1 |
commit: 7425826012927d02717a2571cf5f5d56f94e3bdf |
2 |
Author: Aaron Bauman <bman <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Mar 24 00:25:33 2018 +0000 |
4 |
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Mar 24 00:27:01 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74258260 |
7 |
|
8 |
net-dns/bind: drop vulnerable wrt bug #644706 |
9 |
|
10 |
net-dns/bind/Manifest | 1 - |
11 |
net-dns/bind/bind-9.11.1_p3.ebuild | 426 ------------------------------------- |
12 |
2 files changed, 427 deletions(-) |
13 |
|
14 |
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest |
15 |
index 45b3153675b..2b9d08ea464 100644 |
16 |
--- a/net-dns/bind/Manifest |
17 |
+++ b/net-dns/bind/Manifest |
18 |
@@ -1,3 +1,2 @@ |
19 |
-DIST bind-9.11.1-P3.tar.gz 9749095 BLAKE2B 1b68b57b9aed1a5210464e9c47a4e0569f1932076c042a7096dc04f69b45da9df8b2d56ec0f1f0d0fb136e7f61a39b3cb20d1912075f3a4138cbdf47f859cf0a SHA512 bf92ce1e07e5c84cc42b413bdbd3ad97f37712a6dc330dc10182992d948b7a393d5446efa188379b39020c34d810cebe2a7acccc9b8aa6bb564e1f3e6be42e96 |
20 |
DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597 |
21 |
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac |
22 |
|
23 |
diff --git a/net-dns/bind/bind-9.11.1_p3.ebuild b/net-dns/bind/bind-9.11.1_p3.ebuild |
24 |
deleted file mode 100644 |
25 |
index eaa05818163..00000000000 |
26 |
--- a/net-dns/bind/bind-9.11.1_p3.ebuild |
27 |
+++ /dev/null |
28 |
@@ -1,426 +0,0 @@ |
29 |
-# Copyright 1999-2017 Gentoo Foundation |
30 |
-# Distributed under the terms of the GNU General Public License v2 |
31 |
- |
32 |
-# Re dlz/mysql and threads, needs to be verified.. |
33 |
-# MySQL uses thread local storage in its C api. Thus MySQL |
34 |
-# requires that each thread of an application execute a MySQL |
35 |
-# thread initialization to setup the thread local storage. |
36 |
-# This is impossible to do safely while staying within the DLZ |
37 |
-# driver API. This is a limitation caused by MySQL, and not the DLZ API. |
38 |
-# Because of this BIND MUST only run with a single thread when |
39 |
-# using the MySQL driver. |
40 |
- |
41 |
-EAPI="5" |
42 |
- |
43 |
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) |
44 |
- |
45 |
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd |
46 |
- |
47 |
-MY_PV="${PV/_p/-P}" |
48 |
-MY_PV="${MY_PV/_rc/rc}" |
49 |
-MY_P="${PN}-${MY_PV}" |
50 |
- |
51 |
-SDB_LDAP_VER="1.1.0-fc14" |
52 |
- |
53 |
-RRL_PV="${MY_PV}" |
54 |
- |
55 |
-NSLINT_DIR="contrib/nslint-3.0a2/" |
56 |
- |
57 |
-# SDB-LDAP: http://bind9-ldap.bayour.com/ |
58 |
- |
59 |
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
60 |
-HOMEPAGE="http://www.isc.org/software/bind" |
61 |
-SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
62 |
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )" |
63 |
-# sdb-ldap? ( |
64 |
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 |
65 |
-# )" |
66 |
- |
67 |
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" |
68 |
-SLOT="0" |
69 |
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
70 |
-# -berkdb by default re bug 602682 |
71 |
-IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 |
72 |
-json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs |
73 |
-+threads urandom xml +zlib" |
74 |
-# sdb-ldap - patch broken |
75 |
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 |
76 |
- |
77 |
-REQUIRED_USE="postgres? ( dlz ) |
78 |
- berkdb? ( dlz ) |
79 |
- mysql? ( dlz !threads ) |
80 |
- odbc? ( dlz ) |
81 |
- ldap? ( dlz ) |
82 |
- gost? ( !libressl ssl ) |
83 |
- threads? ( caps ) |
84 |
- dnstap? ( threads ) |
85 |
- python? ( ${PYTHON_REQUIRED_USE} )" |
86 |
-# sdb-ldap? ( dlz ) |
87 |
- |
88 |
-DEPEND=" |
89 |
- ssl? ( |
90 |
- !libressl? ( dev-libs/openssl:0[-bindist] ) |
91 |
- libressl? ( dev-libs/libressl ) |
92 |
- ) |
93 |
- mysql? ( >=virtual/mysql-4.0 ) |
94 |
- odbc? ( >=dev-db/unixODBC-2.2.6 ) |
95 |
- ldap? ( net-nds/openldap ) |
96 |
- idn? ( net-dns/idnkit ) |
97 |
- postgres? ( dev-db/postgresql:= ) |
98 |
- caps? ( >=sys-libs/libcap-2.1.0 ) |
99 |
- xml? ( dev-libs/libxml2 ) |
100 |
- geoip? ( >=dev-libs/geoip-1.4.6 ) |
101 |
- gssapi? ( virtual/krb5 ) |
102 |
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) |
103 |
- seccomp? ( sys-libs/libseccomp ) |
104 |
- json? ( dev-libs/json-c:= ) |
105 |
- lmdb? ( dev-db/lmdb ) |
106 |
- zlib? ( sys-libs/zlib ) |
107 |
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) |
108 |
- python? ( |
109 |
- ${PYTHON_DEPS} |
110 |
- dev-python/ply[${PYTHON_USEDEP}] |
111 |
- )" |
112 |
-# sdb-ldap? ( net-nds/openldap ) |
113 |
- |
114 |
-RDEPEND="${DEPEND} |
115 |
- selinux? ( sec-policy/selinux-bind ) |
116 |
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" |
117 |
- |
118 |
-S="${WORKDIR}/${MY_P}" |
119 |
- |
120 |
-# bug 479092, requires networking |
121 |
-RESTRICT="test" |
122 |
- |
123 |
-pkg_setup() { |
124 |
- ebegin "Creating named group and user" |
125 |
- enewgroup named 40 |
126 |
- enewuser named 40 -1 /etc/bind named |
127 |
- eend ${?} |
128 |
-} |
129 |
- |
130 |
-src_prepare() { |
131 |
- # bug 600212 |
132 |
- epatch "${FILESDIR}"/${PN}-9.11.0_p5-dyndb-dlopen.patch |
133 |
- |
134 |
- # Adjusting PATHs in manpages |
135 |
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
136 |
- sed -i \ |
137 |
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
138 |
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
139 |
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
140 |
- "${i}" || die "sed failed, ${i} doesn't exist" |
141 |
- done |
142 |
- |
143 |
-# if use dlz; then |
144 |
-# # sdb-ldap patch as per bug #160567 |
145 |
-# # Upstream URL: http://bind9-ldap.bayour.com/ |
146 |
-# # New patch take from bug 302735 |
147 |
-# if use sdb-ldap; then |
148 |
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
149 |
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ |
150 |
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ |
151 |
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ |
152 |
-# fi |
153 |
-# fi |
154 |
- |
155 |
- # should be installed by bind-tools |
156 |
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die |
157 |
- |
158 |
- # Disable tests for now, bug 406399 |
159 |
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die |
160 |
- |
161 |
- if use nslint; then |
162 |
- sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die |
163 |
- fi |
164 |
- |
165 |
- # bug #220361 |
166 |
- rm aclocal.m4 |
167 |
- rm -rf libtool.m4/ |
168 |
- eautoreconf |
169 |
-} |
170 |
- |
171 |
-src_configure() { |
172 |
- local myconf="" |
173 |
- |
174 |
- if use urandom; then |
175 |
- myconf="${myconf} --with-randomdev=/dev/urandom" |
176 |
- else |
177 |
- myconf="${myconf} --with-randomdev=/dev/random" |
178 |
- fi |
179 |
- |
180 |
- use geoip && myconf="${myconf} --with-geoip" |
181 |
- |
182 |
- # bug #158664 |
183 |
-# gcc-specs-ssp && replace-flags -O[23s] -O |
184 |
- |
185 |
- # To include db.h from proper path |
186 |
- use berkdb && append-flags "-I$(db_includedir)" |
187 |
- |
188 |
- export BUILD_CC=$(tc-getBUILD_CC) |
189 |
- econf \ |
190 |
- --sysconfdir=/etc/bind \ |
191 |
- --localstatedir=/var \ |
192 |
- --with-libtool \ |
193 |
- --enable-full-report \ |
194 |
- --without-readline \ |
195 |
- $(use_enable caps linux-caps) \ |
196 |
- $(use_enable filter-aaaa) \ |
197 |
- $(use_enable fixed-rrset) \ |
198 |
- $(use_enable ipv6) \ |
199 |
- $(use_enable rpz rpz-nsdname) \ |
200 |
- $(use_enable rpz rpz-nsip) \ |
201 |
- $(use_enable seccomp) \ |
202 |
- $(use_enable threads) \ |
203 |
- $(use_with berkdb dlz-bdb) \ |
204 |
- $(use_with dlz dlopen) \ |
205 |
- $(use_with dlz dlz-filesystem) \ |
206 |
- $(use_with dlz dlz-stub) \ |
207 |
- $(use_with gost) \ |
208 |
- $(use_with gssapi) \ |
209 |
- $(use_with idn) \ |
210 |
- $(use_with json libjson) \ |
211 |
- $(use_with ldap dlz-ldap) \ |
212 |
- $(use_with mysql dlz-mysql) \ |
213 |
- $(use_with odbc dlz-odbc) \ |
214 |
- $(use_with postgres dlz-postgres) \ |
215 |
- $(use_with lmdb) \ |
216 |
- $(use_with python) \ |
217 |
- $(use_with ssl ecdsa) \ |
218 |
- $(use_with ssl openssl "${EPREFIX}"/usr) \ |
219 |
- $(use_with xml libxml2) \ |
220 |
- $(use_with zlib) \ |
221 |
- ${myconf} |
222 |
- |
223 |
- # $(use_enable static-libs static) \ |
224 |
- |
225 |
- # bug #151839 |
226 |
- echo '#undef SO_BSDCOMPAT' >> config.h |
227 |
- |
228 |
- if use nslint; then |
229 |
- cd $NSLINT_DIR |
230 |
- econf |
231 |
- fi |
232 |
-} |
233 |
- |
234 |
-src_compile() { |
235 |
- emake |
236 |
- |
237 |
- if use nslint; then |
238 |
- emake -C $NSLINT_DIR CCOPT="${CFLAGS}" |
239 |
- fi |
240 |
-} |
241 |
- |
242 |
-src_install() { |
243 |
- emake DESTDIR="${D}" install |
244 |
- |
245 |
- if use nslint; then |
246 |
- cd $NSLINT_DIR |
247 |
- dobin nslint |
248 |
- doman nslint.8 |
249 |
- cd "${S}" |
250 |
- fi |
251 |
- |
252 |
- dodoc CHANGES FAQ README |
253 |
- |
254 |
- if use idn; then |
255 |
- dodoc contrib/idn/README.idnkit |
256 |
- fi |
257 |
- |
258 |
- if use doc; then |
259 |
- dodoc doc/arm/Bv9ARM.pdf |
260 |
- |
261 |
- docinto misc |
262 |
- dodoc doc/misc/* |
263 |
- |
264 |
- # might a 'html' useflag make sense? |
265 |
- docinto html |
266 |
- dohtml -r doc/arm/* |
267 |
- |
268 |
- docinto contrib |
269 |
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} |
270 |
- |
271 |
- # some handy-dandy dynamic dns examples |
272 |
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null |
273 |
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
274 |
- popd 1>/dev/null |
275 |
- fi |
276 |
- |
277 |
- insinto /etc/bind |
278 |
- newins "${FILESDIR}"/named.conf-r8 named.conf |
279 |
- |
280 |
- # ftp://ftp.rs.internic.net/domain/named.cache: |
281 |
- insinto /var/bind |
282 |
- newins "${FILESDIR}"/named.cache-r3 named.cache |
283 |
- |
284 |
- insinto /var/bind/pri |
285 |
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone |
286 |
- |
287 |
- newinitd "${FILESDIR}"/named.init-r13 named |
288 |
- newconfd "${FILESDIR}"/named.confd-r7 named |
289 |
- |
290 |
- if use gost; then |
291 |
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die |
292 |
- else |
293 |
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die |
294 |
- fi |
295 |
- |
296 |
- newenvd "${FILESDIR}"/10bind.env 10bind |
297 |
- |
298 |
- # Let's get rid of those tools and their manpages since they're provided by bind-tools |
299 |
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* |
300 |
- rm -f "${D}"/usr/share/man/man8/nsupdate.8* |
301 |
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} |
302 |
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} |
303 |
- for tool in dsfromkey importkey keyfromlabel keygen \ |
304 |
- revoke settime signzone verify; do |
305 |
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" |
306 |
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* |
307 |
- done |
308 |
- |
309 |
- # bug 405251, library archives aren't properly handled by --enable/disable-static |
310 |
- if ! use static-libs; then |
311 |
- find "${D}" -type f -name '*.a' -delete || die |
312 |
- fi |
313 |
- |
314 |
- # bug 405251 |
315 |
- find "${D}" -type f -name '*.la' -delete || die |
316 |
- |
317 |
- if use python; then |
318 |
- install_python_tools() { |
319 |
- dosbin bin/python/dnssec-{checkds,coverage} |
320 |
- } |
321 |
- python_foreach_impl install_python_tools |
322 |
- |
323 |
- python_replicate_script "${D}usr/sbin/dnssec-checkds" |
324 |
- python_replicate_script "${D}usr/sbin/dnssec-coverage" |
325 |
- fi |
326 |
- |
327 |
- # bug 450406 |
328 |
- dosym named.cache /var/bind/root.cache |
329 |
- |
330 |
- dosym /var/bind/pri /etc/bind/pri |
331 |
- dosym /var/bind/sec /etc/bind/sec |
332 |
- dosym /var/bind/dyn /etc/bind/dyn |
333 |
- keepdir /var/bind/{pri,sec,dyn} |
334 |
- |
335 |
- dodir /var/log/named |
336 |
- |
337 |
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} |
338 |
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} |
339 |
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} |
340 |
- fperms 0750 /etc/bind /var/bind/pri |
341 |
- fperms 0770 /var/log/named /var/bind/{,sec,dyn} |
342 |
- |
343 |
- systemd_newunit "${FILESDIR}/named.service-r1" named.service |
344 |
- systemd_dotmpfilesd "${FILESDIR}"/named.conf |
345 |
- exeinto /usr/libexec |
346 |
- doexe "${FILESDIR}/generate-rndc-key.sh" |
347 |
-} |
348 |
- |
349 |
-pkg_postinst() { |
350 |
- if [ ! -f '/etc/bind/rndc.key' ]; then |
351 |
- if use urandom; then |
352 |
- einfo "Using /dev/urandom for generating rndc.key" |
353 |
- /usr/sbin/rndc-confgen -r /dev/urandom -a |
354 |
- echo |
355 |
- else |
356 |
- einfo "Using /dev/random for generating rndc.key" |
357 |
- /usr/sbin/rndc-confgen -a |
358 |
- echo |
359 |
- fi |
360 |
- chown root:named /etc/bind/rndc.key |
361 |
- chmod 0640 /etc/bind/rndc.key |
362 |
- fi |
363 |
- |
364 |
- einfo |
365 |
- einfo "You can edit /etc/conf.d/named to customize named settings" |
366 |
- einfo |
367 |
- use mysql || use postgres || use ldap && { |
368 |
- elog "If your named depends on MySQL/PostgreSQL or LDAP," |
369 |
- elog "uncomment the specified rc_named_* lines in your" |
370 |
- elog "/etc/conf.d/named config to ensure they'll start before bind" |
371 |
- einfo |
372 |
- } |
373 |
- einfo "If you'd like to run bind in a chroot AND this is a new" |
374 |
- einfo "install OR your bind doesn't already run in a chroot:" |
375 |
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." |
376 |
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" |
377 |
- einfo |
378 |
- |
379 |
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) |
380 |
- if [[ -n ${CHROOT} ]]; then |
381 |
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
382 |
- elog "To enable the old behaviour (without using mount) uncomment the" |
383 |
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
384 |
- elog "If you decide to use the new/default method, ensure to make backup" |
385 |
- elog "first and merge your existing configs/zones to /etc/bind and" |
386 |
- elog "/var/bind because bind will now mount the needed directories into" |
387 |
- elog "the chroot dir." |
388 |
- fi |
389 |
-} |
390 |
- |
391 |
-pkg_config() { |
392 |
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) |
393 |
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) |
394 |
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) |
395 |
- |
396 |
- if [[ -z "${CHROOT}" ]]; then |
397 |
- eerror "This config script is designed to automate setting up" |
398 |
- eerror "a chrooted bind/named. To do so, please first uncomment" |
399 |
- eerror "and set the CHROOT variable in '/etc/conf.d/named'." |
400 |
- die "Unset CHROOT" |
401 |
- fi |
402 |
- if [[ -d "${CHROOT}" ]]; then |
403 |
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" |
404 |
- ewarn "To enable the old behaviour (without using mount) uncomment the" |
405 |
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." |
406 |
- ewarn |
407 |
- ewarn "${CHROOT} already exists... some things might become overridden" |
408 |
- ewarn "press CTRL+C if you don't want to continue" |
409 |
- sleep 10 |
410 |
- fi |
411 |
- |
412 |
- echo; einfo "Setting up the chroot directory..." |
413 |
- |
414 |
- mkdir -m 0750 -p ${CHROOT} |
415 |
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} |
416 |
- mkdir -m 0750 -p ${CHROOT}/etc/bind |
417 |
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ |
418 |
- # As of bind 9.8.0 |
419 |
- if has_version net-dns/bind[gost]; then |
420 |
- if [ "$(get_libdir)" = "lib64" ]; then |
421 |
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines |
422 |
- ln -s lib64 ${CHROOT}/usr/lib |
423 |
- else |
424 |
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines |
425 |
- fi |
426 |
- fi |
427 |
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind |
428 |
- |
429 |
- mknod ${CHROOT}/dev/null c 1 3 |
430 |
- chmod 0666 ${CHROOT}/dev/null |
431 |
- |
432 |
- mknod ${CHROOT}/dev/zero c 1 5 |
433 |
- chmod 0666 ${CHROOT}/dev/zero |
434 |
- |
435 |
- if use urandom; then |
436 |
- mknod ${CHROOT}/dev/urandom c 1 9 |
437 |
- chmod 0666 ${CHROOT}/dev/urandom |
438 |
- else |
439 |
- mknod ${CHROOT}/dev/random c 1 8 |
440 |
- chmod 0666 ${CHROOT}/dev/random |
441 |
- fi |
442 |
- |
443 |
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then |
444 |
- cp -a /etc/bind ${CHROOT}/etc/ |
445 |
- cp -a /var/bind ${CHROOT}/var/ |
446 |
- fi |
447 |
- |
448 |
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then |
449 |
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP |
450 |
- fi |
451 |
- |
452 |
- elog "You may need to add the following line to your syslog-ng.conf:" |
453 |
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" |
454 |
-} |