1 |
commit: 44e572feb3a3b6cffded718415516934146d5faf |
2 |
Author: Aaron Bauman <bman <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Mar 28 17:26:34 2019 +0000 |
4 |
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 28 17:26:34 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44e572fe |
7 |
|
8 |
net-dns/unbound: drop vulnerable wrt bug #677054 |
9 |
|
10 |
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org> |
11 |
|
12 |
net-dns/unbound/Manifest | 3 - |
13 |
net-dns/unbound/unbound-1.8.0-r1.ebuild | 181 -------------------------------- |
14 |
net-dns/unbound/unbound-1.8.1.ebuild | 181 -------------------------------- |
15 |
net-dns/unbound/unbound-1.8.3.ebuild | 181 -------------------------------- |
16 |
4 files changed, 546 deletions(-) |
17 |
|
18 |
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest |
19 |
index 9e7dbbc2f1f..f4bcc6fc73c 100644 |
20 |
--- a/net-dns/unbound/Manifest |
21 |
+++ b/net-dns/unbound/Manifest |
22 |
@@ -1,5 +1,2 @@ |
23 |
-DIST unbound-1.8.0.tar.gz 5609213 BLAKE2B 41e464df60e03d502f13758e75f9143658b2a496c4fad69804d9d404e23a8d4b5480cc09048197f8593e37feffdffaea33b18a06d864d0d35e986169b49f42e4 SHA512 6c46f5b86b5bd98a7b549b660173d487e59e65385cebd7bc29429b4fee69f2b490651a409c57b072b9b604fa98e289fa82eeecfea8779900038c25b28a6bd064 |
24 |
-DIST unbound-1.8.1.tar.gz 5610191 BLAKE2B 15118f5940b4362dd515f8b335c8a39fc5ef1d3fbf0c20efbf0097342fabb4890eae0527f8b00ace181a425b413882db962b63d329f664cf12649d4d6ec8e5ea SHA512 1872a980e06258d28d2bc7f69a4c56fc07e03e4c9856161e89abc28527fff5812a47ea9927fd362bca690e3a87b95046ac96c8beeccaeb8596458f140c33b217 |
25 |
-DIST unbound-1.8.3.tar.gz 5629180 BLAKE2B f3fe17df04100291aac752565b3afa859200c222e4fb8c2ed2d9903f7a38ede9965444237c34f3257d29bf367b56fd2a2d48648e7145c91e2dbbd0b79242451d SHA512 545486ccce288a6ef1937d82653a43a11dbd3aec7b8d0036e7fd107e537cdfc935def9db9178c2eb418d6f4b0849a242a0be1dea966f3e9e0145aa7266e483ad |
26 |
DIST unbound-1.9.0.tar.gz 5662176 BLAKE2B dff42ca4155df1c364bcfeb37c0f9516e7f167cc59bebd1fcf264db6471ad99804323c59e485662e03ab095932f1ca3fe25693a9ba840e9c0ecad69cf31b1a2d SHA512 7dfa8e078507fc24a2d0938eea590389453bacfcac023f1a41af19350ea1f7b87d0c82d7eead121a11068921292a96865e177274ff27ed8b8868445f80f7baf6 |
27 |
DIST unbound-1.9.1.tar.gz 5665254 BLAKE2B 68a643cd17139b34e3651e0e72053b0faacf83ae975fff97493c78742ffa7f0d3dbc0028e96e581e125a3591467ec78ae245a718424c2fb32ea7db23ae945f44 SHA512 5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d |
28 |
|
29 |
diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild |
30 |
deleted file mode 100644 |
31 |
index f06bc36f2cd..00000000000 |
32 |
--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild |
33 |
+++ /dev/null |
34 |
@@ -1,181 +0,0 @@ |
35 |
-# Copyright 1999-2018 Gentoo Authors |
36 |
-# Distributed under the terms of the GNU General Public License v2 |
37 |
- |
38 |
-EAPI="7" |
39 |
-PYTHON_COMPAT=( python2_7 ) |
40 |
- |
41 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
42 |
- |
43 |
-MY_P=${PN}-${PV/_/} |
44 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
45 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
46 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
47 |
- |
48 |
-LICENSE="BSD GPL-2" |
49 |
-SLOT="0/8" # ABI version of libunbound.so |
50 |
-KEYWORDS="~alpha amd64 arm ~hppa ~mips ppc ppc64 x86" |
51 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
52 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
53 |
- |
54 |
-# Note: expat is needed by executable only but the Makefile is custom |
55 |
-# and doesn't make it possible to easily install the library without |
56 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
57 |
-# is fixed. |
58 |
- |
59 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
60 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
61 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
62 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
63 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
64 |
- dnstap? ( |
65 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
66 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
67 |
- ) |
68 |
- ecdsa? ( |
69 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
70 |
- ) |
71 |
- python? ( ${PYTHON_DEPS} ) |
72 |
- redis? ( dev-libs/hiredis:= )" |
73 |
- |
74 |
-BDEPEND="virtual/pkgconfig" |
75 |
- |
76 |
-DEPEND="${CDEPEND} |
77 |
- python? ( dev-lang/swig ) |
78 |
- test? ( |
79 |
- net-dns/ldns-utils[examples] |
80 |
- dev-util/splint |
81 |
- app-text/wdiff |
82 |
- ) |
83 |
- systemd? ( sys-apps/systemd )" |
84 |
- |
85 |
-RDEPEND="${CDEPEND} |
86 |
- net-dns/dnssec-root |
87 |
- selinux? ( sec-policy/selinux-bind )" |
88 |
- |
89 |
-# bug #347415 |
90 |
-RDEPEND="${RDEPEND} |
91 |
- net-dns/dnssec-root" |
92 |
- |
93 |
-PATCHES=( |
94 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
95 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
96 |
-) |
97 |
- |
98 |
-S=${WORKDIR}/${MY_P} |
99 |
- |
100 |
-pkg_setup() { |
101 |
- enewgroup unbound |
102 |
- enewuser unbound -1 -1 /etc/unbound unbound |
103 |
- # improve security on existing installs (bug #641042) |
104 |
- # as well as new installs where unbound homedir has just been created |
105 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
106 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
107 |
- fi |
108 |
- |
109 |
- use python && python-single-r1_pkg_setup |
110 |
-} |
111 |
- |
112 |
-src_prepare() { |
113 |
- default |
114 |
- |
115 |
- eautoreconf |
116 |
- |
117 |
- # required for the python part |
118 |
- multilib_copy_sources |
119 |
-} |
120 |
- |
121 |
-src_configure() { |
122 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
123 |
- multilib-minimal_src_configure |
124 |
-} |
125 |
- |
126 |
-multilib_src_configure() { |
127 |
- econf \ |
128 |
- $(use_enable debug) \ |
129 |
- $(use_enable gost) \ |
130 |
- $(use_enable dnscrypt) \ |
131 |
- $(use_enable dnstap) \ |
132 |
- $(use_enable ecdsa) \ |
133 |
- $(use_enable ecs subnet) \ |
134 |
- $(multilib_native_use_enable redis cachedb) \ |
135 |
- $(use_enable static-libs static) \ |
136 |
- $(use_enable systemd) \ |
137 |
- $(multilib_native_use_with python pythonmodule) \ |
138 |
- $(multilib_native_use_with python pyunbound) \ |
139 |
- $(use_with threads pthreads) \ |
140 |
- --disable-flto \ |
141 |
- --disable-rpath \ |
142 |
- --enable-ipsecmod \ |
143 |
- --enable-tfo-client \ |
144 |
- --enable-tfo-server \ |
145 |
- --with-libevent="${EPREFIX%/}"/usr \ |
146 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
147 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
148 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
149 |
- --with-ssl="${EPREFIX%/}"/usr \ |
150 |
- --with-libexpat="${EPREFIX%/}"/usr |
151 |
- |
152 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
153 |
- # $(use_enable debug lock-checks) \ |
154 |
- # $(use_enable debug alloc-checks) \ |
155 |
- # $(use_enable debug alloc-lite) \ |
156 |
- # $(use_enable debug alloc-nonregional) \ |
157 |
-} |
158 |
- |
159 |
-multilib_src_install_all() { |
160 |
- use python && python_optimize |
161 |
- |
162 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
163 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
164 |
- |
165 |
- systemd_dounit "${FILESDIR}"/unbound.service |
166 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
167 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
168 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
169 |
- |
170 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
171 |
- |
172 |
- # bug #315519 |
173 |
- dodoc contrib/unbound_munin_ |
174 |
- |
175 |
- docinto selinux |
176 |
- dodoc contrib/selinux/* |
177 |
- |
178 |
- exeinto /usr/share/${PN} |
179 |
- doexe contrib/update-anchor.sh |
180 |
- |
181 |
- # create space for auto-trust-anchor-file... |
182 |
- keepdir /etc/unbound/var |
183 |
- # ... and point example config to it |
184 |
- sed -i \ |
185 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
186 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
187 |
- die |
188 |
- |
189 |
- # Used to store cache data |
190 |
- keepdir /var/lib/${PN} |
191 |
- fowners root:unbound /var/lib/${PN} |
192 |
- fperms 0750 /var/lib/${PN} |
193 |
- |
194 |
- find "${ED}" -name '*.la' -delete || die |
195 |
- if ! use static-libs ; then |
196 |
- find "${ED}" -name "*.a" -delete || die |
197 |
- fi |
198 |
-} |
199 |
- |
200 |
-pkg_postinst() { |
201 |
- # make var/ writable by unbound |
202 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
203 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
204 |
- fi |
205 |
- |
206 |
- einfo "" |
207 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
208 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
209 |
- einfo "and run" |
210 |
- einfo "" |
211 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
212 |
- einfo "" |
213 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
214 |
- einfo "" |
215 |
-} |
216 |
|
217 |
diff --git a/net-dns/unbound/unbound-1.8.1.ebuild b/net-dns/unbound/unbound-1.8.1.ebuild |
218 |
deleted file mode 100644 |
219 |
index fc522c10b37..00000000000 |
220 |
--- a/net-dns/unbound/unbound-1.8.1.ebuild |
221 |
+++ /dev/null |
222 |
@@ -1,181 +0,0 @@ |
223 |
-# Copyright 1999-2018 Gentoo Authors |
224 |
-# Distributed under the terms of the GNU General Public License v2 |
225 |
- |
226 |
-EAPI="7" |
227 |
-PYTHON_COMPAT=( python2_7 ) |
228 |
- |
229 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
230 |
- |
231 |
-MY_P=${PN}-${PV/_/} |
232 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
233 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
234 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
235 |
- |
236 |
-LICENSE="BSD GPL-2" |
237 |
-SLOT="0/8" # ABI version of libunbound.so |
238 |
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" |
239 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
240 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
241 |
- |
242 |
-# Note: expat is needed by executable only but the Makefile is custom |
243 |
-# and doesn't make it possible to easily install the library without |
244 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
245 |
-# is fixed. |
246 |
- |
247 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
248 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
249 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
250 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
251 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
252 |
- dnstap? ( |
253 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
254 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
255 |
- ) |
256 |
- ecdsa? ( |
257 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
258 |
- ) |
259 |
- python? ( ${PYTHON_DEPS} ) |
260 |
- redis? ( dev-libs/hiredis:= )" |
261 |
- |
262 |
-BDEPEND="virtual/pkgconfig" |
263 |
- |
264 |
-DEPEND="${CDEPEND} |
265 |
- python? ( dev-lang/swig ) |
266 |
- test? ( |
267 |
- net-dns/ldns-utils[examples] |
268 |
- dev-util/splint |
269 |
- app-text/wdiff |
270 |
- ) |
271 |
- systemd? ( sys-apps/systemd )" |
272 |
- |
273 |
-RDEPEND="${CDEPEND} |
274 |
- net-dns/dnssec-root |
275 |
- selinux? ( sec-policy/selinux-bind )" |
276 |
- |
277 |
-# bug #347415 |
278 |
-RDEPEND="${RDEPEND} |
279 |
- net-dns/dnssec-root" |
280 |
- |
281 |
-PATCHES=( |
282 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
283 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
284 |
-) |
285 |
- |
286 |
-S=${WORKDIR}/${MY_P} |
287 |
- |
288 |
-pkg_setup() { |
289 |
- enewgroup unbound |
290 |
- enewuser unbound -1 -1 /etc/unbound unbound |
291 |
- # improve security on existing installs (bug #641042) |
292 |
- # as well as new installs where unbound homedir has just been created |
293 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
294 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
295 |
- fi |
296 |
- |
297 |
- use python && python-single-r1_pkg_setup |
298 |
-} |
299 |
- |
300 |
-src_prepare() { |
301 |
- default |
302 |
- |
303 |
- eautoreconf |
304 |
- |
305 |
- # required for the python part |
306 |
- multilib_copy_sources |
307 |
-} |
308 |
- |
309 |
-src_configure() { |
310 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
311 |
- multilib-minimal_src_configure |
312 |
-} |
313 |
- |
314 |
-multilib_src_configure() { |
315 |
- econf \ |
316 |
- $(use_enable debug) \ |
317 |
- $(use_enable gost) \ |
318 |
- $(use_enable dnscrypt) \ |
319 |
- $(use_enable dnstap) \ |
320 |
- $(use_enable ecdsa) \ |
321 |
- $(use_enable ecs subnet) \ |
322 |
- $(multilib_native_use_enable redis cachedb) \ |
323 |
- $(use_enable static-libs static) \ |
324 |
- $(use_enable systemd) \ |
325 |
- $(multilib_native_use_with python pythonmodule) \ |
326 |
- $(multilib_native_use_with python pyunbound) \ |
327 |
- $(use_with threads pthreads) \ |
328 |
- --disable-flto \ |
329 |
- --disable-rpath \ |
330 |
- --enable-ipsecmod \ |
331 |
- --enable-tfo-client \ |
332 |
- --enable-tfo-server \ |
333 |
- --with-libevent="${EPREFIX%/}"/usr \ |
334 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
335 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
336 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
337 |
- --with-ssl="${EPREFIX%/}"/usr \ |
338 |
- --with-libexpat="${EPREFIX%/}"/usr |
339 |
- |
340 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
341 |
- # $(use_enable debug lock-checks) \ |
342 |
- # $(use_enable debug alloc-checks) \ |
343 |
- # $(use_enable debug alloc-lite) \ |
344 |
- # $(use_enable debug alloc-nonregional) \ |
345 |
-} |
346 |
- |
347 |
-multilib_src_install_all() { |
348 |
- use python && python_optimize |
349 |
- |
350 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
351 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
352 |
- |
353 |
- systemd_dounit "${FILESDIR}"/unbound.service |
354 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
355 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
356 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
357 |
- |
358 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
359 |
- |
360 |
- # bug #315519 |
361 |
- dodoc contrib/unbound_munin_ |
362 |
- |
363 |
- docinto selinux |
364 |
- dodoc contrib/selinux/* |
365 |
- |
366 |
- exeinto /usr/share/${PN} |
367 |
- doexe contrib/update-anchor.sh |
368 |
- |
369 |
- # create space for auto-trust-anchor-file... |
370 |
- keepdir /etc/unbound/var |
371 |
- # ... and point example config to it |
372 |
- sed -i \ |
373 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
374 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
375 |
- die |
376 |
- |
377 |
- # Used to store cache data |
378 |
- keepdir /var/lib/${PN} |
379 |
- fowners root:unbound /var/lib/${PN} |
380 |
- fperms 0750 /var/lib/${PN} |
381 |
- |
382 |
- find "${ED}" -name '*.la' -delete || die |
383 |
- if ! use static-libs ; then |
384 |
- find "${ED}" -name "*.a" -delete || die |
385 |
- fi |
386 |
-} |
387 |
- |
388 |
-pkg_postinst() { |
389 |
- # make var/ writable by unbound |
390 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
391 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
392 |
- fi |
393 |
- |
394 |
- einfo "" |
395 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
396 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
397 |
- einfo "and run" |
398 |
- einfo "" |
399 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
400 |
- einfo "" |
401 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
402 |
- einfo "" |
403 |
-} |
404 |
|
405 |
diff --git a/net-dns/unbound/unbound-1.8.3.ebuild b/net-dns/unbound/unbound-1.8.3.ebuild |
406 |
deleted file mode 100644 |
407 |
index 930c5cadac3..00000000000 |
408 |
--- a/net-dns/unbound/unbound-1.8.3.ebuild |
409 |
+++ /dev/null |
410 |
@@ -1,181 +0,0 @@ |
411 |
-# Copyright 1999-2018 Gentoo Authors |
412 |
-# Distributed under the terms of the GNU General Public License v2 |
413 |
- |
414 |
-EAPI="7" |
415 |
-PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} ) |
416 |
- |
417 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
418 |
- |
419 |
-MY_P=${PN}-${PV/_/} |
420 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
421 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
422 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
423 |
- |
424 |
-LICENSE="BSD GPL-2" |
425 |
-SLOT="0/8" # ABI version of libunbound.so |
426 |
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" |
427 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
428 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
429 |
- |
430 |
-# Note: expat is needed by executable only but the Makefile is custom |
431 |
-# and doesn't make it possible to easily install the library without |
432 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
433 |
-# is fixed. |
434 |
- |
435 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
436 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
437 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
438 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
439 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
440 |
- dnstap? ( |
441 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
442 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
443 |
- ) |
444 |
- ecdsa? ( |
445 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
446 |
- ) |
447 |
- python? ( ${PYTHON_DEPS} ) |
448 |
- redis? ( dev-libs/hiredis:= )" |
449 |
- |
450 |
-BDEPEND="virtual/pkgconfig" |
451 |
- |
452 |
-DEPEND="${CDEPEND} |
453 |
- python? ( dev-lang/swig ) |
454 |
- test? ( |
455 |
- net-dns/ldns-utils[examples] |
456 |
- dev-util/splint |
457 |
- app-text/wdiff |
458 |
- ) |
459 |
- systemd? ( sys-apps/systemd )" |
460 |
- |
461 |
-RDEPEND="${CDEPEND} |
462 |
- net-dns/dnssec-root |
463 |
- selinux? ( sec-policy/selinux-bind )" |
464 |
- |
465 |
-# bug #347415 |
466 |
-RDEPEND="${RDEPEND} |
467 |
- net-dns/dnssec-root" |
468 |
- |
469 |
-PATCHES=( |
470 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
471 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
472 |
-) |
473 |
- |
474 |
-S=${WORKDIR}/${MY_P} |
475 |
- |
476 |
-pkg_setup() { |
477 |
- enewgroup unbound |
478 |
- enewuser unbound -1 -1 /etc/unbound unbound |
479 |
- # improve security on existing installs (bug #641042) |
480 |
- # as well as new installs where unbound homedir has just been created |
481 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
482 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
483 |
- fi |
484 |
- |
485 |
- use python && python-single-r1_pkg_setup |
486 |
-} |
487 |
- |
488 |
-src_prepare() { |
489 |
- default |
490 |
- |
491 |
- eautoreconf |
492 |
- |
493 |
- # required for the python part |
494 |
- multilib_copy_sources |
495 |
-} |
496 |
- |
497 |
-src_configure() { |
498 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
499 |
- multilib-minimal_src_configure |
500 |
-} |
501 |
- |
502 |
-multilib_src_configure() { |
503 |
- econf \ |
504 |
- $(use_enable debug) \ |
505 |
- $(use_enable gost) \ |
506 |
- $(use_enable dnscrypt) \ |
507 |
- $(use_enable dnstap) \ |
508 |
- $(use_enable ecdsa) \ |
509 |
- $(use_enable ecs subnet) \ |
510 |
- $(multilib_native_use_enable redis cachedb) \ |
511 |
- $(use_enable static-libs static) \ |
512 |
- $(use_enable systemd) \ |
513 |
- $(multilib_native_use_with python pythonmodule) \ |
514 |
- $(multilib_native_use_with python pyunbound) \ |
515 |
- $(use_with threads pthreads) \ |
516 |
- --disable-flto \ |
517 |
- --disable-rpath \ |
518 |
- --enable-ipsecmod \ |
519 |
- --enable-tfo-client \ |
520 |
- --enable-tfo-server \ |
521 |
- --with-libevent="${EPREFIX%/}"/usr \ |
522 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
523 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
524 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
525 |
- --with-ssl="${EPREFIX%/}"/usr \ |
526 |
- --with-libexpat="${EPREFIX%/}"/usr |
527 |
- |
528 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
529 |
- # $(use_enable debug lock-checks) \ |
530 |
- # $(use_enable debug alloc-checks) \ |
531 |
- # $(use_enable debug alloc-lite) \ |
532 |
- # $(use_enable debug alloc-nonregional) \ |
533 |
-} |
534 |
- |
535 |
-multilib_src_install_all() { |
536 |
- use python && python_optimize |
537 |
- |
538 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
539 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
540 |
- |
541 |
- systemd_dounit "${FILESDIR}"/unbound.service |
542 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
543 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
544 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
545 |
- |
546 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
547 |
- |
548 |
- # bug #315519 |
549 |
- dodoc contrib/unbound_munin_ |
550 |
- |
551 |
- docinto selinux |
552 |
- dodoc contrib/selinux/* |
553 |
- |
554 |
- exeinto /usr/share/${PN} |
555 |
- doexe contrib/update-anchor.sh |
556 |
- |
557 |
- # create space for auto-trust-anchor-file... |
558 |
- keepdir /etc/unbound/var |
559 |
- # ... and point example config to it |
560 |
- sed -i \ |
561 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
562 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
563 |
- die |
564 |
- |
565 |
- # Used to store cache data |
566 |
- keepdir /var/lib/${PN} |
567 |
- fowners root:unbound /var/lib/${PN} |
568 |
- fperms 0750 /var/lib/${PN} |
569 |
- |
570 |
- find "${ED}" -name '*.la' -delete || die |
571 |
- if ! use static-libs ; then |
572 |
- find "${ED}" -name "*.a" -delete || die |
573 |
- fi |
574 |
-} |
575 |
- |
576 |
-pkg_postinst() { |
577 |
- # make var/ writable by unbound |
578 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
579 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
580 |
- fi |
581 |
- |
582 |
- einfo "" |
583 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
584 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
585 |
- einfo "and run" |
586 |
- einfo "" |
587 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
588 |
- einfo "" |
589 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
590 |
- einfo "" |
591 |
-} |