1 |
commit: 085fe70746dd35d48d0926bba87ee1416dd0b033 |
2 |
Author: Jonathan Davies <jpds <AT> protonmail <DOT> com> |
3 |
AuthorDate: Wed Mar 16 12:24:59 2022 +0000 |
4 |
Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Mar 27 09:43:11 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=085fe707 |
7 |
|
8 |
net-dns/unbound: Version updated to 1.15.0. |
9 |
|
10 |
Signed-off-by: Jonathan Davies <jpds <AT> protonmail.com> |
11 |
Closes: https://github.com/gentoo/gentoo/pull/24605 |
12 |
Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org> |
13 |
|
14 |
net-dns/unbound/Manifest | 2 + |
15 |
net-dns/unbound/unbound-1.15.0.ebuild | 213 ++++++++++++++++++++++++++++++++++ |
16 |
2 files changed, 215 insertions(+) |
17 |
|
18 |
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest |
19 |
index f217efdf009b..0fb0a6e82745 100644 |
20 |
--- a/net-dns/unbound/Manifest |
21 |
+++ b/net-dns/unbound/Manifest |
22 |
@@ -2,3 +2,5 @@ DIST unbound-1.13.1.tar.gz 5976957 BLAKE2B 5fabb9205773a1983842e41cf7a4d6c3878fa |
23 |
DIST unbound-1.13.2.tar.gz 6127915 BLAKE2B 71806edc86b323ff1f9f2d7bd3f699b15da2cd1cfefe9ca6008d74915dd6c7b45690026fb0244531ae563a3ca1b142f21fc8aed97ba4bb0015d8ab9196ff045a SHA512 1e89441446e7a25c6a49bded645f8b348c1758c3be54e3a986041cb1f00c45d152fd469dc52666fb820574db9d51b16f1627dc8afcb9519508d4833ca358191a |
24 |
DIST unbound-1.14.0.tar.gz 6152326 BLAKE2B ceccfbcbc16370153005f32d19be44bd41a4ac935cb7b9a90128d604c9874b06cc7de8b92dc34585d7957f0ad90ce2f441c2ed092c9307bcf4335f8d99eb8bd3 SHA512 57f91d898b0a5d42e6a2ff1ccaec474f04dd5ad3c98e7eb7aa8d5eaa23b587f3077cf7eddf4df38f537c6d387028f12c2518ff13b7249aa7a1155cd6532a46b5 |
25 |
DIST unbound-1.14.0.tar.gz.asc 833 BLAKE2B 21df47fba46db82ce8fcbf9f39e8e16f8d5ece493dbdc8fe8cad749e3f8e1af164c4280f9722d9f507199ae59a851925a7856bc9e11926b05f253b4342b06383 SHA512 5f77f33040bd783c8d67a50cb5a97435842203e6c2152f40994fba772777db60f01ab76156aa95a477ee50ae22f4227162cdd1fc0e4ae388c6b47f91ac9a5b95 |
26 |
+DIST unbound-1.15.0.tar.gz 6163470 BLAKE2B e67756fb28aac784431484e5f834cbe3864a0ec021a8c9eb3124a6d5732fea99a073815a624210e43e50b3b59ce943c5cc6a4e5e1c743b91f5803e2dcf5c9870 SHA512 c5dab305694c14f64e05080700bb52f6e6bf5b76f15e1fde34e35c932cb3ffed0de2c03b570cf4bfe18165cb10e82e67ee9b12c6583295380f88c2c03800cc1f |
27 |
+DIST unbound-1.15.0.tar.gz.asc 833 BLAKE2B 166cbb1caf14fb4a4375d609c740e7305ed4ee19c1e307caf1e780eb3f53e86db2d34b3f21e1d0c5f1496eac9211ce795c085ab9944f66f9a2f54d08479254db SHA512 123818a855689ee3d402fd8f4b5a4646c08d5602e4544ce872d132c4c0de4a79c9efcc2d49324bf58ab06521f02deef795d89bdf632eee758e6ec36b408ea54a |
28 |
|
29 |
diff --git a/net-dns/unbound/unbound-1.15.0.ebuild b/net-dns/unbound/unbound-1.15.0.ebuild |
30 |
new file mode 100644 |
31 |
index 000000000000..ddfece68d4df |
32 |
--- /dev/null |
33 |
+++ b/net-dns/unbound/unbound-1.15.0.ebuild |
34 |
@@ -0,0 +1,213 @@ |
35 |
+# Copyright 1999-2022 Gentoo Authors |
36 |
+# Distributed under the terms of the GNU General Public License v2 |
37 |
+ |
38 |
+EAPI="8" |
39 |
+PYTHON_COMPAT=( python3_{8,9,10} ) |
40 |
+ |
41 |
+inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd verify-sig |
42 |
+ |
43 |
+MY_P=${PN}-${PV/_/} |
44 |
+DESCRIPTION="A validating, recursive and caching DNS resolver" |
45 |
+HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" |
46 |
+SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz |
47 |
+ verify-sig? ( https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz.asc )" |
48 |
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/unbound.net.asc |
49 |
+ |
50 |
+LICENSE="BSD GPL-2" |
51 |
+SLOT="0/8" # ABI version of libunbound.so |
52 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" |
53 |
+IUSE="debug dnscrypt dnstap +ecdsa ecs gost +http2 python redis selinux static-libs systemd test +tfo threads" |
54 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
55 |
+RESTRICT="!test? ( test )" |
56 |
+ |
57 |
+# Note: expat is needed by executable only but the Makefile is custom |
58 |
+# and doesn't make it possible to easily install the library without |
59 |
+# the executables. MULTILIB_USEDEP may be dropped once build system |
60 |
+# is fixed. |
61 |
+ |
62 |
+CDEPEND="acct-group/unbound |
63 |
+ acct-user/unbound |
64 |
+ >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] |
65 |
+ >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] |
66 |
+ >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] |
67 |
+ dnscrypt? ( dev-libs/libsodium:=[${MULTILIB_USEDEP}] ) |
68 |
+ dnstap? ( |
69 |
+ dev-libs/fstrm[${MULTILIB_USEDEP}] |
70 |
+ >=dev-libs/protobuf-c-1.0.2-r1:=[${MULTILIB_USEDEP}] |
71 |
+ ) |
72 |
+ ecdsa? ( |
73 |
+ dev-libs/openssl:0[-bindist(-)] |
74 |
+ ) |
75 |
+ http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] ) |
76 |
+ python? ( ${PYTHON_DEPS} ) |
77 |
+ redis? ( dev-libs/hiredis:= ) |
78 |
+ systemd? ( sys-apps/systemd ) |
79 |
+" |
80 |
+ |
81 |
+BDEPEND="virtual/pkgconfig |
82 |
+ python? ( dev-lang/swig ) |
83 |
+ test? ( |
84 |
+ || ( |
85 |
+ net-libs/ldns[examples(-)] |
86 |
+ net-dns/ldns-utils[examples(-)] |
87 |
+ ) |
88 |
+ dev-util/splint |
89 |
+ app-text/wdiff |
90 |
+ ) |
91 |
+ verify-sig? ( sec-keys/openpgp-keys-unbound ) |
92 |
+" |
93 |
+ |
94 |
+DEPEND="${CDEPEND}" |
95 |
+ |
96 |
+RDEPEND="${CDEPEND} |
97 |
+ net-dns/dnssec-root |
98 |
+ selinux? ( sec-policy/selinux-bind )" |
99 |
+ |
100 |
+# bug #347415 |
101 |
+RDEPEND="${RDEPEND} |
102 |
+ net-dns/dnssec-root" |
103 |
+ |
104 |
+PATCHES=( |
105 |
+ "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch |
106 |
+ "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch |
107 |
+ "${FILESDIR}"/${PN}-1.10.1-find-ar.patch |
108 |
+) |
109 |
+ |
110 |
+S=${WORKDIR}/${MY_P} |
111 |
+ |
112 |
+pkg_setup() { |
113 |
+ use python && python-single-r1_pkg_setup |
114 |
+} |
115 |
+ |
116 |
+src_prepare() { |
117 |
+ default |
118 |
+ |
119 |
+ eautoreconf |
120 |
+ |
121 |
+ # required for the python part |
122 |
+ multilib_copy_sources |
123 |
+} |
124 |
+ |
125 |
+src_configure() { |
126 |
+ [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack |
127 |
+ multilib-minimal_src_configure |
128 |
+} |
129 |
+ |
130 |
+multilib_src_configure() { |
131 |
+ econf \ |
132 |
+ $(use_enable debug) \ |
133 |
+ $(use_enable gost) \ |
134 |
+ $(use_enable dnscrypt) \ |
135 |
+ $(use_enable dnstap) \ |
136 |
+ $(use_enable ecdsa) \ |
137 |
+ $(use_enable ecs subnet) \ |
138 |
+ $(multilib_native_use_enable redis cachedb) \ |
139 |
+ $(use_enable static-libs static) \ |
140 |
+ $(use_enable systemd) \ |
141 |
+ $(multilib_native_use_with python pythonmodule) \ |
142 |
+ $(multilib_native_use_with python pyunbound) \ |
143 |
+ $(use_with threads pthreads) \ |
144 |
+ $(use_with http2 libnghttp2) \ |
145 |
+ $(use_enable tfo tfo-client) \ |
146 |
+ $(use_enable tfo tfo-server) \ |
147 |
+ --disable-flto \ |
148 |
+ --disable-rpath \ |
149 |
+ --enable-event-api \ |
150 |
+ --enable-ipsecmod \ |
151 |
+ --with-libevent="${EPREFIX}"/usr \ |
152 |
+ $(multilib_native_usex redis --with-libhiredis="${EPREFIX}/usr" --without-libhiredis) \ |
153 |
+ --with-pidfile="${EPREFIX}"/run/unbound.pid \ |
154 |
+ --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ |
155 |
+ --with-ssl="${EPREFIX}"/usr \ |
156 |
+ --with-libexpat="${EPREFIX}"/usr |
157 |
+ |
158 |
+ # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html |
159 |
+ # $(use_enable debug lock-checks) \ |
160 |
+ # $(use_enable debug alloc-checks) \ |
161 |
+ # $(use_enable debug alloc-lite) \ |
162 |
+ # $(use_enable debug alloc-nonregional) \ |
163 |
+} |
164 |
+ |
165 |
+multilib_src_install() { |
166 |
+ emake DESTDIR="${D}" install |
167 |
+ systemd_dounit contrib/unbound.service |
168 |
+ systemd_dounit contrib/unbound.socket |
169 |
+} |
170 |
+ |
171 |
+multilib_src_install_all() { |
172 |
+ use python && python_optimize |
173 |
+ |
174 |
+ newinitd "${FILESDIR}"/unbound-r1.initd unbound |
175 |
+ newconfd "${FILESDIR}"/unbound-r1.confd unbound |
176 |
+ |
177 |
+ systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" |
178 |
+ systemd_dounit "${FILESDIR}"/unbound-anchor.service |
179 |
+ |
180 |
+ dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} |
181 |
+ |
182 |
+ # bug #315519 |
183 |
+ dodoc contrib/unbound_munin_ |
184 |
+ |
185 |
+ docinto selinux |
186 |
+ dodoc contrib/selinux/* |
187 |
+ |
188 |
+ exeinto /usr/share/${PN} |
189 |
+ doexe contrib/update-anchor.sh |
190 |
+ |
191 |
+ # create space for auto-trust-anchor-file... |
192 |
+ keepdir /etc/unbound/var |
193 |
+ fowners root:unbound /etc/unbound/var |
194 |
+ fperms 0770 /etc/unbound/var |
195 |
+ # ... and point example config to it |
196 |
+ sed -i \ |
197 |
+ -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ |
198 |
+ "${ED}/etc/unbound/unbound.conf" \ |
199 |
+ || die |
200 |
+ |
201 |
+ # Used to store cache data |
202 |
+ keepdir /var/lib/${PN} |
203 |
+ fowners root:unbound /var/lib/${PN} |
204 |
+ fperms 0770 /var/lib/${PN} |
205 |
+ |
206 |
+ find "${ED}" -name '*.la' -delete || die |
207 |
+ if ! use static-libs ; then |
208 |
+ find "${ED}" -name "*.a" -delete || die |
209 |
+ fi |
210 |
+} |
211 |
+ |
212 |
+pkg_postinst() { |
213 |
+ if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]] ; then |
214 |
+ einfo "Trying to create unbound control key ..." |
215 |
+ if ! unbound-control-setup &>/dev/null ; then |
216 |
+ ewarn "Failed to create unbound control key!" |
217 |
+ fi |
218 |
+ fi |
219 |
+ |
220 |
+ if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]] ; then |
221 |
+ einfo "" |
222 |
+ einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" |
223 |
+ einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" |
224 |
+ einfo "and run" |
225 |
+ einfo "" |
226 |
+ einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" |
227 |
+ einfo "" |
228 |
+ einfo "as root to create it initially before starting unbound for the first time after enabling this." |
229 |
+ einfo "" |
230 |
+ fi |
231 |
+ |
232 |
+ # Our user is not available on prefix |
233 |
+ use prefix && return |
234 |
+ |
235 |
+ local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX) |
236 |
+ su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null |
237 |
+ if [ $? -ne 0 ] ; then |
238 |
+ ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!" |
239 |
+ ewarn "Run the following commands to restore default permission:" |
240 |
+ ewarn "" |
241 |
+ ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var" |
242 |
+ ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var" |
243 |
+ else |
244 |
+ # Cleanup -- no reason to die here! |
245 |
+ rm -f "${_perm_check_testfile}" |
246 |
+ fi |
247 |
+} |