1 |
idl0r 12/06/04 17:02:25 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: bind-9.8.3_p1.ebuild bind-9.9.1_p1.ebuild |
5 |
Removed: bind-9.9.1.ebuild bind-9.7.6.ebuild |
6 |
bind-9.8.3.ebuild bind-9.7.4_p1.ebuild |
7 |
Log: |
8 |
Version bumps, CVE-2012-1667. Remove old versions |
9 |
|
10 |
(Portage version: 2.2.0_alpha109/cvs/Linux x86_64) |
11 |
|
12 |
Revision Changes Path |
13 |
1.387 net-dns/bind/ChangeLog |
14 |
|
15 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.387&view=markup |
16 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?rev=1.387&content-type=text/plain |
17 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/ChangeLog?r1=1.386&r2=1.387 |
18 |
|
19 |
Index: ChangeLog |
20 |
=================================================================== |
21 |
RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v |
22 |
retrieving revision 1.386 |
23 |
retrieving revision 1.387 |
24 |
diff -u -r1.386 -r1.387 |
25 |
--- ChangeLog 29 May 2012 10:37:50 -0000 1.386 |
26 |
+++ ChangeLog 4 Jun 2012 17:02:25 -0000 1.387 |
27 |
@@ -1,6 +1,14 @@ |
28 |
# ChangeLog for net-dns/bind |
29 |
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 |
30 |
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.386 2012/05/29 10:37:50 idl0r Exp $ |
31 |
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.387 2012/06/04 17:02:25 idl0r Exp $ |
32 |
+ |
33 |
+*bind-9.9.1_p1 (04 Jun 2012) |
34 |
+*bind-9.8.3_p1 (04 Jun 2012) |
35 |
+ |
36 |
+ 04 Jun 2012; Christian Ruppert <idl0r@g.o> -bind-9.7.4_p1.ebuild, |
37 |
+ -bind-9.7.6.ebuild, -bind-9.8.3.ebuild, +bind-9.8.3_p1.ebuild, |
38 |
+ -bind-9.9.1.ebuild, +bind-9.9.1_p1.ebuild: |
39 |
+ Version bumps, CVE-2012-1667. Remove old versions |
40 |
|
41 |
29 May 2012; Christian Ruppert <idl0r@g.o> files/named.cache: |
42 |
Update named.cache |
43 |
|
44 |
|
45 |
|
46 |
1.1 net-dns/bind/bind-9.8.3_p1.ebuild |
47 |
|
48 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.3_p1.ebuild?rev=1.1&view=markup |
49 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.8.3_p1.ebuild?rev=1.1&content-type=text/plain |
50 |
|
51 |
Index: bind-9.8.3_p1.ebuild |
52 |
=================================================================== |
53 |
# Copyright 1999-2012 Gentoo Foundation |
54 |
# Distributed under the terms of the GNU General Public License v2 |
55 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.8.3_p1.ebuild,v 1.1 2012/06/04 17:02:25 idl0r Exp $ |
56 |
|
57 |
# Re dlz/mysql and threads, needs to be verified.. |
58 |
# MySQL uses thread local storage in its C api. Thus MySQL |
59 |
# requires that each thread of an application execute a MySQL |
60 |
# thread initialization to setup the thread local storage. |
61 |
# This is impossible to do safely while staying within the DLZ |
62 |
# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
63 |
# Because of this BIND MUST only run with a single thread when |
64 |
# using the MySQL driver. |
65 |
|
66 |
EAPI="4" |
67 |
|
68 |
inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use |
69 |
|
70 |
MY_PV="${PV/_p/-P}" |
71 |
MY_PV="${MY_PV/_rc/rc}" |
72 |
MY_P="${PN}-${MY_PV}" |
73 |
|
74 |
SDB_LDAP_VER="1.1.0-fc14" |
75 |
|
76 |
# bind-9.8.0-P1-geoip-1.3.patch |
77 |
GEOIP_PV=1.3 |
78 |
#GEOIP_PV_AGAINST="${MY_PV}" |
79 |
GEOIP_PV_AGAINST="9.8.3" |
80 |
GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}" |
81 |
GEOIP_PATCH_A="${GEOIP_P}.patch" |
82 |
GEOIP_DOC_A="bind-geoip-1.3-readme.txt" |
83 |
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/" |
84 |
|
85 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
86 |
HOMEPAGE="http://www.isc.org/software/bind" |
87 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
88 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 ) |
89 |
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A} |
90 |
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} ) |
91 |
sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )" |
92 |
|
93 |
LICENSE="as-is" |
94 |
SLOT="0" |
95 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" |
96 |
IUSE="berkdb caps dlz doc geoip gost gssapi idn ipv6 ldap mysql odbc postgres rpz sdb-ldap |
97 |
selinux ssl static-libs threads urandom xml" |
98 |
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
99 |
|
100 |
REQUIRED_USE="postgres? ( dlz ) |
101 |
berkdb? ( dlz ) |
102 |
mysql? ( dlz !threads ) |
103 |
odbc? ( dlz ) |
104 |
ldap? ( dlz ) |
105 |
sdb-ldap? ( dlz ) |
106 |
gost? ( ssl ) |
107 |
threads? ( caps )" |
108 |
|
109 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
110 |
mysql? ( >=virtual/mysql-4.0 ) |
111 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
112 |
ldap? ( net-nds/openldap ) |
113 |
idn? ( net-dns/idnkit ) |
114 |
postgres? ( dev-db/postgresql-base ) |
115 |
caps? ( >=sys-libs/libcap-2.1.0 ) |
116 |
xml? ( dev-libs/libxml2 ) |
117 |
geoip? ( >=dev-libs/geoip-1.4.6 ) |
118 |
gssapi? ( virtual/krb5 ) |
119 |
sdb-ldap? ( net-nds/openldap ) |
120 |
gost? ( >=dev-libs/openssl-1.0.0 )" |
121 |
|
122 |
RDEPEND="${DEPEND} |
123 |
selinux? ( sec-policy/selinux-bind ) |
124 |
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
125 |
|
126 |
S="${WORKDIR}/${MY_P}" |
127 |
|
128 |
pkg_setup() { |
129 |
ebegin "Creating named group and user" |
130 |
enewgroup named 40 |
131 |
enewuser named 40 -1 /etc/bind named |
132 |
eend ${?} |
133 |
} |
134 |
|
135 |
src_prepare() { |
136 |
# Adjusting PATHs in manpages |
137 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
138 |
sed -i \ |
139 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
140 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
141 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
142 |
"${i}" || die "sed failed, ${i} doesn't exist" |
143 |
done |
144 |
|
145 |
if use dlz; then |
146 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
147 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
148 |
if use mysql && has_version ">=dev-db/mysql-5"; then |
149 |
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
150 |
fi |
151 |
|
152 |
if use odbc; then |
153 |
epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch" |
154 |
fi |
155 |
|
156 |
# sdb-ldap patch as per bug #160567 |
157 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
158 |
# New patch take from bug 302735 |
159 |
if use sdb-ldap; then |
160 |
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
161 |
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
162 |
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
163 |
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
164 |
fi |
165 |
fi |
166 |
|
167 |
# should be installed by bind-tools |
168 |
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die |
169 |
|
170 |
if use geoip; then |
171 |
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die |
172 |
sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
173 |
-e 's:RELEASEVER=:RELEASEVER=1:' \ |
174 |
${GEOIP_PATCH_A} || die |
175 |
epatch ${GEOIP_PATCH_A} |
176 |
fi |
177 |
|
178 |
# bug #220361 |
179 |
rm {aclocal,libtool}.m4 |
180 |
eautoreconf |
181 |
} |
182 |
|
183 |
src_configure() { |
184 |
local myconf="" |
185 |
|
186 |
if use urandom; then |
187 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
188 |
else |
189 |
myconf="${myconf} --with-randomdev=/dev/random" |
190 |
fi |
191 |
|
192 |
use geoip && myconf="${myconf} --with-geoip" |
193 |
|
194 |
# bug #158664 |
195 |
# gcc-specs-ssp && replace-flags -O[23s] -O |
196 |
|
197 |
# To include db.h from proper path |
198 |
use berkdb && append-flags "-I$(db_includedir)" |
199 |
|
200 |
export BUILD_CC=$(tc-getBUILD_CC) |
201 |
econf \ |
202 |
--sysconfdir=/etc/bind \ |
203 |
--localstatedir=/var \ |
204 |
--with-libtool \ |
205 |
$(use_enable threads) \ |
206 |
$(use_with dlz dlopen) \ |
207 |
$(use_with dlz dlz-filesystem) \ |
208 |
$(use_with dlz dlz-stub) \ |
209 |
$(use_with postgres dlz-postgres) \ |
210 |
$(use_with mysql dlz-mysql) \ |
211 |
$(use_with berkdb dlz-bdb) \ |
212 |
$(use_with ldap dlz-ldap) \ |
213 |
$(use_with odbc dlz-odbc) \ |
214 |
$(use_with ssl openssl) \ |
215 |
$(use_with idn) \ |
216 |
$(use_enable ipv6) \ |
217 |
$(use_with xml libxml2) \ |
218 |
$(use_with gssapi) \ |
219 |
$(use_enable rpz rpz-nsip) \ |
220 |
$(use_enable rpz rpz-nsdname) \ |
221 |
$(use_enable caps linux-caps) \ |
222 |
$(use_with gost) \ |
223 |
${myconf} |
224 |
|
225 |
# bug #151839 |
226 |
echo '#undef SO_BSDCOMPAT' >> config.h |
227 |
} |
228 |
|
229 |
src_install() { |
230 |
emake DESTDIR="${D}" install |
231 |
|
232 |
dodoc CHANGES FAQ README |
233 |
|
234 |
if use idn; then |
235 |
dodoc contrib/idn/README.idnkit |
236 |
fi |
237 |
|
238 |
if use doc; then |
239 |
dodoc doc/arm/Bv9ARM.pdf |
240 |
|
241 |
docinto misc |
242 |
dodoc doc/misc/* |
243 |
|
244 |
# might a 'html' useflag make sense? |
245 |
docinto html |
246 |
dohtml -r doc/arm/* |
247 |
|
248 |
docinto contrib |
249 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
250 |
contrib/nanny/nanny.pl |
251 |
|
252 |
# some handy-dandy dynamic dns examples |
253 |
cd "${D}"/usr/share/doc/${PF} |
254 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
255 |
fi |
256 |
|
257 |
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A} |
258 |
|
259 |
insinto /etc/bind |
260 |
newins "${FILESDIR}"/named.conf-r5 named.conf |
261 |
|
262 |
# ftp://ftp.rs.internic.net/domain/named.cache: |
263 |
insinto /var/bind |
264 |
doins "${FILESDIR}"/named.cache |
265 |
|
266 |
insinto /var/bind/pri |
267 |
newins "${FILESDIR}"/127.zone-r1 127.zone |
268 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
269 |
|
270 |
newinitd "${FILESDIR}"/named.init-r11 named |
271 |
newconfd "${FILESDIR}"/named.confd-r6 named |
272 |
|
273 |
if use gost; then |
274 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
275 |
else |
276 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
277 |
fi |
278 |
|
279 |
newenvd "${FILESDIR}"/10bind.env 10bind |
280 |
|
281 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
282 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
283 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* |
284 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
285 |
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
286 |
|
287 |
# bug 405251, library archives aren't properly handled by --enable/disable-static |
288 |
if ! use static-libs; then |
289 |
find "${D}" -type f -name '*.la' -delete || die |
290 |
fi |
291 |
|
292 |
dosym /var/bind/named.cache /var/bind/root.cache |
293 |
dosym /var/bind/pri /etc/bind/pri |
294 |
dosym /var/bind/sec /etc/bind/sec |
295 |
dosym /var/bind/dyn /etc/bind/dyn |
296 |
keepdir /var/bind/{pri,sec,dyn} |
297 |
|
298 |
dodir /var/{run,log}/named |
299 |
|
300 |
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn} |
301 |
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
302 |
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
303 |
fperms 0750 /etc/bind /var/bind/pri |
304 |
fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn} |
305 |
} |
306 |
|
307 |
pkg_postinst() { |
308 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
309 |
if use urandom; then |
310 |
einfo "Using /dev/urandom for generating rndc.key" |
311 |
/usr/sbin/rndc-confgen -r /dev/urandom -a |
312 |
echo |
313 |
else |
314 |
einfo "Using /dev/random for generating rndc.key" |
315 |
/usr/sbin/rndc-confgen -a |
316 |
echo |
317 |
fi |
318 |
chown root:named /etc/bind/rndc.key |
319 |
chmod 0640 /etc/bind/rndc.key |
320 |
fi |
321 |
|
322 |
einfo |
323 |
einfo "You can edit /etc/conf.d/named to customize named settings" |
324 |
einfo |
325 |
use mysql || use postgres || use ldap && { |
326 |
elog "If your named depends on MySQL/PostgreSQL or LDAP," |
327 |
elog "uncomment the specified rc_named_* lines in your" |
328 |
elog "/etc/conf.d/named config to ensure they'll start before bind" |
329 |
einfo |
330 |
} |
331 |
einfo "If you'd like to run bind in a chroot AND this is a new" |
332 |
einfo "install OR your bind doesn't already run in a chroot:" |
333 |
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
334 |
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
335 |
einfo |
336 |
|
337 |
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
338 |
if [[ -n ${CHROOT} ]]; then |
339 |
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
340 |
elog "To enable the old behaviour (without using mount) uncomment the" |
341 |
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
342 |
elog "If you decide to use the new/default method, ensure to make backup" |
343 |
elog "first and merge your existing configs/zones to /etc/bind and" |
344 |
elog "/var/bind because bind will now mount the needed directories into" |
345 |
elog "the chroot dir." |
346 |
fi |
347 |
|
348 |
ewarn |
349 |
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache" |
350 |
ewarn "you may need to fix your named.conf!" |
351 |
ewarn |
352 |
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems" |
353 |
ewarn "To fix the permissions do:" |
354 |
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}" |
355 |
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
356 |
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
357 |
ewarn "chmod 0750 /etc/bind /var/bind/pri" |
358 |
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}" |
359 |
ewarn |
360 |
} |
361 |
|
362 |
pkg_config() { |
363 |
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
364 |
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
365 |
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
366 |
|
367 |
if [[ -z "${CHROOT}" ]]; then |
368 |
eerror "This config script is designed to automate setting up" |
369 |
eerror "a chrooted bind/named. To do so, please first uncomment" |
370 |
eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
371 |
die "Unset CHROOT" |
372 |
fi |
373 |
if [[ -d "${CHROOT}" ]]; then |
374 |
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
375 |
ewarn "To enable the old behaviour (without using mount) uncomment the" |
376 |
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
377 |
ewarn |
378 |
ewarn "${CHROOT} already exists... some things might become overridden" |
379 |
ewarn "press CTRL+C if you don't want to continue" |
380 |
sleep 10 |
381 |
fi |
382 |
|
383 |
echo; einfo "Setting up the chroot directory..." |
384 |
|
385 |
mkdir -m 0750 -p ${CHROOT} |
386 |
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} |
387 |
mkdir -m 0750 -p ${CHROOT}/etc/bind |
388 |
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} |
389 |
# As of bind 9.8.0 |
390 |
if has_version net-dns/bind[gost]; then |
391 |
if [ "$(get_libdir)" = "lib64" ]; then |
392 |
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
393 |
ln -s lib64 ${CHROOT}/usr/lib |
394 |
else |
395 |
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
396 |
fi |
397 |
fi |
398 |
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind |
399 |
|
400 |
mknod ${CHROOT}/dev/null c 1 3 |
401 |
chmod 0666 ${CHROOT}/dev/null |
402 |
|
403 |
mknod ${CHROOT}/dev/zero c 1 5 |
404 |
chmod 0666 ${CHROOT}/dev/zero |
405 |
|
406 |
if use urandom; then |
407 |
mknod ${CHROOT}/dev/urandom c 1 9 |
408 |
chmod 0666 ${CHROOT}/dev/urandom |
409 |
else |
410 |
mknod ${CHROOT}/dev/random c 1 8 |
411 |
chmod 0666 ${CHROOT}/dev/random |
412 |
fi |
413 |
|
414 |
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
415 |
cp -a /etc/bind ${CHROOT}/etc/ |
416 |
cp -a /var/bind ${CHROOT}/var/ |
417 |
fi |
418 |
|
419 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
420 |
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
421 |
fi |
422 |
|
423 |
elog "You may need to add the following line to your syslog-ng.conf:" |
424 |
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
425 |
} |
426 |
|
427 |
|
428 |
|
429 |
1.1 net-dns/bind/bind-9.9.1_p1.ebuild |
430 |
|
431 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.1_p1.ebuild?rev=1.1&view=markup |
432 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/bind/bind-9.9.1_p1.ebuild?rev=1.1&content-type=text/plain |
433 |
|
434 |
Index: bind-9.9.1_p1.ebuild |
435 |
=================================================================== |
436 |
# Copyright 1999-2012 Gentoo Foundation |
437 |
# Distributed under the terms of the GNU General Public License v2 |
438 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.9.1_p1.ebuild,v 1.1 2012/06/04 17:02:25 idl0r Exp $ |
439 |
|
440 |
# Re dlz/mysql and threads, needs to be verified.. |
441 |
# MySQL uses thread local storage in its C api. Thus MySQL |
442 |
# requires that each thread of an application execute a MySQL |
443 |
# thread initialization to setup the thread local storage. |
444 |
# This is impossible to do safely while staying within the DLZ |
445 |
# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
446 |
# Because of this BIND MUST only run with a single thread when |
447 |
# using the MySQL driver. |
448 |
|
449 |
EAPI="4" |
450 |
|
451 |
inherit eutils autotools toolchain-funcs flag-o-matic multilib db-use |
452 |
|
453 |
MY_PV="${PV/_p/-P}" |
454 |
MY_PV="${MY_PV/_rc/rc}" |
455 |
MY_P="${PN}-${MY_PV}" |
456 |
|
457 |
SDB_LDAP_VER="1.1.0-fc14" |
458 |
|
459 |
# bind-9.8.0-P1-geoip-1.3.patch |
460 |
GEOIP_PV=1.3 |
461 |
#GEOIP_PV_AGAINST="${MY_PV}" |
462 |
GEOIP_PV_AGAINST="9.9.1" |
463 |
GEOIP_P="bind-${GEOIP_PV_AGAINST}-geoip-${GEOIP_PV}" |
464 |
GEOIP_PATCH_A="${GEOIP_P}.patch" |
465 |
GEOIP_DOC_A="bind-geoip-1.3-readme.txt" |
466 |
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/" |
467 |
|
468 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
469 |
HOMEPAGE="http://www.isc.org/software/bind" |
470 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
471 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 ) |
472 |
geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A} |
473 |
${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} ) |
474 |
sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )" |
475 |
|
476 |
LICENSE="as-is" |
477 |
SLOT="0" |
478 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" |
479 |
IUSE="berkdb caps dlz doc geoip gost gssapi idn ipv6 ldap mysql odbc postgres rpz sdb-ldap |
480 |
selinux ssl static-libs threads urandom xml" |
481 |
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
482 |
|
483 |
REQUIRED_USE="postgres? ( dlz ) |
484 |
berkdb? ( dlz ) |
485 |
mysql? ( dlz !threads ) |
486 |
odbc? ( dlz ) |
487 |
ldap? ( dlz ) |
488 |
sdb-ldap? ( dlz ) |
489 |
gost? ( ssl ) |
490 |
threads? ( caps )" |
491 |
|
492 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
493 |
mysql? ( >=virtual/mysql-4.0 ) |
494 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
495 |
ldap? ( net-nds/openldap ) |
496 |
idn? ( net-dns/idnkit ) |
497 |
postgres? ( dev-db/postgresql-base ) |
498 |
caps? ( >=sys-libs/libcap-2.1.0 ) |
499 |
xml? ( dev-libs/libxml2 ) |
500 |
geoip? ( >=dev-libs/geoip-1.4.6 ) |
501 |
gssapi? ( virtual/krb5 ) |
502 |
sdb-ldap? ( net-nds/openldap ) |
503 |
gost? ( >=dev-libs/openssl-1.0.0 )" |
504 |
|
505 |
RDEPEND="${DEPEND} |
506 |
selinux? ( sec-policy/selinux-bind ) |
507 |
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
508 |
|
509 |
S="${WORKDIR}/${MY_P}" |
510 |
|
511 |
pkg_setup() { |
512 |
ebegin "Creating named group and user" |
513 |
enewgroup named 40 |
514 |
enewuser named 40 -1 /etc/bind named |
515 |
eend ${?} |
516 |
} |
517 |
|
518 |
src_prepare() { |
519 |
# Adjusting PATHs in manpages |
520 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
521 |
sed -i \ |
522 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
523 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
524 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
525 |
"${i}" || die "sed failed, ${i} doesn't exist" |
526 |
done |
527 |
|
528 |
if use dlz; then |
529 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
530 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
531 |
if use mysql && has_version ">=dev-db/mysql-5"; then |
532 |
epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
533 |
fi |
534 |
|
535 |
if use odbc; then |
536 |
epatch "${FILESDIR}/${PN}-9.7.3-odbc-dlz-detect.patch" |
537 |
fi |
538 |
|
539 |
# sdb-ldap patch as per bug #160567 |
540 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
541 |
# New patch take from bug 302735 |
542 |
if use sdb-ldap; then |
543 |
epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
544 |
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
545 |
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
546 |
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
547 |
fi |
548 |
fi |
549 |
|
550 |
# should be installed by bind-tools |
551 |
sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die |
552 |
|
553 |
if use geoip; then |
554 |
cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die |
555 |
sed -i -e 's:^ RELEASETYPE=: RELEASETYPE=-P:' \ |
556 |
-e 's:RELEASEVER=:RELEASEVER=1:' \ |
557 |
${GEOIP_PATCH_A} || die |
558 |
epatch ${GEOIP_PATCH_A} |
559 |
fi |
560 |
|
561 |
# bug #220361 |
562 |
rm {aclocal,libtool}.m4 |
563 |
eautoreconf |
564 |
} |
565 |
|
566 |
src_configure() { |
567 |
local myconf="" |
568 |
|
569 |
if use urandom; then |
570 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
571 |
else |
572 |
myconf="${myconf} --with-randomdev=/dev/random" |
573 |
fi |
574 |
|
575 |
use geoip && myconf="${myconf} --with-geoip" |
576 |
|
577 |
# bug #158664 |
578 |
# gcc-specs-ssp && replace-flags -O[23s] -O |
579 |
|
580 |
# To include db.h from proper path |
581 |
use berkdb && append-flags "-I$(db_includedir)" |
582 |
|
583 |
export BUILD_CC=$(tc-getBUILD_CC) |
584 |
econf \ |
585 |
--sysconfdir=/etc/bind \ |
586 |
--localstatedir=/var \ |
587 |
--with-libtool \ |
588 |
$(use_enable threads) \ |
589 |
$(use_with dlz dlopen) \ |
590 |
$(use_with dlz dlz-filesystem) \ |
591 |
$(use_with dlz dlz-stub) \ |
592 |
$(use_with postgres dlz-postgres) \ |
593 |
$(use_with mysql dlz-mysql) \ |
594 |
$(use_with berkdb dlz-bdb) \ |
595 |
$(use_with ldap dlz-ldap) \ |
596 |
$(use_with odbc dlz-odbc) \ |
597 |
$(use_with ssl openssl) \ |
598 |
$(use_with idn) \ |
599 |
$(use_enable ipv6) \ |
600 |
$(use_with xml libxml2) \ |
601 |
$(use_with gssapi) \ |
602 |
$(use_enable rpz rpz-nsip) \ |
603 |
$(use_enable rpz rpz-nsdname) \ |
604 |
$(use_enable caps linux-caps) \ |
605 |
$(use_with gost) \ |
606 |
--without-readline \ |
607 |
${myconf} |
608 |
|
609 |
# $(use_enable static-libs static) \ |
610 |
|
611 |
# bug #151839 |
612 |
echo '#undef SO_BSDCOMPAT' >> config.h |
613 |
} |
614 |
|
615 |
src_install() { |
616 |
emake DESTDIR="${D}" install |
617 |
|
618 |
dodoc CHANGES FAQ README |
619 |
|
620 |
if use idn; then |
621 |
dodoc contrib/idn/README.idnkit |
622 |
fi |
623 |
|
624 |
if use doc; then |
625 |
dodoc doc/arm/Bv9ARM.pdf |
626 |
|
627 |
docinto misc |
628 |
dodoc doc/misc/* |
629 |
|
630 |
# might a 'html' useflag make sense? |
631 |
docinto html |
632 |
dohtml -r doc/arm/* |
633 |
|
634 |
docinto contrib |
635 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
636 |
contrib/nanny/nanny.pl |
637 |
|
638 |
# some handy-dandy dynamic dns examples |
639 |
cd "${D}"/usr/share/doc/${PF} |
640 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
641 |
fi |
642 |
|
643 |
use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A} |
644 |
|
645 |
insinto /etc/bind |
646 |
newins "${FILESDIR}"/named.conf-r5 named.conf |
647 |
|
648 |
# ftp://ftp.rs.internic.net/domain/named.cache: |
649 |
insinto /var/bind |
650 |
doins "${FILESDIR}"/named.cache |
651 |
|
652 |
insinto /var/bind/pri |
653 |
newins "${FILESDIR}"/127.zone-r1 127.zone |
654 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
655 |
|
656 |
newinitd "${FILESDIR}"/named.init-r11 named |
657 |
newconfd "${FILESDIR}"/named.confd-r6 named |
658 |
|
659 |
if use gost; then |
660 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
661 |
else |
662 |
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
663 |
fi |
664 |
|
665 |
newenvd "${FILESDIR}"/10bind.env 10bind |
666 |
|
667 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
668 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
669 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8* |
670 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
671 |
rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
672 |
|
673 |
# bug 405251, library archives aren't properly handled by --enable/disable-static |
674 |
if ! use static-libs; then |
675 |
find "${D}" -type f -name '*.la' -delete || die |
676 |
fi |
677 |
|
678 |
dosym /var/bind/named.cache /var/bind/root.cache |
679 |
dosym /var/bind/pri /etc/bind/pri |
680 |
dosym /var/bind/sec /etc/bind/sec |
681 |
dosym /var/bind/dyn /etc/bind/dyn |
682 |
keepdir /var/bind/{pri,sec,dyn} |
683 |
|
684 |
dodir /var/{run,log}/named |
685 |
|
686 |
fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn} |
687 |
fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
688 |
fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf} |
689 |
fperms 0750 /etc/bind /var/bind/pri |
690 |
fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn} |
691 |
} |
692 |
|
693 |
pkg_postinst() { |
694 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
695 |
if use urandom; then |
696 |
einfo "Using /dev/urandom for generating rndc.key" |
697 |
/usr/sbin/rndc-confgen -r /dev/urandom -a |
698 |
echo |
699 |
else |
700 |
einfo "Using /dev/random for generating rndc.key" |
701 |
/usr/sbin/rndc-confgen -a |
702 |
echo |
703 |
fi |
704 |
chown root:named /etc/bind/rndc.key |
705 |
chmod 0640 /etc/bind/rndc.key |
706 |
fi |
707 |
|
708 |
einfo |
709 |
einfo "You can edit /etc/conf.d/named to customize named settings" |
710 |
einfo |
711 |
use mysql || use postgres || use ldap && { |
712 |
elog "If your named depends on MySQL/PostgreSQL or LDAP," |
713 |
elog "uncomment the specified rc_named_* lines in your" |
714 |
elog "/etc/conf.d/named config to ensure they'll start before bind" |
715 |
einfo |
716 |
} |
717 |
einfo "If you'd like to run bind in a chroot AND this is a new" |
718 |
einfo "install OR your bind doesn't already run in a chroot:" |
719 |
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
720 |
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
721 |
einfo |
722 |
|
723 |
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
724 |
if [[ -n ${CHROOT} ]]; then |
725 |
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
726 |
elog "To enable the old behaviour (without using mount) uncomment the" |
727 |
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
728 |
elog "If you decide to use the new/default method, ensure to make backup" |
729 |
elog "first and merge your existing configs/zones to /etc/bind and" |
730 |
elog "/var/bind because bind will now mount the needed directories into" |
731 |
elog "the chroot dir." |
732 |
fi |
733 |
|
734 |
ewarn |
735 |
ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache" |
736 |
ewarn "you may need to fix your named.conf!" |
737 |
ewarn |
738 |
ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems" |
739 |
ewarn "To fix the permissions do:" |
740 |
ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}" |
741 |
ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
742 |
ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}" |
743 |
ewarn "chmod 0750 /etc/bind /var/bind/pri" |
744 |
ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}" |
745 |
ewarn |
746 |
} |
747 |
|
748 |
pkg_config() { |
749 |
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
750 |
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
751 |
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
752 |
|
753 |
if [[ -z "${CHROOT}" ]]; then |
754 |
eerror "This config script is designed to automate setting up" |
755 |
eerror "a chrooted bind/named. To do so, please first uncomment" |
756 |
eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
757 |
die "Unset CHROOT" |
758 |
fi |
759 |
if [[ -d "${CHROOT}" ]]; then |
760 |
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
761 |
ewarn "To enable the old behaviour (without using mount) uncomment the" |
762 |
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
763 |
ewarn |
764 |
ewarn "${CHROOT} already exists... some things might become overridden" |
765 |
ewarn "press CTRL+C if you don't want to continue" |
766 |
sleep 10 |
767 |
fi |
768 |
|
769 |
echo; einfo "Setting up the chroot directory..." |
770 |
|
771 |
mkdir -m 0750 -p ${CHROOT} |
772 |
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}} |
773 |
mkdir -m 0750 -p ${CHROOT}/etc/bind |
774 |
mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named} |
775 |
# As of bind 9.8.0 |
776 |
if has_version net-dns/bind[gost]; then |
777 |
if [ "$(get_libdir)" = "lib64" ]; then |
778 |
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
779 |
ln -s lib64 ${CHROOT}/usr/lib |
780 |
else |
781 |
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
782 |
fi |
783 |
fi |
784 |
chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind |
785 |
|
786 |
mknod ${CHROOT}/dev/null c 1 3 |
787 |
chmod 0666 ${CHROOT}/dev/null |
788 |
|
789 |
mknod ${CHROOT}/dev/zero c 1 5 |
790 |
chmod 0666 ${CHROOT}/dev/zero |
791 |
|
792 |
if use urandom; then |
793 |
mknod ${CHROOT}/dev/urandom c 1 9 |
794 |
chmod 0666 ${CHROOT}/dev/urandom |
795 |
else |
796 |
mknod ${CHROOT}/dev/random c 1 8 |
797 |
chmod 0666 ${CHROOT}/dev/random |
798 |
fi |
799 |
|
800 |
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
801 |
cp -a /etc/bind ${CHROOT}/etc/ |
802 |
cp -a /var/bind ${CHROOT}/var/ |
803 |
fi |
804 |
|
805 |
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
806 |
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
807 |
fi |
808 |
|
809 |
elog "You may need to add the following line to your syslog-ng.conf:" |
810 |
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
811 |
} |