[gentoo-commits] repo/gentoo:master commit in: net-dns/bind/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-dns/bind/
Date:	Tue, 25 Sep 2018 14:25:16
Message-Id:	`1537885503.618ae994f0d118784f3d565e5b147afbbe988b81.polynomial-c@gentoo`

1

commit:     618ae994f0d118784f3d565e5b147afbbe988b81

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Tue Sep 25 14:22:56 2018 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Tue Sep 25 14:25:03 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=618ae994

7

8

net-dns/bind: Bump to versions 9.11.4_p2 and 9.12.2_p2

9

10

as requested by idl0r.

11

12

Package-Manager: Portage-2.3.50, Repoman-2.3.11

13

14

 net-dns/bind/Manifest              |   2 +

15

 net-dns/bind/bind-9.11.4_p2.ebuild | 405 ++++++++++++++++++++++++++++++++++++

16

 net-dns/bind/bind-9.12.2_p2.ebuild | 407 +++++++++++++++++++++++++++++++++++++

17

 3 files changed, 814 insertions(+)

18

19

diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest

20

index ce9e5b85e88..1e233e6b5df 100644

21

--- a/net-dns/bind/Manifest

22

+++ b/net-dns/bind/Manifest

23

@@ -1,5 +1,7 @@

24

 DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597

25

 DIST bind-9.11.3.tar.gz 9523375 BLAKE2B 978986e02767b8ac9f015b52e87b3bc161a7ea72f59f343dcb23f50fbe8474528c4b27ee4fd54bdbe6bd825ce6e8b164e8ad145260b2cdcd004e8892bacd313b SHA512 1f0da13165d1ee872800fe10bb8b0f69c6c76515f9861c1528fb6005213bb71b21a1270906d2ea9ded3eaf6df1a1bac0f2c80aa511683b8d57dcff4f278d8c35

26

+DIST bind-9.11.4_p2.tar.gz 9617963 BLAKE2B 409cad7e0976f2e46406d45e87241d61d4d4f00bf08442c4dddbad490ea3d6e42eaad5851fddb83c61a897689a8fdba0cd920aaa0d36329868d26100ba48f946 SHA512 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60

27

 DIST bind-9.12.1_p2.tar.gz 9305005 BLAKE2B 6be328e9e14a26d17c2f789aafc1f83a4690db0b0ae2aeac7dcc4b54a0e5d228692475a39160599fc5c6fd7ed8733d2f0bbac65a20c513f5fa7b6b49ad4b09ae SHA512 de47eef272c437316444c4f585a2f98ae9169fc118fd057464a5cd064bb9079ffc07145dabf388cd240f56a5ad6d3ad78cf8d98fc37609681eba5d87e18a4f9a

28

 DIST bind-9.12.2_p1.tar.gz 9429002 BLAKE2B 1460b4583a28df21490f71993c8cd595dd8f8ee76727cc8798ee34a6deb1f5a4d39706ec2833a42a7e63ce0dcad917ca975c7d725fc179e2dd0450d8d683ceb4 SHA512 22ce084179439518f7d82f0b80544db929bb4ec71d0e7bd7edad9ae915c903300837d6ead698c9fc23741796f0ba9ed3aa384b752ff65c3b9b20c8969d351cba

29

+DIST bind-9.12.2_p2.tar.gz 9422128 BLAKE2B c7d56f025f381a0136aa67ccd49a3254fcfe566d5e3601410e5cada26ccab32a901fe6e14bc14e6e287fa2b3904a4eee8e3ef63329f9bc4cb11f204590ff3623 SHA512 458adf6b3d0df286e7d345a21c40b639efcb275e76f9e0bf4e40a5d76dcac875016324393e129f29397be326d1017367c506ec9cbb35871c98fad4281bc4e05a

30

 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac

31

32

diff --git a/net-dns/bind/bind-9.11.4_p2.ebuild b/net-dns/bind/bind-9.11.4_p2.ebuild

33

new file mode 100644

34

index 00000000000..e7cc6aa4214

35

--- /dev/null

36

+++ b/net-dns/bind/bind-9.11.4_p2.ebuild

37

@@ -0,0 +1,405 @@

38

+# Copyright 1999-2018 Gentoo Authors

39

+# Distributed under the terms of the GNU General Public License v2

40

+

41

+# Re dlz/mysql and threads, needs to be verified..

42

+# MySQL uses thread local storage in its C api. Thus MySQL

43

+# requires that each thread of an application execute a MySQL

44

+# thread initialization to setup the thread local storage.

45

+# This is impossible to do safely while staying within the DLZ

46

+# driver API. This is a limitation caused by MySQL, and not the DLZ API.

47

+# Because of this BIND MUST only run with a single thread when

48

+# using the MySQL driver.

49

+

50

+EAPI=7

51

+

52

+PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} )

53

+

54

+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd

55

+

56

+MY_PV="${PV/_p/-P}"

57

+MY_PV="${MY_PV/_rc/rc}"

58

+MY_P="${PN}-${MY_PV}"

59

+

60

+SDB_LDAP_VER="1.1.0-fc14"

61

+

62

+RRL_PV="${MY_PV}"

63

+

64

+NSLINT_DIR="contrib/nslint-3.0a2/"

65

+

66

+# SDB-LDAP: http://bind9-ldap.bayour.com/

67

+

68

+DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"

69

+HOMEPAGE="http://www.isc.org/software/bind"

70

+SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz

71

+	doc? ( mirror://gentoo/dyndns-samples.tbz2 )"

72

+#	sdb-ldap? (

73

+#		http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2

74

+#	)"

75

+

76

+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"

77

+SLOT="0"

78

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"

79

+# -berkdb by default re bug 602682

80

+IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6

81

+json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs

82

++threads urandom xml +zlib"

83

+# sdb-ldap - patch broken

84

+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687

85

+

86

+REQUIRED_USE="postgres? ( dlz )

87

+	berkdb? ( dlz )

88

+	mysql? ( dlz !threads )

89

+	odbc? ( dlz )

90

+	ldap? ( dlz )

91

+	gost? ( !libressl ssl )

92

+	threads? ( caps )

93

+	dnstap? ( threads )

94

+	python? ( ${PYTHON_REQUIRED_USE} )"

95

+# sdb-ldap? ( dlz )

96

+

97

+DEPEND="

98

+	ssl? (

99

+		!libressl? ( dev-libs/openssl:0[-bindist] )

100

+		libressl? ( dev-libs/libressl )

101

+	)

102

+	mysql? ( >=virtual/mysql-4.0 )

103

+	odbc? ( >=dev-db/unixODBC-2.2.6 )

104

+	ldap? ( net-nds/openldap )

105

+	idn? ( net-dns/idnkit )

106

+	postgres? ( dev-db/postgresql:= )

107

+	caps? ( >=sys-libs/libcap-2.1.0 )

108

+	xml? ( dev-libs/libxml2 )

109

+	geoip? ( >=dev-libs/geoip-1.4.6 )

110

+	gssapi? ( virtual/krb5 )

111

+	gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )

112

+	seccomp? ( sys-libs/libseccomp )

113

+	json? ( dev-libs/json-c:= )

114

+	lmdb? ( dev-db/lmdb )

115

+	zlib? ( sys-libs/zlib )

116

+	dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )

117

+	python? (

118

+		${PYTHON_DEPS}

119

+		dev-python/ply[${PYTHON_USEDEP}]

120

+	)"

121

+#	sdb-ldap? ( net-nds/openldap )

122

+

123

+RDEPEND="${DEPEND}

124

+	selinux? ( sec-policy/selinux-bind )

125

+	|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"

126

+

127

+S="${WORKDIR}/${MY_P}"

128

+

129

+# bug 479092, requires networking

130

+RESTRICT="test"

131

+

132

+pkg_setup() {

133

+	ebegin "Creating named group and user"

134

+	enewgroup named 40

135

+	enewuser named 40 -1 /etc/bind named

136

+	eend ${?}

137

+}

138

+

139

+src_prepare() {

140

+	default

141

+

142

+	# Adjusting PATHs in manpages

143

+	for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do

144

+		sed -i \

145

+			-e 's:/etc/named.conf:/etc/bind/named.conf:g' \

146

+			-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \

147

+			-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \

148

+			"${i}" || die "sed failed, ${i} doesn't exist"

149

+	done

150

+

151

+#	if use dlz; then

152

+#		# sdb-ldap patch as per  bug #160567

153

+#		# Upstream URL: http://bind9-ldap.bayour.com/

154

+#		# New patch take from bug 302735

155

+#		if use sdb-ldap; then

156

+#			epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch

157

+#			cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/

158

+#			cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/

159

+#			cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/

160

+#		fi

161

+#	fi

162

+

163

+	# should be installed by bind-tools

164

+	sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die

165

+

166

+	# Disable tests for now, bug 406399

167

+	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die

168

+

169

+	# bug #220361

170

+	rm aclocal.m4

171

+	rm -rf libtool.m4/

172

+	eautoreconf

173

+}

174

+

175

+src_configure() {

176

+	local myeconfargs=(

177

+		--sysconfdir=/etc/bind

178

+		--localstatedir=/var

179

+		--with-libtool

180

+		--enable-full-report

181

+		--without-readline

182

+		$(use_enable caps linux-caps)

183

+		$(use_enable filter-aaaa)

184

+		$(use_enable fixed-rrset)

185

+		$(use_enable ipv6)

186

+		$(use_enable rpz rpz-nsdname)

187

+		$(use_enable rpz rpz-nsip)

188

+		$(use_enable seccomp)

189

+		# $(use_enable static-libs static)

190

+		$(use_enable threads)

191

+		$(use_with berkdb dlz-bdb)

192

+		$(use_with dlz dlopen)

193

+		$(use_with dlz dlz-filesystem)

194

+		$(use_with dlz dlz-stub)

195

+		$(use_with gost)

196

+		$(use_with gssapi)

197

+		$(use_with idn)

198

+		$(use_with json libjson)

199

+		$(use_with ldap dlz-ldap)

200

+		$(use_with mysql dlz-mysql)

201

+		$(use_with odbc dlz-odbc)

202

+		$(use_with postgres dlz-postgres)

203

+		$(use_with lmdb)

204

+		$(use_with python)

205

+		$(use_with ssl ecdsa)

206

+		$(use_with ssl openssl "${EPREFIX}"/usr)

207

+		$(use_with xml libxml2)

208

+		$(use_with zlib)

209

+	)

210

+

211

+	if use urandom; then

212

+		myeconfargs+=( --with-randomdev=/dev/urandom )

213

+	else

214

+		myeconfargs+=( --with-randomdev=/dev/random )

215

+	fi

216

+

217

+	use geoip && myeconfargs+=( --with-geoip )

218

+

219

+	# bug #158664

220

+#	gcc-specs-ssp && replace-flags -O[23s] -O

221

+

222

+	# To include db.h from proper path

223

+	use berkdb && append-flags "-I$(db_includedir)"

224

+

225

+	export BUILD_CC=$(tc-getBUILD_CC)

226

+	econf "${myeconfargs[@]}"

227

+

228

+	# bug #151839

229

+	echo '#undef SO_BSDCOMPAT' >> config.h

230

+}

231

+

232

+src_install() {

233

+	emake DESTDIR="${D}" install

234

+

235

+	dodoc CHANGES README

236

+

237

+	if use idn; then

238

+		dodoc contrib/idn/README.idnkit

239

+	fi

240

+

241

+	if use doc; then

242

+		dodoc doc/arm/Bv9ARM.pdf

243

+

244

+		docinto misc

245

+		dodoc doc/misc/*

246

+

247

+		# might a 'html' useflag make sense?

248

+		docinto html

249

+		dodoc -r doc/arm/*

250

+

251

+		docinto contrib

252

+		dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}

253

+

254

+		# some handy-dandy dynamic dns examples

255

+		pushd "${ED%/}"/usr/share/doc/${PF} 1>/dev/null || die

256

+		tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die

257

+		popd 1>/dev/null || die

258

+	fi

259

+

260

+	insinto /etc/bind

261

+	newins "${FILESDIR}"/named.conf-r8 named.conf

262

+

263

+	# ftp://ftp.rs.internic.net/domain/named.cache:

264

+	insinto /var/bind

265

+	newins "${FILESDIR}"/named.cache-r3 named.cache

266

+

267

+	insinto /var/bind/pri

268

+	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone

269

+

270

+	newinitd "${FILESDIR}"/named.init-r13 named

271

+	newconfd "${FILESDIR}"/named.confd-r7 named

272

+

273

+	if use gost; then

274

+		sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' \

275

+			-i "${ED%/}/etc/init.d/named" || die

276

+	else

277

+		sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' \

278

+			-i "${ED%/}/etc/init.d/named" || die

279

+	fi

280

+

281

+	newenvd "${FILESDIR}"/10bind.env 10bind

282

+

283

+	# Let's get rid of those tools and their manpages since they're provided by bind-tools

284

+	rm -f "${ED%/}"/usr/share/man/man1/{dig,host,nslookup}.1*

285

+	rm -f "${ED%/}"/usr/share/man/man8/nsupdate.8*

286

+	rm -f "${ED%/}"/usr/bin/{dig,host,nslookup,nsupdate}

287

+	rm -f "${ED%/}"/usr/sbin/{dig,host,nslookup,nsupdate}

288

+	for tool in dsfromkey importkey keyfromlabel keygen \

289

+	  revoke settime signzone verify; do

290

+		rm -f "${ED%/}"/usr/{,s}bin/dnssec-"${tool}"

291

+		rm -f "${ED%/}"/usr/share/man/man8/dnssec-"${tool}".8*

292

+	done

293

+

294

+	# bug 405251, library archives aren't properly handled by --enable/disable-static

295

+	if ! use static-libs; then

296

+		find "${ED}" -type f -name '*.a' -delete || die

297

+	fi

298

+

299

+	# bug 405251

300

+	find "${ED}" -type f -name '*.la' -delete || die

301

+

302

+	if use python; then

303

+		install_python_tools() {

304

+			dosbin bin/python/dnssec-{checkds,coverage}

305

+		}

306

+		python_foreach_impl install_python_tools

307

+

308

+		python_replicate_script "${ED%/}/usr/sbin/dnssec-checkds"

309

+		python_replicate_script "${ED%/}/usr/sbin/dnssec-coverage"

310

+	fi

311

+

312

+	# bug 450406

313

+	dosym named.cache /var/bind/root.cache

314

+

315

+	dosym /var/bind/pri /etc/bind/pri

316

+	dosym /var/bind/sec /etc/bind/sec

317

+	dosym /var/bind/dyn /etc/bind/dyn

318

+	keepdir /var/bind/{pri,sec,dyn}

319

+

320

+	dodir /var/log/named

321

+

322

+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}

323

+	fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}

324

+	fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}

325

+	fperms 0750 /etc/bind /var/bind/pri

326

+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}

327

+

328

+	systemd_newunit "${FILESDIR}/named.service-r1" named.service

329

+	systemd_dotmpfilesd "${FILESDIR}"/named.conf

330

+	exeinto /usr/libexec

331

+	doexe "${FILESDIR}/generate-rndc-key.sh"

332

+}

333

+

334

+pkg_postinst() {

335

+	if [ ! -f '/etc/bind/rndc.key' ]; then

336

+		if use urandom; then

337

+			einfo "Using /dev/urandom for generating rndc.key"

338

+			/usr/sbin/rndc-confgen -r /dev/urandom -a

339

+			echo

340

+		else

341

+			einfo "Using /dev/random for generating rndc.key"

342

+			/usr/sbin/rndc-confgen -a

343

+			echo

344

+		fi

345

+		chown root:named /etc/bind/rndc.key || die

346

+		chmod 0640 /etc/bind/rndc.key || die

347

+	fi

348

+

349

+	einfo

350

+	einfo "You can edit /etc/conf.d/named to customize named settings"

351

+	einfo

352

+	use mysql || use postgres || use ldap && {

353

+		elog "If your named depends on MySQL/PostgreSQL or LDAP,"

354

+		elog "uncomment the specified rc_named_* lines in your"

355

+		elog "/etc/conf.d/named config to ensure they'll start before bind"

356

+		einfo

357

+	}

358

+	einfo "If you'd like to run bind in a chroot AND this is a new"

359

+	einfo "install OR your bind doesn't already run in a chroot:"

360

+	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."

361

+	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"

362

+	einfo

363

+

364

+	CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})

365

+	if [[ -n ${CHROOT} ]]; then

366

+		elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"

367

+		elog "To enable the old behaviour (without using mount) uncomment the"

368

+		elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."

369

+		elog "If you decide to use the new/default method, ensure to make backup"

370

+		elog "first and merge your existing configs/zones to /etc/bind and"

371

+		elog "/var/bind because bind will now mount the needed directories into"

372

+		elog "the chroot dir."

373

+	fi

374

+}

375

+

376

+pkg_config() {

377

+	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})

378

+	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})

379

+	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})

380

+

381

+	if [[ -z "${CHROOT}" ]]; then

382

+		eerror "This config script is designed to automate setting up"

383

+		eerror "a chrooted bind/named. To do so, please first uncomment"

384

+		eerror "and set the CHROOT variable in '/etc/conf.d/named'."

385

+		die "Unset CHROOT"

386

+	fi

387

+	if [[ -d "${CHROOT}" ]]; then

388

+		ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"

389

+		ewarn "To enable the old behaviour (without using mount) uncomment the"

390

+		ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."

391

+		ewarn

392

+		ewarn "${CHROOT} already exists... some things might become overridden"

393

+		ewarn "press CTRL+C if you don't want to continue"

394

+		sleep 10

395

+	fi

396

+

397

+	echo; einfo "Setting up the chroot directory..."

398

+

399

+	mkdir -m 0750 -p ${CHROOT} || die

400

+	mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die

401

+	mkdir -m 0750 -p ${CHROOT}/etc/bind || die

402

+	mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die

403

+	# As of bind 9.8.0

404

+	if has_version net-dns/bind[gost]; then

405

+		mkdir -m 0755 -p ${CHROOT}/usr/$(get_libdir)/engines || die

406

+		if [ "$(get_libdir)" = "lib64" ]; then

407

+			ln -s lib64 ${CHROOT}/usr/lib || die

408

+		fi

409

+	fi

410

+	chown root:named \

411

+		${CHROOT} \

412

+		${CHROOT}/var/{bind,log/named} \

413

+		${CHROOT}/run/named/ \

414

+		${CHROOT}/etc/bind \

415

+		|| die

416

+

417

+	mknod ${CHROOT}/dev/null c 1 3 || die

418

+	chmod 0666 ${CHROOT}/dev/null || die

419

+

420

+	mknod ${CHROOT}/dev/zero c 1 5 || die

421

+	chmod 0666 ${CHROOT}/dev/zero || die

422

+

423

+	if use urandom; then

424

+		mknod ${CHROOT}/dev/urandom c 1 9 || die

425

+		chmod 0666 ${CHROOT}/dev/urandom || die

426

+	else

427

+		mknod ${CHROOT}/dev/random c 1 8 || die

428

+		chmod 0666 ${CHROOT}/dev/random || die

429

+	fi

430

+

431

+	if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then

432

+		cp -a /etc/bind ${CHROOT}/etc/ || die

433

+		cp -a /var/bind ${CHROOT}/var/ || die

434

+	fi

435

+

436

+	if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then

437

+		mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die

438

+	fi

439

+

440

+	elog "You may need to add the following line to your syslog-ng.conf:"

441

+	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"

442

+}

443

444

diff --git a/net-dns/bind/bind-9.12.2_p2.ebuild b/net-dns/bind/bind-9.12.2_p2.ebuild

445

new file mode 100644

446

index 00000000000..37870df4e0c

447

--- /dev/null

448

+++ b/net-dns/bind/bind-9.12.2_p2.ebuild

449

@@ -0,0 +1,407 @@

450

+# Copyright 1999-2018 Gentoo Authors

451

+# Distributed under the terms of the GNU General Public License v2

452

+

453

+# Re dlz/mysql and threads, needs to be verified..

454

+# MySQL uses thread local storage in its C api. Thus MySQL

455

+# requires that each thread of an application execute a MySQL

456

+# thread initialization to setup the thread local storage.

457

+# This is impossible to do safely while staying within the DLZ

458

+# driver API. This is a limitation caused by MySQL, and not the DLZ API.

459

+# Because of this BIND MUST only run with a single thread when

460

+# using the MySQL driver.

461

+

462

+EAPI=7

463

+

464

+PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} )

465

+

466

+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd

467

+

468

+MY_PV="${PV/_p/-P}"

469

+MY_PV="${MY_PV/_rc/rc}"

470

+MY_P="${PN}-${MY_PV}"

471

+

472

+SDB_LDAP_VER="1.1.0-fc14"

473

+

474

+RRL_PV="${MY_PV}"

475

+

476

+# SDB-LDAP: http://bind9-ldap.bayour.com/

477

+

478

+DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"

479

+HOMEPAGE="http://www.isc.org/software/bind"

480

+SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz

481

+	doc? ( mirror://gentoo/dyndns-samples.tbz2 )"

482

+#	sdb-ldap? (

483

+#		http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2

484

+#	)"

485

+

486

+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"

487

+SLOT="0"

488

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"

489

+# -berkdb by default re bug 602682

490

+IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi idn ipv6

491

+json ldap libidn2 libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs

492

++threads urandom xml +zlib"

493

+# sdb-ldap - patch broken

494

+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687

495

+

496

+REQUIRED_USE="idn? ( !libidn2 )

497

+	libidn2? ( !idn )

498

+	postgres? ( dlz )

499

+	berkdb? ( dlz )

500

+	mysql? ( dlz !threads )

501

+	odbc? ( dlz )

502

+	ldap? ( dlz )

503

+	gost? ( !libressl ssl )

504

+	threads? ( caps )

505

+	dnstap? ( threads )

506

+	python? ( ${PYTHON_REQUIRED_USE} )"

507

+# sdb-ldap? ( dlz )

508

+

509

+DEPEND="

510

+	ssl? (

511

+		!libressl? ( dev-libs/openssl:0[-bindist] )

512

+		libressl? ( dev-libs/libressl )

513

+	)

514

+	mysql? ( >=virtual/mysql-4.0 )

515

+	odbc? ( >=dev-db/unixODBC-2.2.6 )

516

+	ldap? ( net-nds/openldap )

517

+	idn? ( <net-dns/idnkit-2:= )

518

+	libidn2? ( net-dns/libidn2 )

519

+	postgres? ( dev-db/postgresql:= )

520

+	caps? ( >=sys-libs/libcap-2.1.0 )

521

+	xml? ( dev-libs/libxml2 )

522

+	geoip? ( >=dev-libs/geoip-1.4.6 )

523

+	gssapi? ( virtual/krb5 )

524

+	gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )

525

+	seccomp? ( sys-libs/libseccomp )

526

+	json? ( dev-libs/json-c:= )

527

+	lmdb? ( dev-db/lmdb )

528

+	zlib? ( sys-libs/zlib )

529

+	dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )

530

+	python? (

531

+		${PYTHON_DEPS}

532

+		dev-python/ply[${PYTHON_USEDEP}]

533

+	)"

534

+#	sdb-ldap? ( net-nds/openldap )

535

+

536

+RDEPEND="${DEPEND}

537

+	selinux? ( sec-policy/selinux-bind )

538

+	|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"

539

+

540

+S="${WORKDIR}/${MY_P}"

541

+

542

+# bug 479092, requires networking

543

+RESTRICT="test"

544

+

545

+pkg_setup() {

546

+	ebegin "Creating named group and user"

547

+	enewgroup named 40

548

+	enewuser named 40 -1 /etc/bind named

549

+	eend ${?}

550

+}

551

+

552

+src_prepare() {

553

+	default

554

+

555

+	# Adjusting PATHs in manpages

556

+	for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do

557

+		sed -i \

558

+			-e 's:/etc/named.conf:/etc/bind/named.conf:g' \

559

+			-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \

560

+			-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \

561

+			"${i}" || die "sed failed, ${i} doesn't exist"

562

+	done

563

+

564

+#	if use dlz; then

565

+#		# sdb-ldap patch as per  bug #160567

566

+#		# Upstream URL: http://bind9-ldap.bayour.com/

567

+#		# New patch take from bug 302735

568

+#		if use sdb-ldap; then

569

+#			epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch

570

+#			cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/

571

+#			cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/

572

+#			cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/

573

+#		fi

574

+#	fi

575

+

576

+	# should be installed by bind-tools

577

+	sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die

578

+

579

+	# Disable tests for now, bug 406399

580

+	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die

581

+

582

+	# bug #220361

583

+	rm aclocal.m4

584

+	rm -rf libtool.m4/

585

+	eautoreconf

586

+}

587

+

588

+src_configure() {

589

+	local myeconfargs=(

590

+		--sysconfdir=/etc/bind

591

+		--localstatedir=/var

592

+		--with-libtool

593

+		--enable-full-report

594

+		--without-readline

595

+		$(use_enable caps linux-caps)

596

+		$(use_enable dnsrps)

597

+		$(use_enable fixed-rrset)

598

+		$(use_enable ipv6)

599

+		$(use_enable rpz rpz-nsdname)

600

+		$(use_enable rpz rpz-nsip)

601

+		$(use_enable seccomp)

602

+		# $(use_enable static-libs static)

603

+		$(use_enable threads)

604

+		$(use_with berkdb dlz-bdb)

605

+		$(use_with dlz dlopen)

606

+		$(use_with dlz dlz-filesystem)

607

+		$(use_with dlz dlz-stub)

608

+		$(use_with gost)

609

+		$(use_with gssapi)

610

+		$(use_with idn idnkit)

611

+		$(use_with libidn2)

612

+		$(use_with json libjson)

613

+		$(use_with ldap dlz-ldap)

614

+		$(use_with mysql dlz-mysql)

615

+		$(use_with odbc dlz-odbc)

616

+		$(use_with postgres dlz-postgres)

617

+		$(use_with lmdb)

618

+		$(use_with python)

619

+		$(use_with ssl ecdsa)

620

+		$(use_with ssl openssl "${EPREFIX}"/usr)

621

+		$(use_with xml libxml2)

622

+		$(use_with zlib)

623

+	)

624

+

625

+	if use urandom; then

626

+		myeconfargs+=( --with-randomdev=/dev/urandom )

627

+	else

628

+		myeconfargs+=( --with-randomdev=/dev/random )

629

+	fi

630

+

631

+	use geoip && myeconfargs+=( --with-geoip )

632

+

633

+	# bug #158664

634

+#	gcc-specs-ssp && replace-flags -O[23s] -O

635

+

636

+	# To include db.h from proper path

637

+	use berkdb && append-flags "-I$(db_includedir)"

638

+

639

+	export BUILD_CC=$(tc-getBUILD_CC)

640

+	econf "${myeconfargs[@]}"

641

+

642

+	# bug #151839

643

+	echo '#undef SO_BSDCOMPAT' >> config.h

644

+}

645

+

646

+src_install() {

647

+	emake DESTDIR="${D}" install

648

+

649

+	dodoc CHANGES README

650

+

651

+	if use idn; then

652

+		dodoc contrib/idn/README.idnkit

653

+	fi

654

+

655

+	if use doc; then

656

+		dodoc doc/arm/Bv9ARM.pdf

657

+

658

+		docinto misc

659

+		dodoc doc/misc/*

660

+

661

+		# might a 'html' useflag make sense?

662

+		docinto html

663

+		dodoc -r doc/arm/*

664

+

665

+		docinto contrib

666

+		dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}

667

+

668

+		# some handy-dandy dynamic dns examples

669

+		pushd "${ED%/}"/usr/share/doc/${PF} 1>/dev/null || die

670

+		tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die

671

+		popd 1>/dev/null || die

672

+	fi

673

+

674

+	insinto /etc/bind

675

+	newins "${FILESDIR}"/named.conf-r8 named.conf

676

+

677

+	# ftp://ftp.rs.internic.net/domain/named.cache:

678

+	insinto /var/bind

679

+	newins "${FILESDIR}"/named.cache-r3 named.cache

680

+

681

+	insinto /var/bind/pri

682

+	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone

683

+

684

+	newinitd "${FILESDIR}"/named.init-r13 named

685

+	newconfd "${FILESDIR}"/named.confd-r7 named

686

+

687

+	if use gost; then

688

+		sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' \

689

+			-i "${ED%/}/etc/init.d/named" || die

690

+	else

691

+		sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' \

692

+			-i "${ED%/}/etc/init.d/named" || die

693

+	fi

694

+

695

+	newenvd "${FILESDIR}"/10bind.env 10bind

696

+

697

+	# Let's get rid of those tools and their manpages since they're provided by bind-tools

698

+	rm -f "${ED%/}"/usr/share/man/man1/{dig,host,nslookup}.1*

699

+	rm -f "${ED%/}"/usr/share/man/man8/nsupdate.8*

700

+	rm -f "${ED%/}"/usr/bin/{dig,host,nslookup,nsupdate}

701

+	rm -f "${ED%/}"/usr/sbin/{dig,host,nslookup,nsupdate}

702

+	for tool in dsfromkey importkey keyfromlabel keygen \

703

+	  revoke settime signzone verify; do

704

+		rm -f "${ED%/}"/usr/{,s}bin/dnssec-"${tool}"

705

+		rm -f "${ED%/}"/usr/share/man/man8/dnssec-"${tool}".8*

706

+	done

707

+

708

+	# bug 405251, library archives aren't properly handled by --enable/disable-static

709

+	if ! use static-libs; then

710

+		find "${ED}" -type f -name '*.a' -delete || die

711

+	fi

712

+

713

+	# bug 405251

714

+	find "${ED}" -type f -name '*.la' -delete || die

715

+

716

+	if use python; then

717

+		install_python_tools() {

718

+			dosbin bin/python/dnssec-{checkds,coverage}

719

+		}

720

+		python_foreach_impl install_python_tools

721

+

722

+		python_replicate_script "${ED%/}/usr/sbin/dnssec-checkds"

723

+		python_replicate_script "${ED%/}/usr/sbin/dnssec-coverage"

724

+	fi

725

+

726

+	# bug 450406

727

+	dosym named.cache /var/bind/root.cache

728

+

729

+	dosym /var/bind/pri /etc/bind/pri

730

+	dosym /var/bind/sec /etc/bind/sec

731

+	dosym /var/bind/dyn /etc/bind/dyn

732

+	keepdir /var/bind/{pri,sec,dyn}

733

+

734

+	dodir /var/log/named

735

+

736

+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}

737

+	fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}

738

+	fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}

739

+	fperms 0750 /etc/bind /var/bind/pri

740

+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}

741

+

742

+	systemd_newunit "${FILESDIR}/named.service-r1" named.service

743

+	systemd_dotmpfilesd "${FILESDIR}"/named.conf

744

+	exeinto /usr/libexec

745

+	doexe "${FILESDIR}/generate-rndc-key.sh"

746

+}

747

+

748

+pkg_postinst() {

749

+	if [ ! -f '/etc/bind/rndc.key' ]; then

750

+		if use urandom; then

751

+			einfo "Using /dev/urandom for generating rndc.key"

752

+			/usr/sbin/rndc-confgen -r /dev/urandom -a

753

+			echo

754

+		else

755

+			einfo "Using /dev/random for generating rndc.key"

756

+			/usr/sbin/rndc-confgen -a

757

+			echo

758

+		fi

759

+		chown root:named /etc/bind/rndc.key || die

760

+		chmod 0640 /etc/bind/rndc.key || die

761

+	fi

762

+

763

+	einfo

764

+	einfo "You can edit /etc/conf.d/named to customize named settings"

765

+	einfo

766

+	use mysql || use postgres || use ldap && {

767

+		elog "If your named depends on MySQL/PostgreSQL or LDAP,"

768

+		elog "uncomment the specified rc_named_* lines in your"

769

+		elog "/etc/conf.d/named config to ensure they'll start before bind"

770

+		einfo

771

+	}

772

+	einfo "If you'd like to run bind in a chroot AND this is a new"

773

+	einfo "install OR your bind doesn't already run in a chroot:"

774

+	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."

775

+	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"

776

+	einfo

777

+

778

+	CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})

779

+	if [[ -n ${CHROOT} ]]; then

780

+		elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"

781

+		elog "To enable the old behaviour (without using mount) uncomment the"

782

+		elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."

783

+		elog "If you decide to use the new/default method, ensure to make backup"

784

+		elog "first and merge your existing configs/zones to /etc/bind and"

785

+		elog "/var/bind because bind will now mount the needed directories into"

786

+		elog "the chroot dir."

787

+	fi

788

+}

789

+

790

+pkg_config() {

791

+	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})

792

+	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})

793

+	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})

794

+

795

+	if [[ -z "${CHROOT}" ]]; then

796

+		eerror "This config script is designed to automate setting up"

797

+		eerror "a chrooted bind/named. To do so, please first uncomment"

798

+		eerror "and set the CHROOT variable in '/etc/conf.d/named'."

799

+		die "Unset CHROOT"

800

+	fi

801

+	if [[ -d "${CHROOT}" ]]; then

802

+		ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"

803

+		ewarn "To enable the old behaviour (without using mount) uncomment the"

804

+		ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."

805

+		ewarn

806

+		ewarn "${CHROOT} already exists... some things might become overridden"

807

+		ewarn "press CTRL+C if you don't want to continue"

808

+		sleep 10

809

+	fi

810

+

811

+	echo; einfo "Setting up the chroot directory..."

812

+

813

+	mkdir -m 0750 -p ${CHROOT} || die

814

+	mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die

815

+	mkdir -m 0750 -p ${CHROOT}/etc/bind || die

816

+	mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die

817

+	# As of bind 9.8.0

818

+	if has_version net-dns/bind[gost]; then

819

+		mkdir -m 0755 -p ${CHROOT}/usr/$(get_libdir)/engines || die

820

+		if [ "$(get_libdir)" = "lib64" ]; then

821

+			ln -s lib64 ${CHROOT}/usr/lib || die

822

+		fi

823

+	fi

824

+	chown root:named \

825

+		${CHROOT} \

826

+		${CHROOT}/var/{bind,log/named} \

827

+		${CHROOT}/run/named/ \

828

+		${CHROOT}/etc/bind \

829

+		|| die

830

+

831

+	mknod ${CHROOT}/dev/null c 1 3 || die

832

+	chmod 0666 ${CHROOT}/dev/null || die

833

+

834

+	mknod ${CHROOT}/dev/zero c 1 5 || die

835

+	chmod 0666 ${CHROOT}/dev/zero || die

836

+

837

+	if use urandom; then

838

+		mknod ${CHROOT}/dev/urandom c 1 9 || die

839

+		chmod 0666 ${CHROOT}/dev/urandom || die

840

+	else

841

+		mknod ${CHROOT}/dev/random c 1 8 || die

842

+		chmod 0666 ${CHROOT}/dev/random || die

843

+	fi

844

+

845

+	if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then

846

+		cp -a /etc/bind ${CHROOT}/etc/ || die

847

+		cp -a /var/bind ${CHROOT}/var/ || die

848

+	fi

849

+

850

+	if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then

851

+		mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die

852

+	fi

853

+

854

+	elog "You may need to add the following line to your syslog-ng.conf:"

855

+	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"

856

+}

Gentoo Archives: gentoo-commits