[gentoo-commits] repo/gentoo:master commit in: net-dns/unbound/ - gentoo-commits

From:	Aaron Bauman <bman@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-dns/unbound/
Date:	Thu, 28 Mar 2019 17:27:17
Message-Id:	`1553793994.44e572feb3a3b6cffded718415516934146d5faf.bman@gentoo`

1

commit:     44e572feb3a3b6cffded718415516934146d5faf

2

Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>

3

AuthorDate: Thu Mar 28 17:26:34 2019 +0000

4

Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>

5

CommitDate: Thu Mar 28 17:26:34 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44e572fe

7

8

net-dns/unbound: drop vulnerable wrt bug #677054

9

10

Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>

11

12

 net-dns/unbound/Manifest                |   3 -

13

 net-dns/unbound/unbound-1.8.0-r1.ebuild | 181 --------------------------------

14

 net-dns/unbound/unbound-1.8.1.ebuild    | 181 --------------------------------

15

 net-dns/unbound/unbound-1.8.3.ebuild    | 181 --------------------------------

16

 4 files changed, 546 deletions(-)

17

18

diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest

19

index 9e7dbbc2f1f..f4bcc6fc73c 100644

20

--- a/net-dns/unbound/Manifest

21

+++ b/net-dns/unbound/Manifest

22

@@ -1,5 +1,2 @@

23

-DIST unbound-1.8.0.tar.gz 5609213 BLAKE2B 41e464df60e03d502f13758e75f9143658b2a496c4fad69804d9d404e23a8d4b5480cc09048197f8593e37feffdffaea33b18a06d864d0d35e986169b49f42e4 SHA512 6c46f5b86b5bd98a7b549b660173d487e59e65385cebd7bc29429b4fee69f2b490651a409c57b072b9b604fa98e289fa82eeecfea8779900038c25b28a6bd064

24

-DIST unbound-1.8.1.tar.gz 5610191 BLAKE2B 15118f5940b4362dd515f8b335c8a39fc5ef1d3fbf0c20efbf0097342fabb4890eae0527f8b00ace181a425b413882db962b63d329f664cf12649d4d6ec8e5ea SHA512 1872a980e06258d28d2bc7f69a4c56fc07e03e4c9856161e89abc28527fff5812a47ea9927fd362bca690e3a87b95046ac96c8beeccaeb8596458f140c33b217

25

-DIST unbound-1.8.3.tar.gz 5629180 BLAKE2B f3fe17df04100291aac752565b3afa859200c222e4fb8c2ed2d9903f7a38ede9965444237c34f3257d29bf367b56fd2a2d48648e7145c91e2dbbd0b79242451d SHA512 545486ccce288a6ef1937d82653a43a11dbd3aec7b8d0036e7fd107e537cdfc935def9db9178c2eb418d6f4b0849a242a0be1dea966f3e9e0145aa7266e483ad

26

 DIST unbound-1.9.0.tar.gz 5662176 BLAKE2B dff42ca4155df1c364bcfeb37c0f9516e7f167cc59bebd1fcf264db6471ad99804323c59e485662e03ab095932f1ca3fe25693a9ba840e9c0ecad69cf31b1a2d SHA512 7dfa8e078507fc24a2d0938eea590389453bacfcac023f1a41af19350ea1f7b87d0c82d7eead121a11068921292a96865e177274ff27ed8b8868445f80f7baf6

27

 DIST unbound-1.9.1.tar.gz 5665254 BLAKE2B 68a643cd17139b34e3651e0e72053b0faacf83ae975fff97493c78742ffa7f0d3dbc0028e96e581e125a3591467ec78ae245a718424c2fb32ea7db23ae945f44 SHA512 5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d

28

29

diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild

30

deleted file mode 100644

31

index f06bc36f2cd..00000000000

32

--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild

33

+++ /dev/null

34

@@ -1,181 +0,0 @@

35

-# Copyright 1999-2018 Gentoo Authors

36

-# Distributed under the terms of the GNU General Public License v2

37

-

38

-EAPI="7"

39

-PYTHON_COMPAT=( python2_7 )

40

-

41

-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user

42

-

43

-MY_P=${PN}-${PV/_/}

44

-DESCRIPTION="A validating, recursive and caching DNS resolver"

45

-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"

46

-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"

47

-

48

-LICENSE="BSD GPL-2"

49

-SLOT="0/8" # ABI version of libunbound.so

50

-KEYWORDS="~alpha amd64 arm ~hppa ~mips ppc ppc64 x86"

51

-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"

52

-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"

53

-

54

-# Note: expat is needed by executable only but the Makefile is custom

55

-# and doesn't make it possible to easily install the library without

56

-# the executables. MULTILIB_USEDEP may be dropped once build system

57

-# is fixed.

58

-

59

-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]

60

-	>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]

61

-	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )

62

-	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )

63

-	dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] )

64

-	dnstap? (

65

-		dev-libs/fstrm[${MULTILIB_USEDEP}]

66

-		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]

67

-	)

68

-	ecdsa? (

69

-		!libressl? ( dev-libs/openssl:0[-bindist] )

70

-	)

71

-	python? ( ${PYTHON_DEPS} )

72

-	redis? ( dev-libs/hiredis:= )"

73

-

74

-BDEPEND="virtual/pkgconfig"

75

-

76

-DEPEND="${CDEPEND}

77

-	python? ( dev-lang/swig )

78

-	test? (

79

-		net-dns/ldns-utils[examples]

80

-		dev-util/splint

81

-		app-text/wdiff

82

-	)

83

-	systemd? ( sys-apps/systemd )"

84

-

85

-RDEPEND="${CDEPEND}

86

-	net-dns/dnssec-root

87

-	selinux? ( sec-policy/selinux-bind )"

88

-

89

-# bug #347415

90

-RDEPEND="${RDEPEND}

91

-	net-dns/dnssec-root"

92

-

93

-PATCHES=(

94

-	"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch

95

-	"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch

96

-)

97

-

98

-S=${WORKDIR}/${MY_P}

99

-

100

-pkg_setup() {

101

-	enewgroup unbound

102

-	enewuser unbound -1 -1 /etc/unbound unbound

103

-	# improve security on existing installs (bug #641042)

104

-	# as well as new installs where unbound homedir has just been created

105

-	if [[ -d "${ROOT}/etc/unbound" ]]; then

106

-		chown --no-dereference --from=unbound root "${ROOT}/etc/unbound"

107

-	fi

108

-

109

-	use python && python-single-r1_pkg_setup

110

-}

111

-

112

-src_prepare() {

113

-	default

114

-

115

-	eautoreconf

116

-

117

-	# required for the python part

118

-	multilib_copy_sources

119

-}

120

-

121

-src_configure() {

122

-	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack

123

-	multilib-minimal_src_configure

124

-}

125

-

126

-multilib_src_configure() {

127

-	econf \

128

-		$(use_enable debug) \

129

-		$(use_enable gost) \

130

-		$(use_enable dnscrypt) \

131

-		$(use_enable dnstap) \

132

-		$(use_enable ecdsa) \

133

-		$(use_enable ecs subnet) \

134

-		$(multilib_native_use_enable redis cachedb) \

135

-		$(use_enable static-libs static) \

136

-		$(use_enable systemd) \

137

-		$(multilib_native_use_with python pythonmodule) \

138

-		$(multilib_native_use_with python pyunbound) \

139

-		$(use_with threads pthreads) \

140

-		--disable-flto \

141

-		--disable-rpath \

142

-		--enable-ipsecmod \

143

-		--enable-tfo-client \

144

-		--enable-tfo-server \

145

-		--with-libevent="${EPREFIX%/}"/usr \

146

-		$(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \

147

-		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \

148

-		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \

149

-		--with-ssl="${EPREFIX%/}"/usr \

150

-		--with-libexpat="${EPREFIX%/}"/usr

151

-

152

-		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html

153

-		# $(use_enable debug lock-checks) \

154

-		# $(use_enable debug alloc-checks) \

155

-		# $(use_enable debug alloc-lite) \

156

-		# $(use_enable debug alloc-nonregional) \

157

-}

158

-

159

-multilib_src_install_all() {

160

-	use python && python_optimize

161

-

162

-	newinitd "${FILESDIR}"/unbound-r1.initd unbound

163

-	newconfd "${FILESDIR}"/unbound-r1.confd unbound

164

-

165

-	systemd_dounit "${FILESDIR}"/unbound.service

166

-	systemd_dounit "${FILESDIR}"/unbound.socket

167

-	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"

168

-	systemd_dounit "${FILESDIR}"/unbound-anchor.service

169

-

170

-	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}

171

-

172

-	# bug #315519

173

-	dodoc contrib/unbound_munin_

174

-

175

-	docinto selinux

176

-	dodoc contrib/selinux/*

177

-

178

-	exeinto /usr/share/${PN}

179

-	doexe contrib/update-anchor.sh

180

-

181

-	# create space for auto-trust-anchor-file...

182

-	keepdir /etc/unbound/var

183

-	# ... and point example config to it

184

-	sed -i \

185

-		-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \

186

-		"${ED%/}/etc/unbound/unbound.conf" || \

187

-		die

188

-

189

-	# Used to store cache data

190

-	keepdir /var/lib/${PN}

191

-	fowners root:unbound /var/lib/${PN}

192

-	fperms 0750 /var/lib/${PN}

193

-

194

-	find "${ED}" -name '*.la' -delete || die

195

-	if ! use static-libs ; then

196

-		find "${ED}" -name "*.a" -delete || die

197

-	fi

198

-}

199

-

200

-pkg_postinst() {

201

-	# make var/ writable by unbound

202

-	if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then

203

-		chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var"

204

-	fi

205

-

206

-	einfo ""

207

-	einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"

208

-	einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf"

209

-	einfo "and run"

210

-	einfo ""

211

-	einfo "  su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound"

212

-	einfo ""

213

-	einfo "as root to create it initially before starting unbound for the first time after enabling this."

214

-	einfo ""

215

-}

216

217

diff --git a/net-dns/unbound/unbound-1.8.1.ebuild b/net-dns/unbound/unbound-1.8.1.ebuild

218

deleted file mode 100644

219

index fc522c10b37..00000000000

220

--- a/net-dns/unbound/unbound-1.8.1.ebuild

221

+++ /dev/null

222

@@ -1,181 +0,0 @@

223

-# Copyright 1999-2018 Gentoo Authors

224

-# Distributed under the terms of the GNU General Public License v2

225

-

226

-EAPI="7"

227

-PYTHON_COMPAT=( python2_7 )

228

-

229

-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user

230

-

231

-MY_P=${PN}-${PV/_/}

232

-DESCRIPTION="A validating, recursive and caching DNS resolver"

233

-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"

234

-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"

235

-

236

-LICENSE="BSD GPL-2"

237

-SLOT="0/8" # ABI version of libunbound.so

238

-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"

239

-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"

240

-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"

241

-

242

-# Note: expat is needed by executable only but the Makefile is custom

243

-# and doesn't make it possible to easily install the library without

244

-# the executables. MULTILIB_USEDEP may be dropped once build system

245

-# is fixed.

246

-

247

-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]

248

-	>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]

249

-	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )

250

-	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )

251

-	dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] )

252

-	dnstap? (

253

-		dev-libs/fstrm[${MULTILIB_USEDEP}]

254

-		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]

255

-	)

256

-	ecdsa? (

257

-		!libressl? ( dev-libs/openssl:0[-bindist] )

258

-	)

259

-	python? ( ${PYTHON_DEPS} )

260

-	redis? ( dev-libs/hiredis:= )"

261

-

262

-BDEPEND="virtual/pkgconfig"

263

-

264

-DEPEND="${CDEPEND}

265

-	python? ( dev-lang/swig )

266

-	test? (

267

-		net-dns/ldns-utils[examples]

268

-		dev-util/splint

269

-		app-text/wdiff

270

-	)

271

-	systemd? ( sys-apps/systemd )"

272

-

273

-RDEPEND="${CDEPEND}

274

-	net-dns/dnssec-root

275

-	selinux? ( sec-policy/selinux-bind )"

276

-

277

-# bug #347415

278

-RDEPEND="${RDEPEND}

279

-	net-dns/dnssec-root"

280

-

281

-PATCHES=(

282

-	"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch

283

-	"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch

284

-)

285

-

286

-S=${WORKDIR}/${MY_P}

287

-

288

-pkg_setup() {

289

-	enewgroup unbound

290

-	enewuser unbound -1 -1 /etc/unbound unbound

291

-	# improve security on existing installs (bug #641042)

292

-	# as well as new installs where unbound homedir has just been created

293

-	if [[ -d "${ROOT}/etc/unbound" ]]; then

294

-		chown --no-dereference --from=unbound root "${ROOT}/etc/unbound"

295

-	fi

296

-

297

-	use python && python-single-r1_pkg_setup

298

-}

299

-

300

-src_prepare() {

301

-	default

302

-

303

-	eautoreconf

304

-

305

-	# required for the python part

306

-	multilib_copy_sources

307

-}

308

-

309

-src_configure() {

310

-	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack

311

-	multilib-minimal_src_configure

312

-}

313

-

314

-multilib_src_configure() {

315

-	econf \

316

-		$(use_enable debug) \

317

-		$(use_enable gost) \

318

-		$(use_enable dnscrypt) \

319

-		$(use_enable dnstap) \

320

-		$(use_enable ecdsa) \

321

-		$(use_enable ecs subnet) \

322

-		$(multilib_native_use_enable redis cachedb) \

323

-		$(use_enable static-libs static) \

324

-		$(use_enable systemd) \

325

-		$(multilib_native_use_with python pythonmodule) \

326

-		$(multilib_native_use_with python pyunbound) \

327

-		$(use_with threads pthreads) \

328

-		--disable-flto \

329

-		--disable-rpath \

330

-		--enable-ipsecmod \

331

-		--enable-tfo-client \

332

-		--enable-tfo-server \

333

-		--with-libevent="${EPREFIX%/}"/usr \

334

-		$(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \

335

-		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \

336

-		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \

337

-		--with-ssl="${EPREFIX%/}"/usr \

338

-		--with-libexpat="${EPREFIX%/}"/usr

339

-

340

-		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html

341

-		# $(use_enable debug lock-checks) \

342

-		# $(use_enable debug alloc-checks) \

343

-		# $(use_enable debug alloc-lite) \

344

-		# $(use_enable debug alloc-nonregional) \

345

-}

346

-

347

-multilib_src_install_all() {

348

-	use python && python_optimize

349

-

350

-	newinitd "${FILESDIR}"/unbound-r1.initd unbound

351

-	newconfd "${FILESDIR}"/unbound-r1.confd unbound

352

-

353

-	systemd_dounit "${FILESDIR}"/unbound.service

354

-	systemd_dounit "${FILESDIR}"/unbound.socket

355

-	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"

356

-	systemd_dounit "${FILESDIR}"/unbound-anchor.service

357

-

358

-	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}

359

-

360

-	# bug #315519

361

-	dodoc contrib/unbound_munin_

362

-

363

-	docinto selinux

364

-	dodoc contrib/selinux/*

365

-

366

-	exeinto /usr/share/${PN}

367

-	doexe contrib/update-anchor.sh

368

-

369

-	# create space for auto-trust-anchor-file...

370

-	keepdir /etc/unbound/var

371

-	# ... and point example config to it

372

-	sed -i \

373

-		-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \

374

-		"${ED%/}/etc/unbound/unbound.conf" || \

375

-		die

376

-

377

-	# Used to store cache data

378

-	keepdir /var/lib/${PN}

379

-	fowners root:unbound /var/lib/${PN}

380

-	fperms 0750 /var/lib/${PN}

381

-

382

-	find "${ED}" -name '*.la' -delete || die

383

-	if ! use static-libs ; then

384

-		find "${ED}" -name "*.a" -delete || die

385

-	fi

386

-}

387

-

388

-pkg_postinst() {

389

-	# make var/ writable by unbound

390

-	if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then

391

-		chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var"

392

-	fi

393

-

394

-	einfo ""

395

-	einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"

396

-	einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf"

397

-	einfo "and run"

398

-	einfo ""

399

-	einfo "  su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound"

400

-	einfo ""

401

-	einfo "as root to create it initially before starting unbound for the first time after enabling this."

402

-	einfo ""

403

-}

404

405

diff --git a/net-dns/unbound/unbound-1.8.3.ebuild b/net-dns/unbound/unbound-1.8.3.ebuild

406

deleted file mode 100644

407

index 930c5cadac3..00000000000

408

--- a/net-dns/unbound/unbound-1.8.3.ebuild

409

+++ /dev/null

410

@@ -1,181 +0,0 @@

411

-# Copyright 1999-2018 Gentoo Authors

412

-# Distributed under the terms of the GNU General Public License v2

413

-

414

-EAPI="7"

415

-PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} )

416

-

417

-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user

418

-

419

-MY_P=${PN}-${PV/_/}

420

-DESCRIPTION="A validating, recursive and caching DNS resolver"

421

-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"

422

-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"

423

-

424

-LICENSE="BSD GPL-2"

425

-SLOT="0/8" # ABI version of libunbound.so

426

-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"

427

-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"

428

-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"

429

-

430

-# Note: expat is needed by executable only but the Makefile is custom

431

-# and doesn't make it possible to easily install the library without

432

-# the executables. MULTILIB_USEDEP may be dropped once build system

433

-# is fixed.

434

-

435

-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]

436

-	>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]

437

-	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )

438

-	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )

439

-	dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] )

440

-	dnstap? (

441

-		dev-libs/fstrm[${MULTILIB_USEDEP}]

442

-		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]

443

-	)

444

-	ecdsa? (

445

-		!libressl? ( dev-libs/openssl:0[-bindist] )

446

-	)

447

-	python? ( ${PYTHON_DEPS} )

448

-	redis? ( dev-libs/hiredis:= )"

449

-

450

-BDEPEND="virtual/pkgconfig"

451

-

452

-DEPEND="${CDEPEND}

453

-	python? ( dev-lang/swig )

454

-	test? (

455

-		net-dns/ldns-utils[examples]

456

-		dev-util/splint

457

-		app-text/wdiff

458

-	)

459

-	systemd? ( sys-apps/systemd )"

460

-

461

-RDEPEND="${CDEPEND}

462

-	net-dns/dnssec-root

463

-	selinux? ( sec-policy/selinux-bind )"

464

-

465

-# bug #347415

466

-RDEPEND="${RDEPEND}

467

-	net-dns/dnssec-root"

468

-

469

-PATCHES=(

470

-	"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch

471

-	"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch

472

-)

473

-

474

-S=${WORKDIR}/${MY_P}

475

-

476

-pkg_setup() {

477

-	enewgroup unbound

478

-	enewuser unbound -1 -1 /etc/unbound unbound

479

-	# improve security on existing installs (bug #641042)

480

-	# as well as new installs where unbound homedir has just been created

481

-	if [[ -d "${ROOT}/etc/unbound" ]]; then

482

-		chown --no-dereference --from=unbound root "${ROOT}/etc/unbound"

483

-	fi

484

-

485

-	use python && python-single-r1_pkg_setup

486

-}

487

-

488

-src_prepare() {

489

-	default

490

-

491

-	eautoreconf

492

-

493

-	# required for the python part

494

-	multilib_copy_sources

495

-}

496

-

497

-src_configure() {

498

-	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack

499

-	multilib-minimal_src_configure

500

-}

501

-

502

-multilib_src_configure() {

503

-	econf \

504

-		$(use_enable debug) \

505

-		$(use_enable gost) \

506

-		$(use_enable dnscrypt) \

507

-		$(use_enable dnstap) \

508

-		$(use_enable ecdsa) \

509

-		$(use_enable ecs subnet) \

510

-		$(multilib_native_use_enable redis cachedb) \

511

-		$(use_enable static-libs static) \

512

-		$(use_enable systemd) \

513

-		$(multilib_native_use_with python pythonmodule) \

514

-		$(multilib_native_use_with python pyunbound) \

515

-		$(use_with threads pthreads) \

516

-		--disable-flto \

517

-		--disable-rpath \

518

-		--enable-ipsecmod \

519

-		--enable-tfo-client \

520

-		--enable-tfo-server \

521

-		--with-libevent="${EPREFIX%/}"/usr \

522

-		$(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \

523

-		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \

524

-		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \

525

-		--with-ssl="${EPREFIX%/}"/usr \

526

-		--with-libexpat="${EPREFIX%/}"/usr

527

-

528

-		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html

529

-		# $(use_enable debug lock-checks) \

530

-		# $(use_enable debug alloc-checks) \

531

-		# $(use_enable debug alloc-lite) \

532

-		# $(use_enable debug alloc-nonregional) \

533

-}

534

-

535

-multilib_src_install_all() {

536

-	use python && python_optimize

537

-

538

-	newinitd "${FILESDIR}"/unbound-r1.initd unbound

539

-	newconfd "${FILESDIR}"/unbound-r1.confd unbound

540

-

541

-	systemd_dounit "${FILESDIR}"/unbound.service

542

-	systemd_dounit "${FILESDIR}"/unbound.socket

543

-	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"

544

-	systemd_dounit "${FILESDIR}"/unbound-anchor.service

545

-

546

-	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}

547

-

548

-	# bug #315519

549

-	dodoc contrib/unbound_munin_

550

-

551

-	docinto selinux

552

-	dodoc contrib/selinux/*

553

-

554

-	exeinto /usr/share/${PN}

555

-	doexe contrib/update-anchor.sh

556

-

557

-	# create space for auto-trust-anchor-file...

558

-	keepdir /etc/unbound/var

559

-	# ... and point example config to it

560

-	sed -i \

561

-		-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \

562

-		"${ED%/}/etc/unbound/unbound.conf" || \

563

-		die

564

-

565

-	# Used to store cache data

566

-	keepdir /var/lib/${PN}

567

-	fowners root:unbound /var/lib/${PN}

568

-	fperms 0750 /var/lib/${PN}

569

-

570

-	find "${ED}" -name '*.la' -delete || die

571

-	if ! use static-libs ; then

572

-		find "${ED}" -name "*.a" -delete || die

573

-	fi

574

-}

575

-

576

-pkg_postinst() {

577

-	# make var/ writable by unbound

578

-	if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then

579

-		chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var"

580

-	fi

581

-

582

-	einfo ""

583

-	einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"

584

-	einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf"

585

-	einfo "and run"

586

-	einfo ""

587

-	einfo "  su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound"

588

-	einfo ""

589

-	einfo "as root to create it initially before starting unbound for the first time after enabling this."

590

-	einfo ""

591

-}

Gentoo Archives: gentoo-commits