1 |
commit: 1735225a0a1171145304687edf7cf775aec5ad3e |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Dec 23 01:10:12 2020 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Dec 23 01:10:12 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1735225a |
7 |
|
8 |
net-dns/unbound: security cleanup (bug #758974) |
9 |
|
10 |
Package-Manager: Portage-3.0.12, Repoman-3.0.2 |
11 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
12 |
|
13 |
net-dns/unbound/Manifest | 3 - |
14 |
net-dns/unbound/unbound-1.10.1-r1.ebuild | 184 ---------------------------- |
15 |
net-dns/unbound/unbound-1.11.0.ebuild | 200 ------------------------------ |
16 |
net-dns/unbound/unbound-1.12.0-r1.ebuild | 202 ------------------------------- |
17 |
net-dns/unbound/unbound-1.12.0.ebuild | 200 ------------------------------ |
18 |
5 files changed, 789 deletions(-) |
19 |
|
20 |
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest |
21 |
index 189f7665dcd..723f087a1a7 100644 |
22 |
--- a/net-dns/unbound/Manifest |
23 |
+++ b/net-dns/unbound/Manifest |
24 |
@@ -1,4 +1 @@ |
25 |
-DIST unbound-1.10.1.tar.gz 5729334 BLAKE2B 7ca4f23c12a551bc6e5d6ec32f19ca0f54526b9a4c868ced8f31cfd31dec23f8240b78f0c00d2cc6f9aa21f6c1b98697c85ef3ebd804a838a5a082893fe98094 SHA512 d07f3ac0e751c17a3ff7d99518c22529cf6856861218564a2ca073422905525cb9ddaf76c9600187946fadb7324343bcd85c34ff06bd322e0ea621a2d258bb85 |
26 |
-DIST unbound-1.11.0.tar.gz 5900967 BLAKE2B 3119bbcd78fa19c610937215abc64abcc1ca96ba42b6753a1e36fef501f68971ac2ee0cb9bde377e0b257c57f505aeac2315a6bf031626874d30967b0a5eb46a SHA512 511e787c5f9647286b07028702a8909390e0e6eafe7224459d5f1eee8a8dfb09c71e33f291e30851dc57411123b91dfe0e124787109a7e4afdf6f3b02768e7cd |
27 |
-DIST unbound-1.12.0.tar.gz 5918399 BLAKE2B b3dccecb1fd019f36e47c62583348a375f5eed7c84094c48def1ff9e73dc283911a2a9b318c8a4be45f5cd4bfb17f26722a9b900aa1980f49790cc55f6412d1d SHA512 90d99bc65e9ba62e50a7809dbf1e98889d0fc9fd50cf3cc99b726c67bcaeda0c2bc176d09f84771adb9796833b595591462f96e949d6969a47d6898d8fae3479 |
28 |
DIST unbound-1.13.0.tar.gz 5950063 BLAKE2B 742eed33845079452a942837a64e80f89ec7ec73459d0045c70ff83d3ba982fae6bade9feb56ef6faa9fca4859222ea00ac587c65c8ad722bef4a6b66a276ade SHA512 d4f3c5a7df5d46f8b1ee32b61e68bdc0d63030820d236ecc51bc3ac356d15248acb9a5e0b6009e1936b03b751e8dd05a071a95ab239fdbbbb308442a59642ad5 |
29 |
|
30 |
diff --git a/net-dns/unbound/unbound-1.10.1-r1.ebuild b/net-dns/unbound/unbound-1.10.1-r1.ebuild |
31 |
deleted file mode 100644 |
32 |
index f4046ee8042..00000000000 |
33 |
--- a/net-dns/unbound/unbound-1.10.1-r1.ebuild |
34 |
+++ /dev/null |
35 |
@@ -1,184 +0,0 @@ |
36 |
-# Copyright 1999-2020 Gentoo Authors |
37 |
-# Distributed under the terms of the GNU General Public License v2 |
38 |
- |
39 |
-EAPI="7" |
40 |
-PYTHON_COMPAT=( python3_{6,7} ) |
41 |
- |
42 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
43 |
- |
44 |
-MY_P=${PN}-${PV/_/} |
45 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
46 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
47 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
48 |
- |
49 |
-LICENSE="BSD GPL-2" |
50 |
-SLOT="0/8" # ABI version of libunbound.so |
51 |
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 x86" |
52 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
53 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
54 |
-RESTRICT="!test? ( test )" |
55 |
- |
56 |
-# Note: expat is needed by executable only but the Makefile is custom |
57 |
-# and doesn't make it possible to easily install the library without |
58 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
59 |
-# is fixed. |
60 |
- |
61 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
62 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
63 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
64 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
65 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
66 |
- dnstap? ( |
67 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
68 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
69 |
- ) |
70 |
- ecdsa? ( |
71 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
72 |
- ) |
73 |
- python? ( ${PYTHON_DEPS} ) |
74 |
- redis? ( dev-libs/hiredis:= )" |
75 |
- |
76 |
-BDEPEND="virtual/pkgconfig" |
77 |
- |
78 |
-DEPEND="${CDEPEND} |
79 |
- python? ( dev-lang/swig ) |
80 |
- test? ( |
81 |
- net-dns/ldns-utils[examples] |
82 |
- dev-util/splint |
83 |
- app-text/wdiff |
84 |
- ) |
85 |
- systemd? ( sys-apps/systemd )" |
86 |
- |
87 |
-RDEPEND="${CDEPEND} |
88 |
- net-dns/dnssec-root |
89 |
- selinux? ( sec-policy/selinux-bind )" |
90 |
- |
91 |
-# bug #347415 |
92 |
-RDEPEND="${RDEPEND} |
93 |
- net-dns/dnssec-root" |
94 |
- |
95 |
-PATCHES=( |
96 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
97 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
98 |
- "${FILESDIR}"/${P}-find-ar.patch |
99 |
-) |
100 |
- |
101 |
-S=${WORKDIR}/${MY_P} |
102 |
- |
103 |
-pkg_setup() { |
104 |
- enewgroup unbound |
105 |
- enewuser unbound -1 -1 /etc/unbound unbound |
106 |
- # improve security on existing installs (bug #641042) |
107 |
- # as well as new installs where unbound homedir has just been created |
108 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
109 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
110 |
- fi |
111 |
- |
112 |
- use python && python-single-r1_pkg_setup |
113 |
-} |
114 |
- |
115 |
-src_prepare() { |
116 |
- default |
117 |
- |
118 |
- eautoreconf |
119 |
- |
120 |
- # required for the python part |
121 |
- multilib_copy_sources |
122 |
-} |
123 |
- |
124 |
-src_configure() { |
125 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
126 |
- multilib-minimal_src_configure |
127 |
-} |
128 |
- |
129 |
-multilib_src_configure() { |
130 |
- econf \ |
131 |
- $(use_enable debug) \ |
132 |
- $(use_enable gost) \ |
133 |
- $(use_enable dnscrypt) \ |
134 |
- $(use_enable dnstap) \ |
135 |
- $(use_enable ecdsa) \ |
136 |
- $(use_enable ecs subnet) \ |
137 |
- $(multilib_native_use_enable redis cachedb) \ |
138 |
- $(use_enable static-libs static) \ |
139 |
- $(use_enable systemd) \ |
140 |
- $(multilib_native_use_with python pythonmodule) \ |
141 |
- $(multilib_native_use_with python pyunbound) \ |
142 |
- $(use_with threads pthreads) \ |
143 |
- --disable-flto \ |
144 |
- --disable-rpath \ |
145 |
- --enable-event-api \ |
146 |
- --enable-ipsecmod \ |
147 |
- --enable-tfo-client \ |
148 |
- --enable-tfo-server \ |
149 |
- --with-libevent="${EPREFIX}"/usr \ |
150 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX}/usr" --without-libhiredis) \ |
151 |
- --with-pidfile="${EPREFIX}"/run/unbound.pid \ |
152 |
- --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ |
153 |
- --with-ssl="${EPREFIX}"/usr \ |
154 |
- --with-libexpat="${EPREFIX}"/usr |
155 |
- |
156 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
157 |
- # $(use_enable debug lock-checks) \ |
158 |
- # $(use_enable debug alloc-checks) \ |
159 |
- # $(use_enable debug alloc-lite) \ |
160 |
- # $(use_enable debug alloc-nonregional) \ |
161 |
-} |
162 |
- |
163 |
-multilib_src_install_all() { |
164 |
- use python && python_optimize |
165 |
- |
166 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
167 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
168 |
- |
169 |
- systemd_dounit "${FILESDIR}"/unbound.service |
170 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
171 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
172 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
173 |
- |
174 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
175 |
- |
176 |
- # bug #315519 |
177 |
- dodoc contrib/unbound_munin_ |
178 |
- |
179 |
- docinto selinux |
180 |
- dodoc contrib/selinux/* |
181 |
- |
182 |
- exeinto /usr/share/${PN} |
183 |
- doexe contrib/update-anchor.sh |
184 |
- |
185 |
- # create space for auto-trust-anchor-file... |
186 |
- keepdir /etc/unbound/var |
187 |
- # ... and point example config to it |
188 |
- sed -i \ |
189 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
190 |
- "${ED}/etc/unbound/unbound.conf" || \ |
191 |
- die |
192 |
- |
193 |
- # Used to store cache data |
194 |
- keepdir /var/lib/${PN} |
195 |
- fowners root:unbound /var/lib/${PN} |
196 |
- fperms 0750 /var/lib/${PN} |
197 |
- |
198 |
- find "${ED}" -name '*.la' -delete || die |
199 |
- if ! use static-libs ; then |
200 |
- find "${ED}" -name "*.a" -delete || die |
201 |
- fi |
202 |
-} |
203 |
- |
204 |
-pkg_postinst() { |
205 |
- # make var/ writable by unbound |
206 |
- if [[ -d "${EROOT}/etc/unbound/var" ]]; then |
207 |
- chown --no-dereference --from=root unbound: "${EROOT}/etc/unbound/var" |
208 |
- fi |
209 |
- |
210 |
- einfo "" |
211 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
212 |
- einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" |
213 |
- einfo "and run" |
214 |
- einfo "" |
215 |
- einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" |
216 |
- einfo "" |
217 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
218 |
- einfo "" |
219 |
-} |
220 |
|
221 |
diff --git a/net-dns/unbound/unbound-1.11.0.ebuild b/net-dns/unbound/unbound-1.11.0.ebuild |
222 |
deleted file mode 100644 |
223 |
index e3b440c03b9..00000000000 |
224 |
--- a/net-dns/unbound/unbound-1.11.0.ebuild |
225 |
+++ /dev/null |
226 |
@@ -1,200 +0,0 @@ |
227 |
-# Copyright 1999-2020 Gentoo Authors |
228 |
-# Distributed under the terms of the GNU General Public License v2 |
229 |
- |
230 |
-EAPI="7" |
231 |
-PYTHON_COMPAT=( python3_{6,7,8,9} ) |
232 |
- |
233 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd |
234 |
- |
235 |
-MY_P=${PN}-${PV/_/} |
236 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
237 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
238 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
239 |
- |
240 |
-LICENSE="BSD GPL-2" |
241 |
-SLOT="0/8" # ABI version of libunbound.so |
242 |
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 x86" |
243 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
244 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
245 |
-RESTRICT="!test? ( test )" |
246 |
- |
247 |
-# Note: expat is needed by executable only but the Makefile is custom |
248 |
-# and doesn't make it possible to easily install the library without |
249 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
250 |
-# is fixed. |
251 |
- |
252 |
-CDEPEND="acct-group/unbound |
253 |
- acct-user/unbound |
254 |
- >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
255 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
256 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
257 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
258 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
259 |
- dnstap? ( |
260 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
261 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
262 |
- ) |
263 |
- ecdsa? ( |
264 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
265 |
- ) |
266 |
- python? ( ${PYTHON_DEPS} ) |
267 |
- redis? ( dev-libs/hiredis:= )" |
268 |
- |
269 |
-BDEPEND="virtual/pkgconfig" |
270 |
- |
271 |
-DEPEND="${CDEPEND} |
272 |
- python? ( dev-lang/swig ) |
273 |
- test? ( |
274 |
- net-dns/ldns-utils[examples] |
275 |
- dev-util/splint |
276 |
- app-text/wdiff |
277 |
- ) |
278 |
- systemd? ( sys-apps/systemd )" |
279 |
- |
280 |
-RDEPEND="${CDEPEND} |
281 |
- net-dns/dnssec-root |
282 |
- selinux? ( sec-policy/selinux-bind )" |
283 |
- |
284 |
-# bug #347415 |
285 |
-RDEPEND="${RDEPEND} |
286 |
- net-dns/dnssec-root" |
287 |
- |
288 |
-PATCHES=( |
289 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
290 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
291 |
- "${FILESDIR}"/${PN}-1.10.1-find-ar.patch |
292 |
-) |
293 |
- |
294 |
-S=${WORKDIR}/${MY_P} |
295 |
- |
296 |
-pkg_setup() { |
297 |
- use python && python-single-r1_pkg_setup |
298 |
-} |
299 |
- |
300 |
-src_prepare() { |
301 |
- default |
302 |
- |
303 |
- eautoreconf |
304 |
- |
305 |
- # required for the python part |
306 |
- multilib_copy_sources |
307 |
-} |
308 |
- |
309 |
-src_configure() { |
310 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
311 |
- multilib-minimal_src_configure |
312 |
-} |
313 |
- |
314 |
-multilib_src_configure() { |
315 |
- econf \ |
316 |
- $(use_enable debug) \ |
317 |
- $(use_enable gost) \ |
318 |
- $(use_enable dnscrypt) \ |
319 |
- $(use_enable dnstap) \ |
320 |
- $(use_enable ecdsa) \ |
321 |
- $(use_enable ecs subnet) \ |
322 |
- $(multilib_native_use_enable redis cachedb) \ |
323 |
- $(use_enable static-libs static) \ |
324 |
- $(use_enable systemd) \ |
325 |
- $(multilib_native_use_with python pythonmodule) \ |
326 |
- $(multilib_native_use_with python pyunbound) \ |
327 |
- $(use_with threads pthreads) \ |
328 |
- --disable-flto \ |
329 |
- --disable-rpath \ |
330 |
- --enable-event-api \ |
331 |
- --enable-ipsecmod \ |
332 |
- --enable-tfo-client \ |
333 |
- --enable-tfo-server \ |
334 |
- --with-libevent="${EPREFIX}"/usr \ |
335 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX}/usr" --without-libhiredis) \ |
336 |
- --with-pidfile="${EPREFIX}"/run/unbound.pid \ |
337 |
- --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ |
338 |
- --with-ssl="${EPREFIX}"/usr \ |
339 |
- --with-libexpat="${EPREFIX}"/usr |
340 |
- |
341 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
342 |
- # $(use_enable debug lock-checks) \ |
343 |
- # $(use_enable debug alloc-checks) \ |
344 |
- # $(use_enable debug alloc-lite) \ |
345 |
- # $(use_enable debug alloc-nonregional) \ |
346 |
-} |
347 |
- |
348 |
-multilib_src_install_all() { |
349 |
- use python && python_optimize |
350 |
- |
351 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
352 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
353 |
- |
354 |
- systemd_dounit "${FILESDIR}"/unbound.service |
355 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
356 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
357 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
358 |
- |
359 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
360 |
- |
361 |
- # bug #315519 |
362 |
- dodoc contrib/unbound_munin_ |
363 |
- |
364 |
- docinto selinux |
365 |
- dodoc contrib/selinux/* |
366 |
- |
367 |
- exeinto /usr/share/${PN} |
368 |
- doexe contrib/update-anchor.sh |
369 |
- |
370 |
- # create space for auto-trust-anchor-file... |
371 |
- keepdir /etc/unbound/var |
372 |
- fowners root:unbound /etc/unbound/var |
373 |
- fperms 0770 /etc/unbound/var |
374 |
- # ... and point example config to it |
375 |
- sed -i \ |
376 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
377 |
- "${ED}/etc/unbound/unbound.conf" \ |
378 |
- || die |
379 |
- |
380 |
- # Used to store cache data |
381 |
- keepdir /var/lib/${PN} |
382 |
- fowners root:unbound /var/lib/${PN} |
383 |
- fperms 0770 /var/lib/${PN} |
384 |
- |
385 |
- find "${ED}" -name '*.la' -delete || die |
386 |
- if ! use static-libs ; then |
387 |
- find "${ED}" -name "*.a" -delete || die |
388 |
- fi |
389 |
-} |
390 |
- |
391 |
-pkg_postinst() { |
392 |
- if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]] ; then |
393 |
- einfo "Trying to create unbound control key ..." |
394 |
- if ! unbound-control-setup &>/dev/null ; then |
395 |
- ewarn "Failed to create unbound control key!" |
396 |
- fi |
397 |
- fi |
398 |
- |
399 |
- if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]] ; then |
400 |
- einfo "" |
401 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
402 |
- einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" |
403 |
- einfo "and run" |
404 |
- einfo "" |
405 |
- einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" |
406 |
- einfo "" |
407 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
408 |
- einfo "" |
409 |
- fi |
410 |
- |
411 |
- # Our user is not available on prefix |
412 |
- use prefix && return |
413 |
- |
414 |
- local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX) |
415 |
- su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null |
416 |
- if [ $? -ne 0 ] ; then |
417 |
- ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!" |
418 |
- ewarn "Run the following commands to restore default permission:" |
419 |
- ewarn "" |
420 |
- ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var" |
421 |
- ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var" |
422 |
- else |
423 |
- # Cleanup -- no reason to die here! |
424 |
- rm -f "${_perm_check_testfile}" |
425 |
- fi |
426 |
-} |
427 |
|
428 |
diff --git a/net-dns/unbound/unbound-1.12.0-r1.ebuild b/net-dns/unbound/unbound-1.12.0-r1.ebuild |
429 |
deleted file mode 100644 |
430 |
index b899f7ff0e3..00000000000 |
431 |
--- a/net-dns/unbound/unbound-1.12.0-r1.ebuild |
432 |
+++ /dev/null |
433 |
@@ -1,202 +0,0 @@ |
434 |
-# Copyright 1999-2020 Gentoo Authors |
435 |
-# Distributed under the terms of the GNU General Public License v2 |
436 |
- |
437 |
-EAPI="7" |
438 |
-PYTHON_COMPAT=( python3_{6,7,8,9} ) |
439 |
- |
440 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd |
441 |
- |
442 |
-MY_P=${PN}-${PV/_/} |
443 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
444 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
445 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
446 |
- |
447 |
-LICENSE="BSD GPL-2" |
448 |
-SLOT="0/8" # ABI version of libunbound.so |
449 |
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~mips ~ppc ~ppc64 x86" |
450 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost +http2 libressl python redis selinux static-libs systemd test threads" |
451 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
452 |
-RESTRICT="!test? ( test )" |
453 |
- |
454 |
-# Note: expat is needed by executable only but the Makefile is custom |
455 |
-# and doesn't make it possible to easily install the library without |
456 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
457 |
-# is fixed. |
458 |
- |
459 |
-CDEPEND="acct-group/unbound |
460 |
- acct-user/unbound |
461 |
- >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
462 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
463 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
464 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
465 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
466 |
- dnstap? ( |
467 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
468 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
469 |
- ) |
470 |
- ecdsa? ( |
471 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
472 |
- ) |
473 |
- http2? ( net-libs/nghttp2 ) |
474 |
- python? ( ${PYTHON_DEPS} ) |
475 |
- redis? ( dev-libs/hiredis:= )" |
476 |
- |
477 |
-BDEPEND="virtual/pkgconfig" |
478 |
- |
479 |
-DEPEND="${CDEPEND} |
480 |
- python? ( dev-lang/swig ) |
481 |
- test? ( |
482 |
- net-dns/ldns-utils[examples] |
483 |
- dev-util/splint |
484 |
- app-text/wdiff |
485 |
- ) |
486 |
- systemd? ( sys-apps/systemd )" |
487 |
- |
488 |
-RDEPEND="${CDEPEND} |
489 |
- net-dns/dnssec-root |
490 |
- selinux? ( sec-policy/selinux-bind )" |
491 |
- |
492 |
-# bug #347415 |
493 |
-RDEPEND="${RDEPEND} |
494 |
- net-dns/dnssec-root" |
495 |
- |
496 |
-PATCHES=( |
497 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
498 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
499 |
- "${FILESDIR}"/${PN}-1.10.1-find-ar.patch |
500 |
-) |
501 |
- |
502 |
-S=${WORKDIR}/${MY_P} |
503 |
- |
504 |
-pkg_setup() { |
505 |
- use python && python-single-r1_pkg_setup |
506 |
-} |
507 |
- |
508 |
-src_prepare() { |
509 |
- default |
510 |
- |
511 |
- eautoreconf |
512 |
- |
513 |
- # required for the python part |
514 |
- multilib_copy_sources |
515 |
-} |
516 |
- |
517 |
-src_configure() { |
518 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
519 |
- multilib-minimal_src_configure |
520 |
-} |
521 |
- |
522 |
-multilib_src_configure() { |
523 |
- econf \ |
524 |
- $(use_enable debug) \ |
525 |
- $(use_enable gost) \ |
526 |
- $(use_enable dnscrypt) \ |
527 |
- $(use_enable dnstap) \ |
528 |
- $(use_enable ecdsa) \ |
529 |
- $(use_enable ecs subnet) \ |
530 |
- $(multilib_native_use_enable redis cachedb) \ |
531 |
- $(use_enable static-libs static) \ |
532 |
- $(use_enable systemd) \ |
533 |
- $(multilib_native_use_with python pythonmodule) \ |
534 |
- $(multilib_native_use_with python pyunbound) \ |
535 |
- $(use_with threads pthreads) \ |
536 |
- $(use_with http2 libnghttp2) \ |
537 |
- --disable-flto \ |
538 |
- --disable-rpath \ |
539 |
- --enable-event-api \ |
540 |
- --enable-ipsecmod \ |
541 |
- --enable-tfo-client \ |
542 |
- --enable-tfo-server \ |
543 |
- --with-libevent="${EPREFIX}"/usr \ |
544 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX}/usr" --without-libhiredis) \ |
545 |
- --with-pidfile="${EPREFIX}"/run/unbound.pid \ |
546 |
- --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ |
547 |
- --with-ssl="${EPREFIX}"/usr \ |
548 |
- --with-libexpat="${EPREFIX}"/usr |
549 |
- |
550 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
551 |
- # $(use_enable debug lock-checks) \ |
552 |
- # $(use_enable debug alloc-checks) \ |
553 |
- # $(use_enable debug alloc-lite) \ |
554 |
- # $(use_enable debug alloc-nonregional) \ |
555 |
-} |
556 |
- |
557 |
-multilib_src_install_all() { |
558 |
- use python && python_optimize |
559 |
- |
560 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
561 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
562 |
- |
563 |
- systemd_dounit "${FILESDIR}"/unbound.service |
564 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
565 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
566 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
567 |
- |
568 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
569 |
- |
570 |
- # bug #315519 |
571 |
- dodoc contrib/unbound_munin_ |
572 |
- |
573 |
- docinto selinux |
574 |
- dodoc contrib/selinux/* |
575 |
- |
576 |
- exeinto /usr/share/${PN} |
577 |
- doexe contrib/update-anchor.sh |
578 |
- |
579 |
- # create space for auto-trust-anchor-file... |
580 |
- keepdir /etc/unbound/var |
581 |
- fowners root:unbound /etc/unbound/var |
582 |
- fperms 0770 /etc/unbound/var |
583 |
- # ... and point example config to it |
584 |
- sed -i \ |
585 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
586 |
- "${ED}/etc/unbound/unbound.conf" \ |
587 |
- || die |
588 |
- |
589 |
- # Used to store cache data |
590 |
- keepdir /var/lib/${PN} |
591 |
- fowners root:unbound /var/lib/${PN} |
592 |
- fperms 0770 /var/lib/${PN} |
593 |
- |
594 |
- find "${ED}" -name '*.la' -delete || die |
595 |
- if ! use static-libs ; then |
596 |
- find "${ED}" -name "*.a" -delete || die |
597 |
- fi |
598 |
-} |
599 |
- |
600 |
-pkg_postinst() { |
601 |
- if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]] ; then |
602 |
- einfo "Trying to create unbound control key ..." |
603 |
- if ! unbound-control-setup &>/dev/null ; then |
604 |
- ewarn "Failed to create unbound control key!" |
605 |
- fi |
606 |
- fi |
607 |
- |
608 |
- if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]] ; then |
609 |
- einfo "" |
610 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
611 |
- einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" |
612 |
- einfo "and run" |
613 |
- einfo "" |
614 |
- einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" |
615 |
- einfo "" |
616 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
617 |
- einfo "" |
618 |
- fi |
619 |
- |
620 |
- # Our user is not available on prefix |
621 |
- use prefix && return |
622 |
- |
623 |
- local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX) |
624 |
- su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null |
625 |
- if [ $? -ne 0 ] ; then |
626 |
- ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!" |
627 |
- ewarn "Run the following commands to restore default permission:" |
628 |
- ewarn "" |
629 |
- ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var" |
630 |
- ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var" |
631 |
- else |
632 |
- # Cleanup -- no reason to die here! |
633 |
- rm -f "${_perm_check_testfile}" |
634 |
- fi |
635 |
-} |
636 |
|
637 |
diff --git a/net-dns/unbound/unbound-1.12.0.ebuild b/net-dns/unbound/unbound-1.12.0.ebuild |
638 |
deleted file mode 100644 |
639 |
index 30cafd751b1..00000000000 |
640 |
--- a/net-dns/unbound/unbound-1.12.0.ebuild |
641 |
+++ /dev/null |
642 |
@@ -1,200 +0,0 @@ |
643 |
-# Copyright 1999-2020 Gentoo Authors |
644 |
-# Distributed under the terms of the GNU General Public License v2 |
645 |
- |
646 |
-EAPI="7" |
647 |
-PYTHON_COMPAT=( python3_{6,7,8,9} ) |
648 |
- |
649 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd |
650 |
- |
651 |
-MY_P=${PN}-${PV/_/} |
652 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
653 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
654 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
655 |
- |
656 |
-LICENSE="BSD GPL-2" |
657 |
-SLOT="0/8" # ABI version of libunbound.so |
658 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" |
659 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
660 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
661 |
-RESTRICT="!test? ( test )" |
662 |
- |
663 |
-# Note: expat is needed by executable only but the Makefile is custom |
664 |
-# and doesn't make it possible to easily install the library without |
665 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
666 |
-# is fixed. |
667 |
- |
668 |
-CDEPEND="acct-group/unbound |
669 |
- acct-user/unbound |
670 |
- >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
671 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
672 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
673 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
674 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
675 |
- dnstap? ( |
676 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
677 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
678 |
- ) |
679 |
- ecdsa? ( |
680 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
681 |
- ) |
682 |
- python? ( ${PYTHON_DEPS} ) |
683 |
- redis? ( dev-libs/hiredis:= )" |
684 |
- |
685 |
-BDEPEND="virtual/pkgconfig" |
686 |
- |
687 |
-DEPEND="${CDEPEND} |
688 |
- python? ( dev-lang/swig ) |
689 |
- test? ( |
690 |
- net-dns/ldns-utils[examples] |
691 |
- dev-util/splint |
692 |
- app-text/wdiff |
693 |
- ) |
694 |
- systemd? ( sys-apps/systemd )" |
695 |
- |
696 |
-RDEPEND="${CDEPEND} |
697 |
- net-dns/dnssec-root |
698 |
- selinux? ( sec-policy/selinux-bind )" |
699 |
- |
700 |
-# bug #347415 |
701 |
-RDEPEND="${RDEPEND} |
702 |
- net-dns/dnssec-root" |
703 |
- |
704 |
-PATCHES=( |
705 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
706 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
707 |
- "${FILESDIR}"/${PN}-1.10.1-find-ar.patch |
708 |
-) |
709 |
- |
710 |
-S=${WORKDIR}/${MY_P} |
711 |
- |
712 |
-pkg_setup() { |
713 |
- use python && python-single-r1_pkg_setup |
714 |
-} |
715 |
- |
716 |
-src_prepare() { |
717 |
- default |
718 |
- |
719 |
- eautoreconf |
720 |
- |
721 |
- # required for the python part |
722 |
- multilib_copy_sources |
723 |
-} |
724 |
- |
725 |
-src_configure() { |
726 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
727 |
- multilib-minimal_src_configure |
728 |
-} |
729 |
- |
730 |
-multilib_src_configure() { |
731 |
- econf \ |
732 |
- $(use_enable debug) \ |
733 |
- $(use_enable gost) \ |
734 |
- $(use_enable dnscrypt) \ |
735 |
- $(use_enable dnstap) \ |
736 |
- $(use_enable ecdsa) \ |
737 |
- $(use_enable ecs subnet) \ |
738 |
- $(multilib_native_use_enable redis cachedb) \ |
739 |
- $(use_enable static-libs static) \ |
740 |
- $(use_enable systemd) \ |
741 |
- $(multilib_native_use_with python pythonmodule) \ |
742 |
- $(multilib_native_use_with python pyunbound) \ |
743 |
- $(use_with threads pthreads) \ |
744 |
- --disable-flto \ |
745 |
- --disable-rpath \ |
746 |
- --enable-event-api \ |
747 |
- --enable-ipsecmod \ |
748 |
- --enable-tfo-client \ |
749 |
- --enable-tfo-server \ |
750 |
- --with-libevent="${EPREFIX}"/usr \ |
751 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX}/usr" --without-libhiredis) \ |
752 |
- --with-pidfile="${EPREFIX}"/run/unbound.pid \ |
753 |
- --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ |
754 |
- --with-ssl="${EPREFIX}"/usr \ |
755 |
- --with-libexpat="${EPREFIX}"/usr |
756 |
- |
757 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
758 |
- # $(use_enable debug lock-checks) \ |
759 |
- # $(use_enable debug alloc-checks) \ |
760 |
- # $(use_enable debug alloc-lite) \ |
761 |
- # $(use_enable debug alloc-nonregional) \ |
762 |
-} |
763 |
- |
764 |
-multilib_src_install_all() { |
765 |
- use python && python_optimize |
766 |
- |
767 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
768 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
769 |
- |
770 |
- systemd_dounit "${FILESDIR}"/unbound.service |
771 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
772 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
773 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
774 |
- |
775 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
776 |
- |
777 |
- # bug #315519 |
778 |
- dodoc contrib/unbound_munin_ |
779 |
- |
780 |
- docinto selinux |
781 |
- dodoc contrib/selinux/* |
782 |
- |
783 |
- exeinto /usr/share/${PN} |
784 |
- doexe contrib/update-anchor.sh |
785 |
- |
786 |
- # create space for auto-trust-anchor-file... |
787 |
- keepdir /etc/unbound/var |
788 |
- fowners root:unbound /etc/unbound/var |
789 |
- fperms 0770 /etc/unbound/var |
790 |
- # ... and point example config to it |
791 |
- sed -i \ |
792 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
793 |
- "${ED}/etc/unbound/unbound.conf" \ |
794 |
- || die |
795 |
- |
796 |
- # Used to store cache data |
797 |
- keepdir /var/lib/${PN} |
798 |
- fowners root:unbound /var/lib/${PN} |
799 |
- fperms 0770 /var/lib/${PN} |
800 |
- |
801 |
- find "${ED}" -name '*.la' -delete || die |
802 |
- if ! use static-libs ; then |
803 |
- find "${ED}" -name "*.a" -delete || die |
804 |
- fi |
805 |
-} |
806 |
- |
807 |
-pkg_postinst() { |
808 |
- if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]] ; then |
809 |
- einfo "Trying to create unbound control key ..." |
810 |
- if ! unbound-control-setup &>/dev/null ; then |
811 |
- ewarn "Failed to create unbound control key!" |
812 |
- fi |
813 |
- fi |
814 |
- |
815 |
- if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]] ; then |
816 |
- einfo "" |
817 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
818 |
- einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" |
819 |
- einfo "and run" |
820 |
- einfo "" |
821 |
- einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" |
822 |
- einfo "" |
823 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
824 |
- einfo "" |
825 |
- fi |
826 |
- |
827 |
- # Our user is not available on prefix |
828 |
- use prefix && return |
829 |
- |
830 |
- local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX) |
831 |
- su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null |
832 |
- if [ $? -ne 0 ] ; then |
833 |
- ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!" |
834 |
- ewarn "Run the following commands to restore default permission:" |
835 |
- ewarn "" |
836 |
- ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var" |
837 |
- ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var" |
838 |
- else |
839 |
- # Cleanup -- no reason to die here! |
840 |
- rm -f "${_perm_check_testfile}" |
841 |
- fi |
842 |
-} |