Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Christian Ruppert (idl0r)" <idl0r@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-dns/bind: ChangeLog bind-9.8.3_p1.ebuild bind-9.9.1_p1.ebuild bind-9.9.1.ebuild bind-9.7.6.ebuild bind-9.8.3.ebuild bind-9.7.4_p1.ebuild
Date: Mon, 04 Jun 2012 17:02:37
Message-Id: 20120604170225.869852004B@flycatcher.gentoo.org
1 idl0r 12/06/04 17:02:25
2
3 Modified: ChangeLog
4 Added: bind-9.8.3_p1.ebuild bind-9.9.1_p1.ebuild
5 Removed: bind-9.9.1.ebuild bind-9.7.6.ebuild
6 bind-9.8.3.ebuild bind-9.7.4_p1.ebuild
7 Log:
8 Version bumps, CVE-2012-1667. Remove old versions
9
10 (Portage version: 2.2.0_alpha109/cvs/Linux x86_64)
11
12 Revision Changes Path
13 1.387 net-dns/bind/ChangeLog
14
15 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.387&view=markup
16 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.387&content-type=text/plain
17 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?r1=1.386&r2=1.387
18
19 Index: ChangeLog
20 ===================================================================
21 RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v
22 retrieving revision 1.386
23 retrieving revision 1.387
24 diff -u -r1.386 -r1.387
25 --- ChangeLog 29 May 2012 10:37:50 -0000 1.386
26 +++ ChangeLog 4 Jun 2012 17:02:25 -0000 1.387
27 @@ -1,6 +1,14 @@
28 # ChangeLog for net-dns/bind
29 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
30 -# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.386 2012/05/29 10:37:50 idl0r Exp $
31 +# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.387 2012/06/04 17:02:25 idl0r Exp $
32 +
33 +*bind-9.9.1_p1 (04 Jun 2012)
34 +*bind-9.8.3_p1 (04 Jun 2012)
35 +
36 + 04 Jun 2012; Christian Ruppert <idl0r@g.o> -bind-9.7.4_p1.ebuild,
37 + -bind-9.7.6.ebuild, -bind-9.8.3.ebuild, +bind-9.8.3_p1.ebuild,
38 + -bind-9.9.1.ebuild, +bind-9.9.1_p1.ebuild:
39 + Version bumps, CVE-2012-1667. Remove old versions
40
41 29 May 2012; Christian Ruppert <idl0r@g.o> files/named.cache:
42 Update named.cache
43
44
45
46 1.1 net-dns/bind/bind-9.8.3_p1.ebuild
47
48 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.3_p1.ebuild?rev=1.1&view=markup
49 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.3_p1.ebuild?rev=1.1&content-type=text/plain
50
51 Index: bind-9.8.3_p1.ebuild
52 ===================================================================
53 # Copyright 1999-2012 Gentoo Foundation
54 # Distributed under the terms of the GNU General Public License v2
55 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.8.3_p1.ebuild,v 1.1 2012/06/04 17:02:25 idl0r Exp $
56
57 # Re dlz/mysql and threads, needs to be verified..
58 # MySQL uses thread local storage in its C api. Thus MySQL
59 # requires that each thread of an application execute a MySQL
60 # thread initialization to setup the thread local storage.
61 # This is impossible to do safely while staying within the DLZ
62 # driver API. This is a limitation caused by MySQL, and not the DLZ API.
63 # Because of this BIND MUST only run with a single thread when
64 # using the MySQL driver.
65
66 EAPI="4"
67
68 inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use
69
70 MY_PV="${PV/_p/-P}"
71 MY_PV="${MY_PV/_rc/rc}"
72 MY_P="${PN}-${MY_PV}"
73
74 SDB_LDAP_VER="1.1.0-fc14"
75
76 # bind-9.8.0-P1-geoip-1.3.patch
77 GEOIP_PV=1.3
78 #GEOIP_PV_AGAINST="${MY_PV}"
79 GEOIP_PV_AGAINST="9.8.3"
80 GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}"
81 GEOIP_PATCH_A="${GEOIP_P}.patch"
82 GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
83 GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
84
85 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
86 HOMEPAGE="http://www.isc.org/software/bind"
87 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
88 doc? ( mirror://gentoo/dyndns-samples.tbz2 )
89 geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
90 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
91 sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )"
92
93 LICENSE="as-is"
94 SLOT="0"
95 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
96 IUSE="berkdb caps dlz doc geoip gost gssapi idn ipv6 ldap mysql odbc postgres rpz sdb-ldap
97 selinux ssl static-libs threads urandom xml"
98 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
99
100 REQUIRED_USE="postgres? ( dlz )
101 berkdb? ( dlz )
102 mysql? ( dlz !threads )
103 odbc? ( dlz )
104 ldap? ( dlz )
105 sdb-ldap? ( dlz )
106 gost? ( ssl )
107 threads? ( caps )"
108
109 DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
110 mysql? ( >=virtual/mysql-4.0 )
111 odbc? ( >=dev-db/unixODBC-2.2.6 )
112 ldap? ( net-nds/openldap )
113 idn? ( net-dns/idnkit )
114 postgres? ( dev-db/postgresql-base )
115 caps? ( >=sys-libs/libcap-2.1.0 )
116 xml? ( dev-libs/libxml2 )
117 geoip? ( >=dev-libs/geoip-1.4.6 )
118 gssapi? ( virtual/krb5 )
119 sdb-ldap? ( net-nds/openldap )
120 gost? ( >=dev-libs/openssl-1.0.0 )"
121
122 RDEPEND="${DEPEND}
123 selinux? ( sec-policy/selinux-bind )
124 || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
125
126 S="${WORKDIR}/${MY_P}"
127
128 pkg_setup() {
129 ebegin "Creating named group and user"
130 enewgroup named 40
131 enewuser named 40 -1 /etc/bind named
132 eend ${?}
133 }
134
135 src_prepare() {
136 # Adjusting PATHs in manpages
137 for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
138 sed -i \
139 -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
140 -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
141 -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
142 "${i}" || die "sed failed, ${i} doesn't exist"
143 done
144
145 if use dlz; then
146 # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
147 # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
148 if use mysql && has_version ">=dev-db/mysql-5"; then
149 epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
150 fi
151
152 if use odbc; then
153 epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch"
154 fi
155
156 # sdb-ldap patch as per bug #160567
157 # Upstream URL: http://bind9-ldap.bayour.com/
158 # New patch take from bug 302735
159 if use sdb-ldap; then
160 epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
161 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
162 cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
163 cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
164 fi
165 fi
166
167 # should be installed by bind-tools
168 sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
169
170 if use geoip; then
171 cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
172 sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
173 -e 's:RELEASEVER=:RELEASEVER=1:' \
174 ${GEOIP_PATCH_A} || die
175 epatch ${GEOIP_PATCH_A}
176 fi
177
178 # bug #220361
179 rm {aclocal,libtool}.m4
180 eautoreconf
181 }
182
183 src_configure() {
184 local myconf=""
185
186 if use urandom; then
187 myconf="${myconf} --with-randomdev=/dev/urandom"
188 else
189 myconf="${myconf} --with-randomdev=/dev/random"
190 fi
191
192 use geoip && myconf="${myconf} --with-geoip"
193
194 # bug #158664
195 # gcc-specs-ssp && replace-flags -O[23s] -O
196
197 # To include db.h from proper path
198 use berkdb && append-flags "-I$(db_includedir)"
199
200 export BUILD_CC=$(tc-getBUILD_CC)
201 econf \
202 --sysconfdir=/etc/bind \
203 --localstatedir=/var \
204 --with-libtool \
205 $(use_enable threads) \
206 $(use_with dlz dlopen) \
207 $(use_with dlz dlz-filesystem) \
208 $(use_with dlz dlz-stub) \
209 $(use_with postgres dlz-postgres) \
210 $(use_with mysql dlz-mysql) \
211 $(use_with berkdb dlz-bdb) \
212 $(use_with ldap dlz-ldap) \
213 $(use_with odbc dlz-odbc) \
214 $(use_with ssl openssl) \
215 $(use_with idn) \
216 $(use_enable ipv6) \
217 $(use_with xml libxml2) \
218 $(use_with gssapi) \
219 $(use_enable rpz rpz-nsip) \
220 $(use_enable rpz rpz-nsdname) \
221 $(use_enable caps linux-caps) \
222 $(use_with gost) \
223 ${myconf}
224
225 # bug #151839
226 echo '#undef SO_BSDCOMPAT' >> config.h
227 }
228
229 src_install() {
230 emake DESTDIR="${D}" install
231
232 dodoc CHANGES FAQ README
233
234 if use idn; then
235 dodoc contrib/idn/README.idnkit
236 fi
237
238 if use doc; then
239 dodoc doc/arm/Bv9ARM.pdf
240
241 docinto misc
242 dodoc doc/misc/*
243
244 # might a 'html' useflag make sense?
245 docinto html
246 dohtml -r doc/arm/*
247
248 docinto contrib
249 dodoc contrib/named-bootconf/named-bootconf.sh \
250 contrib/nanny/nanny.pl
251
252 # some handy-dandy dynamic dns examples
253 cd "${D}"/usr/share/doc/${PF}
254 tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
255 fi
256
257 use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
258
259 insinto /etc/bind
260 newins "${FILESDIR}"/named.conf-r5 named.conf
261
262 # ftp://ftp.rs.internic.net/domain/named.cache:
263 insinto /var/bind
264 doins "${FILESDIR}"/named.cache
265
266 insinto /var/bind/pri
267 newins "${FILESDIR}"/127.zone-r1 127.zone
268 newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
269
270 newinitd "${FILESDIR}"/named.init-r11 named
271 newconfd "${FILESDIR}"/named.confd-r6 named
272
273 if use gost; then
274 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
275 else
276 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
277 fi
278
279 newenvd "${FILESDIR}"/10bind.env 10bind
280
281 # Let's get rid of those tools and their manpages since they're provided by bind-tools
282 rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
283 rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
284 rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
285 rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
286
287 # bug 405251, library archives aren't properly handled by --enable/disable-static
288 if ! use static-libs; then
289 find "${D}" -type f -name '*.la' -delete || die
290 fi
291
292 dosym /var/bind/named.cache /var/bind/root.cache
293 dosym /var/bind/pri /etc/bind/pri
294 dosym /var/bind/sec /etc/bind/sec
295 dosym /var/bind/dyn /etc/bind/dyn
296 keepdir /var/bind/{pri,sec,dyn}
297
298 dodir /var/{run,log}/named
299
300 fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
301 fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
302 fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
303 fperms 0750 /etc/bind /var/bind/pri
304 fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
305 }
306
307 pkg_postinst() {
308 if [ ! -f '/etc/bind/rndc.key' ]; then
309 if use urandom; then
310 einfo "Using /dev/urandom for generating rndc.key"
311 /usr/sbin/rndc-confgen -r /dev/urandom -a
312 echo
313 else
314 einfo "Using /dev/random for generating rndc.key"
315 /usr/sbin/rndc-confgen -a
316 echo
317 fi
318 chown root:named /etc/bind/rndc.key
319 chmod 0640 /etc/bind/rndc.key
320 fi
321
322 einfo
323 einfo "You can edit /etc/conf.d/named to customize named settings"
324 einfo
325 use mysql || use postgres || use ldap && {
326 elog "If your named depends on MySQL/PostgreSQL or LDAP,"
327 elog "uncomment the specified rc_named_* lines in your"
328 elog "/etc/conf.d/named config to ensure they'll start before bind"
329 einfo
330 }
331 einfo "If you'd like to run bind in a chroot AND this is a new"
332 einfo "install OR your bind doesn't already run in a chroot:"
333 einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
334 einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
335 einfo
336
337 CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
338 if [[ -n ${CHROOT} ]]; then
339 elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
340 elog "To enable the old behaviour (without using mount) uncomment the"
341 elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
342 elog "If you decide to use the new/default method, ensure to make backup"
343 elog "first and merge your existing configs/zones to /etc/bind and"
344 elog "/var/bind because bind will now mount the needed directories into"
345 elog "the chroot dir."
346 fi
347
348 ewarn
349 ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
350 ewarn "you may need to fix your named.conf!"
351 ewarn
352 ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
353 ewarn "To fix the permissions do:"
354 ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
355 ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
356 ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
357 ewarn "chmod 0750 /etc/bind /var/bind/pri"
358 ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
359 ewarn
360 }
361
362 pkg_config() {
363 CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
364 CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
365 CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
366
367 if [[ -z "${CHROOT}" ]]; then
368 eerror "This config script is designed to automate setting up"
369 eerror "a chrooted bind/named. To do so, please first uncomment"
370 eerror "and set the CHROOT variable in '/etc/conf.d/named'."
371 die "Unset CHROOT"
372 fi
373 if [[ -d "${CHROOT}" ]]; then
374 ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
375 ewarn "To enable the old behaviour (without using mount) uncomment the"
376 ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
377 ewarn
378 ewarn "${CHROOT} already exists... some things might become overridden"
379 ewarn "press CTRL+C if you don't want to continue"
380 sleep 10
381 fi
382
383 echo; einfo "Setting up the chroot directory..."
384
385 mkdir -m 0750 -p ${CHROOT}
386 mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
387 mkdir -m 0750 -p ${CHROOT}/etc/bind
388 mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
389 # As of bind 9.8.0
390 if has_version net-dns/bind[gost]; then
391 if [ "$(get_libdir)" = "lib64" ]; then
392 mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
393 ln -s lib64 ${CHROOT}/usr/lib
394 else
395 mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
396 fi
397 fi
398 chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
399
400 mknod ${CHROOT}/dev/null c 1 3
401 chmod 0666 ${CHROOT}/dev/null
402
403 mknod ${CHROOT}/dev/zero c 1 5
404 chmod 0666 ${CHROOT}/dev/zero
405
406 if use urandom; then
407 mknod ${CHROOT}/dev/urandom c 1 9
408 chmod 0666 ${CHROOT}/dev/urandom
409 else
410 mknod ${CHROOT}/dev/random c 1 8
411 chmod 0666 ${CHROOT}/dev/random
412 fi
413
414 if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
415 cp -a /etc/bind ${CHROOT}/etc/
416 cp -a /var/bind ${CHROOT}/var/
417 fi
418
419 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
420 mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
421 fi
422
423 elog "You may need to add the following line to your syslog-ng.conf:"
424 elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
425 }
426
427
428
429 1.1 net-dns/bind/bind-9.9.1_p1.ebuild
430
431 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.1_p1.ebuild?rev=1.1&view=markup
432 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.1_p1.ebuild?rev=1.1&content-type=text/plain
433
434 Index: bind-9.9.1_p1.ebuild
435 ===================================================================
436 # Copyright 1999-2012 Gentoo Foundation
437 # Distributed under the terms of the GNU General Public License v2
438 # $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.1_p1.ebuild,v 1.1 2012/06/04 17:02:25 idl0r Exp $
439
440 # Re dlz/mysql and threads, needs to be verified..
441 # MySQL uses thread local storage in its C api. Thus MySQL
442 # requires that each thread of an application execute a MySQL
443 # thread initialization to setup the thread local storage.
444 # This is impossible to do safely while staying within the DLZ
445 # driver API. This is a limitation caused by MySQL, and not the DLZ API.
446 # Because of this BIND MUST only run with a single thread when
447 # using the MySQL driver.
448
449 EAPI="4"
450
451 inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use
452
453 MY_PV="${PV/_p/-P}"
454 MY_PV="${MY_PV/_rc/rc}"
455 MY_P="${PN}-${MY_PV}"
456
457 SDB_LDAP_VER="1.1.0-fc14"
458
459 # bind-9.8.0-P1-geoip-1.3.patch
460 GEOIP_PV=1.3
461 #GEOIP_PV_AGAINST="${MY_PV}"
462 GEOIP_PV_AGAINST="9.9.1"
463 GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}"
464 GEOIP_PATCH_A="${GEOIP_P}.patch"
465 GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
466 GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
467
468 DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
469 HOMEPAGE="http://www.isc.org/software/bind"
470 SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
471 doc? ( mirror://gentoo/dyndns-samples.tbz2 )
472 geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
473 ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
474 sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )"
475
476 LICENSE="as-is"
477 SLOT="0"
478 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
479 IUSE="berkdb caps dlz doc geoip gost gssapi idn ipv6 ldap mysql odbc postgres rpz sdb-ldap
480 selinux ssl static-libs threads urandom xml"
481 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
482
483 REQUIRED_USE="postgres? ( dlz )
484 berkdb? ( dlz )
485 mysql? ( dlz !threads )
486 odbc? ( dlz )
487 ldap? ( dlz )
488 sdb-ldap? ( dlz )
489 gost? ( ssl )
490 threads? ( caps )"
491
492 DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
493 mysql? ( >=virtual/mysql-4.0 )
494 odbc? ( >=dev-db/unixODBC-2.2.6 )
495 ldap? ( net-nds/openldap )
496 idn? ( net-dns/idnkit )
497 postgres? ( dev-db/postgresql-base )
498 caps? ( >=sys-libs/libcap-2.1.0 )
499 xml? ( dev-libs/libxml2 )
500 geoip? ( >=dev-libs/geoip-1.4.6 )
501 gssapi? ( virtual/krb5 )
502 sdb-ldap? ( net-nds/openldap )
503 gost? ( >=dev-libs/openssl-1.0.0 )"
504
505 RDEPEND="${DEPEND}
506 selinux? ( sec-policy/selinux-bind )
507 || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
508
509 S="${WORKDIR}/${MY_P}"
510
511 pkg_setup() {
512 ebegin "Creating named group and user"
513 enewgroup named 40
514 enewuser named 40 -1 /etc/bind named
515 eend ${?}
516 }
517
518 src_prepare() {
519 # Adjusting PATHs in manpages
520 for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
521 sed -i \
522 -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
523 -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
524 -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
525 "${i}" || die "sed failed, ${i} doesn't exist"
526 done
527
528 if use dlz; then
529 # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
530 # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
531 if use mysql && has_version ">=dev-db/mysql-5"; then
532 epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
533 fi
534
535 if use odbc; then
536 epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch"
537 fi
538
539 # sdb-ldap patch as per bug #160567
540 # Upstream URL: http://bind9-ldap.bayour.com/
541 # New patch take from bug 302735
542 if use sdb-ldap; then
543 epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
544 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
545 cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
546 cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
547 fi
548 fi
549
550 # should be installed by bind-tools
551 sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die
552
553 if use geoip; then
554 cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
555 sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \
556 -e 's:RELEASEVER=:RELEASEVER=1:' \
557 ${GEOIP_PATCH_A} || die
558 epatch ${GEOIP_PATCH_A}
559 fi
560
561 # bug #220361
562 rm {aclocal,libtool}.m4
563 eautoreconf
564 }
565
566 src_configure() {
567 local myconf=""
568
569 if use urandom; then
570 myconf="${myconf} --with-randomdev=/dev/urandom"
571 else
572 myconf="${myconf} --with-randomdev=/dev/random"
573 fi
574
575 use geoip && myconf="${myconf} --with-geoip"
576
577 # bug #158664
578 # gcc-specs-ssp && replace-flags -O[23s] -O
579
580 # To include db.h from proper path
581 use berkdb && append-flags "-I$(db_includedir)"
582
583 export BUILD_CC=$(tc-getBUILD_CC)
584 econf \
585 --sysconfdir=/etc/bind \
586 --localstatedir=/var \
587 --with-libtool \
588 $(use_enable threads) \
589 $(use_with dlz dlopen) \
590 $(use_with dlz dlz-filesystem) \
591 $(use_with dlz dlz-stub) \
592 $(use_with postgres dlz-postgres) \
593 $(use_with mysql dlz-mysql) \
594 $(use_with berkdb dlz-bdb) \
595 $(use_with ldap dlz-ldap) \
596 $(use_with odbc dlz-odbc) \
597 $(use_with ssl openssl) \
598 $(use_with idn) \
599 $(use_enable ipv6) \
600 $(use_with xml libxml2) \
601 $(use_with gssapi) \
602 $(use_enable rpz rpz-nsip) \
603 $(use_enable rpz rpz-nsdname) \
604 $(use_enable caps linux-caps) \
605 $(use_with gost) \
606 --without-readline \
607 ${myconf}
608
609 # $(use_enable static-libs static) \
610
611 # bug #151839
612 echo '#undef SO_BSDCOMPAT' >> config.h
613 }
614
615 src_install() {
616 emake DESTDIR="${D}" install
617
618 dodoc CHANGES FAQ README
619
620 if use idn; then
621 dodoc contrib/idn/README.idnkit
622 fi
623
624 if use doc; then
625 dodoc doc/arm/Bv9ARM.pdf
626
627 docinto misc
628 dodoc doc/misc/*
629
630 # might a 'html' useflag make sense?
631 docinto html
632 dohtml -r doc/arm/*
633
634 docinto contrib
635 dodoc contrib/named-bootconf/named-bootconf.sh \
636 contrib/nanny/nanny.pl
637
638 # some handy-dandy dynamic dns examples
639 cd "${D}"/usr/share/doc/${PF}
640 tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
641 fi
642
643 use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
644
645 insinto /etc/bind
646 newins "${FILESDIR}"/named.conf-r5 named.conf
647
648 # ftp://ftp.rs.internic.net/domain/named.cache:
649 insinto /var/bind
650 doins "${FILESDIR}"/named.cache
651
652 insinto /var/bind/pri
653 newins "${FILESDIR}"/127.zone-r1 127.zone
654 newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
655
656 newinitd "${FILESDIR}"/named.init-r11 named
657 newconfd "${FILESDIR}"/named.confd-r6 named
658
659 if use gost; then
660 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
661 else
662 sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
663 fi
664
665 newenvd "${FILESDIR}"/10bind.env 10bind
666
667 # Let's get rid of those tools and their manpages since they're provided by bind-tools
668 rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
669 rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
670 rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
671 rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
672
673 # bug 405251, library archives aren't properly handled by --enable/disable-static
674 if ! use static-libs; then
675 find "${D}" -type f -name '*.la' -delete || die
676 fi
677
678 dosym /var/bind/named.cache /var/bind/root.cache
679 dosym /var/bind/pri /etc/bind/pri
680 dosym /var/bind/sec /etc/bind/sec
681 dosym /var/bind/dyn /etc/bind/dyn
682 keepdir /var/bind/{pri,sec,dyn}
683
684 dodir /var/{run,log}/named
685
686 fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
687 fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
688 fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
689 fperms 0750 /etc/bind /var/bind/pri
690 fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
691 }
692
693 pkg_postinst() {
694 if [ ! -f '/etc/bind/rndc.key' ]; then
695 if use urandom; then
696 einfo "Using /dev/urandom for generating rndc.key"
697 /usr/sbin/rndc-confgen -r /dev/urandom -a
698 echo
699 else
700 einfo "Using /dev/random for generating rndc.key"
701 /usr/sbin/rndc-confgen -a
702 echo
703 fi
704 chown root:named /etc/bind/rndc.key
705 chmod 0640 /etc/bind/rndc.key
706 fi
707
708 einfo
709 einfo "You can edit /etc/conf.d/named to customize named settings"
710 einfo
711 use mysql || use postgres || use ldap && {
712 elog "If your named depends on MySQL/PostgreSQL or LDAP,"
713 elog "uncomment the specified rc_named_* lines in your"
714 elog "/etc/conf.d/named config to ensure they'll start before bind"
715 einfo
716 }
717 einfo "If you'd like to run bind in a chroot AND this is a new"
718 einfo "install OR your bind doesn't already run in a chroot:"
719 einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
720 einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
721 einfo
722
723 CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
724 if [[ -n ${CHROOT} ]]; then
725 elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
726 elog "To enable the old behaviour (without using mount) uncomment the"
727 elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
728 elog "If you decide to use the new/default method, ensure to make backup"
729 elog "first and merge your existing configs/zones to /etc/bind and"
730 elog "/var/bind because bind will now mount the needed directories into"
731 elog "the chroot dir."
732 fi
733
734 ewarn
735 ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
736 ewarn "you may need to fix your named.conf!"
737 ewarn
738 ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
739 ewarn "To fix the permissions do:"
740 ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
741 ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
742 ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
743 ewarn "chmod 0750 /etc/bind /var/bind/pri"
744 ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
745 ewarn
746 }
747
748 pkg_config() {
749 CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
750 CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
751 CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
752
753 if [[ -z "${CHROOT}" ]]; then
754 eerror "This config script is designed to automate setting up"
755 eerror "a chrooted bind/named. To do so, please first uncomment"
756 eerror "and set the CHROOT variable in '/etc/conf.d/named'."
757 die "Unset CHROOT"
758 fi
759 if [[ -d "${CHROOT}" ]]; then
760 ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
761 ewarn "To enable the old behaviour (without using mount) uncomment the"
762 ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
763 ewarn
764 ewarn "${CHROOT} already exists... some things might become overridden"
765 ewarn "press CTRL+C if you don't want to continue"
766 sleep 10
767 fi
768
769 echo; einfo "Setting up the chroot directory..."
770
771 mkdir -m 0750 -p ${CHROOT}
772 mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
773 mkdir -m 0750 -p ${CHROOT}/etc/bind
774 mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
775 # As of bind 9.8.0
776 if has_version net-dns/bind[gost]; then
777 if [ "$(get_libdir)" = "lib64" ]; then
778 mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
779 ln -s lib64 ${CHROOT}/usr/lib
780 else
781 mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
782 fi
783 fi
784 chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
785
786 mknod ${CHROOT}/dev/null c 1 3
787 chmod 0666 ${CHROOT}/dev/null
788
789 mknod ${CHROOT}/dev/zero c 1 5
790 chmod 0666 ${CHROOT}/dev/zero
791
792 if use urandom; then
793 mknod ${CHROOT}/dev/urandom c 1 9
794 chmod 0666 ${CHROOT}/dev/urandom
795 else
796 mknod ${CHROOT}/dev/random c 1 8
797 chmod 0666 ${CHROOT}/dev/random
798 fi
799
800 if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
801 cp -a /etc/bind ${CHROOT}/etc/
802 cp -a /var/bind ${CHROOT}/var/
803 fi
804
805 if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
806 mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
807 fi
808
809 elog "You may need to add the following line to your syslog-ng.conf:"
810 elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
811 }
Report Message
Find on MARC Find on Google Groups