1 |
idl0r 13/06/30 13:31:19 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: bind-9.8.5_p1.ebuild bind-9.9.3_p1.ebuild |
5 |
Removed: bind-9.8.4_p2.ebuild |
6 |
Log: |
7 |
Version bumps, fixes CVE-2013-2266, bug 463497 |
8 |
|
9 |
(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key B427ABC8) |
10 |
|
11 |
Revision Changes Path |
12 |
1.457 net-dns/bind/ChangeLog |
13 |
|
14 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.457&view=markup |
15 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.457&content-type=text/plain |
16 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?r1=1.456&r2=1.457 |
17 |
|
18 |
Index: ChangeLog |
19 |
=================================================================== |
20 |
RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v |
21 |
retrieving revision 1.456 |
22 |
retrieving revision 1.457 |
23 |
diff -u -r1.456 -r1.457 |
24 |
--- ChangeLog 14 Apr 2013 11:46:42 -0000 1.456 |
25 |
+++ ChangeLog 30 Jun 2013 13:31:19 -0000 1.457 |
26 |
@@ -1,6 +1,13 @@ |
27 |
# ChangeLog for net-dns/bind |
28 |
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 |
29 |
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.456 2013/04/14 11:46:42 ago Exp $ |
30 |
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.457 2013/06/30 13:31:19 idl0r Exp $ |
31 |
+ |
32 |
+*bind-9.9.3_p1 (30 Jun 2013) |
33 |
+*bind-9.8.5_p1 (30 Jun 2013) |
34 |
+ |
35 |
+ 30 Jun 2013; Christian Ruppert <idl0r@g.o> -bind-9.8.4_p2.ebuild, |
36 |
+ +bind-9.8.5_p1.ebuild, +bind-9.9.3_p1.ebuild: |
37 |
+ Version bumps, fixes CVE-2013-2266, bug 463497 |
38 |
|
39 |
14 Apr 2013; Agostino Sarubbo <ago@g.o> bind-9.9.2_p2.ebuild: |
40 |
Stable for sh, wrt bug #463497 |
41 |
|
42 |
|
43 |
|
44 |
1.1 net-dns/bind/bind-9.8.5_p1.ebuild |
45 |
|
46 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p1.ebuild?rev=1.1&view=markup |
47 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.5_p1.ebuild?rev=1.1&content-type=text/plain |
48 |
|
49 |
Index: bind-9.8.5_p1.ebuild |
50 |
=================================================================== |
51 |
# Copyright 1999-2013 Gentoo Foundation |
52 |
# Distributed under the terms of the GNU General Public License v2 |
53 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.8.5_p1.ebuild,v 1.1 2013/06/30 13:31:19 idl0r Exp $ |
54 |
|
55 |
# Re dlz/mysql and threads, needs to be verified.. |
56 |
# MySQL uses thread local storage in its C api. Thus MySQL |
57 |
# requires that each thread of an application execute a MySQL |
58 |
# thread initialization to setup the thread local storage. |
59 |
# This is impossible to do safely while staying within the DLZ |
60 |
# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
61 |
# Because of this BIND MUST only run with a single thread when |
62 |
# using the MySQL driver. |
63 |
|
64 |
EAPI="4" |
65 |
|
66 |
inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use user |
67 |
|
68 |
MY_PV="${PV/_p/-P}" |
69 |
MY_PV="${MY_PV/_rc/rc}" |
70 |
MY_P="${PN}-${MY_PV}" |
71 |
|
72 |
SDB_LDAP_VER="1.1.0-fc14" |
73 |
|
74 |
# bind-9.8.0-P1-geoip-1.3.patch |
75 |
GEOIP_PV=1.3 |
76 |
#GEOIP_PV_AGAINST="${MY_PV}" |
77 |
GEOIP_PV_AGAINST="9.8.3-P1" |
78 |
GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}" |
79 |
GEOIP_PATCH_A="${GEOIP_P}.patch" |
80 |
GEOIP_DOC_A="bind-geoip-1.3-readme.txt" |
81 |
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/" |
82 |
|
83 |
RRL_PV="${MY_PV}" |
84 |
|
85 |
# GeoIP: http://bind-geoip.googlecode.com/ |
86 |
# DNS RRL: http://www.redbarn.org/dns/ratelimits/ |
87 |
# SDB-LDAP: http://bind9-ldap.bayour.com/ |
88 |
|
89 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
90 |
HOMEPAGE="http://www.isc.org/software/bind" |
91 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
92 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 ) |
93 |
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A} |
94 |
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} ) |
95 |
sdb-ldap? ( |
96 |
http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 |
97 |
) |
98 |
rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )" |
99 |
|
100 |
LICENSE="ISC BSD BSD-2 HPND JNIC openssl" |
101 |
SLOT="0" |
102 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
103 |
IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc |
104 |
postgres rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml" |
105 |
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
106 |
|
107 |
REQUIRED_USE="postgres? ( dlz ) |
108 |
berkdb? ( dlz ) |
109 |
mysql? ( dlz !threads ) |
110 |
odbc? ( dlz ) |
111 |
ldap? ( dlz ) |
112 |
sdb-ldap? ( dlz ) |
113 |
gost? ( ssl ) |
114 |
threads? ( caps )" |
115 |
|
116 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
117 |
mysql? ( >=virtual/mysql-4.0 ) |
118 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
119 |
ldap? ( net-nds/openldap ) |
120 |
idn? ( net-dns/idnkit ) |
121 |
postgres? ( dev-db/postgresql-base ) |
122 |
caps? ( >=sys-libs/libcap-2.1.0 ) |
123 |
xml? ( dev-libs/libxml2 ) |
124 |
geoip? ( >=dev-libs/geoip-1.4.6 ) |
125 |
gssapi? ( virtual/krb5 ) |
126 |
sdb-ldap? ( net-nds/openldap ) |
127 |
gost? ( >=dev-libs/openssl-1.0.0[-bindist] )" |
128 |
|
129 |
RDEPEND="${DEPEND} |
130 |
selinux? ( sec-policy/selinux-bind ) |
131 |
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
132 |
|
133 |
S="${WORKDIR}/${MY_P}" |
134 |
|
135 |
pkg_setup() { |
136 |
ebegin "Creating named group and user" |
137 |
enewgroup named 40 |
138 |
enewuser named 40 -1 /etc/bind named |
139 |
eend ${?} |
140 |
} |
141 |
|
142 |
src_prepare() { |
143 |
# Adjusting PATHs in manpages |
144 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
145 |
sed -i \ |
146 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
147 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
148 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
149 |
"${i}" || die "sed failed, ${i} doesn't exist" |
150 |
done |
151 |
|
152 |
if use dlz; then |
153 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
154 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
155 |
if use mysql && has_version ">=dev-db/mysql-5"; then |
156 |
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
157 |
fi |
158 |
|
159 |
if use odbc; then |
160 |
epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch" |
161 |
fi |
162 |
|
163 |
# sdb-ldap patch as per bug #160567 |
164 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
165 |
# New patch take from bug 302735 |
166 |
if use sdb-ldap; then |
167 |
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
168 |
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
169 |
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
170 |
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
171 |
fi |
172 |
fi |
173 |
|
174 |
# should be installed by bind-tools |
175 |
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die |
176 |
|
177 |
if use geoip; then |
178 |
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die |
179 |
# sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
180 |
# -e 's:RELEASEVER=:RELEASEVER=1:' \ |
181 |
# ${GEOIP_PATCH_A} || die |
182 |
# sed -i -e 's:RELEASEVER=1:RELEASEVER=2:' \ |
183 |
# ${GEOIP_PATCH_A} || die |
184 |
epatch ${GEOIP_PATCH_A} |
185 |
fi |
186 |
|
187 |
if use rrl; then |
188 |
cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die |
189 |
# sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
190 |
# -e 's:^ RELEASEVER=: RELEASEVER=1:' \ |
191 |
# rl-${RRL_PV}.patch || die |
192 |
|
193 |
# Response Rate Limiting (DNS RRL) - bug 434650 |
194 |
epatch rl-${RRL_PV}.patch |
195 |
fi |
196 |
|
197 |
# Disable tests for now, bug 406399 |
198 |
sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die |
199 |
|
200 |
# bug #220361 |
201 |
rm aclocal.m4 |
202 |
rm -rf libtool.m4/ |
203 |
eautoreconf |
204 |
} |
205 |
|
206 |
src_configure() { |
207 |
local myconf="" |
208 |
|
209 |
if use urandom; then |
210 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
211 |
else |
212 |
myconf="${myconf} --with-randomdev=/dev/random" |
213 |
fi |
214 |
|
215 |
use geoip && myconf="${myconf} --with-geoip" |
216 |
|
217 |
# bug #158664 |
218 |
# gcc-specs-ssp && replace-flags -O[23s] -O |
219 |
|
220 |
# To include db.h from proper path |
221 |
use berkdb && append-flags "-I$(db_includedir)" |
222 |
|
223 |
export BUILD_CC=$(tc-getBUILD_CC) |
224 |
econf \ |
225 |
--sysconfdir=/etc/bind \ |
226 |
--localstatedir=/var \ |
227 |
--with-libtool \ |
228 |
$(use_enable threads) \ |
229 |
$(use_with dlz dlopen) \ |
230 |
$(use_with dlz dlz-filesystem) \ |
231 |
$(use_with dlz dlz-stub) \ |
232 |
$(use_with postgres dlz-postgres) \ |
233 |
$(use_with mysql dlz-mysql) \ |
234 |
$(use_with berkdb dlz-bdb) \ |
235 |
$(use_with ldap dlz-ldap) \ |
236 |
$(use_with odbc dlz-odbc) \ |
237 |
$(use_with ssl openssl "${EPREFIX}"/usr) \ |
238 |
$(use_with ssl ecdsa) \ |
239 |
$(use_with idn) \ |
240 |
$(use_enable ipv6) \ |
241 |
$(use_with xml libxml2) \ |
242 |
$(use_with gssapi) \ |
243 |
$(use_enable rpz rpz-nsip) \ |
244 |
$(use_enable rpz rpz-nsdname) \ |
245 |
$(use_enable caps linux-caps) \ |
246 |
$(use_with gost) \ |
247 |
$(use_enable filter-aaaa) \ |
248 |
${myconf} |
249 |
|
250 |
# bug #151839 |
251 |
echo '#undef SO_BSDCOMPAT' >> config.h |
252 |
} |
253 |
|
254 |
src_install() { |
255 |
emake DESTDIR="${D}" install |
256 |
|
257 |
dodoc CHANGES FAQ README |
258 |
|
259 |
if use idn; then |
260 |
dodoc contrib/idn/README.idnkit |
261 |
fi |
262 |
|
263 |
if use doc; then |
264 |
dodoc doc/arm/Bv9ARM.pdf |
265 |
|
266 |
docinto misc |
267 |
dodoc doc/misc/* |
268 |
|
269 |
# might a 'html' useflag make sense? |
270 |
docinto html |
271 |
dohtml -r doc/arm/* |
272 |
|
273 |
docinto contrib |
274 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
275 |
contrib/nanny/nanny.pl |
276 |
|
277 |
# some handy-dandy dynamic dns examples |
278 |
pushd "${D}"/usr/share/doc/${PF} 1>/dev/null |
279 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
280 |
popd 1>/dev/null |
281 |
fi |
282 |
|
283 |
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A} |
284 |
|
285 |
insinto /etc/bind |
286 |
newins "${FILESDIR}"/named.conf-r6 named.conf |
287 |
|
288 |
# ftp://ftp.rs.internic.net/domain/named.cache: |
289 |
insinto /var/bind |
290 |
doins "${FILESDIR}"/named.cache |
291 |
|
292 |
insinto /var/bind/pri |
293 |
newins "${FILESDIR}"/127.zone-r1 127.zone |
294 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
295 |
|
296 |
newinitd "${FILESDIR}"/named.init-r12 named |
297 |
newconfd "${FILESDIR}"/named.confd-r6 named |
298 |
|
299 |
if use gost; then |
300 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
301 |
else |
302 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
303 |
fi |
304 |
|
305 |
newenvd "${FILESDIR}"/10bind.env 10bind |
306 |
|
307 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
308 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
309 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* |
310 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
311 |
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
312 |
|
313 |
# bug 405251, library archives aren't properly handled by --enable/disable-static |
314 |
if ! use static-libs; then |
315 |
find "${D}" -type f -name '*.la' -delete || die |
316 |
fi |
317 |
|
318 |
# bug 450406 |
319 |
dosym named.cache /var/bind/root.cache |
320 |
|
321 |
dosym /var/bind/pri /etc/bind/pri |
322 |
dosym /var/bind/sec /etc/bind/sec |
323 |
dosym /var/bind/dyn /etc/bind/dyn |
324 |
keepdir /var/bind/{pri,sec,dyn} |
325 |
|
326 |
dodir /var/{run,log}/named |
327 |
|
328 |
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn} |
329 |
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
330 |
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
331 |
fperms 0750 /etc/bind /var/bind/pri |
332 |
fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn} |
333 |
} |
334 |
|
335 |
pkg_postinst() { |
336 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
337 |
if use urandom; then |
338 |
einfo "Using /dev/urandom for generating rndc.key" |
339 |
/usr/sbin/rndc-confgen -r /dev/urandom -a |
340 |
echo |
341 |
else |
342 |
einfo "Using /dev/random for generating rndc.key" |
343 |
/usr/sbin/rndc-confgen -a |
344 |
echo |
345 |
fi |
346 |
chown root:named /etc/bind/rndc.key |
347 |
chmod 0640 /etc/bind/rndc.key |
348 |
fi |
349 |
|
350 |
einfo |
351 |
einfo "You can edit /etc/conf.d/named to customize named settings" |
352 |
einfo |
353 |
use mysql || use postgres || use ldap && { |
354 |
elog "If your named depends on MySQL/PostgreSQL or LDAP," |
355 |
elog "uncomment the specified rc_named_* lines in your" |
356 |
elog "/etc/conf.d/named config to ensure they'll start before bind" |
357 |
einfo |
358 |
} |
359 |
einfo "If you'd like to run bind in a chroot AND this is a new" |
360 |
einfo "install OR your bind doesn't already run in a chroot:" |
361 |
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
362 |
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
363 |
einfo |
364 |
|
365 |
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
366 |
if [[ -n ${CHROOT} ]]; then |
367 |
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
368 |
elog "To enable the old behaviour (without using mount) uncomment the" |
369 |
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
370 |
elog "If you decide to use the new/default method, ensure to make backup" |
371 |
elog "first and merge your existing configs/zones to /etc/bind and" |
372 |
elog "/var/bind because bind will now mount the needed directories into" |
373 |
elog "the chroot dir." |
374 |
fi |
375 |
|
376 |
ewarn |
377 |
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache" |
378 |
ewarn "you may need to fix your named.conf!" |
379 |
ewarn |
380 |
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems" |
381 |
ewarn "To fix the permissions do:" |
382 |
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}" |
383 |
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
384 |
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
385 |
ewarn "chmod 0750 /etc/bind /var/bind/pri" |
386 |
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}" |
387 |
ewarn |
388 |
} |
389 |
|
390 |
pkg_config() { |
391 |
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
392 |
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
393 |
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
394 |
|
395 |
if [[ -z "${CHROOT}" ]]; then |
396 |
eerror "This config script is designed to automate setting up" |
397 |
eerror "a chrooted bind/named. To do so, please first uncomment" |
398 |
eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
399 |
die "Unset CHROOT" |
400 |
fi |
401 |
if [[ -d "${CHROOT}" ]]; then |
402 |
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
403 |
ewarn "To enable the old behaviour (without using mount) uncomment the" |
404 |
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
405 |
ewarn |
406 |
ewarn "${CHROOT} already exists... some things might become overridden" |
407 |
ewarn "press CTRL+C if you don't want to continue" |
408 |
sleep 10 |
409 |
fi |
410 |
|
411 |
echo; einfo "Setting up the chroot directory..." |
412 |
|
413 |
mkdir -m 0750 -p ${CHROOT} |
414 |
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} |
415 |
mkdir -m 0750 -p ${CHROOT}/etc/bind |
416 |
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} |
417 |
# As of bind 9.8.0 |
418 |
if has_version net-dns/bind[gost]; then |
419 |
if [ "$(get_libdir)" = "lib64" ]; then |
420 |
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
421 |
ln -s lib64 ${CHROOT}/usr/lib |
422 |
else |
423 |
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
424 |
fi |
425 |
fi |
426 |
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind |
427 |
|
428 |
mknod ${CHROOT}/dev/null c 1 3 |
429 |
chmod 0666 ${CHROOT}/dev/null |
430 |
|
431 |
mknod ${CHROOT}/dev/zero c 1 5 |
432 |
chmod 0666 ${CHROOT}/dev/zero |
433 |
|
434 |
if use urandom; then |
435 |
mknod ${CHROOT}/dev/urandom c 1 9 |
436 |
chmod 0666 ${CHROOT}/dev/urandom |
437 |
else |
438 |
mknod ${CHROOT}/dev/random c 1 8 |
439 |
chmod 0666 ${CHROOT}/dev/random |
440 |
fi |
441 |
|
442 |
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
443 |
cp -a /etc/bind ${CHROOT}/etc/ |
444 |
cp -a /var/bind ${CHROOT}/var/ |
445 |
fi |
446 |
|
447 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
448 |
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
449 |
fi |
450 |
|
451 |
elog "You may need to add the following line to your syslog-ng.conf:" |
452 |
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
453 |
} |
454 |
|
455 |
|
456 |
|
457 |
1.1 net-dns/bind/bind-9.9.3_p1.ebuild |
458 |
|
459 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p1.ebuild?rev=1.1&view=markup |
460 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.3_p1.ebuild?rev=1.1&content-type=text/plain |
461 |
|
462 |
Index: bind-9.9.3_p1.ebuild |
463 |
=================================================================== |
464 |
# Copyright 1999-2013 Gentoo Foundation |
465 |
# Distributed under the terms of the GNU General Public License v2 |
466 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.3_p1.ebuild,v 1.1 2013/06/30 13:31:19 idl0r Exp $ |
467 |
|
468 |
# Re dlz/mysql and threads, needs to be verified.. |
469 |
# MySQL uses thread local storage in its C api. Thus MySQL |
470 |
# requires that each thread of an application execute a MySQL |
471 |
# thread initialization to setup the thread local storage. |
472 |
# This is impossible to do safely while staying within the DLZ |
473 |
# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
474 |
# Because of this BIND MUST only run with a single thread when |
475 |
# using the MySQL driver. |
476 |
|
477 |
EAPI="4" |
478 |
|
479 |
PYTHON_DEPEND="python? 2:2.7 3" |
480 |
SUPPORT_PYTHON_ABIS="1" |
481 |
|
482 |
inherit python eutils autotools toolchain-funcs flag-o-matic multilib db-use user |
483 |
|
484 |
MY_PV="${PV/_p/-P}" |
485 |
MY_PV="${MY_PV/_rc/rc}" |
486 |
MY_P="${PN}-${MY_PV}" |
487 |
|
488 |
SDB_LDAP_VER="1.1.0-fc14" |
489 |
|
490 |
# bind-9.8.0-P1-geoip-1.3.patch |
491 |
GEOIP_PV=1.3 |
492 |
#GEOIP_PV_AGAINST="${MY_PV}" |
493 |
GEOIP_PV_AGAINST="9.9.2" |
494 |
GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}" |
495 |
GEOIP_PATCH_A="${GEOIP_P}.patch" |
496 |
GEOIP_DOC_A="bind-geoip-1.3-readme.txt" |
497 |
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/" |
498 |
|
499 |
RRL_PV="${MY_PV}" |
500 |
|
501 |
# GeoIP: http://bind-geoip.googlecode.com/ |
502 |
# DNS RRL: http://www.redbarn.org/dns/ratelimits/ |
503 |
# SDB-LDAP: http://bind9-ldap.bayour.com/ |
504 |
|
505 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
506 |
HOMEPAGE="http://www.isc.org/software/bind" |
507 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
508 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 ) |
509 |
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A} |
510 |
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} ) |
511 |
sdb-ldap? ( |
512 |
http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 |
513 |
) |
514 |
rrl? ( http://ss.vix.su/~vjs/rl-${RRL_PV}.patch )" |
515 |
|
516 |
LICENSE="ISC BSD BSD-2 HPND JNIC openssl" |
517 |
SLOT="0" |
518 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
519 |
IUSE="berkdb caps dlz doc filter-aaaa geoip gost gssapi idn ipv6 ldap mysql odbc |
520 |
postgres python rpz rrl sdb-ldap selinux ssl static-libs threads urandom xml" |
521 |
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
522 |
|
523 |
REQUIRED_USE="postgres? ( dlz ) |
524 |
berkdb? ( dlz ) |
525 |
mysql? ( dlz !threads ) |
526 |
odbc? ( dlz ) |
527 |
ldap? ( dlz ) |
528 |
sdb-ldap? ( dlz ) |
529 |
gost? ( ssl ) |
530 |
threads? ( caps )" |
531 |
|
532 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
533 |
mysql? ( >=virtual/mysql-4.0 ) |
534 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
535 |
ldap? ( net-nds/openldap ) |
536 |
idn? ( net-dns/idnkit ) |
537 |
postgres? ( dev-db/postgresql-base ) |
538 |
caps? ( >=sys-libs/libcap-2.1.0 ) |
539 |
xml? ( dev-libs/libxml2 ) |
540 |
geoip? ( >=dev-libs/geoip-1.4.6 ) |
541 |
gssapi? ( virtual/krb5 ) |
542 |
sdb-ldap? ( net-nds/openldap ) |
543 |
gost? ( >=dev-libs/openssl-1.0.0[-bindist] ) |
544 |
python? ( virtual/python-argparse )" |
545 |
|
546 |
RDEPEND="${DEPEND} |
547 |
selinux? ( sec-policy/selinux-bind ) |
548 |
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
549 |
|
550 |
S="${WORKDIR}/${MY_P}" |
551 |
|
552 |
pkg_setup() { |
553 |
ebegin "Creating named group and user" |
554 |
enewgroup named 40 |
555 |
enewuser named 40 -1 /etc/bind named |
556 |
eend ${?} |
557 |
|
558 |
if use python; then |
559 |
python_pkg_setup |
560 |
fi |
561 |
} |
562 |
|
563 |
src_prepare() { |
564 |
# Adjusting PATHs in manpages |
565 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
566 |
sed -i \ |
567 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
568 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
569 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
570 |
"${i}" || die "sed failed, ${i} doesn't exist" |
571 |
done |
572 |
|
573 |
if use dlz; then |
574 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
575 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
576 |
if use mysql && has_version ">=dev-db/mysql-5"; then |
577 |
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
578 |
fi |
579 |
|
580 |
if use odbc; then |
581 |
epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch" |
582 |
fi |
583 |
|
584 |
# sdb-ldap patch as per bug #160567 |
585 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
586 |
# New patch take from bug 302735 |
587 |
if use sdb-ldap; then |
588 |
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
589 |
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
590 |
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
591 |
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
592 |
fi |
593 |
fi |
594 |
|
595 |
# should be installed by bind-tools |
596 |
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die |
597 |
|
598 |
if use geoip; then |
599 |
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die |
600 |
sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
601 |
-e 's:RELEASEVER=:RELEASEVER=1:' \ |
602 |
${GEOIP_PATCH_A} || die |
603 |
# sed -i -e 's:RELEASEVER=2:RELEASEVER=3:' ${GEOIP_PATCH_A} || die |
604 |
epatch ${GEOIP_PATCH_A} |
605 |
fi |
606 |
|
607 |
if use rrl; then |
608 |
cp "${DISTDIR}"/rl-${RRL_PV}.patch "${S}" || die |
609 |
# sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
610 |
# -e 's:^ RELEASEVER=: RELEASEVER=1:' \ |
611 |
# rl-${RRL_PV}.patch || die |
612 |
|
613 |
# Response Rate Limiting (DNS RRL) - bug 434650 |
614 |
epatch rl-${RRL_PV}.patch |
615 |
fi |
616 |
|
617 |
# Disable tests for now, bug 406399 |
618 |
sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die |
619 |
|
620 |
# bug #220361 |
621 |
rm aclocal.m4 |
622 |
rm -rf libtool.m4/ |
623 |
eautoreconf |
624 |
} |
625 |
|
626 |
src_configure() { |
627 |
local myconf="" |
628 |
|
629 |
if use urandom; then |
630 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
631 |
else |
632 |
myconf="${myconf} --with-randomdev=/dev/random" |
633 |
fi |
634 |
|
635 |
use geoip && myconf="${myconf} --with-geoip" |
636 |
|
637 |
# bug #158664 |
638 |
# gcc-specs-ssp && replace-flags -O[23s] -O |
639 |
|
640 |
# To include db.h from proper path |
641 |
use berkdb && append-flags "-I$(db_includedir)" |
642 |
|
643 |
export BUILD_CC=$(tc-getBUILD_CC) |
644 |
econf \ |
645 |
--sysconfdir=/etc/bind \ |
646 |
--localstatedir=/var \ |
647 |
--with-libtool \ |
648 |
$(use_enable threads) \ |
649 |
$(use_with dlz dlopen) \ |
650 |
$(use_with dlz dlz-filesystem) \ |
651 |
$(use_with dlz dlz-stub) \ |
652 |
$(use_with postgres dlz-postgres) \ |
653 |
$(use_with mysql dlz-mysql) \ |
654 |
$(use_with berkdb dlz-bdb) \ |
655 |
$(use_with ldap dlz-ldap) \ |
656 |
$(use_with odbc dlz-odbc) \ |
657 |
$(use_with ssl openssl "${EPREFIX}"/usr) \ |
658 |
$(use_with ssl ecdsa) \ |
659 |
$(use_with idn) \ |
660 |
$(use_enable ipv6) \ |
661 |
$(use_with xml libxml2) \ |
662 |
$(use_enable xml newstats) \ |
663 |
$(use_with gssapi) \ |
664 |
$(use_enable rpz rpz-nsip) \ |
665 |
$(use_enable rpz rpz-nsdname) \ |
666 |
$(use_enable caps linux-caps) \ |
667 |
$(use_with gost) \ |
668 |
$(use_enable filter-aaaa) \ |
669 |
$(use_with python) \ |
670 |
--without-readline \ |
671 |
${myconf} |
672 |
|
673 |
# $(use_enable static-libs static) \ |
674 |
|
675 |
# bug #151839 |
676 |
echo '#undef SO_BSDCOMPAT' >> config.h |
677 |
} |
678 |
|
679 |
src_install() { |
680 |
emake DESTDIR="${D}" install |
681 |
|
682 |
dodoc CHANGES FAQ README |
683 |
|
684 |
if use idn; then |
685 |
dodoc contrib/idn/README.idnkit |
686 |
fi |
687 |
|
688 |
if use doc; then |
689 |
dodoc doc/arm/Bv9ARM.pdf |
690 |
|
691 |
docinto misc |
692 |
dodoc doc/misc/* |
693 |
|
694 |
# might a 'html' useflag make sense? |
695 |
docinto html |
696 |
dohtml -r doc/arm/* |
697 |
|
698 |
docinto contrib |
699 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
700 |
contrib/nanny/nanny.pl |
701 |
|
702 |
# some handy-dandy dynamic dns examples |
703 |
pushd "${D}"/usr/share/doc/${PF} 1>/dev/null |
704 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
705 |
popd 1>/dev/null |
706 |
fi |
707 |
|
708 |
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A} |
709 |
|
710 |
insinto /etc/bind |
711 |
newins "${FILESDIR}"/named.conf-r6 named.conf |
712 |
|
713 |
# ftp://ftp.rs.internic.net/domain/named.cache: |
714 |
insinto /var/bind |
715 |
doins "${FILESDIR}"/named.cache |
716 |
|
717 |
insinto /var/bind/pri |
718 |
newins "${FILESDIR}"/127.zone-r1 127.zone |
719 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
720 |
|
721 |
newinitd "${FILESDIR}"/named.init-r12 named |
722 |
newconfd "${FILESDIR}"/named.confd-r6 named |
723 |
|
724 |
if use gost; then |
725 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
726 |
else |
727 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
728 |
fi |
729 |
|
730 |
newenvd "${FILESDIR}"/10bind.env 10bind |
731 |
|
732 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
733 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
734 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* |
735 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
736 |
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
737 |
|
738 |
# bug 405251, library archives aren't properly handled by --enable/disable-static |
739 |
if ! use static-libs; then |
740 |
find "${D}" -type f -name '*.la' -delete || die |
741 |
fi |
742 |
|
743 |
if use python; then |
744 |
install_python_tools() { |
745 |
python_convert_shebangs $PYTHON_ABI bin/python/dnssec-checkds |
746 |
exeinto /usr/sbin |
747 |
newexe bin/python/dnssec-checkds dnssec-checkds-${PYTHON_ABI} |
748 |
} |
749 |
python_execute_function install_python_tools |
750 |
|
751 |
rm -f "${D}/usr/sbin/dnssec-checkds" |
752 |
python_generate_wrapper_scripts "${D}usr/sbin/dnssec-checkds" |
753 |
fi |
754 |
|
755 |
# bug 450406 |
756 |
dosym named.cache /var/bind/root.cache |
757 |
|
758 |
dosym /var/bind/pri /etc/bind/pri |
759 |
dosym /var/bind/sec /etc/bind/sec |
760 |
dosym /var/bind/dyn /etc/bind/dyn |
761 |
keepdir /var/bind/{pri,sec,dyn} |
762 |
|
763 |
dodir /var/{run,log}/named |
764 |
|
765 |
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn} |
766 |
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
767 |
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
768 |
fperms 0750 /etc/bind /var/bind/pri |
769 |
fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn} |
770 |
} |
771 |
|
772 |
pkg_postinst() { |
773 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
774 |
if use urandom; then |
775 |
einfo "Using /dev/urandom for generating rndc.key" |
776 |
/usr/sbin/rndc-confgen -r /dev/urandom -a |
777 |
echo |
778 |
else |
779 |
einfo "Using /dev/random for generating rndc.key" |
780 |
/usr/sbin/rndc-confgen -a |
781 |
echo |
782 |
fi |
783 |
chown root:named /etc/bind/rndc.key |
784 |
chmod 0640 /etc/bind/rndc.key |
785 |
fi |
786 |
|
787 |
einfo |
788 |
einfo "You can edit /etc/conf.d/named to customize named settings" |
789 |
einfo |
790 |
use mysql || use postgres || use ldap && { |
791 |
elog "If your named depends on MySQL/PostgreSQL or LDAP," |
792 |
elog "uncomment the specified rc_named_* lines in your" |
793 |
elog "/etc/conf.d/named config to ensure they'll start before bind" |
794 |
einfo |
795 |
} |
796 |
einfo "If you'd like to run bind in a chroot AND this is a new" |
797 |
einfo "install OR your bind doesn't already run in a chroot:" |
798 |
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
799 |
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
800 |
einfo |
801 |
|
802 |
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
803 |
if [[ -n ${CHROOT} ]]; then |
804 |
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
805 |
elog "To enable the old behaviour (without using mount) uncomment the" |
806 |
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
807 |
elog "If you decide to use the new/default method, ensure to make backup" |
808 |
elog "first and merge your existing configs/zones to /etc/bind and" |
809 |
elog "/var/bind because bind will now mount the needed directories into" |
810 |
elog "the chroot dir." |
811 |
fi |
812 |
|
813 |
ewarn |
814 |
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache" |
815 |
ewarn "you may need to fix your named.conf!" |
816 |
ewarn |
817 |
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems" |
818 |
ewarn "To fix the permissions do:" |
819 |
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}" |
820 |
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
821 |
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
822 |
ewarn "chmod 0750 /etc/bind /var/bind/pri" |
823 |
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}" |
824 |
ewarn |
825 |
} |
826 |
|
827 |
pkg_config() { |
828 |
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
829 |
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
830 |
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
831 |
|
832 |
if [[ -z "${CHROOT}" ]]; then |
833 |
eerror "This config script is designed to automate setting up" |
834 |
eerror "a chrooted bind/named. To do so, please first uncomment" |
835 |
eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
836 |
die "Unset CHROOT" |
837 |
fi |
838 |
if [[ -d "${CHROOT}" ]]; then |
839 |
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
840 |
ewarn "To enable the old behaviour (without using mount) uncomment the" |
841 |
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
842 |
ewarn |
843 |
ewarn "${CHROOT} already exists... some things might become overridden" |
844 |
ewarn "press CTRL+C if you don't want to continue" |
845 |
sleep 10 |
846 |
fi |
847 |
|
848 |
echo; einfo "Setting up the chroot directory..." |
849 |
|
850 |
mkdir -m 0750 -p ${CHROOT} |
851 |
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} |
852 |
mkdir -m 0750 -p ${CHROOT}/etc/bind |
853 |
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} |
854 |
# As of bind 9.8.0 |
855 |
if has_version net-dns/bind[gost]; then |
856 |
if [ "$(get_libdir)" = "lib64" ]; then |
857 |
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
858 |
ln -s lib64 ${CHROOT}/usr/lib |
859 |
else |
860 |
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
861 |
fi |
862 |
fi |
863 |
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind |
864 |
|
865 |
mknod ${CHROOT}/dev/null c 1 3 |
866 |
chmod 0666 ${CHROOT}/dev/null |
867 |
|
868 |
mknod ${CHROOT}/dev/zero c 1 5 |
869 |
chmod 0666 ${CHROOT}/dev/zero |
870 |
|
871 |
if use urandom; then |
872 |
mknod ${CHROOT}/dev/urandom c 1 9 |
873 |
chmod 0666 ${CHROOT}/dev/urandom |
874 |
else |
875 |
mknod ${CHROOT}/dev/random c 1 8 |
876 |
chmod 0666 ${CHROOT}/dev/random |
877 |
fi |
878 |
|
879 |
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
880 |
cp -a /etc/bind ${CHROOT}/etc/ |
881 |
cp -a /var/bind ${CHROOT}/var/ |
882 |
fi |
883 |
|
884 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
885 |
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
886 |
fi |
887 |
|
888 |
elog "You may need to add the following line to your syslog-ng.conf:" |
889 |
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
890 |
} |