1 |
commit: 602ec466b60ab904eefc121ee87ef66ea6dc990e |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Oct 26 17:33:39 2019 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Oct 26 17:33:39 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=602ec466 |
7 |
|
8 |
net-dns/unbound: security cleanup (#696298) |
9 |
|
10 |
Bug: https://bugs.gentoo.org/696298 |
11 |
Package-Manager: Portage-2.3.78, Repoman-2.3.17 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
net-dns/unbound/Manifest | 4 - |
15 |
net-dns/unbound/unbound-1.9.0.ebuild | 181 ------------------------------- |
16 |
net-dns/unbound/unbound-1.9.1-r1.ebuild | 182 -------------------------------- |
17 |
net-dns/unbound/unbound-1.9.1.ebuild | 181 ------------------------------- |
18 |
net-dns/unbound/unbound-1.9.2.ebuild | 182 -------------------------------- |
19 |
net-dns/unbound/unbound-1.9.3.ebuild | 182 -------------------------------- |
20 |
6 files changed, 912 deletions(-) |
21 |
|
22 |
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest |
23 |
index d41b0680a56..dec96dff8f6 100644 |
24 |
--- a/net-dns/unbound/Manifest |
25 |
+++ b/net-dns/unbound/Manifest |
26 |
@@ -1,5 +1 @@ |
27 |
-DIST unbound-1.9.0.tar.gz 5662176 BLAKE2B dff42ca4155df1c364bcfeb37c0f9516e7f167cc59bebd1fcf264db6471ad99804323c59e485662e03ab095932f1ca3fe25693a9ba840e9c0ecad69cf31b1a2d SHA512 7dfa8e078507fc24a2d0938eea590389453bacfcac023f1a41af19350ea1f7b87d0c82d7eead121a11068921292a96865e177274ff27ed8b8868445f80f7baf6 |
28 |
-DIST unbound-1.9.1.tar.gz 5665254 BLAKE2B 68a643cd17139b34e3651e0e72053b0faacf83ae975fff97493c78742ffa7f0d3dbc0028e96e581e125a3591467ec78ae245a718424c2fb32ea7db23ae945f44 SHA512 5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d |
29 |
-DIST unbound-1.9.2.tar.gz 5676395 BLAKE2B fa42e6afaf7e7fc98dba35fb6ec4513f7f392194e9124f7a4625c9a51f4b2b58bb63ca40a083b9f3583af3636399df02f92ef7cb0ae10404b7258cddfce82adc SHA512 118f0e53ee2d5cfb53ce1f792ca680cc01b5825bf81575e36bd3b24f3bdbe14e6631401bf1bf85eb2ac2a3fa0ee2ee3eb6a28b245d06d48d9975ce4cc260f764 |
30 |
-DIST unbound-1.9.3.tar.gz 5686017 BLAKE2B f96636f4070e48cc5e3eadfb59e28f2ab2fc95a8c5a78af095743ea6d32149aadc486f8da62ea1b38c856f4ba9c2cf041407dceb33396a47c59a19816d67f8c6 SHA512 21e14dc1577adbe502a262d7fbe9aae0cd389cd9c0b822246beadf00f0ee875e268eeb3ce820433cbb01495d6b182c334b34b63b1bc33b08589a230810ccfe90 |
31 |
DIST unbound-1.9.4.tar.gz 5686242 BLAKE2B de9e553ba6e8c3839b41776052c3b0f83890b5bd9cbdb895fbf1e413169dd4740a9dc354ccc787fa018755acb73e831f1cb2742db65e151d1e01367b35a7b9e5 SHA512 44021014c944fc01a1f5f9afd77145f5554a3282cc2bfd54526fc4f88346f497c847ddb72bafa155d7e6e5dd02b6bb031836ead4408977d4e4b5b3290dffea9c |
32 |
|
33 |
diff --git a/net-dns/unbound/unbound-1.9.0.ebuild b/net-dns/unbound/unbound-1.9.0.ebuild |
34 |
deleted file mode 100644 |
35 |
index 7d08d92eda4..00000000000 |
36 |
--- a/net-dns/unbound/unbound-1.9.0.ebuild |
37 |
+++ /dev/null |
38 |
@@ -1,181 +0,0 @@ |
39 |
-# Copyright 1999-2019 Gentoo Authors |
40 |
-# Distributed under the terms of the GNU General Public License v2 |
41 |
- |
42 |
-EAPI="7" |
43 |
-PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) |
44 |
- |
45 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
46 |
- |
47 |
-MY_P=${PN}-${PV/_/} |
48 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
49 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
50 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
51 |
- |
52 |
-LICENSE="BSD GPL-2" |
53 |
-SLOT="0/8" # ABI version of libunbound.so |
54 |
-KEYWORDS="~alpha amd64 arm ~hppa ~mips ppc ppc64 x86" |
55 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
56 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
57 |
- |
58 |
-# Note: expat is needed by executable only but the Makefile is custom |
59 |
-# and doesn't make it possible to easily install the library without |
60 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
61 |
-# is fixed. |
62 |
- |
63 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
64 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
65 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
66 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
67 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
68 |
- dnstap? ( |
69 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
70 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
71 |
- ) |
72 |
- ecdsa? ( |
73 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
74 |
- ) |
75 |
- python? ( ${PYTHON_DEPS} ) |
76 |
- redis? ( dev-libs/hiredis:= )" |
77 |
- |
78 |
-BDEPEND="virtual/pkgconfig" |
79 |
- |
80 |
-DEPEND="${CDEPEND} |
81 |
- python? ( dev-lang/swig ) |
82 |
- test? ( |
83 |
- net-dns/ldns-utils[examples] |
84 |
- dev-util/splint |
85 |
- app-text/wdiff |
86 |
- ) |
87 |
- systemd? ( sys-apps/systemd )" |
88 |
- |
89 |
-RDEPEND="${CDEPEND} |
90 |
- net-dns/dnssec-root |
91 |
- selinux? ( sec-policy/selinux-bind )" |
92 |
- |
93 |
-# bug #347415 |
94 |
-RDEPEND="${RDEPEND} |
95 |
- net-dns/dnssec-root" |
96 |
- |
97 |
-PATCHES=( |
98 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
99 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
100 |
-) |
101 |
- |
102 |
-S=${WORKDIR}/${MY_P} |
103 |
- |
104 |
-pkg_setup() { |
105 |
- enewgroup unbound |
106 |
- enewuser unbound -1 -1 /etc/unbound unbound |
107 |
- # improve security on existing installs (bug #641042) |
108 |
- # as well as new installs where unbound homedir has just been created |
109 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
110 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
111 |
- fi |
112 |
- |
113 |
- use python && python-single-r1_pkg_setup |
114 |
-} |
115 |
- |
116 |
-src_prepare() { |
117 |
- default |
118 |
- |
119 |
- eautoreconf |
120 |
- |
121 |
- # required for the python part |
122 |
- multilib_copy_sources |
123 |
-} |
124 |
- |
125 |
-src_configure() { |
126 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
127 |
- multilib-minimal_src_configure |
128 |
-} |
129 |
- |
130 |
-multilib_src_configure() { |
131 |
- econf \ |
132 |
- $(use_enable debug) \ |
133 |
- $(use_enable gost) \ |
134 |
- $(use_enable dnscrypt) \ |
135 |
- $(use_enable dnstap) \ |
136 |
- $(use_enable ecdsa) \ |
137 |
- $(use_enable ecs subnet) \ |
138 |
- $(multilib_native_use_enable redis cachedb) \ |
139 |
- $(use_enable static-libs static) \ |
140 |
- $(use_enable systemd) \ |
141 |
- $(multilib_native_use_with python pythonmodule) \ |
142 |
- $(multilib_native_use_with python pyunbound) \ |
143 |
- $(use_with threads pthreads) \ |
144 |
- --disable-flto \ |
145 |
- --disable-rpath \ |
146 |
- --enable-ipsecmod \ |
147 |
- --enable-tfo-client \ |
148 |
- --enable-tfo-server \ |
149 |
- --with-libevent="${EPREFIX%/}"/usr \ |
150 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
151 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
152 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
153 |
- --with-ssl="${EPREFIX%/}"/usr \ |
154 |
- --with-libexpat="${EPREFIX%/}"/usr |
155 |
- |
156 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
157 |
- # $(use_enable debug lock-checks) \ |
158 |
- # $(use_enable debug alloc-checks) \ |
159 |
- # $(use_enable debug alloc-lite) \ |
160 |
- # $(use_enable debug alloc-nonregional) \ |
161 |
-} |
162 |
- |
163 |
-multilib_src_install_all() { |
164 |
- use python && python_optimize |
165 |
- |
166 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
167 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
168 |
- |
169 |
- systemd_dounit "${FILESDIR}"/unbound.service |
170 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
171 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
172 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
173 |
- |
174 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
175 |
- |
176 |
- # bug #315519 |
177 |
- dodoc contrib/unbound_munin_ |
178 |
- |
179 |
- docinto selinux |
180 |
- dodoc contrib/selinux/* |
181 |
- |
182 |
- exeinto /usr/share/${PN} |
183 |
- doexe contrib/update-anchor.sh |
184 |
- |
185 |
- # create space for auto-trust-anchor-file... |
186 |
- keepdir /etc/unbound/var |
187 |
- # ... and point example config to it |
188 |
- sed -i \ |
189 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
190 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
191 |
- die |
192 |
- |
193 |
- # Used to store cache data |
194 |
- keepdir /var/lib/${PN} |
195 |
- fowners root:unbound /var/lib/${PN} |
196 |
- fperms 0750 /var/lib/${PN} |
197 |
- |
198 |
- find "${ED}" -name '*.la' -delete || die |
199 |
- if ! use static-libs ; then |
200 |
- find "${ED}" -name "*.a" -delete || die |
201 |
- fi |
202 |
-} |
203 |
- |
204 |
-pkg_postinst() { |
205 |
- # make var/ writable by unbound |
206 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
207 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
208 |
- fi |
209 |
- |
210 |
- einfo "" |
211 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
212 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
213 |
- einfo "and run" |
214 |
- einfo "" |
215 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
216 |
- einfo "" |
217 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
218 |
- einfo "" |
219 |
-} |
220 |
|
221 |
diff --git a/net-dns/unbound/unbound-1.9.1-r1.ebuild b/net-dns/unbound/unbound-1.9.1-r1.ebuild |
222 |
deleted file mode 100644 |
223 |
index e4d1ceae7af..00000000000 |
224 |
--- a/net-dns/unbound/unbound-1.9.1-r1.ebuild |
225 |
+++ /dev/null |
226 |
@@ -1,182 +0,0 @@ |
227 |
-# Copyright 1999-2019 Gentoo Authors |
228 |
-# Distributed under the terms of the GNU General Public License v2 |
229 |
- |
230 |
-EAPI="7" |
231 |
-PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) |
232 |
- |
233 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
234 |
- |
235 |
-MY_P=${PN}-${PV/_/} |
236 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
237 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
238 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
239 |
- |
240 |
-LICENSE="BSD GPL-2" |
241 |
-SLOT="0/8" # ABI version of libunbound.so |
242 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" |
243 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
244 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
245 |
- |
246 |
-# Note: expat is needed by executable only but the Makefile is custom |
247 |
-# and doesn't make it possible to easily install the library without |
248 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
249 |
-# is fixed. |
250 |
- |
251 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
252 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
253 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
254 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
255 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
256 |
- dnstap? ( |
257 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
258 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
259 |
- ) |
260 |
- ecdsa? ( |
261 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
262 |
- ) |
263 |
- python? ( ${PYTHON_DEPS} ) |
264 |
- redis? ( dev-libs/hiredis:= )" |
265 |
- |
266 |
-BDEPEND="virtual/pkgconfig" |
267 |
- |
268 |
-DEPEND="${CDEPEND} |
269 |
- python? ( dev-lang/swig ) |
270 |
- test? ( |
271 |
- net-dns/ldns-utils[examples] |
272 |
- dev-util/splint |
273 |
- app-text/wdiff |
274 |
- ) |
275 |
- systemd? ( sys-apps/systemd )" |
276 |
- |
277 |
-RDEPEND="${CDEPEND} |
278 |
- net-dns/dnssec-root |
279 |
- selinux? ( sec-policy/selinux-bind )" |
280 |
- |
281 |
-# bug #347415 |
282 |
-RDEPEND="${RDEPEND} |
283 |
- net-dns/dnssec-root" |
284 |
- |
285 |
-PATCHES=( |
286 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
287 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
288 |
-) |
289 |
- |
290 |
-S=${WORKDIR}/${MY_P} |
291 |
- |
292 |
-pkg_setup() { |
293 |
- enewgroup unbound |
294 |
- enewuser unbound -1 -1 /etc/unbound unbound |
295 |
- # improve security on existing installs (bug #641042) |
296 |
- # as well as new installs where unbound homedir has just been created |
297 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
298 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
299 |
- fi |
300 |
- |
301 |
- use python && python-single-r1_pkg_setup |
302 |
-} |
303 |
- |
304 |
-src_prepare() { |
305 |
- default |
306 |
- |
307 |
- eautoreconf |
308 |
- |
309 |
- # required for the python part |
310 |
- multilib_copy_sources |
311 |
-} |
312 |
- |
313 |
-src_configure() { |
314 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
315 |
- multilib-minimal_src_configure |
316 |
-} |
317 |
- |
318 |
-multilib_src_configure() { |
319 |
- econf \ |
320 |
- $(use_enable debug) \ |
321 |
- $(use_enable gost) \ |
322 |
- $(use_enable dnscrypt) \ |
323 |
- $(use_enable dnstap) \ |
324 |
- $(use_enable ecdsa) \ |
325 |
- $(use_enable ecs subnet) \ |
326 |
- $(multilib_native_use_enable redis cachedb) \ |
327 |
- $(use_enable static-libs static) \ |
328 |
- $(use_enable systemd) \ |
329 |
- $(multilib_native_use_with python pythonmodule) \ |
330 |
- $(multilib_native_use_with python pyunbound) \ |
331 |
- $(use_with threads pthreads) \ |
332 |
- --disable-flto \ |
333 |
- --disable-rpath \ |
334 |
- --enable-event-api \ |
335 |
- --enable-ipsecmod \ |
336 |
- --enable-tfo-client \ |
337 |
- --enable-tfo-server \ |
338 |
- --with-libevent="${EPREFIX%/}"/usr \ |
339 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
340 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
341 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
342 |
- --with-ssl="${EPREFIX%/}"/usr \ |
343 |
- --with-libexpat="${EPREFIX%/}"/usr |
344 |
- |
345 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
346 |
- # $(use_enable debug lock-checks) \ |
347 |
- # $(use_enable debug alloc-checks) \ |
348 |
- # $(use_enable debug alloc-lite) \ |
349 |
- # $(use_enable debug alloc-nonregional) \ |
350 |
-} |
351 |
- |
352 |
-multilib_src_install_all() { |
353 |
- use python && python_optimize |
354 |
- |
355 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
356 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
357 |
- |
358 |
- systemd_dounit "${FILESDIR}"/unbound.service |
359 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
360 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
361 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
362 |
- |
363 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
364 |
- |
365 |
- # bug #315519 |
366 |
- dodoc contrib/unbound_munin_ |
367 |
- |
368 |
- docinto selinux |
369 |
- dodoc contrib/selinux/* |
370 |
- |
371 |
- exeinto /usr/share/${PN} |
372 |
- doexe contrib/update-anchor.sh |
373 |
- |
374 |
- # create space for auto-trust-anchor-file... |
375 |
- keepdir /etc/unbound/var |
376 |
- # ... and point example config to it |
377 |
- sed -i \ |
378 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
379 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
380 |
- die |
381 |
- |
382 |
- # Used to store cache data |
383 |
- keepdir /var/lib/${PN} |
384 |
- fowners root:unbound /var/lib/${PN} |
385 |
- fperms 0750 /var/lib/${PN} |
386 |
- |
387 |
- find "${ED}" -name '*.la' -delete || die |
388 |
- if ! use static-libs ; then |
389 |
- find "${ED}" -name "*.a" -delete || die |
390 |
- fi |
391 |
-} |
392 |
- |
393 |
-pkg_postinst() { |
394 |
- # make var/ writable by unbound |
395 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
396 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
397 |
- fi |
398 |
- |
399 |
- einfo "" |
400 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
401 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
402 |
- einfo "and run" |
403 |
- einfo "" |
404 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
405 |
- einfo "" |
406 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
407 |
- einfo "" |
408 |
-} |
409 |
|
410 |
diff --git a/net-dns/unbound/unbound-1.9.1.ebuild b/net-dns/unbound/unbound-1.9.1.ebuild |
411 |
deleted file mode 100644 |
412 |
index 8dde19fcab9..00000000000 |
413 |
--- a/net-dns/unbound/unbound-1.9.1.ebuild |
414 |
+++ /dev/null |
415 |
@@ -1,181 +0,0 @@ |
416 |
-# Copyright 1999-2019 Gentoo Authors |
417 |
-# Distributed under the terms of the GNU General Public License v2 |
418 |
- |
419 |
-EAPI="7" |
420 |
-PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) |
421 |
- |
422 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
423 |
- |
424 |
-MY_P=${PN}-${PV/_/} |
425 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
426 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
427 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
428 |
- |
429 |
-LICENSE="BSD GPL-2" |
430 |
-SLOT="0/8" # ABI version of libunbound.so |
431 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" |
432 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
433 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
434 |
- |
435 |
-# Note: expat is needed by executable only but the Makefile is custom |
436 |
-# and doesn't make it possible to easily install the library without |
437 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
438 |
-# is fixed. |
439 |
- |
440 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
441 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
442 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
443 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
444 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
445 |
- dnstap? ( |
446 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
447 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
448 |
- ) |
449 |
- ecdsa? ( |
450 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
451 |
- ) |
452 |
- python? ( ${PYTHON_DEPS} ) |
453 |
- redis? ( dev-libs/hiredis:= )" |
454 |
- |
455 |
-BDEPEND="virtual/pkgconfig" |
456 |
- |
457 |
-DEPEND="${CDEPEND} |
458 |
- python? ( dev-lang/swig ) |
459 |
- test? ( |
460 |
- net-dns/ldns-utils[examples] |
461 |
- dev-util/splint |
462 |
- app-text/wdiff |
463 |
- ) |
464 |
- systemd? ( sys-apps/systemd )" |
465 |
- |
466 |
-RDEPEND="${CDEPEND} |
467 |
- net-dns/dnssec-root |
468 |
- selinux? ( sec-policy/selinux-bind )" |
469 |
- |
470 |
-# bug #347415 |
471 |
-RDEPEND="${RDEPEND} |
472 |
- net-dns/dnssec-root" |
473 |
- |
474 |
-PATCHES=( |
475 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
476 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
477 |
-) |
478 |
- |
479 |
-S=${WORKDIR}/${MY_P} |
480 |
- |
481 |
-pkg_setup() { |
482 |
- enewgroup unbound |
483 |
- enewuser unbound -1 -1 /etc/unbound unbound |
484 |
- # improve security on existing installs (bug #641042) |
485 |
- # as well as new installs where unbound homedir has just been created |
486 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
487 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
488 |
- fi |
489 |
- |
490 |
- use python && python-single-r1_pkg_setup |
491 |
-} |
492 |
- |
493 |
-src_prepare() { |
494 |
- default |
495 |
- |
496 |
- eautoreconf |
497 |
- |
498 |
- # required for the python part |
499 |
- multilib_copy_sources |
500 |
-} |
501 |
- |
502 |
-src_configure() { |
503 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
504 |
- multilib-minimal_src_configure |
505 |
-} |
506 |
- |
507 |
-multilib_src_configure() { |
508 |
- econf \ |
509 |
- $(use_enable debug) \ |
510 |
- $(use_enable gost) \ |
511 |
- $(use_enable dnscrypt) \ |
512 |
- $(use_enable dnstap) \ |
513 |
- $(use_enable ecdsa) \ |
514 |
- $(use_enable ecs subnet) \ |
515 |
- $(multilib_native_use_enable redis cachedb) \ |
516 |
- $(use_enable static-libs static) \ |
517 |
- $(use_enable systemd) \ |
518 |
- $(multilib_native_use_with python pythonmodule) \ |
519 |
- $(multilib_native_use_with python pyunbound) \ |
520 |
- $(use_with threads pthreads) \ |
521 |
- --disable-flto \ |
522 |
- --disable-rpath \ |
523 |
- --enable-ipsecmod \ |
524 |
- --enable-tfo-client \ |
525 |
- --enable-tfo-server \ |
526 |
- --with-libevent="${EPREFIX%/}"/usr \ |
527 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
528 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
529 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
530 |
- --with-ssl="${EPREFIX%/}"/usr \ |
531 |
- --with-libexpat="${EPREFIX%/}"/usr |
532 |
- |
533 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
534 |
- # $(use_enable debug lock-checks) \ |
535 |
- # $(use_enable debug alloc-checks) \ |
536 |
- # $(use_enable debug alloc-lite) \ |
537 |
- # $(use_enable debug alloc-nonregional) \ |
538 |
-} |
539 |
- |
540 |
-multilib_src_install_all() { |
541 |
- use python && python_optimize |
542 |
- |
543 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
544 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
545 |
- |
546 |
- systemd_dounit "${FILESDIR}"/unbound.service |
547 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
548 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
549 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
550 |
- |
551 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
552 |
- |
553 |
- # bug #315519 |
554 |
- dodoc contrib/unbound_munin_ |
555 |
- |
556 |
- docinto selinux |
557 |
- dodoc contrib/selinux/* |
558 |
- |
559 |
- exeinto /usr/share/${PN} |
560 |
- doexe contrib/update-anchor.sh |
561 |
- |
562 |
- # create space for auto-trust-anchor-file... |
563 |
- keepdir /etc/unbound/var |
564 |
- # ... and point example config to it |
565 |
- sed -i \ |
566 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
567 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
568 |
- die |
569 |
- |
570 |
- # Used to store cache data |
571 |
- keepdir /var/lib/${PN} |
572 |
- fowners root:unbound /var/lib/${PN} |
573 |
- fperms 0750 /var/lib/${PN} |
574 |
- |
575 |
- find "${ED}" -name '*.la' -delete || die |
576 |
- if ! use static-libs ; then |
577 |
- find "${ED}" -name "*.a" -delete || die |
578 |
- fi |
579 |
-} |
580 |
- |
581 |
-pkg_postinst() { |
582 |
- # make var/ writable by unbound |
583 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
584 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
585 |
- fi |
586 |
- |
587 |
- einfo "" |
588 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
589 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
590 |
- einfo "and run" |
591 |
- einfo "" |
592 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
593 |
- einfo "" |
594 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
595 |
- einfo "" |
596 |
-} |
597 |
|
598 |
diff --git a/net-dns/unbound/unbound-1.9.2.ebuild b/net-dns/unbound/unbound-1.9.2.ebuild |
599 |
deleted file mode 100644 |
600 |
index e4d1ceae7af..00000000000 |
601 |
--- a/net-dns/unbound/unbound-1.9.2.ebuild |
602 |
+++ /dev/null |
603 |
@@ -1,182 +0,0 @@ |
604 |
-# Copyright 1999-2019 Gentoo Authors |
605 |
-# Distributed under the terms of the GNU General Public License v2 |
606 |
- |
607 |
-EAPI="7" |
608 |
-PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) |
609 |
- |
610 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
611 |
- |
612 |
-MY_P=${PN}-${PV/_/} |
613 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
614 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
615 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
616 |
- |
617 |
-LICENSE="BSD GPL-2" |
618 |
-SLOT="0/8" # ABI version of libunbound.so |
619 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" |
620 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
621 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
622 |
- |
623 |
-# Note: expat is needed by executable only but the Makefile is custom |
624 |
-# and doesn't make it possible to easily install the library without |
625 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
626 |
-# is fixed. |
627 |
- |
628 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
629 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
630 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
631 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
632 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
633 |
- dnstap? ( |
634 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
635 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
636 |
- ) |
637 |
- ecdsa? ( |
638 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
639 |
- ) |
640 |
- python? ( ${PYTHON_DEPS} ) |
641 |
- redis? ( dev-libs/hiredis:= )" |
642 |
- |
643 |
-BDEPEND="virtual/pkgconfig" |
644 |
- |
645 |
-DEPEND="${CDEPEND} |
646 |
- python? ( dev-lang/swig ) |
647 |
- test? ( |
648 |
- net-dns/ldns-utils[examples] |
649 |
- dev-util/splint |
650 |
- app-text/wdiff |
651 |
- ) |
652 |
- systemd? ( sys-apps/systemd )" |
653 |
- |
654 |
-RDEPEND="${CDEPEND} |
655 |
- net-dns/dnssec-root |
656 |
- selinux? ( sec-policy/selinux-bind )" |
657 |
- |
658 |
-# bug #347415 |
659 |
-RDEPEND="${RDEPEND} |
660 |
- net-dns/dnssec-root" |
661 |
- |
662 |
-PATCHES=( |
663 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
664 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
665 |
-) |
666 |
- |
667 |
-S=${WORKDIR}/${MY_P} |
668 |
- |
669 |
-pkg_setup() { |
670 |
- enewgroup unbound |
671 |
- enewuser unbound -1 -1 /etc/unbound unbound |
672 |
- # improve security on existing installs (bug #641042) |
673 |
- # as well as new installs where unbound homedir has just been created |
674 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
675 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
676 |
- fi |
677 |
- |
678 |
- use python && python-single-r1_pkg_setup |
679 |
-} |
680 |
- |
681 |
-src_prepare() { |
682 |
- default |
683 |
- |
684 |
- eautoreconf |
685 |
- |
686 |
- # required for the python part |
687 |
- multilib_copy_sources |
688 |
-} |
689 |
- |
690 |
-src_configure() { |
691 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
692 |
- multilib-minimal_src_configure |
693 |
-} |
694 |
- |
695 |
-multilib_src_configure() { |
696 |
- econf \ |
697 |
- $(use_enable debug) \ |
698 |
- $(use_enable gost) \ |
699 |
- $(use_enable dnscrypt) \ |
700 |
- $(use_enable dnstap) \ |
701 |
- $(use_enable ecdsa) \ |
702 |
- $(use_enable ecs subnet) \ |
703 |
- $(multilib_native_use_enable redis cachedb) \ |
704 |
- $(use_enable static-libs static) \ |
705 |
- $(use_enable systemd) \ |
706 |
- $(multilib_native_use_with python pythonmodule) \ |
707 |
- $(multilib_native_use_with python pyunbound) \ |
708 |
- $(use_with threads pthreads) \ |
709 |
- --disable-flto \ |
710 |
- --disable-rpath \ |
711 |
- --enable-event-api \ |
712 |
- --enable-ipsecmod \ |
713 |
- --enable-tfo-client \ |
714 |
- --enable-tfo-server \ |
715 |
- --with-libevent="${EPREFIX%/}"/usr \ |
716 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
717 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
718 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
719 |
- --with-ssl="${EPREFIX%/}"/usr \ |
720 |
- --with-libexpat="${EPREFIX%/}"/usr |
721 |
- |
722 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
723 |
- # $(use_enable debug lock-checks) \ |
724 |
- # $(use_enable debug alloc-checks) \ |
725 |
- # $(use_enable debug alloc-lite) \ |
726 |
- # $(use_enable debug alloc-nonregional) \ |
727 |
-} |
728 |
- |
729 |
-multilib_src_install_all() { |
730 |
- use python && python_optimize |
731 |
- |
732 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
733 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
734 |
- |
735 |
- systemd_dounit "${FILESDIR}"/unbound.service |
736 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
737 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
738 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
739 |
- |
740 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
741 |
- |
742 |
- # bug #315519 |
743 |
- dodoc contrib/unbound_munin_ |
744 |
- |
745 |
- docinto selinux |
746 |
- dodoc contrib/selinux/* |
747 |
- |
748 |
- exeinto /usr/share/${PN} |
749 |
- doexe contrib/update-anchor.sh |
750 |
- |
751 |
- # create space for auto-trust-anchor-file... |
752 |
- keepdir /etc/unbound/var |
753 |
- # ... and point example config to it |
754 |
- sed -i \ |
755 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
756 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
757 |
- die |
758 |
- |
759 |
- # Used to store cache data |
760 |
- keepdir /var/lib/${PN} |
761 |
- fowners root:unbound /var/lib/${PN} |
762 |
- fperms 0750 /var/lib/${PN} |
763 |
- |
764 |
- find "${ED}" -name '*.la' -delete || die |
765 |
- if ! use static-libs ; then |
766 |
- find "${ED}" -name "*.a" -delete || die |
767 |
- fi |
768 |
-} |
769 |
- |
770 |
-pkg_postinst() { |
771 |
- # make var/ writable by unbound |
772 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
773 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
774 |
- fi |
775 |
- |
776 |
- einfo "" |
777 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
778 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
779 |
- einfo "and run" |
780 |
- einfo "" |
781 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
782 |
- einfo "" |
783 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
784 |
- einfo "" |
785 |
-} |
786 |
|
787 |
diff --git a/net-dns/unbound/unbound-1.9.3.ebuild b/net-dns/unbound/unbound-1.9.3.ebuild |
788 |
deleted file mode 100644 |
789 |
index e4d1ceae7af..00000000000 |
790 |
--- a/net-dns/unbound/unbound-1.9.3.ebuild |
791 |
+++ /dev/null |
792 |
@@ -1,182 +0,0 @@ |
793 |
-# Copyright 1999-2019 Gentoo Authors |
794 |
-# Distributed under the terms of the GNU General Public License v2 |
795 |
- |
796 |
-EAPI="7" |
797 |
-PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) |
798 |
- |
799 |
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user |
800 |
- |
801 |
-MY_P=${PN}-${PV/_/} |
802 |
-DESCRIPTION="A validating, recursive and caching DNS resolver" |
803 |
-HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
804 |
-SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
805 |
- |
806 |
-LICENSE="BSD GPL-2" |
807 |
-SLOT="0/8" # ABI version of libunbound.so |
808 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" |
809 |
-IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
810 |
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
811 |
- |
812 |
-# Note: expat is needed by executable only but the Makefile is custom |
813 |
-# and doesn't make it possible to easily install the library without |
814 |
-# the executables. MULTILIB_USEDEP may be dropped once build system |
815 |
-# is fixed. |
816 |
- |
817 |
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
818 |
- >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
819 |
- libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) |
820 |
- !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
821 |
- dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) |
822 |
- dnstap? ( |
823 |
- dev-libs/fstrm[${MULTILIB_USEDEP}] |
824 |
- >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] |
825 |
- ) |
826 |
- ecdsa? ( |
827 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
828 |
- ) |
829 |
- python? ( ${PYTHON_DEPS} ) |
830 |
- redis? ( dev-libs/hiredis:= )" |
831 |
- |
832 |
-BDEPEND="virtual/pkgconfig" |
833 |
- |
834 |
-DEPEND="${CDEPEND} |
835 |
- python? ( dev-lang/swig ) |
836 |
- test? ( |
837 |
- net-dns/ldns-utils[examples] |
838 |
- dev-util/splint |
839 |
- app-text/wdiff |
840 |
- ) |
841 |
- systemd? ( sys-apps/systemd )" |
842 |
- |
843 |
-RDEPEND="${CDEPEND} |
844 |
- net-dns/dnssec-root |
845 |
- selinux? ( sec-policy/selinux-bind )" |
846 |
- |
847 |
-# bug #347415 |
848 |
-RDEPEND="${RDEPEND} |
849 |
- net-dns/dnssec-root" |
850 |
- |
851 |
-PATCHES=( |
852 |
- "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
853 |
- "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
854 |
-) |
855 |
- |
856 |
-S=${WORKDIR}/${MY_P} |
857 |
- |
858 |
-pkg_setup() { |
859 |
- enewgroup unbound |
860 |
- enewuser unbound -1 -1 /etc/unbound unbound |
861 |
- # improve security on existing installs (bug #641042) |
862 |
- # as well as new installs where unbound homedir has just been created |
863 |
- if [[ -d "${ROOT}/etc/unbound" ]]; then |
864 |
- chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" |
865 |
- fi |
866 |
- |
867 |
- use python && python-single-r1_pkg_setup |
868 |
-} |
869 |
- |
870 |
-src_prepare() { |
871 |
- default |
872 |
- |
873 |
- eautoreconf |
874 |
- |
875 |
- # required for the python part |
876 |
- multilib_copy_sources |
877 |
-} |
878 |
- |
879 |
-src_configure() { |
880 |
- [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
881 |
- multilib-minimal_src_configure |
882 |
-} |
883 |
- |
884 |
-multilib_src_configure() { |
885 |
- econf \ |
886 |
- $(use_enable debug) \ |
887 |
- $(use_enable gost) \ |
888 |
- $(use_enable dnscrypt) \ |
889 |
- $(use_enable dnstap) \ |
890 |
- $(use_enable ecdsa) \ |
891 |
- $(use_enable ecs subnet) \ |
892 |
- $(multilib_native_use_enable redis cachedb) \ |
893 |
- $(use_enable static-libs static) \ |
894 |
- $(use_enable systemd) \ |
895 |
- $(multilib_native_use_with python pythonmodule) \ |
896 |
- $(multilib_native_use_with python pyunbound) \ |
897 |
- $(use_with threads pthreads) \ |
898 |
- --disable-flto \ |
899 |
- --disable-rpath \ |
900 |
- --enable-event-api \ |
901 |
- --enable-ipsecmod \ |
902 |
- --enable-tfo-client \ |
903 |
- --enable-tfo-server \ |
904 |
- --with-libevent="${EPREFIX%/}"/usr \ |
905 |
- $(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \ |
906 |
- --with-pidfile="${EPREFIX%/}"/run/unbound.pid \ |
907 |
- --with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \ |
908 |
- --with-ssl="${EPREFIX%/}"/usr \ |
909 |
- --with-libexpat="${EPREFIX%/}"/usr |
910 |
- |
911 |
- # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
912 |
- # $(use_enable debug lock-checks) \ |
913 |
- # $(use_enable debug alloc-checks) \ |
914 |
- # $(use_enable debug alloc-lite) \ |
915 |
- # $(use_enable debug alloc-nonregional) \ |
916 |
-} |
917 |
- |
918 |
-multilib_src_install_all() { |
919 |
- use python && python_optimize |
920 |
- |
921 |
- newinitd "${FILESDIR}"/unbound-r1.initd unbound |
922 |
- newconfd "${FILESDIR}"/unbound-r1.confd unbound |
923 |
- |
924 |
- systemd_dounit "${FILESDIR}"/unbound.service |
925 |
- systemd_dounit "${FILESDIR}"/unbound.socket |
926 |
- systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
927 |
- systemd_dounit "${FILESDIR}"/unbound-anchor.service |
928 |
- |
929 |
- dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
930 |
- |
931 |
- # bug #315519 |
932 |
- dodoc contrib/unbound_munin_ |
933 |
- |
934 |
- docinto selinux |
935 |
- dodoc contrib/selinux/* |
936 |
- |
937 |
- exeinto /usr/share/${PN} |
938 |
- doexe contrib/update-anchor.sh |
939 |
- |
940 |
- # create space for auto-trust-anchor-file... |
941 |
- keepdir /etc/unbound/var |
942 |
- # ... and point example config to it |
943 |
- sed -i \ |
944 |
- -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
945 |
- "${ED%/}/etc/unbound/unbound.conf" || \ |
946 |
- die |
947 |
- |
948 |
- # Used to store cache data |
949 |
- keepdir /var/lib/${PN} |
950 |
- fowners root:unbound /var/lib/${PN} |
951 |
- fperms 0750 /var/lib/${PN} |
952 |
- |
953 |
- find "${ED}" -name '*.la' -delete || die |
954 |
- if ! use static-libs ; then |
955 |
- find "${ED}" -name "*.a" -delete || die |
956 |
- fi |
957 |
-} |
958 |
- |
959 |
-pkg_postinst() { |
960 |
- # make var/ writable by unbound |
961 |
- if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then |
962 |
- chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var" |
963 |
- fi |
964 |
- |
965 |
- einfo "" |
966 |
- einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
967 |
- einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf" |
968 |
- einfo "and run" |
969 |
- einfo "" |
970 |
- einfo " su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound" |
971 |
- einfo "" |
972 |
- einfo "as root to create it initially before starting unbound for the first time after enabling this." |
973 |
- einfo "" |
974 |
-} |