From: "Mikle Kolyada" <>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/
Date: Wed, 23 Jan 2019 09:54:14 +0000 (UTC) [thread overview]
Message-ID: <1548237239.f1e9f56e179d4d622710affe07f35a1a5537c7a6.zlogene@gentoo> (raw)
commit: f1e9f56e179d4d622710affe07f35a1a5537c7a6
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 23 09:53:59 2019 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Jan 23 09:53:59 2019 +0000
net-dns/bind: Drop some insecure versions
Signed-off-by: Mikle Kolyada <zlogene <AT>>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-dns/bind/Manifest | 2 -
net-dns/bind/bind-9.12.1_p2-r1.ebuild | 400 ---------------------------------
net-dns/bind/bind-9.12.2_p1.ebuild | 401 ---------------------------------
net-dns/bind/bind-9.12.2_p2.ebuild | 407 ----------------------------------
4 files changed, 1210 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 1e233e6b5df..b31effa9c8f 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,7 +1,5 @@
DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597
DIST bind-9.11.3.tar.gz 9523375 BLAKE2B 978986e02767b8ac9f015b52e87b3bc161a7ea72f59f343dcb23f50fbe8474528c4b27ee4fd54bdbe6bd825ce6e8b164e8ad145260b2cdcd004e8892bacd313b SHA512 1f0da13165d1ee872800fe10bb8b0f69c6c76515f9861c1528fb6005213bb71b21a1270906d2ea9ded3eaf6df1a1bac0f2c80aa511683b8d57dcff4f278d8c35
DIST bind-9.11.4_p2.tar.gz 9617963 BLAKE2B 409cad7e0976f2e46406d45e87241d61d4d4f00bf08442c4dddbad490ea3d6e42eaad5851fddb83c61a897689a8fdba0cd920aaa0d36329868d26100ba48f946 SHA512 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60
-DIST bind-9.12.1_p2.tar.gz 9305005 BLAKE2B 6be328e9e14a26d17c2f789aafc1f83a4690db0b0ae2aeac7dcc4b54a0e5d228692475a39160599fc5c6fd7ed8733d2f0bbac65a20c513f5fa7b6b49ad4b09ae SHA512 de47eef272c437316444c4f585a2f98ae9169fc118fd057464a5cd064bb9079ffc07145dabf388cd240f56a5ad6d3ad78cf8d98fc37609681eba5d87e18a4f9a
-DIST bind-9.12.2_p1.tar.gz 9429002 BLAKE2B 1460b4583a28df21490f71993c8cd595dd8f8ee76727cc8798ee34a6deb1f5a4d39706ec2833a42a7e63ce0dcad917ca975c7d725fc179e2dd0450d8d683ceb4 SHA512 22ce084179439518f7d82f0b80544db929bb4ec71d0e7bd7edad9ae915c903300837d6ead698c9fc23741796f0ba9ed3aa384b752ff65c3b9b20c8969d351cba
DIST bind-9.12.2_p2.tar.gz 9422128 BLAKE2B c7d56f025f381a0136aa67ccd49a3254fcfe566d5e3601410e5cada26ccab32a901fe6e14bc14e6e287fa2b3904a4eee8e3ef63329f9bc4cb11f204590ff3623 SHA512 458adf6b3d0df286e7d345a21c40b639efcb275e76f9e0bf4e40a5d76dcac875016324393e129f29397be326d1017367c506ec9cbb35871c98fad4281bc4e05a
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.12.1_p2-r1.ebuild b/net-dns/bind/bind-9.12.1_p2-r1.ebuild
deleted file mode 100644
index 3e1a46c7bf0..00000000000
--- a/net-dns/bind/bind-9.12.1_p2-r1.ebuild
+++ /dev/null
@@ -1,400 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-SRC_URI="${MY_P}/?version=tar-gz -> ${P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# )"
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi idn ipv6
-json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-REQUIRED_USE="postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( !libressl ssl )
- threads? ( caps )
- dnstap? ( threads )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
- ssl? (
- !libressl? ( dev-libs/openssl:0[-bindist] )
- libressl? ( dev-libs/libressl )
- )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( <net-dns/idnkit-2:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-# bug 479092, requires networking
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-src_prepare() {
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
- # bug 657654 / CVE-2018-5738
- epatch "${FILESDIR}/${P}-CVE-2018-5738.patch"
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL:
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/ || die
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/ lib/ || die
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-src_configure() {
- local myconf=""
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
- use geoip && myconf="${myconf} --with-geoip"
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- --without-readline \
- $(use_enable caps linux-caps) \
- $(use_enable dnsrps) \
- $(use_enable fixed-rrset) \
- $(use_enable ipv6) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable seccomp) \
- $(use_enable threads) \
- $(use_with berkdb dlz-bdb) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with gost) \
- $(use_with gssapi) \
- $(use_with idn) \
- $(use_with json libjson) \
- $(use_with ldap dlz-ldap) \
- $(use_with mysql dlz-mysql) \
- $(use_with odbc dlz-odbc) \
- $(use_with postgres dlz-postgres) \
- $(use_with lmdb) \
- $(use_with python) \
- $(use_with ssl ecdsa) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with xml libxml2) \
- $(use_with zlib) \
- ${myconf}
- # $(use_enable static-libs static) \
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-src_install() {
- emake DESTDIR="${D}" install
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
- docinto misc
- dodoc doc/misc/*
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
- docinto contrib
- dodoc contrib/scripts/{,}
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
- #
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
- insinto /var/bind/pri
- newins "${FILESDIR}"/
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
- newenvd "${FILESDIR}"/10bind.env 10bind
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
- # bug 450406
- dosym named.cache /var/bind/root.cache
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
- dodir /var/log/named
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/ /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/ /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/"
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
- echo; einfo "Setting up the chroot directory..."
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
diff --git a/net-dns/bind/bind-9.12.2_p1.ebuild b/net-dns/bind/bind-9.12.2_p1.ebuild
deleted file mode 100644
index 1d4cd915c43..00000000000
--- a/net-dns/bind/bind-9.12.2_p1.ebuild
+++ /dev/null
@@ -1,401 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-SRC_URI="${MY_P}/?version=tar-gz -> ${P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# )"
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi idn ipv6
-json ldap libidn2 libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-REQUIRED_USE="idn? ( !libidn2 )
- libidn2? ( !idn )
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( !libressl ssl )
- threads? ( caps )
- dnstap? ( threads )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
- ssl? (
- !libressl? ( dev-libs/openssl:0[-bindist] )
- libressl? ( dev-libs/libressl )
- )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( <net-dns/idnkit-2:= )
- libidn2? ( net-dns/libidn2 )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-# bug 479092, requires networking
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-src_prepare() {
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL:
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/ || die
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/ lib/ || die
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-src_configure() {
- local myconf=""
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
- use geoip && myconf="${myconf} --with-geoip"
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- --without-readline \
- $(use_enable caps linux-caps) \
- $(use_enable dnsrps) \
- $(use_enable fixed-rrset) \
- $(use_enable ipv6) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable seccomp) \
- $(use_enable threads) \
- $(use_with berkdb dlz-bdb) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with gost) \
- $(use_with gssapi) \
- $(use_with idn idnkit) \
- $(use_with libidn2) \
- $(use_with json libjson) \
- $(use_with ldap dlz-ldap) \
- $(use_with mysql dlz-mysql) \
- $(use_with odbc dlz-odbc) \
- $(use_with postgres dlz-postgres) \
- $(use_with lmdb) \
- $(use_with python) \
- $(use_with ssl ecdsa) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with xml libxml2) \
- $(use_with zlib) \
- ${myconf}
- # $(use_enable static-libs static) \
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-src_install() {
- emake DESTDIR="${D}" install
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
- docinto misc
- dodoc doc/misc/*
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
- docinto contrib
- dodoc contrib/scripts/{,}
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
- #
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
- insinto /var/bind/pri
- newins "${FILESDIR}"/
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
- newenvd "${FILESDIR}"/10bind.env 10bind
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
- # bug 450406
- dosym named.cache /var/bind/root.cache
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
- dodir /var/log/named
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/ /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/ /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/"
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
- echo; einfo "Setting up the chroot directory..."
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
diff --git a/net-dns/bind/bind-9.12.2_p2.ebuild b/net-dns/bind/bind-9.12.2_p2.ebuild
deleted file mode 100644
index 37870df4e0c..00000000000
--- a/net-dns/bind/bind-9.12.2_p2.ebuild
+++ /dev/null
@@ -1,407 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} )
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-SRC_URI="${MY_P}/?version=tar-gz -> ${P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# )"
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi idn ipv6
-json ldap libidn2 libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-REQUIRED_USE="idn? ( !libidn2 )
- libidn2? ( !idn )
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( !libressl ssl )
- threads? ( caps )
- dnstap? ( threads )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
- ssl? (
- !libressl? ( dev-libs/openssl:0[-bindist] )
- libressl? ( dev-libs/libressl )
- )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( <net-dns/idnkit-2:= )
- libidn2? ( net-dns/libidn2 )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-# bug 479092, requires networking
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-src_prepare() {
- default
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL:
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/ || die
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/ lib/ || die
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-src_configure() {
- local myeconfargs=(
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable fixed-rrset)
- $(use_enable ipv6)
- $(use_enable rpz rpz-nsdname)
- $(use_enable rpz rpz-nsip)
- $(use_enable seccomp)
- # $(use_enable static-libs static)
- $(use_enable threads)
- $(use_with berkdb dlz-bdb)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gost)
- $(use_with gssapi)
- $(use_with idn idnkit)
- $(use_with libidn2)
- $(use_with json libjson)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with python)
- $(use_with ssl ecdsa)
- $(use_with ssl openssl "${EPREFIX}"/usr)
- $(use_with xml libxml2)
- $(use_with zlib)
- )
- if use urandom; then
- myeconfargs+=( --with-randomdev=/dev/urandom )
- else
- myeconfargs+=( --with-randomdev=/dev/random )
- fi
- use geoip && myeconfargs+=( --with-geoip )
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-src_install() {
- emake DESTDIR="${D}" install
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
- docinto misc
- dodoc doc/misc/*
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/*
- docinto contrib
- dodoc contrib/scripts/{,}
- # some handy-dandy dynamic dns examples
- pushd "${ED%/}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
- #
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
- insinto /var/bind/pri
- newins "${FILESDIR}"/
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
- if use gost; then
- -i "${ED%/}/etc/init.d/named" || die
- else
- -i "${ED%/}/etc/init.d/named" || die
- fi
- newenvd "${FILESDIR}"/10bind.env 10bind
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED%/}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${ED%/}"/usr/share/man/man8/nsupdate.8*
- rm -f "${ED%/}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${ED%/}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED%/}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${ED%/}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
- python_replicate_script "${ED%/}/usr/sbin/dnssec-checkds"
- python_replicate_script "${ED%/}/usr/sbin/dnssec-coverage"
- fi
- # bug 450406
- dosym named.cache /var/bind/root.cache
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
- dodir /var/log/named
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/ /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/ /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/"
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
- echo; einfo "Setting up the chroot directory..."
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- mkdir -m 0755 -p ${CHROOT}/usr/$(get_libdir)/engines || die
- if [ "$(get_libdir)" = "lib64" ]; then
- ln -s lib64 ${CHROOT}/usr/lib || die
- fi
- fi
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
- else
- mknod ${CHROOT}/dev/random c 1 8 || die
- chmod 0666 ${CHROOT}/dev/random || die
- fi
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- fi
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
next reply other threads:[~2019-01-23 9:54 UTC|newest]
Thread overview: 349+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-23 9:54 Mikle Kolyada [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-03-23 13:16 [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/ Arthur Zamarin
2025-02-22 8:02 Ulrich Müller
2024-11-12 23:48 Sam James
2024-11-07 16:37 Mike Gilbert
2024-10-28 12:21 Sam James
2024-10-25 22:31 Sam James
2024-10-25 21:47 Sam James
2024-10-25 21:47 Sam James
2024-10-24 11:28 Sam James
2024-10-24 11:27 Sam James
2024-10-18 11:42 Arthur Zamarin
2024-10-18 11:42 Arthur Zamarin
2024-09-12 14:37 Arthur Zamarin
2024-09-05 0:06 Sam James
2024-09-03 6:43 Sam James
2024-09-02 11:16 Jakov Smolić
2024-09-02 8:30 Sam James
2024-09-02 8:30 Sam James
2024-09-02 8:30 Sam James
2024-09-02 8:30 Sam James
2024-09-02 8:30 Sam James
2024-09-02 8:30 Sam James
2024-08-31 7:31 Sam James
2024-08-31 7:10 Sam James
2024-08-31 7:10 Sam James
2024-08-31 7:10 Sam James
2024-08-31 7:10 Sam James
2024-04-30 6:42 Sam James
2024-03-17 9:19 Arthur Zamarin
2024-03-12 21:51 Arthur Zamarin
2024-03-12 21:51 Arthur Zamarin
2024-03-03 0:25 Sam James
2024-02-19 20:22 Sam James
2024-02-18 20:02 Arthur Zamarin
2024-02-18 13:31 Sam James
2024-02-18 10:53 Sam James
2024-02-18 10:48 Sam James
2024-02-18 10:48 Sam James
2024-01-31 16:17 Sam James
2024-01-31 7:21 Joonas Niilola
2024-01-31 7:18 Joonas Niilola
2024-01-30 21:28 Sam James
2023-12-24 11:08 Sam James
2023-12-11 4:33 Arthur Zamarin
2023-12-11 4:33 Arthur Zamarin
2023-09-26 23:46 Sam James
2023-09-18 20:40 Arthur Zamarin
2023-09-13 16:48 Sam James
2023-08-14 8:46 Sam James
2023-06-17 21:03 Sam James
2023-06-17 16:07 Sam James
2023-06-17 9:03 Arthur Zamarin
2023-06-17 8:29 Arthur Zamarin
2023-05-20 6:56 Sam James
2023-05-01 13:36 Sam James
2023-04-07 11:56 Sam James
2023-03-31 11:43 Arthur Zamarin
2023-03-13 19:16 Arthur Zamarin
2023-03-05 13:35 Arthur Zamarin
2023-02-26 19:17 Arthur Zamarin
2023-02-26 19:17 Arthur Zamarin
2023-02-26 19:16 Arthur Zamarin
2023-02-16 5:43 Sam James
2023-02-16 5:33 Sam James
2023-02-15 9:57 Sam James
2023-02-03 18:38 Sam James
2023-02-01 11:33 Arthur Zamarin
2023-01-28 8:09 Sam James
2023-01-21 19:22 Arthur Zamarin
2023-01-19 17:18 Sam James
2023-01-19 17:18 Sam James
2022-12-22 1:39 Sam James
2022-09-28 6:55 Agostino Sarubbo
2022-09-27 7:10 Agostino Sarubbo
2022-09-27 7:07 Agostino Sarubbo
2022-09-27 7:06 Agostino Sarubbo
2022-09-25 19:18 Arthur Zamarin
2022-09-25 18:31 Arthur Zamarin
2022-09-23 5:41 Sam James
2022-08-18 3:10 Sam James
2022-07-21 1:14 Sam James
2022-07-19 9:00 Agostino Sarubbo
2022-07-19 8:59 Agostino Sarubbo
2022-07-19 8:58 Agostino Sarubbo
2022-07-19 8:57 Agostino Sarubbo
2022-07-19 8:57 Agostino Sarubbo
2022-07-19 8:56 Agostino Sarubbo
2022-06-16 17:45 Sam James
2022-05-31 3:20 Sam James
2022-04-10 8:51 David Seifert
2022-03-23 0:45 Sam James
2022-03-19 19:21 Agostino Sarubbo
2022-03-19 7:53 Agostino Sarubbo
2022-03-18 12:08 Arthur Zamarin
2022-03-18 10:44 Agostino Sarubbo
2022-03-18 10:30 Arthur Zamarin
2022-03-18 9:00 Arthur Zamarin
2022-03-16 18:14 Sam James
2022-01-25 22:58 Patrick McLean
2021-11-10 7:05 Agostino Sarubbo
2021-11-10 5:46 Sam James
2021-11-10 5:40 Sam James
2021-11-09 21:36 Sam James
2021-11-08 19:32 Sam James
2021-11-08 19:32 Sam James
2021-11-08 10:10 Agostino Sarubbo
2021-11-08 10:01 Jakov Smolić
2021-11-08 6:22 Sam James
2021-10-28 2:01 Sam James
2021-09-16 17:31 Mikle Kolyada
2021-08-08 19:46 Marek Szuba
2021-07-30 22:55 David Seifert
2021-07-18 20:15 Mikle Kolyada
2021-06-03 19:15 Sam James
2021-05-29 14:19 Mikle Kolyada
2021-05-12 19:04 Mikle Kolyada
2021-05-12 19:04 Mikle Kolyada
2021-05-12 19:04 Mikle Kolyada
2021-05-02 18:17 Mikle Kolyada
2021-03-18 10:01 Mikle Kolyada
2021-02-23 15:42 Mikle Kolyada
2021-02-23 15:42 Mikle Kolyada
2021-02-22 23:41 Mikle Kolyada
2021-01-26 10:03 Mikle Kolyada
2021-01-20 15:43 Mikle Kolyada
2021-01-20 15:43 Mikle Kolyada
2021-01-20 15:43 Mikle Kolyada
2021-01-20 15:32 Mikle Kolyada
2020-10-30 17:29 Mikle Kolyada
2020-10-29 19:44 Mikle Kolyada
2020-10-14 19:20 Sam James
2020-10-14 19:20 Sam James
2020-10-14 17:56 Patrick McLean
2020-09-30 21:49 Robin H. Johnson
2020-09-29 20:26 Robin H. Johnson
2020-08-29 10:19 Mikle Kolyada
2020-08-29 8:30 Mikle Kolyada
2020-08-25 19:56 Sam James
2020-08-25 19:41 Sam James
2020-08-25 12:17 Sam James
2020-08-25 10:30 Sam James
2020-08-24 23:56 Sam James
2020-08-24 19:35 Jonas Stein
2020-08-24 17:28 Sam James
2020-08-21 18:56 Patrick McLean
2020-08-02 15:33 Jeroen Roovers
2020-07-31 16:19 Mikle Kolyada
2020-07-31 16:11 Mikle Kolyada
2020-07-23 11:11 Kent Fredric
2020-07-18 22:28 Sam James
2020-07-18 13:31 Sam James
2020-07-18 1:14 Sam James
2020-07-17 20:00 Sam James
2020-07-17 12:45 Sam James
2020-07-17 10:42 Sam James
2020-07-17 10:42 Sam James
2020-07-12 15:45 Mikle Kolyada
2020-07-12 15:40 Mikle Kolyada
2020-06-29 18:10 Mikle Kolyada
2020-06-20 8:01 Mikle Kolyada
2020-06-20 7:55 Mikle Kolyada
2020-06-20 7:55 Mikle Kolyada
2020-06-20 7:55 Mikle Kolyada
2020-06-14 20:19 Sergei Trofimovich
2020-06-09 20:06 Michał Górny
2020-06-05 16:10 Sergei Trofimovich
2020-05-20 12:43 Mikle Kolyada
2020-05-20 12:29 Mikle Kolyada
2020-05-05 6:21 Robin H. Johnson
2020-03-22 14:04 Mikle Kolyada
2020-03-22 13:53 Mikle Kolyada
2020-03-22 13:51 Mikle Kolyada
2020-02-23 12:46 Mikle Kolyada
2020-02-23 12:34 Mikle Kolyada
2020-01-27 19:12 Mikle Kolyada
2020-01-09 15:38 Mikle Kolyada
2020-01-01 18:00 Ben Kohler
2019-11-27 9:14 Mikle Kolyada
2019-11-24 14:24 Mikle Kolyada
2019-11-24 14:23 Mikle Kolyada
2019-11-24 13:56 Mikle Kolyada
2019-11-22 16:09 Mikle Kolyada
2019-11-22 15:58 Mikle Kolyada
2019-10-20 8:34 Mikle Kolyada
2019-10-20 8:32 Mikle Kolyada
2019-10-20 8:30 Mikle Kolyada
2019-10-20 8:22 Mikle Kolyada
2019-10-20 8:18 Mikle Kolyada
2019-09-27 18:00 Mikle Kolyada
2019-09-27 18:00 Mikle Kolyada
2019-09-21 15:00 Mikle Kolyada
2019-09-21 14:49 Mikle Kolyada
2019-09-21 14:36 Mikle Kolyada
2019-09-01 11:18 Mikle Kolyada
2019-09-01 11:15 Mikle Kolyada
2019-09-01 7:36 Mikle Kolyada
2019-08-23 11:31 Mikle Kolyada
2019-08-18 22:33 Mikle Kolyada
2019-08-07 9:36 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-07 9:24 Mikle Kolyada
2019-08-05 23:25 Aaron Bauman
2019-08-05 11:20 Mikle Kolyada
2019-08-05 11:20 Mikle Kolyada
2019-08-05 11:20 Mikle Kolyada
2019-04-09 12:52 Mikle Kolyada
2019-04-09 12:50 Mikle Kolyada
2019-04-09 12:50 Mikle Kolyada
2019-04-08 22:07 Sergei Trofimovich
2019-04-08 18:27 Markus Meier
2019-04-07 21:16 Sergei Trofimovich
2019-04-07 8:59 Mikle Kolyada
2019-04-04 20:53 Mikle Kolyada
2019-02-25 14:33 Christian Ruppert
2019-02-25 14:33 Christian Ruppert
2019-02-18 17:31 Brian Evans
2019-02-17 8:56 Mikle Kolyada
2019-02-17 8:56 Mikle Kolyada
2019-01-30 18:51 Markus Meier
2019-01-26 8:51 Sergei Trofimovich
2019-01-25 9:59 Mikle Kolyada
2019-01-24 21:43 Sergei Trofimovich
2019-01-24 10:25 Christian Ruppert
2019-01-23 21:12 Sergei Trofimovich
2019-01-23 21:01 Sergei Trofimovich
2019-01-12 23:26 Sergei Trofimovich
2019-01-12 23:23 Sergei Trofimovich
2019-01-05 22:34 Sergei Trofimovich
2018-12-23 3:25 Matt Turner
2018-12-18 21:07 Markus Meier
2018-12-14 22:22 Sergei Trofimovich
2018-12-13 14:26 Mikle Kolyada
2018-12-13 13:19 Thomas Deutschmann
2018-11-07 14:28 Craig Andrews
2018-09-25 14:25 Lars Wendler
2018-08-20 9:56 Christian Ruppert
2018-07-16 11:54 Christian Ruppert
2018-05-28 7:03 Christian Ruppert
2018-05-22 7:34 Christian Ruppert
2018-05-08 6:24 Sergei Trofimovich
2018-03-24 0:27 Aaron Bauman
2018-03-12 1:56 Matt Turner
2018-03-04 16:23 Tobias Klausmann
2018-02-05 22:03 Sergei Trofimovich
2018-02-05 21:27 Markus Meier
2018-01-28 22:59 Sergei Trofimovich
2018-01-28 22:29 Sergei Trofimovich
2018-01-26 18:21 Thomas Deutschmann
2018-01-24 22:48 Agostino Sarubbo
2018-01-22 16:33 Christian Ruppert
2017-12-19 21:45 Thomas Deutschmann
2017-10-24 6:10 Sergei Trofimovich
2017-09-26 22:21 Sergei Trofimovich
2017-09-25 21:36 Sergei Trofimovich
2017-09-25 21:14 Sergei Trofimovich
2017-09-21 8:50 Sergei Trofimovich
2017-09-11 21:02 Thomas Deutschmann
2017-09-05 4:40 Markus Meier
2017-08-31 15:18 Matt Turner
2017-08-26 9:53 Sergei Trofimovich
2017-08-25 21:27 Mikle Kolyada
2017-07-10 9:11 Christian Ruppert
2017-07-10 9:11 Christian Ruppert
2017-07-06 5:02 Markus Meier
2017-06-30 7:38 Sergei Trofimovich
2017-06-26 9:03 Christian Ruppert
2017-06-25 16:32 Agostino Sarubbo
2017-06-19 12:05 Christian Ruppert
2017-06-19 12:05 Christian Ruppert
2017-06-10 15:10 Agostino Sarubbo
2017-05-29 16:33 Pacho Ramos
2017-05-22 14:24 Tobias Klausmann
2017-05-22 13:55 Tobias Klausmann
2017-05-22 11:40 Agostino Sarubbo
2017-05-17 12:18 Michael Weber
2017-05-17 8:47 Michael Weber
2017-05-17 5:07 Markus Meier
2017-05-17 5:07 Markus Meier
2017-05-16 13:05 Agostino Sarubbo
2017-05-16 7:44 Agostino Sarubbo
2017-05-09 7:25 Christian Ruppert
2017-05-09 7:25 Christian Ruppert
2017-02-20 14:03 Michael Weber
2017-02-18 14:44 Agostino Sarubbo
2017-02-15 17:54 Markus Meier
2017-02-15 13:49 Tobias Klausmann
2017-02-14 15:39 Agostino Sarubbo
2017-02-14 14:52 Agostino Sarubbo
2017-02-13 19:04 Christian Ruppert
2017-01-16 10:15 Agostino Sarubbo
2017-01-15 22:10 Tobias Klausmann
2017-01-13 17:06 Agostino Sarubbo
2017-01-12 16:00 Christian Ruppert
2017-01-12 16:00 Christian Ruppert
2017-01-12 16:00 Christian Ruppert
2017-01-09 13:43 Jeroen Roovers
2016-12-19 15:12 Agostino Sarubbo
2016-12-19 14:35 Agostino Sarubbo
2016-12-02 14:21 Tobias Klausmann
2016-11-30 19:36 Markus Meier
2016-11-29 10:43 Agostino Sarubbo
2016-11-29 10:41 Agostino Sarubbo
2016-11-20 13:45 Agostino Sarubbo
2016-11-05 12:06 Christian Ruppert
2016-10-03 13:38 Richard Freeman
2016-09-30 14:53 Jeroen Roovers
2016-09-29 13:14 Agostino Sarubbo
2016-09-29 11:37 Tobias Klausmann
2016-09-28 19:12 Christian Ruppert
2016-07-20 18:00 Christian Ruppert
2016-07-20 18:00 Christian Ruppert
2016-07-20 18:00 Christian Ruppert
2016-05-02 3:33 Matt Turner
2016-04-19 15:34 Markus Meier
2016-04-11 12:26 Jeroen Roovers
2016-04-11 10:39 Agostino Sarubbo
2016-04-11 10:21 Agostino Sarubbo
2016-03-10 21:09 Christian Ruppert
2016-01-20 18:56 Christian Ruppert
2016-01-17 17:24 Agostino Sarubbo
2016-01-11 9:56 Agostino Sarubbo
2016-01-10 11:22 Agostino Sarubbo
2016-01-09 7:10 Agostino Sarubbo
2016-01-07 20:22 Markus Meier
2016-01-07 17:19 Andreas Schuerch
2016-01-02 14:21 Richard Freeman
2016-01-02 7:25 Jeroen Roovers
2015-12-27 19:39 Christian Ruppert
2015-10-17 12:18 Christian Ruppert
2015-10-06 13:15 Mikle Kolyada
2015-09-25 14:29 Agostino Sarubbo
2015-09-25 6:01 Markus Meier
2015-09-24 7:59 Agostino Sarubbo
2015-09-22 8:57 Agostino Sarubbo
2015-09-11 17:23 Richard Freeman
2015-09-11 11:54 Tobias Klausmann
2015-09-11 6:10 Jeroen Roovers
2015-09-09 20:08 Christian Ruppert
2015-09-09 20:08 Christian Ruppert
2015-09-06 8:32 Agostino Sarubbo
2015-08-26 7:28 Agostino Sarubbo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548237239.f1e9f56e179d4d622710affe07f35a1a5537c7a6.zlogene@gentoo \ \ \ \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox