dlopen) \
239 $(use_with dlz dlz-filesystem) \
240 $(use_with dlz dlz-stub) \
241 $(use_with postgres dlz-postgres) \
242 $(use_with mysql dlz-mysql) \
243 $(use_with berkdb dlz-bdb) \
244 $(use_with ldap dlz-ldap) \
245 $(use_with odbc dlz-odbc) \
246 $(use_with ssl openssl "${EPREFIX}"/usr) \
247 $(use_with ssl ecdsa) \
248 $(use_with idn) \
249 $(use_enable ipv6) \
250 $(use_with xml libxml2) \
251 $(use_enable xml newstats) \
252 $(use_with gssapi) \
253 $(use_enable rpz rpz-nsip) \
254 $(use_enable rpz rpz-nsdname) \
255 $(use_enable caps linux-caps) \
256 $(use_with gost) \
257 $(use_enable filter-aaaa) \
258 $(use_with python) \
259 --without-readline \
260 ${myconf}
261
262 # $(use_enable static-libs static) \
263
264 # bug #151839
265 echo '#undef SO_BSDCOMPAT' >> config.h
266 }
267
268 src_install() {
269 emake DESTDIR="${D}" install
270
271 dodoc CHANGES FAQ README
272
273 if use idn; then
274 dodoc contrib/idn/README.idnkit
275 fi
276
277 if use doc; then
278 dodoc doc/arm/Bv9ARM.pdf
279
280 docinto misc
281 dodoc doc/misc/*
282
283 # might a 'html' useflag make sense?
284 docinto html
285 dohtml -r doc/arm/*
286
287 docinto contrib
288 dodoc contrib/named-bootconf/named-bootconf.sh \
289 contrib/nanny/nanny.pl
290
291 # some handy-dandy dynamic dns examples
292 pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
293 tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
294 popd 1>/dev/null
295 fi
296
297 use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
298
299 insinto /etc/bind
300 newins "${FILESDIR}"/named.conf-r6 named.conf
301
302 # ftp://ftp.rs.internic.net/domain/named.cache:
303 insinto /var/bind
304 doins "${FILESDIR}"/named.cache
305
306 insinto /var/bind/pri
307 newins "${FILESDIR}"/127.zone-r1 127.zone
308 newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
309
310 newinitd "${FILESDIR}"/named.init-r12 named
311 newconfd "${FILESDIR}"/named.confd-r6 named
312
313 if use gost; then
314 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
315 else
316 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
317 fi
318
319 newenvd "${FILESDIR}"/10bind.env 10bind
320
321 # Let's get rid of those tools and their manpages since they're provided by bind-tools
322 rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
323 rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
324 rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
325 rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
326
327 # bug 405251, library archives aren't properly handled by --enable/disable-static
328 if ! use static-libs; then
329 find "${D}" -type f -name '*.la' -delete || die
330 fi
331
332 if use python; then
333 install_python_tools() {
334 python_convert_shebangs $PYTHON_ABI bin/python/dnssec-checkds
335 exeinto /usr/sbin
336 newexe bin/python/dnssec-checkds dnssec-checkds-${PYTHON_ABI}
337 }
338 python_execute_function install_python_tools
339
340 rm -f "${D}/usr/sbin/dnssec-checkds"
341 python_generate_wrapper_scripts "${D}usr/sbin/dnssec-checkds"
342 fi
343
344 # bug 450406
345 dosym named.cache /var/bind/root.cache
346
347 dosym /var/bind/pri /etc/bind/pri
348 dosym /var/bind/sec /etc/bind/sec
349 dosym /var/bind/dyn /etc/bind/dyn
350 keepdir /var/bind/{pri,sec,dyn}
351
352 dodir /var/{run,log}/named
353
354 fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
355 fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
356 fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
357 fperms 0750 /etc/bind /var/bind/pri
358 fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
359
360 systemd_dounit "${FILESDIR}/named.service"
361 systemd_dotmpfilesd "${FILESDIR}/named.conf"
362 exeinto /usr/libexec
363 doexe "${FILESDIR}/generate-rndc-key.sh"
364 }
365
366 pkg_postinst() {
367 if [ ! -f '/etc/bind/rndc.key' ]; then
368 if use urandom; then
369 einfo "Using /dev/urandom for generating rndc.key"
370 /usr/sbin/rndc-confgen -r /dev/urandom -a
371 echo
372 else
373 einfo "Using /dev/random for generating rndc.key"
374 /usr/sbin/rndc-confgen -a
375 echo
376 fi
377 chown root:named /etc/bind/rndc.key
378 chmod 0640 /etc/bind/rndc.key
379 fi
380
381 einfo
382 einfo "You can edit /etc/conf.d/named to customize named settings"
383 einfo
384 use mysql || use postgres || use ldap && {
385 elog "If your named depends on MySQL/PostgreSQL or LDAP,"
386 elog "uncomment the specified rc_named_* lines in your"
387 elog "/etc/conf.d/named config to ensure they'll start before bind"
388 einfo
389 }
390 einfo "If you'd like to run bind in a chroot AND this is a new"
391 einfo "install OR your bind doesn't already run in a chroot:"
392 einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
393 einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
394 einfo
395
396 CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
397 if [[ -n ${CHROOT} ]]; then
398 elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
399 elog "To enable the old behaviour (without using mount) uncomment the"
400 elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
401 elog "If you decide to use the new/default method, ensure to make backup"
402 elog "first and merge your existing configs/zones to /etc/bind and"
403 elog "/var/bind because bind will now mount the needed directories into"
404 elog "the chroot dir."
405 fi
406
407 ewarn
408 ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
409 ewarn "you may need to fix your named.conf!"
410 ewarn
411 ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
412 ewarn "To fix the permissions do:"
413 ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
414 ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
415 ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
416 ewarn "chmod 0750 /etc/bind /var/bind/pri"
417 ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
418 ewarn
419 }
420
421 pkg_config() {
422 CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
423 CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
424 CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
425
426 if [[ -z "${CHROOT}" ]]; then
427 eerror "This config script is designed to automate setting up"
428 eerror "a chrooted bind/named. To do so, please first uncomment"
429 eerror "and set the CHROOT variable in '/etc/conf.d/named'."
430 die "Unset CHROOT"
431 fi
432 if [[ -d "${CHROOT}" ]]; then
433 ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
434 ewarn "To enable the old behaviour (without using mount) uncomment the"
435 ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
436 ewarn
437 ewarn "${CHROOT} already exists... some things might become overridden"
438 ewarn "press CTRL+C if you don't want to continue"
439 sleep 10
440 fi
441
442 echo; einfo "Setting up the chroot directory..."
443
444 mkdir -m 0750 -p ${CHROOT}
445 mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
446 mkdir -m 0750 -p ${CHROOT}/etc/bind
447 mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
448 # As of bind 9.8.0
449 if has_version net-dns/bind[gost]; then
450 if [ "$(get_libdir)" = "lib64" ]; then
451 mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
452 ln -s lib64 ${CHROOT}/usr/lib
453 else
454 mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
455 fi
456 fi
457 chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
458
459 mknod ${CHROOT}/dev/null c 1 3
460 chmod 0666 ${CHROOT}/dev/null
461
462 mknod ${CHROOT}/dev/zero c 1 5
463 chmod 0666 ${CHROOT}/dev/zero
464
465 if use urandom; then
466 mknod ${CHROOT}/dev/urandom c 1 9
467 chmod 0666 ${CHROOT}/dev/urandom
468 else
469 mknod ${CHROOT}/dev/random c 1 8
470 chmod 0666 ${CHROOT}/dev/random
471 fi
472
473 if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
474 cp -a /etc/bind ${CHROOT}/etc/
475 cp -a /var/bind ${CHROOT}/var/
476 fi
477
478 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
479 mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
480 fi
481
482 elog "You may need to add the following line to your syslog-ng.conf:"
483 elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
484 }
485
486
487
488 1.1 net-dns/bind/bind-9.8.5_p2.ebuild
489
490 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p2.ebuild?rev=1.1&view=markup
491 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p2.ebuild?rev=1.1&content-type=text/plain
492
493 Index: bind-9.8.5_p2.ebuild
494 ===================================================================
495 # Copyright 1999-2013 Gentoo Foundation
496 # Distributed under the terms of the GNU General Public License v2
497 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.8.5_p2.ebuild,v 1.1 2013/07/29 19:31:14 idl0r Exp $
498
499 # Re dlz/mysql and threads, needs to be verified..
500 # MySQL uses thread local storage in its C api. Thus MySQL
501 # requires that each thread of an application execute a MySQL
502 # thread initialization to setup the thread local storage.
503 # This is impossible to do safely while staying within the DLZ
504 # driver API. This is a limitation caused by MySQL, and not the DLZ API.
505 # Because of this BIND MUST only run with a single thread when
506 # using the MySQL driver.
507
508 EAPI="4"
509
510 inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use user
511
512 MY_PV="${PV/_p/-P}"
513 MY_PV="${MY_PV/_rc/rc}"
514 MY_P="${PN}-${MY_PV}"
515
516 SDB_LDAP_VER="1.1.0-fc14"
517
518 # bind-9.8.0-P1-geoip-1.3.patch
519 GEOIP_PV=1.3
520 #GEOIP_PV_AGAINST="${MY_PV}"
521 GEOIP_PV_AGAINST="9.8.3-P1"
522 GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}"
523 GEOIP_PATCH_A="${GEOIP_P}.patch"
524 GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
525 GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
526
527 RRL_PV="${MY_PV}"
528
529 # GeoIP: http://bind-geoip.googlecode.com/
530 # DNS RRL: http://www.redbarn.org/dns/ratelimits/
531 # SDB-LDAP: http://bind9-ldap.bayour.com/
532
533 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
534 HOMEPAGE="http://www.isc.org/software/bind"
535 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
536 doc? ( mirror://gentoo/dyndns-samples.tbz2 )
537 geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
538 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
539 sdb-ldap? (
540 http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
541 )
542 rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )"
543
544 LICENSE="ISC BSD BSD-2 HPND JNIC openssl"
545 SLOT="0"
546 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
547 IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc
548 postgres rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml"
549 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
550
551 REQUIRED_USE="postgres? ( dlz )
552 berkdb? ( dlz )
553 mysql? ( dlz !threads )
554 odbc? ( dlz )
555 ldap? ( dlz )
556 sdb-ldap? ( dlz )
557 gost? ( ssl )
558 threads? ( caps )"
559
560 DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
561 mysql? ( >=virtual/mysql-4.0 )
562 odbc? ( >=dev-db/unixODBC-2.2.6 )
563 ldap? ( net-nds/openldap )
564 idn? ( net-dns/idnkit )
565 postgres? ( dev-db/postgresql-base )
566 caps? ( >=sys-libs/libcap-2.1.0 )
567 xml? ( dev-libs/libxml2 )
568 geoip? ( >=dev-libs/geoip-1.4.6 )
569 gssapi? ( virtual/krb5 )
570 sdb-ldap? ( net-nds/openldap )
571 gost? ( >=dev-libs/openssl-1.0.0[-bindist] )"
572
573 RDEPEND="${DEPEND}
574 selinux? ( sec-policy/selinux-bind )
575 || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
576
577 S="${WORKDIR}/${MY_P}"
578
579 pkg_setup() {
580 ebegin "Creating named group and user"
581 enewgroup named 40
582 enewuser named 40 -1 /etc/bind named
583 eend ${?}
584 }
585
586 src_prepare() {
587 # Adjusting PATHs in manpages
588 for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
589 sed -i \
590 -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
591 -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
592 -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
593 "${i}" || die "sed failed, ${i} doesn't exist"
594 done
595
596 if use dlz; then
597 # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
598 # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
599 if use mysql && has_version ">=dev-db/mysql-5"; then
600 epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
601 fi
602
603 if use odbc; then
604 epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch"
605 fi
606
607 # sdb-ldap patch as per bug #160567
608 # Upstream URL: http://bind9-ldap.bayour.com/
609 # New patch take from bug 302735
610 if use sdb-ldap; then
611 epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
612 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
613 cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
614 cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
615 fi
616 fi
617
618 # should be installed by bind-tools
619 sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
620
621 if use geoip; then
622 cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
623 # sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
624 # -e 's:RELEASEVER=:RELEASEVER=1:' \
625 # ${GEOIP_PATCH_A} || die
626 sed -i -e 's:RELEASEVER=1:RELEASEVER=2:' \
627 ${GEOIP_PATCH_A} || die
628 epatch ${GEOIP_PATCH_A}
629 fi
630
631 if use rrl; then
632 cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die
633 # sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
634 # -e 's:^ RELEASEVER=: RELEASEVER=1:' \
635 # rl-${RRL_PV}.patch || die
636
637 # Response Rate Limiting (DNS RRL) - bug 434650
638 epatch rl-${RRL_PV}.patch
639 fi
640
641 # Disable tests for now, bug 406399
642 sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
643
644 # bug #220361
645 rm aclocal.m4
646 rm -rf libtool.m4/
647 eautoreconf
648 }
649
650 src_configure() {
651 local myconf=""
652
653 if use urandom; then
654 myconf="${myconf} --with-randomdev=/dev/urandom"
655 else
656 myconf="${myconf} --with-randomdev=/dev/random"
657 fi
658
659 use geoip && myconf="${myconf} --with-geoip"
660
661 # bug #158664
662 # gcc-specs-ssp && replace-flags -O[23s] -O
663
664 # To include db.h from proper path
665 use berkdb && append-flags "-I$(db_includedir)"
666
667 export BUILD_CC=$(tc-getBUILD_CC)
668 econf \
669 --sysconfdir=/etc/bind \
670 --localstatedir=/var \
671 --with-libtool \
672 $(use_enable threads) \
673 $(use_with dlz dlopen) \
674 $(use_with dlz dlz-filesystem) \
675 $(use_with dlz dlz-stub) \
676 $(use_with postgres dlz-postgres) \
677 $(use_with mysql dlz-mysql) \
678 $(use_with berkdb dlz-bdb) \
679 $(use_with ldap dlz-ldap) \
680 $(use_with odbc dlz-odbc) \
681 $(use_with ssl openssl "${EPREFIX}"/usr) \
682 $(use_with ssl ecdsa) \
683 $(use_with idn) \
684 $(use_enable ipv6) \
685 $(use_with xml libxml2) \
686 $(use_with gssapi) \
687 $(use_enable rpz rpz-nsip) \
688 $(use_enable rpz rpz-nsdname) \
689 $(use_enable caps linux-caps) \
690 $(use_with gost) \
691 $(use_enable filter-aaaa) \
692 ${myconf}
693
694 # bug #151839
695 echo '#undef SO_BSDCOMPAT' >> config.h
696 }
697
698 src_install() {
699 emake DESTDIR="${D}" install
700
701 dodoc CHANGES FAQ README
702
703 if use idn; then
704 dodoc contrib/idn/README.idnkit
705 fi
706
707 if use doc; then
708 dodoc doc/arm/Bv9ARM.pdf
709
710 docinto misc
711 dodoc doc/misc/*
712
713 # might a 'html' useflag make sense?
714 docinto html
715 dohtml -r doc/arm/*
716
717 docinto contrib
718 dodoc contrib/named-bootconf/named-bootconf.sh \
719 contrib/nanny/nanny.pl
720
721 # some handy-dandy dynamic dns examples
722 pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
723 tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
724 popd 1>/dev/null
725 fi
726
727 use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
728
729 insinto /etc/bind
730 newins "${FILESDIR}"/named.conf-r6 named.conf
731
732 # ftp://ftp.rs.internic.net/domain/named.cache:
733 insinto /var/bind
734 doins "${FILESDIR}"/named.cache
735
736 insinto /var/bind/pri
737 newins "${FILESDIR}"/127.zone-r1 127.zone
738 newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
739
740 newinitd "${FILESDIR}"/named.init-r12 named
741 newconfd "${FILESDIR}"/named.confd-r6 named
742
743 if use gost; then
744 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
745 else
746 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
747 fi
748
749 newenvd "${FILESDIR}"/10bind.env 10bind
750
751 # Let's get rid of those tools and their manpages since they're provided by bind-tools
752 rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
753 rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
754 rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
755 rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
756
757 # bug 405251, library archives aren't properly handled by --enable/disable-static
758 if ! use static-libs; then
759 find "${D}" -type f -name '*.la' -delete || die
760 fi
761
762 # bug 450406
763 dosym named.cache /var/bind/root.cache
764
765 dosym /var/bind/pri /etc/bind/pri
766 dosym /var/bind/sec /etc/bind/sec
767 dosym /var/bind/dyn /etc/bind/dyn
768 keepdir /var/bind/{pri,sec,dyn}
769
770 dodir /var/{run,log}/named
771
772 fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
773 fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
774 fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
775 fperms 0750 /etc/bind /var/bind/pri
776 fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
777 }
778
779 pkg_postinst() {
780 if [ ! -f '/etc/bind/rndc.key' ]; then
781 if use urandom; then
782 einfo "Using /dev/urandom for generating rndc.key"
783 /usr/sbin/rndc-confgen -r /dev/urandom -a
784 echo
785 else
786 einfo "Using /dev/random for generating rndc.key"
787 /usr/sbin/rndc-confgen -a
788 echo
789 fi
790 chown root:named /etc/bind/rndc.key
791 chmod 0640 /etc/bind/rndc.key
792 fi
793
794 einfo
795 einfo "You can edit /etc/conf.d/named to customize named settings"
796 einfo
797 use mysql || use postgres || use ldap && {
798 elog "If your named depends on MySQL/PostgreSQL or LDAP,"
799 elog "uncomment the specified rc_named_* lines in your"
800 elog "/etc/conf.d/named config to ensure they'll start before bind"
801 einfo
802 }
803 einfo "If you'd like to run bind in a chroot AND this is a new"
804 einfo "install OR your bind doesn't already run in a chroot:"
805 einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
806 einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
807 einfo
808
809 CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
810 if [[ -n ${CHROOT} ]]; then
811 elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
812 elog "To enable the old behaviour (without using mount) uncomment the"
813 elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
814 elog "If you decide to use the new/default method, ensure to make backup"
815 elog "first and merge your existing configs/zones to /etc/bind and"
816 elog "/var/bind because bind will now mount the needed directories into"
817 elog "the chroot dir."
818 fi
819
820 ewarn
821 ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
822 ewarn "you may need to fix your named.conf!"
823 ewarn
824 ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
825 ewarn "To fix the permissions do:"
826 ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
827 ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
828 ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
829 ewarn "chmod 0750 /etc/bind /var/bind/pri"
830 ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
831 ewarn
832 }
833
834 pkg_config() {
835 CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
836 CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
837 CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
838
839 if [[ -z "${CHROOT}" ]]; then
840 eerror "This config script is designed to automate setting up"
841 eerror "a chrooted bind/named. To do so, please first uncomment"
842 eerror "and set the CHROOT variable in '/etc/conf.d/named'."
843 die "Unset CHROOT"
844 fi
845 if [[ -d "${CHROOT}" ]]; then
846 ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
847 ewarn "To enable the old behaviour (without using mount) uncomment the"
848 ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
849 ewarn
850 ewarn "${CHROOT} already exists... some things might become overridden"
851 ewarn "press CTRL+C if you don't want to continue"
852 sleep 10
853 fi
854
855 echo; einfo "Setting up the chroot directory..."
856
857 mkdir -m 0750 -p ${CHROOT}
858 mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
859 mkdir -m 0750 -p ${CHROOT}/etc/bind
860 mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
861 # As of bind 9.8.0
862 if has_version net-dns/bind[gost]; then
863 if [ "$(get_libdir)" = "lib64" ]; then
864 mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
865 ln -s lib64 ${CHROOT}/usr/lib
866 else
867 mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
868 fi
869 fi
870 chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
871
872 mknod ${CHROOT}/dev/null c 1 3
873 chmod 0666 ${CHROOT}/dev/null
874
875 mknod ${CHROOT}/dev/zero c 1 5
876 chmod 0666 ${CHROOT}/dev/zero
877
878 if use urandom; then
879 mknod ${CHROOT}/dev/urandom c 1 9
880 chmod 0666 ${CHROOT}/dev/urandom
881 else
882 mknod ${CHROOT}/dev/random c 1 8
883 chmod 0666 ${CHROOT}/dev/random
884 fi
885
886 if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
887 cp -a /etc/bind ${CHROOT}/etc/
888 cp -a /var/bind ${CHROOT}/var/
889 fi
890
891 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
892 mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
893 fi
894
895 elog "You may need to add the following line to your syslog-ng.conf:"
896 elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
897 }
Report Message
Find on MARC Find on Google Groups