Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Christian Ruppert (idl0r)" <idl0r@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-dns/bind: ChangeLog bind-9.8.5_p1.ebuild bind-9.9.3_p1.ebuild bind-9.8.4_p2.ebuild
Date: Sun, 30 Jun 2013 13:31:25
Message-Id: 20130630133119.CE7AE2171C@flycatcher.gentoo.org
1 idl0r 13/06/30 13:31:19
2
3 Modified: ChangeLog
4 Added: bind-9.8.5_p1.ebuild bind-9.9.3_p1.ebuild
5 Removed: bind-9.8.4_p2.ebuild
6 Log:
7 Version bumps, fixes CVE-2013-2266, bug 463497
8
9 (Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key B427ABC8)
10
11 Revision Changes Path
12 1.457 net-dns/bind/ChangeLog
13
14 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.457&view=markup
15 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.457&content-type=text/plain
16 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?r1=1.456&r2=1.457
17
18 Index: ChangeLog
19 ===================================================================
20 RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v
21 retrieving revision 1.456
22 retrieving revision 1.457
23 diff -u -r1.456 -r1.457
24 --- ChangeLog 14 Apr 2013 11:46:42 -0000 1.456
25 +++ ChangeLog 30 Jun 2013 13:31:19 -0000 1.457
26 @@ -1,6 +1,13 @@
27 # ChangeLog for net-dns/bind
28 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
29 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.456 2013/04/14 11:46:42 ago Exp $
30 +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.457 2013/06/30 13:31:19 idl0r Exp $
31 +
32 +*bind-9.9.3_p1 (30 Jun 2013)
33 +*bind-9.8.5_p1 (30 Jun 2013)
34 +
35 + 30 Jun 2013; Christian Ruppert <idl0r@g.o> -bind-9.8.4_p2.ebuild,
36 + +bind-9.8.5_p1.ebuild, +bind-9.9.3_p1.ebuild:
37 + Version bumps, fixes CVE-2013-2266, bug 463497
38
39 14 Apr 2013; Agostino Sarubbo <ago@g.o> bind-9.9.2_p2.ebuild:
40 Stable for sh, wrt bug #463497
41
42
43
44 1.1 net-dns/bind/bind-9.8.5_p1.ebuild
45
46 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p1.ebuild?rev=1.1&view=markup
47 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p1.ebuild?rev=1.1&content-type=text/plain
48
49 Index: bind-9.8.5_p1.ebuild
50 ===================================================================
51 # Copyright 1999-2013 Gentoo Foundation
52 # Distributed under the terms of the GNU General Public License v2
53 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.8.5_p1.ebuild,v 1.1 2013/06/30 13:31:19 idl0r Exp $
54
55 # Re dlz/mysql and threads, needs to be verified..
56 # MySQL uses thread local storage in its C api. Thus MySQL
57 # requires that each thread of an application execute a MySQL
58 # thread initialization to setup the thread local storage.
59 # This is impossible to do safely while staying within the DLZ
60 # driver API. This is a limitation caused by MySQL, and not the DLZ API.
61 # Because of this BIND MUST only run with a single thread when
62 # using the MySQL driver.
63
64 EAPI="4"
65
66 inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use user
67
68 MY_PV="${PV/_p/-P}"
69 MY_PV="${MY_PV/_rc/rc}"
70 MY_P="${PN}-${MY_PV}"
71
72 SDB_LDAP_VER="1.1.0-fc14"
73
74 # bind-9.8.0-P1-geoip-1.3.patch
75 GEOIP_PV=1.3
76 #GEOIP_PV_AGAINST="${MY_PV}"
77 GEOIP_PV_AGAINST="9.8.3-P1"
78 GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}"
79 GEOIP_PATCH_A="${GEOIP_P}.patch"
80 GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
81 GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
82
83 RRL_PV="${MY_PV}"
84
85 # GeoIP: http://bind-geoip.googlecode.com/
86 # DNS RRL: http://www.redbarn.org/dns/ratelimits/
87 # SDB-LDAP: http://bind9-ldap.bayour.com/
88
89 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
90 HOMEPAGE="http://www.isc.org/software/bind"
91 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
92 doc? ( mirror://gentoo/dyndns-samples.tbz2 )
93 geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
94 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
95 sdb-ldap? (
96 http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
97 )
98 rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )"
99
100 LICENSE="ISC BSD BSD-2 HPND JNIC openssl"
101 SLOT="0"
102 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
103 IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc
104 postgres rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml"
105 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
106
107 REQUIRED_USE="postgres? ( dlz )
108 berkdb? ( dlz )
109 mysql? ( dlz !threads )
110 odbc? ( dlz )
111 ldap? ( dlz )
112 sdb-ldap? ( dlz )
113 gost? ( ssl )
114 threads? ( caps )"
115
116 DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
117 mysql? ( >=virtual/mysql-4.0 )
118 odbc? ( >=dev-db/unixODBC-2.2.6 )
119 ldap? ( net-nds/openldap )
120 idn? ( net-dns/idnkit )
121 postgres? ( dev-db/postgresql-base )
122 caps? ( >=sys-libs/libcap-2.1.0 )
123 xml? ( dev-libs/libxml2 )
124 geoip? ( >=dev-libs/geoip-1.4.6 )
125 gssapi? ( virtual/krb5 )
126 sdb-ldap? ( net-nds/openldap )
127 gost? ( >=dev-libs/openssl-1.0.0[-bindist] )"
128
129 RDEPEND="${DEPEND}
130 selinux? ( sec-policy/selinux-bind )
131 || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
132
133 S="${WORKDIR}/${MY_P}"
134
135 pkg_setup() {
136 ebegin "Creating named group and user"
137 enewgroup named 40
138 enewuser named 40 -1 /etc/bind named
139 eend ${?}
140 }
141
142 src_prepare() {
143 # Adjusting PATHs in manpages
144 for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
145 sed -i \
146 -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
147 -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
148 -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
149 "${i}" || die "sed failed, ${i} doesn't exist"
150 done
151
152 if use dlz; then
153 # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
154 # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
155 if use mysql && has_version ">=dev-db/mysql-5"; then
156 epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
157 fi
158
159 if use odbc; then
160 epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch"
161 fi
162
163 # sdb-ldap patch as per bug #160567
164 # Upstream URL: http://bind9-ldap.bayour.com/
165 # New patch take from bug 302735
166 if use sdb-ldap; then
167 epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
168 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
169 cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
170 cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
171 fi
172 fi
173
174 # should be installed by bind-tools
175 sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
176
177 if use geoip; then
178 cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
179 # sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
180 # -e 's:RELEASEVER=:RELEASEVER=1:' \
181 # ${GEOIP_PATCH_A} || die
182 # sed -i -e 's:RELEASEVER=1:RELEASEVER=2:' \
183 # ${GEOIP_PATCH_A} || die
184 epatch ${GEOIP_PATCH_A}
185 fi
186
187 if use rrl; then
188 cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die
189 # sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
190 # -e 's:^ RELEASEVER=: RELEASEVER=1:' \
191 # rl-${RRL_PV}.patch || die
192
193 # Response Rate Limiting (DNS RRL) - bug 434650
194 epatch rl-${RRL_PV}.patch
195 fi
196
197 # Disable tests for now, bug 406399
198 sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
199
200 # bug #220361
201 rm aclocal.m4
202 rm -rf libtool.m4/
203 eautoreconf
204 }
205
206 src_configure() {
207 local myconf=""
208
209 if use urandom; then
210 myconf="${myconf} --with-randomdev=/dev/urandom"
211 else
212 myconf="${myconf} --with-randomdev=/dev/random"
213 fi
214
215 use geoip && myconf="${myconf} --with-geoip"
216
217 # bug #158664
218 # gcc-specs-ssp && replace-flags -O[23s] -O
219
220 # To include db.h from proper path
221 use berkdb && append-flags "-I$(db_includedir)"
222
223 export BUILD_CC=$(tc-getBUILD_CC)
224 econf \
225 --sysconfdir=/etc/bind \
226 --localstatedir=/var \
227 --with-libtool \
228 $(use_enable threads) \
229 $(use_with dlz dlopen) \
230 $(use_with dlz dlz-filesystem) \
231 $(use_with dlz dlz-stub) \
232 $(use_with postgres dlz-postgres) \
233 $(use_with mysql dlz-mysql) \
234 $(use_with berkdb dlz-bdb) \
235 $(use_with ldap dlz-ldap) \
236 $(use_with odbc dlz-odbc) \
237 $(use_with ssl openssl "${EPREFIX}"/usr) \
238 $(use_with ssl ecdsa) \
239 $(use_with idn) \
240 $(use_enable ipv6) \
241 $(use_with xml libxml2) \
242 $(use_with gssapi) \
243 $(use_enable rpz rpz-nsip) \
244 $(use_enable rpz rpz-nsdname) \
245 $(use_enable caps linux-caps) \
246 $(use_with gost) \
247 $(use_enable filter-aaaa) \
248 ${myconf}
249
250 # bug #151839
251 echo '#undef SO_BSDCOMPAT' >> config.h
252 }
253
254 src_install() {
255 emake DESTDIR="${D}" install
256
257 dodoc CHANGES FAQ README
258
259 if use idn; then
260 dodoc contrib/idn/README.idnkit
261 fi
262
263 if use doc; then
264 dodoc doc/arm/Bv9ARM.pdf
265
266 docinto misc
267 dodoc doc/misc/*
268
269 # might a 'html' useflag make sense?
270 docinto html
271 dohtml -r doc/arm/*
272
273 docinto contrib
274 dodoc contrib/named-bootconf/named-bootconf.sh \
275 contrib/nanny/nanny.pl
276
277 # some handy-dandy dynamic dns examples
278 pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
279 tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
280 popd 1>/dev/null
281 fi
282
283 use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
284
285 insinto /etc/bind
286 newins "${FILESDIR}"/named.conf-r6 named.conf
287
288 # ftp://ftp.rs.internic.net/domain/named.cache:
289 insinto /var/bind
290 doins "${FILESDIR}"/named.cache
291
292 insinto /var/bind/pri
293 newins "${FILESDIR}"/127.zone-r1 127.zone
294 newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
295
296 newinitd "${FILESDIR}"/named.init-r12 named
297 newconfd "${FILESDIR}"/named.confd-r6 named
298
299 if use gost; then
300 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
301 else
302 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
303 fi
304
305 newenvd "${FILESDIR}"/10bind.env 10bind
306
307 # Let's get rid of those tools and their manpages since they're provided by bind-tools
308 rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
309 rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
310 rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
311 rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
312
313 # bug 405251, library archives aren't properly handled by --enable/disable-static
314 if ! use static-libs; then
315 find "${D}" -type f -name '*.la' -delete || die
316 fi
317
318 # bug 450406
319 dosym named.cache /var/bind/root.cache
320
321 dosym /var/bind/pri /etc/bind/pri
322 dosym /var/bind/sec /etc/bind/sec
323 dosym /var/bind/dyn /etc/bind/dyn
324 keepdir /var/bind/{pri,sec,dyn}
325
326 dodir /var/{run,log}/named
327
328 fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
329 fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
330 fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
331 fperms 0750 /etc/bind /var/bind/pri
332 fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
333 }
334
335 pkg_postinst() {
336 if [ ! -f '/etc/bind/rndc.key' ]; then
337 if use urandom; then
338 einfo "Using /dev/urandom for generating rndc.key"
339 /usr/sbin/rndc-confgen -r /dev/urandom -a
340 echo
341 else
342 einfo "Using /dev/random for generating rndc.key"
343 /usr/sbin/rndc-confgen -a
344 echo
345 fi
346 chown root:named /etc/bind/rndc.key
347 chmod 0640 /etc/bind/rndc.key
348 fi
349
350 einfo
351 einfo "You can edit /etc/conf.d/named to customize named settings"
352 einfo
353 use mysql || use postgres || use ldap && {
354 elog "If your named depends on MySQL/PostgreSQL or LDAP,"
355 elog "uncomment the specified rc_named_* lines in your"
356 elog "/etc/conf.d/named config to ensure they'll start before bind"
357 einfo
358 }
359 einfo "If you'd like to run bind in a chroot AND this is a new"
360 einfo "install OR your bind doesn't already run in a chroot:"
361 einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
362 einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
363 einfo
364
365 CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
366 if [[ -n ${CHROOT} ]]; then
367 elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
368 elog "To enable the old behaviour (without using mount) uncomment the"
369 elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
370 elog "If you decide to use the new/default method, ensure to make backup"
371 elog "first and merge your existing configs/zones to /etc/bind and"
372 elog "/var/bind because bind will now mount the needed directories into"
373 elog "the chroot dir."
374 fi
375
376 ewarn
377 ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
378 ewarn "you may need to fix your named.conf!"
379 ewarn
380 ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
381 ewarn "To fix the permissions do:"
382 ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
383 ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
384 ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
385 ewarn "chmod 0750 /etc/bind /var/bind/pri"
386 ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
387 ewarn
388 }
389
390 pkg_config() {
391 CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
392 CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
393 CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
394
395 if [[ -z "${CHROOT}" ]]; then
396 eerror "This config script is designed to automate setting up"
397 eerror "a chrooted bind/named. To do so, please first uncomment"
398 eerror "and set the CHROOT variable in '/etc/conf.d/named'."
399 die "Unset CHROOT"
400 fi
401 if [[ -d "${CHROOT}" ]]; then
402 ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
403 ewarn "To enable the old behaviour (without using mount) uncomment the"
404 ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
405 ewarn
406 ewarn "${CHROOT} already exists... some things might become overridden"
407 ewarn "press CTRL+C if you don't want to continue"
408 sleep 10
409 fi
410
411 echo; einfo "Setting up the chroot directory..."
412
413 mkdir -m 0750 -p ${CHROOT}
414 mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
415 mkdir -m 0750 -p ${CHROOT}/etc/bind
416 mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
417 # As of bind 9.8.0
418 if has_version net-dns/bind[gost]; then
419 if [ "$(get_libdir)" = "lib64" ]; then
420 mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
421 ln -s lib64 ${CHROOT}/usr/lib
422 else
423 mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
424 fi
425 fi
426 chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
427
428 mknod ${CHROOT}/dev/null c 1 3
429 chmod 0666 ${CHROOT}/dev/null
430
431 mknod ${CHROOT}/dev/zero c 1 5
432 chmod 0666 ${CHROOT}/dev/zero
433
434 if use urandom; then
435 mknod ${CHROOT}/dev/urandom c 1 9
436 chmod 0666 ${CHROOT}/dev/urandom
437 else
438 mknod ${CHROOT}/dev/random c 1 8
439 chmod 0666 ${CHROOT}/dev/random
440 fi
441
442 if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
443 cp -a /etc/bind ${CHROOT}/etc/
444 cp -a /var/bind ${CHROOT}/var/
445 fi
446
447 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
448 mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
449 fi
450
451 elog "You may need to add the following line to your syslog-ng.conf:"
452 elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
453 }
454
455
456
457 1.1 net-dns/bind/bind-9.9.3_p1.ebuild
458
459 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p1.ebuild?rev=1.1&view=markup
460 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p1.ebuild?rev=1.1&content-type=text/plain
461
462 Index: bind-9.9.3_p1.ebuild
463 ===================================================================
464 # Copyright 1999-2013 Gentoo Foundation
465 # Distributed under the terms of the GNU General Public License v2
466 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.3_p1.ebuild,v 1.1 2013/06/30 13:31:19 idl0r Exp $
467
468 # Re dlz/mysql and threads, needs to be verified..
469 # MySQL uses thread local storage in its C api. Thus MySQL
470 # requires that each thread of an application execute a MySQL
471 # thread initialization to setup the thread local storage.
472 # This is impossible to do safely while staying within the DLZ
473 # driver API. This is a limitation caused by MySQL, and not the DLZ API.
474 # Because of this BIND MUST only run with a single thread when
475 # using the MySQL driver.
476
477 EAPI="4"
478
479 PYTHON_DEPEND="python? 2:2.7 3"
480 SUPPORT_PYTHON_ABIS="1"
481
482 inherit python eutils autotools toolchain-funcs flag-o-matic multilib db-use user
483
484 MY_PV="${PV/_p/-P}"
485 MY_PV="${MY_PV/_rc/rc}"
486 MY_P="${PN}-${MY_PV}"
487
488 SDB_LDAP_VER="1.1.0-fc14"
489
490 # bind-9.8.0-P1-geoip-1.3.patch
491 GEOIP_PV=1.3
492 #GEOIP_PV_AGAINST="${MY_PV}"
493 GEOIP_PV_AGAINST="9.9.2"
494 GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}"
495 GEOIP_PATCH_A="${GEOIP_P}.patch"
496 GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
497 GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
498
499 RRL_PV="${MY_PV}"
500
501 # GeoIP: http://bind-geoip.googlecode.com/
502 # DNS RRL: http://www.redbarn.org/dns/ratelimits/
503 # SDB-LDAP: http://bind9-ldap.bayour.com/
504
505 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
506 HOMEPAGE="http://www.isc.org/software/bind"
507 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
508 doc? ( mirror://gentoo/dyndns-samples.tbz2 )
509 geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
510 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
511 sdb-ldap? (
512 http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
513 )
514 rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )"
515
516 LICENSE="ISC BSD BSD-2 HPND JNIC openssl"
517 SLOT="0"
518 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
519 IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc
520 postgres python rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml"
521 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
522
523 REQUIRED_USE="postgres? ( dlz )
524 berkdb? ( dlz )
525 mysql? ( dlz !threads )
526 odbc? ( dlz )
527 ldap? ( dlz )
528 sdb-ldap? ( dlz )
529 gost? ( ssl )
530 threads? ( caps )"
531
532 DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
533 mysql? ( >=virtual/mysql-4.0 )
534 odbc? ( >=dev-db/unixODBC-2.2.6 )
535 ldap? ( net-nds/openldap )
536 idn? ( net-dns/idnkit )
537 postgres? ( dev-db/postgresql-base )
538 caps? ( >=sys-libs/libcap-2.1.0 )
539 xml? ( dev-libs/libxml2 )
540 geoip? ( >=dev-libs/geoip-1.4.6 )
541 gssapi? ( virtual/krb5 )
542 sdb-ldap? ( net-nds/openldap )
543 gost? ( >=dev-libs/openssl-1.0.0[-bindist] )
544 python? ( virtual/python-argparse )"
545
546 RDEPEND="${DEPEND}
547 selinux? ( sec-policy/selinux-bind )
548 || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
549
550 S="${WORKDIR}/${MY_P}"
551
552 pkg_setup() {
553 ebegin "Creating named group and user"
554 enewgroup named 40
555 enewuser named 40 -1 /etc/bind named
556 eend ${?}
557
558 if use python; then
559 python_pkg_setup
560 fi
561 }
562
563 src_prepare() {
564 # Adjusting PATHs in manpages
565 for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
566 sed -i \
567 -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
568 -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
569 -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
570 "${i}" || die "sed failed, ${i} doesn't exist"
571 done
572
573 if use dlz; then
574 # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
575 # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
576 if use mysql && has_version ">=dev-db/mysql-5"; then
577 epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
578 fi
579
580 if use odbc; then
581 epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch"
582 fi
583
584 # sdb-ldap patch as per bug #160567
585 # Upstream URL: http://bind9-ldap.bayour.com/
586 # New patch take from bug 302735
587 if use sdb-ldap; then
588 epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
589 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
590 cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
591 cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
592 fi
593 fi
594
595 # should be installed by bind-tools
596 sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
597
598 if use geoip; then
599 cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
600 sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
601 -e 's:RELEASEVER=:RELEASEVER=1:' \
602 ${GEOIP_PATCH_A} || die
603 # sed -i -e 's:RELEASEVER=2:RELEASEVER=3:' ${GEOIP_PATCH_A} || die
604 epatch ${GEOIP_PATCH_A}
605 fi
606
607 if use rrl; then
608 cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die
609 # sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
610 # -e 's:^ RELEASEVER=: RELEASEVER=1:' \
611 # rl-${RRL_PV}.patch || die
612
613 # Response Rate Limiting (DNS RRL) - bug 434650
614 epatch rl-${RRL_PV}.patch
615 fi
616
617 # Disable tests for now, bug 406399
618 sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
619
620 # bug #220361
621 rm aclocal.m4
622 rm -rf libtool.m4/
623 eautoreconf
624 }
625
626 src_configure() {
627 local myconf=""
628
629 if use urandom; then
630 myconf="${myconf} --with-randomdev=/dev/urandom"
631 else
632 myconf="${myconf} --with-randomdev=/dev/random"
633 fi
634
635 use geoip && myconf="${myconf} --with-geoip"
636
637 # bug #158664
638 # gcc-specs-ssp && replace-flags -O[23s] -O
639
640 # To include db.h from proper path
641 use berkdb && append-flags "-I$(db_includedir)"
642
643 export BUILD_CC=$(tc-getBUILD_CC)
644 econf \
645 --sysconfdir=/etc/bind \
646 --localstatedir=/var \
647 --with-libtool \
648 $(use_enable threads) \
649 $(use_with dlz dlopen) \
650 $(use_with dlz dlz-filesystem) \
651 $(use_with dlz dlz-stub) \
652 $(use_with postgres dlz-postgres) \
653 $(use_with mysql dlz-mysql) \
654 $(use_with berkdb dlz-bdb) \
655 $(use_with ldap dlz-ldap) \
656 $(use_with odbc dlz-odbc) \
657 $(use_with ssl openssl "${EPREFIX}"/usr) \
658 $(use_with ssl ecdsa) \
659 $(use_with idn) \
660 $(use_enable ipv6) \
661 $(use_with xml libxml2) \
662 $(use_enable xml newstats) \
663 $(use_with gssapi) \
664 $(use_enable rpz rpz-nsip) \
665 $(use_enable rpz rpz-nsdname) \
666 $(use_enable caps linux-caps) \
667 $(use_with gost) \
668 $(use_enable filter-aaaa) \
669 $(use_with python) \
670 --without-readline \
671 ${myconf}
672
673 # $(use_enable static-libs static) \
674
675 # bug #151839
676 echo '#undef SO_BSDCOMPAT' >> config.h
677 }
678
679 src_install() {
680 emake DESTDIR="${D}" install
681
682 dodoc CHANGES FAQ README
683
684 if use idn; then
685 dodoc contrib/idn/README.idnkit
686 fi
687
688 if use doc; then
689 dodoc doc/arm/Bv9ARM.pdf
690
691 docinto misc
692 dodoc doc/misc/*
693
694 # might a 'html' useflag make sense?
695 docinto html
696 dohtml -r doc/arm/*
697
698 docinto contrib
699 dodoc contrib/named-bootconf/named-bootconf.sh \
700 contrib/nanny/nanny.pl
701
702 # some handy-dandy dynamic dns examples
703 pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
704 tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
705 popd 1>/dev/null
706 fi
707
708 use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
709
710 insinto /etc/bind
711 newins "${FILESDIR}"/named.conf-r6 named.conf
712
713 # ftp://ftp.rs.internic.net/domain/named.cache:
714 insinto /var/bind
715 doins "${FILESDIR}"/named.cache
716
717 insinto /var/bind/pri
718 newins "${FILESDIR}"/127.zone-r1 127.zone
719 newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
720
721 newinitd "${FILESDIR}"/named.init-r12 named
722 newconfd "${FILESDIR}"/named.confd-r6 named
723
724 if use gost; then
725 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
726 else
727 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
728 fi
729
730 newenvd "${FILESDIR}"/10bind.env 10bind
731
732 # Let's get rid of those tools and their manpages since they're provided by bind-tools
733 rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
734 rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
735 rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
736 rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
737
738 # bug 405251, library archives aren't properly handled by --enable/disable-static
739 if ! use static-libs; then
740 find "${D}" -type f -name '*.la' -delete || die
741 fi
742
743 if use python; then
744 install_python_tools() {
745 python_convert_shebangs $PYTHON_ABI bin/python/dnssec-checkds
746 exeinto /usr/sbin
747 newexe bin/python/dnssec-checkds dnssec-checkds-${PYTHON_ABI}
748 }
749 python_execute_function install_python_tools
750
751 rm -f "${D}/usr/sbin/dnssec-checkds"
752 python_generate_wrapper_scripts "${D}usr/sbin/dnssec-checkds"
753 fi
754
755 # bug 450406
756 dosym named.cache /var/bind/root.cache
757
758 dosym /var/bind/pri /etc/bind/pri
759 dosym /var/bind/sec /etc/bind/sec
760 dosym /var/bind/dyn /etc/bind/dyn
761 keepdir /var/bind/{pri,sec,dyn}
762
763 dodir /var/{run,log}/named
764
765 fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
766 fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
767 fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
768 fperms 0750 /etc/bind /var/bind/pri
769 fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
770 }
771
772 pkg_postinst() {
773 if [ ! -f '/etc/bind/rndc.key' ]; then
774 if use urandom; then
775 einfo "Using /dev/urandom for generating rndc.key"
776 /usr/sbin/rndc-confgen -r /dev/urandom -a
777 echo
778 else
779 einfo "Using /dev/random for generating rndc.key"
780 /usr/sbin/rndc-confgen -a
781 echo
782 fi
783 chown root:named /etc/bind/rndc.key
784 chmod 0640 /etc/bind/rndc.key
785 fi
786
787 einfo
788 einfo "You can edit /etc/conf.d/named to customize named settings"
789 einfo
790 use mysql || use postgres || use ldap && {
791 elog "If your named depends on MySQL/PostgreSQL or LDAP,"
792 elog "uncomment the specified rc_named_* lines in your"
793 elog "/etc/conf.d/named config to ensure they'll start before bind"
794 einfo
795 }
796 einfo "If you'd like to run bind in a chroot AND this is a new"
797 einfo "install OR your bind doesn't already run in a chroot:"
798 einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
799 einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
800 einfo
801
802 CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
803 if [[ -n ${CHROOT} ]]; then
804 elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
805 elog "To enable the old behaviour (without using mount) uncomment the"
806 elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
807 elog "If you decide to use the new/default method, ensure to make backup"
808 elog "first and merge your existing configs/zones to /etc/bind and"
809 elog "/var/bind because bind will now mount the needed directories into"
810 elog "the chroot dir."
811 fi
812
813 ewarn
814 ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
815 ewarn "you may need to fix your named.conf!"
816 ewarn
817 ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
818 ewarn "To fix the permissions do:"
819 ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
820 ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
821 ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
822 ewarn "chmod 0750 /etc/bind /var/bind/pri"
823 ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
824 ewarn
825 }
826
827 pkg_config() {
828 CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
829 CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
830 CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
831
832 if [[ -z "${CHROOT}" ]]; then
833 eerror "This config script is designed to automate setting up"
834 eerror "a chrooted bind/named. To do so, please first uncomment"
835 eerror "and set the CHROOT variable in '/etc/conf.d/named'."
836 die "Unset CHROOT"
837 fi
838 if [[ -d "${CHROOT}" ]]; then
839 ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
840 ewarn "To enable the old behaviour (without using mount) uncomment the"
841 ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
842 ewarn
843 ewarn "${CHROOT} already exists... some things might become overridden"
844 ewarn "press CTRL+C if you don't want to continue"
845 sleep 10
846 fi
847
848 echo; einfo "Setting up the chroot directory..."
849
850 mkdir -m 0750 -p ${CHROOT}
851 mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
852 mkdir -m 0750 -p ${CHROOT}/etc/bind
853 mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
854 # As of bind 9.8.0
855 if has_version net-dns/bind[gost]; then
856 if [ "$(get_libdir)" = "lib64" ]; then
857 mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
858 ln -s lib64 ${CHROOT}/usr/lib
859 else
860 mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
861 fi
862 fi
863 chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
864
865 mknod ${CHROOT}/dev/null c 1 3
866 chmod 0666 ${CHROOT}/dev/null
867
868 mknod ${CHROOT}/dev/zero c 1 5
869 chmod 0666 ${CHROOT}/dev/zero
870
871 if use urandom; then
872 mknod ${CHROOT}/dev/urandom c 1 9
873 chmod 0666 ${CHROOT}/dev/urandom
874 else
875 mknod ${CHROOT}/dev/random c 1 8
876 chmod 0666 ${CHROOT}/dev/random
877 fi
878
879 if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
880 cp -a /etc/bind ${CHROOT}/etc/
881 cp -a /var/bind ${CHROOT}/var/
882 fi
883
884 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
885 mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
886 fi
887
888 elog "You may need to add the following line to your syslog-ng.conf:"
889 elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
890 }
Report Message
Find on MARC Find on Google Groups