* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2015-10-04 8:29 Pacho Ramos
0 siblings, 0 replies; 16+ messages in thread
From: Pacho Ramos @ 2015-10-04 8:29 UTC (permalink / raw
To: gentoo-commits
commit: 7f2d82c0ec3bea388511cf190c7426fa2815ea89
Author: Pacho Ramos <pacho <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 4 08:28:58 2015 +0000
Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org>
CommitDate: Sun Oct 4 08:28:58 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f2d82c0
net-dns/bind: Install missing tmpfiles.d file (#559118 by Alexey Sychev)
Package-Manager: portage-2.2.22
net-dns/bind/bind-9.10.2_p4-r1.ebuild | 408 ++++++++++++++++++++++++++++++++++
net-dns/bind/files/named.conf | 1 +
2 files changed, 409 insertions(+)
diff --git a/net-dns/bind/bind-9.10.2_p4-r1.ebuild b/net-dns/bind/bind-9.10.2_p4-r1.ebuild
new file mode 100644
index 0000000..68ccb97
--- /dev/null
+++ b/net-dns/bind/bind-9.10.2_p4-r1.ebuild
@@ -0,0 +1,408 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
+
+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+NSLINT_DIR="contrib/nslint-3.0a2/"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
+# sdb-ldap? (
+# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
+# )"
+
+LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="berkdb +caps dlz doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
+json ldap mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
++threads urandom xml"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="postgres? ( dlz )
+ berkdb? ( dlz )
+ mysql? ( dlz !threads )
+ odbc? ( dlz )
+ ldap? ( dlz )
+ gost? ( ssl )
+ threads? ( caps )"
+# sdb-ldap? ( dlz )
+
+DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )
+ mysql? ( >=virtual/mysql-4.0 )
+ odbc? ( >=dev-db/unixODBC-2.2.6 )
+ ldap? ( net-nds/openldap )
+ idn? ( net-dns/idnkit )
+ postgres? ( dev-db/postgresql:= )
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ xml? ( dev-libs/libxml2 )
+ geoip? ( >=dev-libs/geoip-1.4.6 )
+ gssapi? ( virtual/krb5 )
+ gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
+ seccomp? ( sys-libs/libseccomp )
+ json? ( dev-libs/json-c )"
+# sdb-ldap? ( net-nds/openldap )
+
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+pkg_setup() {
+ ebegin "Creating named group and user"
+ enewgroup named 40
+ enewuser named 40 -1 /etc/bind named
+ eend ${?}
+}
+
+src_prepare() {
+ # Adjusting PATHs in manpages
+ for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
+ sed -i \
+ -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
+ -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
+ -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
+ "${i}" || die "sed failed, ${i} doesn't exist"
+ done
+
+# if use dlz; then
+# # sdb-ldap patch as per bug #160567
+# # Upstream URL: http://bind9-ldap.bayour.com/
+# # New patch take from bug 302735
+# if use sdb-ldap; then
+# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
+# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
+# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
+# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
+# fi
+# fi
+
+ # should be installed by bind-tools
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+ # Disable tests for now, bug 406399
+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+ if use nslint; then
+ sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
+ fi
+
+ # bug #220361
+ rm aclocal.m4
+ rm -rf libtool.m4/
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+
+ if use urandom; then
+ myconf="${myconf} --with-randomdev=/dev/urandom"
+ else
+ myconf="${myconf} --with-randomdev=/dev/random"
+ fi
+
+ use geoip && myconf="${myconf} --with-geoip"
+
+ # bug #158664
+# gcc-specs-ssp && replace-flags -O[23s] -O
+
+ # To include db.h from proper path
+ use berkdb && append-flags "-I$(db_includedir)"
+
+ export BUILD_CC=$(tc-getBUILD_CC)
+ econf \
+ --sysconfdir=/etc/bind \
+ --localstatedir=/var \
+ --with-libtool \
+ --enable-full-report \
+ $(use_enable threads) \
+ $(use_with dlz dlopen) \
+ $(use_with dlz dlz-filesystem) \
+ $(use_with dlz dlz-stub) \
+ $(use_with postgres dlz-postgres) \
+ $(use_with mysql dlz-mysql) \
+ $(use_with berkdb dlz-bdb) \
+ $(use_with ldap dlz-ldap) \
+ $(use_with odbc dlz-odbc) \
+ $(use_with ssl openssl "${EPREFIX}"/usr) \
+ $(use_with ssl ecdsa) \
+ $(use_with idn) \
+ $(use_enable ipv6) \
+ $(use_with xml libxml2) \
+ $(use_with gssapi) \
+ $(use_enable rpz rpz-nsip) \
+ $(use_enable rpz rpz-nsdname) \
+ $(use_enable caps linux-caps) \
+ $(use_with gost) \
+ $(use_enable filter-aaaa) \
+ $(use_enable fixed-rrset) \
+ $(use_with python) \
+ $(use_enable seccomp) \
+ $(use_with json libjson) \
+ --without-readline \
+ ${myconf}
+
+ # $(use_enable static-libs static) \
+
+ # bug #151839
+ echo '#undef SO_BSDCOMPAT' >> config.h
+
+ if use nslint; then
+ cd $NSLINT_DIR
+ econf
+ fi
+}
+
+src_compile() {
+ emake
+
+ if use nslint; then
+ emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ if use nslint; then
+ cd $NSLINT_DIR
+ dobin nslint
+ doman nslint.8
+ cd "${S}"
+ fi
+
+ dodoc CHANGES FAQ README
+
+ if use idn; then
+ dodoc contrib/idn/README.idnkit
+ fi
+
+ if use doc; then
+ dodoc doc/arm/Bv9ARM.pdf
+
+ docinto misc
+ dodoc doc/misc/*
+
+ # might a 'html' useflag make sense?
+ docinto html
+ dohtml -r doc/arm/*
+
+ docinto contrib
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+ # some handy-dandy dynamic dns examples
+ pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+ popd 1>/dev/null
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+
+ # ftp://ftp.rs.internic.net/domain/named.cache:
+ insinto /var/bind
+ doins "${FILESDIR}"/named.cache
+
+ insinto /var/bind/pri
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+ newinitd "${FILESDIR}"/named.init-r13 named
+ newconfd "${FILESDIR}"/named.confd-r7 named
+
+ if use gost; then
+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
+ else
+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
+ fi
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools
+ rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
+ rm -f "${D}"/usr/share/man/man8/nsupdate.8*
+ rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
+ rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
+ for tool in dsfromkey importkey keyfromlabel keygen \
+ revoke settime signzone verify; do
+ rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
+ rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
+ done
+
+ # bug 405251, library archives aren't properly handled by --enable/disable-static
+ if ! use static-libs; then
+ find "${D}" -type f -name '*.a' -delete || die
+ fi
+
+ # bug 405251
+ find "${D}" -type f -name '*.la' -delete || die
+
+ if use python; then
+ install_python_tools() {
+ dosbin bin/python/dnssec-{checkds,coverage}
+ }
+ python_foreach_impl install_python_tools
+
+ python_replicate_script "${D}usr/sbin/dnssec-checkds"
+ python_replicate_script "${D}usr/sbin/dnssec-coverage"
+ fi
+
+ # bug 450406
+ dosym named.cache /var/bind/root.cache
+
+ dosym /var/bind/pri /etc/bind/pri
+ dosym /var/bind/sec /etc/bind/sec
+ dosym /var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn}
+
+ dodir /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ systemd_dotmpfilesd "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+ if [ ! -f '/etc/bind/rndc.key' ]; then
+ if use urandom; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -r /dev/urandom -a
+ echo
+ else
+ einfo "Using /dev/random for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ echo
+ fi
+ chown root:named /etc/bind/rndc.key
+ chmod 0640 /etc/bind/rndc.key
+ fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT}
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
+ mkdir -m 0750 -p ${CHROOT}/etc/bind
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
+ # As of bind 9.8.0
+ if has_version net-dns/bind[gost]; then
+ if [ "$(get_libdir)" = "lib64" ]; then
+ mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
+ ln -s lib64 ${CHROOT}/usr/lib
+ else
+ mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
+ fi
+ fi
+ chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
+
+ mknod ${CHROOT}/dev/null c 1 3
+ chmod 0666 ${CHROOT}/dev/null
+
+ mknod ${CHROOT}/dev/zero c 1 5
+ chmod 0666 ${CHROOT}/dev/zero
+
+ if use urandom; then
+ mknod ${CHROOT}/dev/urandom c 1 9
+ chmod 0666 ${CHROOT}/dev/urandom
+ else
+ mknod ${CHROOT}/dev/random c 1 8
+ chmod 0666 ${CHROOT}/dev/random
+ fi
+
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+ cp -a /etc/bind ${CHROOT}/etc/
+ cp -a /var/bind ${CHROOT}/var/
+ fi
+
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}
diff --git a/net-dns/bind/files/named.conf b/net-dns/bind/files/named.conf
new file mode 100644
index 0000000..1cfc82d
--- /dev/null
+++ b/net-dns/bind/files/named.conf
@@ -0,0 +1 @@
+d /run/named 0750 named named -
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2015-10-17 12:18 Christian Ruppert
0 siblings, 0 replies; 16+ messages in thread
From: Christian Ruppert @ 2015-10-17 12:18 UTC (permalink / raw
To: gentoo-commits
commit: 27a6674499336a5b717ee0b9d2622176a43acc5b
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 17 12:13:39 2015 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Sat Oct 17 12:18:04 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27a66744
net-dns/bind: Version bump, also fixes bug 559862
Package-Manager: portage-2.2.23
net-dns/bind/Manifest | 1 +
net-dns/bind/bind-9.10.3.ebuild | 410 ++++++++++++++++++++++++++++++++++++++
net-dns/bind/files/named.cache-r1 | 90 +++++++++
net-dns/bind/metadata.xml | 2 +
4 files changed, 503 insertions(+)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index fa6c181..887070d 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,4 @@
DIST bind-9.10.2-P3.tar.gz 8469831 SHA256 78079a66dda455ffecfe93ef72d1ffc947f17b1c453d55ec06b860b49a5e1d4a SHA512 cf33c3f83ab7c46f5919c16719870310f9e82237df4ed7ba4f7eb76ddae14b9644bd67dbb6c46e75650f59185aee391d3ac6fee45b2edb88473f9dbc578bb016 WHIRLPOOL ff7e1c827bfb62e229b8d93c299ff0647614f8403ba84cd3ebdbcafd51d37fdfcee7afd3feaf73036dfc46904b9b506b1da7c7e8ae73e167fe6f1f0246dc6163
DIST bind-9.10.2-P4.tar.gz 8471531 SHA256 c00b21ec1def212957f28efe9d10aac52d6ec515e84fbf2c42143f5d71429cb8 SHA512 71dd211167c46ada768389f818b114c9e101132544510df0fde7b83ccbe6ef4d7313a3a254f11efe1ccea43a35f74785de4757c9f6044320174f5a69d39cdd5c WHIRLPOOL 0e179fb597c906c05d820969b8a005511aac177c968ffb10d34c1eda132c6caf9aa6fe8348a16e6ce55317784e44645a5295ccdb2aa740ac5960d6bd85dca7db
+DIST bind-9.10.3.tar.gz 8552545 SHA256 9ac33bd8754ab4b6ee449b1b2aa88e09f51cda088486f4ab1585acd920b98ff0 SHA512 4dd6b298496cb451d8ccc0c1360f7bcfcd4f3180097c7fe4af33bffb8f8d38808e56bcc008d009deb5c8f1e612a2c6c00154b822df94a709195a3abf63e98f99 WHIRLPOOL 0562f3fb4fd0ca9b487f84a67321c1ccf4d05ca13272de740db9ccbda7bb50bea9d23f4d6732bf9b9dabbfaeef03e87b47a7eb7f36bf84c92aee2e87a76ea859
DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2
diff --git a/net-dns/bind/bind-9.10.3.ebuild b/net-dns/bind/bind-9.10.3.ebuild
new file mode 100644
index 0000000..f1956d5
--- /dev/null
+++ b/net-dns/bind/bind-9.10.3.ebuild
@@ -0,0 +1,410 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
+
+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+NSLINT_DIR="contrib/nslint-3.0a2/"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
+# sdb-ldap? (
+# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
+# )"
+
+LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="berkdb +caps dlz doc fetchlimit filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
+json ldap mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs
++threads urandom xml"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="postgres? ( dlz )
+ berkdb? ( dlz )
+ mysql? ( dlz !threads )
+ odbc? ( dlz )
+ ldap? ( dlz )
+ gost? ( ssl )
+ threads? ( caps )"
+# sdb-ldap? ( dlz )
+
+DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )
+ mysql? ( >=virtual/mysql-4.0 )
+ odbc? ( >=dev-db/unixODBC-2.2.6 )
+ ldap? ( net-nds/openldap )
+ idn? ( net-dns/idnkit )
+ postgres? ( dev-db/postgresql:= )
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ xml? ( dev-libs/libxml2 )
+ geoip? ( >=dev-libs/geoip-1.4.6 )
+ gssapi? ( virtual/krb5 )
+ gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
+ seccomp? ( sys-libs/libseccomp )
+ json? ( dev-libs/json-c )"
+# sdb-ldap? ( net-nds/openldap )
+
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+pkg_setup() {
+ ebegin "Creating named group and user"
+ enewgroup named 40
+ enewuser named 40 -1 /etc/bind named
+ eend ${?}
+}
+
+src_prepare() {
+ # Adjusting PATHs in manpages
+ for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
+ sed -i \
+ -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
+ -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
+ -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
+ "${i}" || die "sed failed, ${i} doesn't exist"
+ done
+
+# if use dlz; then
+# # sdb-ldap patch as per bug #160567
+# # Upstream URL: http://bind9-ldap.bayour.com/
+# # New patch take from bug 302735
+# if use sdb-ldap; then
+# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
+# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
+# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
+# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
+# fi
+# fi
+
+ # should be installed by bind-tools
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+ # Disable tests for now, bug 406399
+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+ if use nslint; then
+ sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
+ fi
+
+ # bug #220361
+ rm aclocal.m4
+ rm -rf libtool.m4/
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+
+ if use urandom; then
+ myconf="${myconf} --with-randomdev=/dev/urandom"
+ else
+ myconf="${myconf} --with-randomdev=/dev/random"
+ fi
+
+ use geoip && myconf="${myconf} --with-geoip"
+
+ # bug #158664
+# gcc-specs-ssp && replace-flags -O[23s] -O
+
+ # To include db.h from proper path
+ use berkdb && append-flags "-I$(db_includedir)"
+
+ export BUILD_CC=$(tc-getBUILD_CC)
+ econf \
+ --sysconfdir=/etc/bind \
+ --localstatedir=/var \
+ --with-libtool \
+ --enable-full-report \
+ --without-readline \
+ $(use_enable caps linux-caps) \
+ $(use_enable fetchlimit) \
+ $(use_enable filter-aaaa) \
+ $(use_enable fixed-rrset) \
+ $(use_enable ipv6) \
+ $(use_enable rpz rpz-nsdname) \
+ $(use_enable rpz rpz-nsip) \
+ $(use_enable seccomp) \
+ $(use_enable sit) \
+ $(use_enable threads) \
+ $(use_with berkdb dlz-bdb) \
+ $(use_with dlz dlopen) \
+ $(use_with dlz dlz-filesystem) \
+ $(use_with dlz dlz-stub) \
+ $(use_with gost) \
+ $(use_with gssapi) \
+ $(use_with idn) \
+ $(use_with json libjson) \
+ $(use_with ldap dlz-ldap) \
+ $(use_with mysql dlz-mysql) \
+ $(use_with odbc dlz-odbc) \
+ $(use_with postgres dlz-postgres) \
+ $(use_with python) \
+ $(use_with ssl ecdsa) \
+ $(use_with ssl openssl "${EPREFIX}"/usr) \
+ $(use_with xml libxml2) \
+ ${myconf}
+
+ # $(use_enable static-libs static) \
+
+ # bug #151839
+ echo '#undef SO_BSDCOMPAT' >> config.h
+
+ if use nslint; then
+ cd $NSLINT_DIR
+ econf
+ fi
+}
+
+src_compile() {
+ emake
+
+ if use nslint; then
+ emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ if use nslint; then
+ cd $NSLINT_DIR
+ dobin nslint
+ doman nslint.8
+ cd "${S}"
+ fi
+
+ dodoc CHANGES FAQ README
+
+ if use idn; then
+ dodoc contrib/idn/README.idnkit
+ fi
+
+ if use doc; then
+ dodoc doc/arm/Bv9ARM.pdf
+
+ docinto misc
+ dodoc doc/misc/*
+
+ # might a 'html' useflag make sense?
+ docinto html
+ dohtml -r doc/arm/*
+
+ docinto contrib
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+ # some handy-dandy dynamic dns examples
+ pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+ popd 1>/dev/null
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+
+ # ftp://ftp.rs.internic.net/domain/named.cache:
+ insinto /var/bind
+ newins "${FILESDIR}"/named.cache-r1 named.cache
+
+ insinto /var/bind/pri
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+ newinitd "${FILESDIR}"/named.init-r13 named
+ newconfd "${FILESDIR}"/named.confd-r7 named
+
+ if use gost; then
+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
+ else
+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
+ fi
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools
+ rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
+ rm -f "${D}"/usr/share/man/man8/nsupdate.8*
+ rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
+ rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
+ for tool in dsfromkey importkey keyfromlabel keygen \
+ revoke settime signzone verify; do
+ rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
+ rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
+ done
+
+ # bug 405251, library archives aren't properly handled by --enable/disable-static
+ if ! use static-libs; then
+ find "${D}" -type f -name '*.a' -delete || die
+ fi
+
+ # bug 405251
+ find "${D}" -type f -name '*.la' -delete || die
+
+ if use python; then
+ install_python_tools() {
+ dosbin bin/python/dnssec-{checkds,coverage}
+ }
+ python_foreach_impl install_python_tools
+
+ python_replicate_script "${D}usr/sbin/dnssec-checkds"
+ python_replicate_script "${D}usr/sbin/dnssec-coverage"
+ fi
+
+ # bug 450406
+ dosym named.cache /var/bind/root.cache
+
+ dosym /var/bind/pri /etc/bind/pri
+ dosym /var/bind/sec /etc/bind/sec
+ dosym /var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn}
+
+ dodir /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ systemd_dotmpfilesd "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+ if [ ! -f '/etc/bind/rndc.key' ]; then
+ if use urandom; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -r /dev/urandom -a
+ echo
+ else
+ einfo "Using /dev/random for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ echo
+ fi
+ chown root:named /etc/bind/rndc.key
+ chmod 0640 /etc/bind/rndc.key
+ fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT}
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
+ mkdir -m 0750 -p ${CHROOT}/etc/bind
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
+ # As of bind 9.8.0
+ if has_version net-dns/bind[gost]; then
+ if [ "$(get_libdir)" = "lib64" ]; then
+ mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
+ ln -s lib64 ${CHROOT}/usr/lib
+ else
+ mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
+ fi
+ fi
+ chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
+
+ mknod ${CHROOT}/dev/null c 1 3
+ chmod 0666 ${CHROOT}/dev/null
+
+ mknod ${CHROOT}/dev/zero c 1 5
+ chmod 0666 ${CHROOT}/dev/zero
+
+ if use urandom; then
+ mknod ${CHROOT}/dev/urandom c 1 9
+ chmod 0666 ${CHROOT}/dev/urandom
+ else
+ mknod ${CHROOT}/dev/random c 1 8
+ chmod 0666 ${CHROOT}/dev/random
+ fi
+
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+ cp -a /etc/bind ${CHROOT}/etc/
+ cp -a /var/bind ${CHROOT}/var/
+ fi
+
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}
diff --git a/net-dns/bind/files/named.cache-r1 b/net-dns/bind/files/named.cache-r1
new file mode 100644
index 0000000..c9d3ccc
--- /dev/null
+++ b/net-dns/bind/files/named.cache-r1
@@ -0,0 +1,90 @@
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: May 23, 2015
+; related version of root zone: 2015052300
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file
diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml
index 9fd3987..20a645e 100644
--- a/net-dns/bind/metadata.xml
+++ b/net-dns/bind/metadata.xml
@@ -8,6 +8,7 @@
<longdescription>ISC's bind dns server, used the world 'round.</longdescription>
<use>
<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
+ <flag name="fetchlimit">Recursive fetch limits for DoS attack mitigation</flag>
<flag name="filter-aaaa">Enable filtering of AAAA records over IPv4</flag>
<flag name="fixed-rrset">Enables fixed rrset-order option</flag>
<flag name="gost">Enables gost OpenSSL engine support</flag>
@@ -15,6 +16,7 @@
<flag name="json">Enable JSON statistics channel</flag>
<flag name="nslint">Build and install the nslint util</flag>
<flag name="rpz">Enable response policy rewriting (rpz)</flag>
+ <flag name="sit">Source Identity Token support (sit)</flag>
<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
</use>
</pkgmetadata>
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2015-12-27 19:39 Christian Ruppert
0 siblings, 0 replies; 16+ messages in thread
From: Christian Ruppert @ 2015-12-27 19:39 UTC (permalink / raw
To: gentoo-commits
commit: a32f595328efc2f1a00cd765eb1a7162424f4157
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 27 19:32:04 2015 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Sun Dec 27 19:32:04 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a32f5953
net-dns/bind: Version bump. Fixes bug 563362, bug 567438 and bug 568982
Package-Manager: portage-2.2.26
net-dns/bind/Manifest | 2 +-
.../{bind-9.10.3.ebuild => bind-9.10.3_p2.ebuild} | 14 ++-
net-dns/bind/files/bind-9.10.3_p2-libressl.patch | 110 +++++++++++++++++++++
net-dns/bind/files/named.cache-r2 | 90 +++++++++++++++++
4 files changed, 211 insertions(+), 5 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 92f5978..8ce5420 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,3 @@
DIST bind-9.10.2-P4.tar.gz 8471531 SHA256 c00b21ec1def212957f28efe9d10aac52d6ec515e84fbf2c42143f5d71429cb8 SHA512 71dd211167c46ada768389f818b114c9e101132544510df0fde7b83ccbe6ef4d7313a3a254f11efe1ccea43a35f74785de4757c9f6044320174f5a69d39cdd5c WHIRLPOOL 0e179fb597c906c05d820969b8a005511aac177c968ffb10d34c1eda132c6caf9aa6fe8348a16e6ce55317784e44645a5295ccdb2aa740ac5960d6bd85dca7db
-DIST bind-9.10.3.tar.gz 8552545 SHA256 9ac33bd8754ab4b6ee449b1b2aa88e09f51cda088486f4ab1585acd920b98ff0 SHA512 4dd6b298496cb451d8ccc0c1360f7bcfcd4f3180097c7fe4af33bffb8f8d38808e56bcc008d009deb5c8f1e612a2c6c00154b822df94a709195a3abf63e98f99 WHIRLPOOL 0562f3fb4fd0ca9b487f84a67321c1ccf4d05ca13272de740db9ccbda7bb50bea9d23f4d6732bf9b9dabbfaeef03e87b47a7eb7f36bf84c92aee2e87a76ea859
+DIST bind-9.10.3-P2.tar.gz 8523719 SHA256 4a6c1911ac0d4b6be635b63de3429b6c168ea244043f12bbc8a4eb3368fd6ecd SHA512 21905cdff464f9ff275b87744433970d4a80faa6d9245c66c092421a45e89e438bd78f3bfe0d795964312f072c936e44eb6867b72decbba86821619180ced210 WHIRLPOOL 7bc4038a746e5b5c4166fb0d7a57985be9defef4c4c494492312671b81853f506c3216fcd94df993f6f1088d4c36c838d40d85fedbe8eee1b4265c5e2caecaa6
DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2
diff --git a/net-dns/bind/bind-9.10.3.ebuild b/net-dns/bind/bind-9.10.3_p2.ebuild
similarity index 97%
rename from net-dns/bind/bind-9.10.3.ebuild
rename to net-dns/bind/bind-9.10.3_p2.ebuild
index f1956d5..3b45baa 100644
--- a/net-dns/bind/bind-9.10.3.ebuild
+++ b/net-dns/bind/bind-9.10.3_p2.ebuild
@@ -41,7 +41,7 @@ LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="berkdb +caps dlz doc fetchlimit filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs
+json ldap libressl mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs
+threads urandom xml"
# sdb-ldap - patch broken
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
@@ -51,11 +51,15 @@ REQUIRED_USE="postgres? ( dlz )
mysql? ( dlz !threads )
odbc? ( dlz )
ldap? ( dlz )
- gost? ( ssl )
+ gost? ( !libressl ssl )
threads? ( caps )"
# sdb-ldap? ( dlz )
-DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )
+DEPEND="
+ ssl? (
+ !libressl? ( dev-libs/openssl:0[-bindist] )
+ libressl? ( dev-libs/libressl )
+ )
mysql? ( >=virtual/mysql-4.0 )
odbc? ( >=dev-db/unixODBC-2.2.6 )
ldap? ( net-nds/openldap )
@@ -87,6 +91,8 @@ pkg_setup() {
}
src_prepare() {
+ epatch "${FILESDIR}"/${P}-libressl.patch
+
# Adjusting PATHs in manpages
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
sed -i \
@@ -235,7 +241,7 @@ src_install() {
# ftp://ftp.rs.internic.net/domain/named.cache:
insinto /var/bind
- newins "${FILESDIR}"/named.cache-r1 named.cache
+ newins "${FILESDIR}"/named.cache-r2 named.cache
insinto /var/bind/pri
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
diff --git a/net-dns/bind/files/bind-9.10.3_p2-libressl.patch b/net-dns/bind/files/bind-9.10.3_p2-libressl.patch
new file mode 100644
index 0000000..a38a70d
--- /dev/null
+++ b/net-dns/bind/files/bind-9.10.3_p2-libressl.patch
@@ -0,0 +1,110 @@
+Fix LibreSSL compatibility, patches from OpenBSD
+
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/
+
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain
+
+--- lib/dns/dst_openssl.h.orig Wed Sep 16 14:00:47 2015
++++ lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015
+@@ -36,7 +36,7 @@
+ #define USE_ENGINE 1
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in
+ * the function like this before the BN_GENCB_new call:
+--- lib/dns/openssl_link.c.orig Wed Sep 16 14:01:23 2015
++++ lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015
+@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
+ return (result == ISC_R_SUCCESS ? 1 : -1);
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static void
+ entropy_add(const void *buf, int num, double entropy) {
+ /*
+@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in
+ UNLOCK(&locks[type]);
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static unsigned long
+ id_callback(void) {
+ return ((unsigned long)isc_thread_self());
+@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_mutexalloc;
+ CRYPTO_set_locking_callback(lock_callback);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_set_id_callback(id_callback);
+ #endif
+
+@@ -287,7 +287,7 @@ dst__openssl_destroy(void) {
+ CRYPTO_cleanup_all_ex_data();
+ #endif
+ ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ ERR_remove_state(0);
+ #endif
+ ERR_free_strings();
+--- lib/dns/openssldh_link.c.orig Wed Sep 16 14:01:23 2015
++++ lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015
+@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void
+ DH *dh = NULL;
+ #if OPENSSL_VERSION_NUMBER > 0x00908000L
+ BN_GENCB *cb;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ BN_GENCB _cb;
+ #endif
+ union {
+@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void
+ if (dh == NULL)
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
+ cb = BN_GENCB_new();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (cb == NULL) {
+ DH_free(dh);
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
+--- lib/dns/openssldsa_link.c.orig Wed Sep 16 14:01:23 2015
++++ lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015
+@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
+ isc_result_t result;
+ #if OPENSSL_VERSION_NUMBER > 0x00908000L
+ BN_GENCB *cb;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ BN_GENCB _cb;
+ #endif
+ union {
+@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
+ if (dsa == NULL)
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ cb = BN_GENCB_new();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (cb == NULL) {
+ DSA_free(dsa);
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+--- lib/dns/opensslrsa_link.c.orig Wed Sep 16 14:01:23 2015
++++ lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015
+@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca
+ } u;
+ RSA *rsa = RSA_new();
+ BIGNUM *e = BN_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ BN_GENCB _cb;
+ #endif
+ BN_GENCB *cb = BN_GENCB_new();
diff --git a/net-dns/bind/files/named.cache-r2 b/net-dns/bind/files/named.cache-r2
new file mode 100644
index 0000000..71713d8
--- /dev/null
+++ b/net-dns/bind/files/named.cache-r2
@@ -0,0 +1,90 @@
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: December 01, 2015
+; related version of root zone: 2015120100
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2016-01-20 18:56 Christian Ruppert
0 siblings, 0 replies; 16+ messages in thread
From: Christian Ruppert @ 2016-01-20 18:56 UTC (permalink / raw
To: gentoo-commits
commit: 0e0691849217fd2a7038ca3f7392a40967081e8f
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 20 18:46:10 2016 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Wed Jan 20 18:56:38 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e069184
net-dns/bind: Remove old versions. Cleanup
Package-Manager: portage-2.2.26
net-dns/bind/Manifest | 1 -
net-dns/bind/bind-9.10.2_p4-r1.ebuild | 408 ---------------------
net-dns/bind/bind-9.10.2_p4.ebuild | 407 --------------------
.../bind/files/bind-9.7.3-odbc-dlz-detect.patch | 21 --
net-dns/bind/files/bind-dlzmysql5-reconnect.patch | 59 ---
net-dns/bind/files/named.cache | 88 -----
net-dns/bind/files/named.cache-r1 | 90 -----
7 files changed, 1074 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 8ce5420..1662149 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,2 @@
-DIST bind-9.10.2-P4.tar.gz 8471531 SHA256 c00b21ec1def212957f28efe9d10aac52d6ec515e84fbf2c42143f5d71429cb8 SHA512 71dd211167c46ada768389f818b114c9e101132544510df0fde7b83ccbe6ef4d7313a3a254f11efe1ccea43a35f74785de4757c9f6044320174f5a69d39cdd5c WHIRLPOOL 0e179fb597c906c05d820969b8a005511aac177c968ffb10d34c1eda132c6caf9aa6fe8348a16e6ce55317784e44645a5295ccdb2aa740ac5960d6bd85dca7db
DIST bind-9.10.3-P2.tar.gz 8523719 SHA256 4a6c1911ac0d4b6be635b63de3429b6c168ea244043f12bbc8a4eb3368fd6ecd SHA512 21905cdff464f9ff275b87744433970d4a80faa6d9245c66c092421a45e89e438bd78f3bfe0d795964312f072c936e44eb6867b72decbba86821619180ced210 WHIRLPOOL 7bc4038a746e5b5c4166fb0d7a57985be9defef4c4c494492312671b81853f506c3216fcd94df993f6f1088d4c36c838d40d85fedbe8eee1b4265c5e2caecaa6
DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2
diff --git a/net-dns/bind/bind-9.10.2_p4-r1.ebuild b/net-dns/bind/bind-9.10.2_p4-r1.ebuild
deleted file mode 100644
index 68ccb97..0000000
--- a/net-dns/bind/bind-9.10.2_p4-r1.ebuild
+++ /dev/null
@@ -1,408 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-NSLINT_DIR="contrib/nslint-3.0a2/"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
-# )"
-
-LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="berkdb +caps dlz doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( ssl )
- threads? ( caps )"
-# sdb-ldap? ( dlz )
-
-DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( net-dns/idnkit )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c )"
-# sdb-ldap? ( net-nds/openldap )
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL: http://bind9-ldap.bayour.com/
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- if use nslint; then
- sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
- fi
-
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-}
-
-src_configure() {
- local myconf=""
-
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
-
- use geoip && myconf="${myconf} --with-geoip"
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- $(use_enable threads) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with postgres dlz-postgres) \
- $(use_with mysql dlz-mysql) \
- $(use_with berkdb dlz-bdb) \
- $(use_with ldap dlz-ldap) \
- $(use_with odbc dlz-odbc) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with ssl ecdsa) \
- $(use_with idn) \
- $(use_enable ipv6) \
- $(use_with xml libxml2) \
- $(use_with gssapi) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable caps linux-caps) \
- $(use_with gost) \
- $(use_enable filter-aaaa) \
- $(use_enable fixed-rrset) \
- $(use_with python) \
- $(use_enable seccomp) \
- $(use_with json libjson) \
- --without-readline \
- ${myconf}
-
- # $(use_enable static-libs static) \
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-
- if use nslint; then
- cd $NSLINT_DIR
- econf
- fi
-}
-
-src_compile() {
- emake
-
- if use nslint; then
- emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- if use nslint; then
- cd $NSLINT_DIR
- dobin nslint
- doman nslint.8
- cd "${S}"
- fi
-
- dodoc CHANGES FAQ README
-
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
-
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
-
- docinto misc
- dodoc doc/misc/*
-
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- doins "${FILESDIR}"/named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
-
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
-
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.10.2_p4.ebuild b/net-dns/bind/bind-9.10.2_p4.ebuild
deleted file mode 100644
index 8642d04..0000000
--- a/net-dns/bind/bind-9.10.2_p4.ebuild
+++ /dev/null
@@ -1,407 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-NSLINT_DIR="contrib/nslint-3.0a2/"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
-# )"
-
-LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="berkdb +caps dlz doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( ssl )
- threads? ( caps )"
-# sdb-ldap? ( dlz )
-
-DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( net-dns/idnkit )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c )"
-# sdb-ldap? ( net-nds/openldap )
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL: http://bind9-ldap.bayour.com/
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- if use nslint; then
- sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
- fi
-
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-}
-
-src_configure() {
- local myconf=""
-
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
-
- use geoip && myconf="${myconf} --with-geoip"
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- $(use_enable threads) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with postgres dlz-postgres) \
- $(use_with mysql dlz-mysql) \
- $(use_with berkdb dlz-bdb) \
- $(use_with ldap dlz-ldap) \
- $(use_with odbc dlz-odbc) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with ssl ecdsa) \
- $(use_with idn) \
- $(use_enable ipv6) \
- $(use_with xml libxml2) \
- $(use_with gssapi) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable caps linux-caps) \
- $(use_with gost) \
- $(use_enable filter-aaaa) \
- $(use_enable fixed-rrset) \
- $(use_with python) \
- $(use_enable seccomp) \
- $(use_with json libjson) \
- --without-readline \
- ${myconf}
-
- # $(use_enable static-libs static) \
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-
- if use nslint; then
- cd $NSLINT_DIR
- econf
- fi
-}
-
-src_compile() {
- emake
-
- if use nslint; then
- emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- if use nslint; then
- cd $NSLINT_DIR
- dobin nslint
- doman nslint.8
- cd "${S}"
- fi
-
- dodoc CHANGES FAQ README
-
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
-
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
-
- docinto misc
- dodoc doc/misc/*
-
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- doins "${FILESDIR}"/named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
-
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
-
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/files/bind-9.7.3-odbc-dlz-detect.patch b/net-dns/bind/files/bind-9.7.3-odbc-dlz-detect.patch
deleted file mode 100644
index 1577d57..0000000
--- a/net-dns/bind/files/bind-9.7.3-odbc-dlz-detect.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
-index ff3783a..bd7a700 100644
---- a/contrib/dlz/config.dlz.in
-+++ b/contrib/dlz/config.dlz.in
-@@ -407,10 +407,13 @@ then
- odbcdirs="/usr /usr/local /usr/pkg"
- for d in $odbcdirs
- do
-- if test -f $d/include/sql.h -a -f $d/lib/libodbc.a
-+ if test -f $d/include/sql.h
- then
-- use_dlz_odbc=$d
-- break
-+ if test -f $d/lib/libodbc.a -o -f $d/lib/libodbc.la -o $d/lib/libodbc.so
-+ then
-+ use_dlz_odbc=$d
-+ break
-+ fi
- fi
- done
- fi
diff --git a/net-dns/bind/files/bind-dlzmysql5-reconnect.patch b/net-dns/bind/files/bind-dlzmysql5-reconnect.patch
deleted file mode 100644
index b854b95..0000000
--- a/net-dns/bind/files/bind-dlzmysql5-reconnect.patch
+++ /dev/null
@@ -1,59 +0,0 @@
---- bind-9.5.0a6.orig/contrib/dlz/drivers/dlz_mysql_driver.c 2007-02-06 06:44:26.000000000 +0100
-+++ bind-9.5.0a6/contrib/dlz/drivers/dlz_mysql_driver.c 2007-09-04 23:57:57.000000000 +0200
-@@ -92,6 +92,25 @@
- */
-
- /*%
-+ * Factorize the mysql_ping for adding a log error message
-+ */
-+static isc_result_t
-+mysqldrv_ping(dbinstance_t *dbi) {
-+ int pres = 0;
-+
-+ pres = mysql_ping(dbi->dbconn);
-+ if ( pres != 0 ) {
-+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
-+ DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(1),
-+ "\nMySQL Ping Error : %s (%i)\n",
-+ mysql_error(dbi->dbconn),
-+ mysql_errno(dbi->dbconn));
-+ return (ISC_R_FAILURE);
-+ }
-+ return (ISC_R_SUCCESS);
-+}
-+
-+/*%
- * Allocates memory for a new string, and then constructs the new
- * string by "escaping" the input string. The new string is
- * safe to be used in queries. This is necessary because we cannot
-@@ -225,6 +244,8 @@
- }
-
-
-+ mysqldrv_ping(dbi);
-+
- /*
- * was a zone string passed? If so, make it safe for use in
- * queries.
-@@ -324,7 +345,7 @@
- qres = mysql_query((MYSQL *) dbi->dbconn, querystring);
- if (qres == 0)
- break;
-- for (j=0; mysql_ping((MYSQL *) dbi->dbconn) != 0 && j < 4; j++)
-+ for (j=0; mysqldrv_ping(dbi) != 0 && j < 4; j++)
- ;
- }
-
-@@ -923,6 +944,12 @@
- pass = getParameterValue(argv[1], "pass=");
- socket = getParameterValue(argv[1], "socket=");
-
-+ if(mysql_options((MYSQL *) dbi->dbconn, MYSQL_OPT_RECONNECT, "1")) {
-+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
-+ DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
-+ "Could not set database reconnect option");
-+ }
-+
- for (j=0; dbc == NULL && j < 4; j++)
- dbc = mysql_real_connect((MYSQL *) dbi->dbconn, host,
- user, pass, dbname, port, socket,
diff --git a/net-dns/bind/files/named.cache b/net-dns/bind/files/named.cache
deleted file mode 100644
index 6c19741..0000000
--- a/net-dns/bind/files/named.cache
+++ /dev/null
@@ -1,88 +0,0 @@
-; This file holds the information on root name servers needed to
-; initialize cache of Internet domain name servers
-; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
-; This file is made available by InterNIC
-; under anonymous FTP as
-; file /domain/named.cache
-; on server FTP.INTERNIC.NET
-; -OR- RS.INTERNIC.NET
-;
-; last update: Jan 3, 2013
-; related version of root zone: 2013010300
-;
-; formerly NS.INTERNIC.NET
-;
-. 3600000 IN NS A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
-A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
-;
-; FORMERLY NS1.ISI.EDU
-;
-. 3600000 NS B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
-;
-; FORMERLY C.PSI.NET
-;
-. 3600000 NS C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
-;
-; FORMERLY TERP.UMD.EDU
-;
-. 3600000 NS D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
-D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
-;
-; FORMERLY NS.NASA.GOV
-;
-. 3600000 NS E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
-;
-; FORMERLY NS.ISC.ORG
-;
-. 3600000 NS F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
-F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
-;
-; FORMERLY NS.NIC.DDN.MIL
-;
-. 3600000 NS G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
-;
-; FORMERLY AOS.ARL.ARMY.MIL
-;
-. 3600000 NS H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
-H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
-;
-; FORMERLY NIC.NORDU.NET
-;
-. 3600000 NS I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
-I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
-;
-; OPERATED BY VERISIGN, INC.
-;
-. 3600000 NS J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
-J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
-;
-; OPERATED BY RIPE NCC
-;
-. 3600000 NS K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
-K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
-;
-; OPERATED BY ICANN
-;
-. 3600000 NS L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
-L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
-;
-; OPERATED BY WIDE
-;
-. 3600000 NS M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
-M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
-; End of File
diff --git a/net-dns/bind/files/named.cache-r1 b/net-dns/bind/files/named.cache-r1
deleted file mode 100644
index c9d3ccc..0000000
--- a/net-dns/bind/files/named.cache-r1
+++ /dev/null
@@ -1,90 +0,0 @@
-; This file holds the information on root name servers needed to
-; initialize cache of Internet domain name servers
-; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
-; This file is made available by InterNIC
-; under anonymous FTP as
-; file /domain/named.cache
-; on server FTP.INTERNIC.NET
-; -OR- RS.INTERNIC.NET
-;
-; last update: May 23, 2015
-; related version of root zone: 2015052300
-;
-; formerly NS.INTERNIC.NET
-;
-. 3600000 NS A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
-A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
-;
-; FORMERLY NS1.ISI.EDU
-;
-. 3600000 NS B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
-B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
-;
-; FORMERLY C.PSI.NET
-;
-. 3600000 NS C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
-C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
-;
-; FORMERLY TERP.UMD.EDU
-;
-. 3600000 NS D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
-D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
-;
-; FORMERLY NS.NASA.GOV
-;
-. 3600000 NS E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
-;
-; FORMERLY NS.ISC.ORG
-;
-. 3600000 NS F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
-F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
-;
-; FORMERLY NS.NIC.DDN.MIL
-;
-. 3600000 NS G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
-;
-; FORMERLY AOS.ARL.ARMY.MIL
-;
-. 3600000 NS H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
-H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
-;
-; FORMERLY NIC.NORDU.NET
-;
-. 3600000 NS I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
-I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
-;
-; OPERATED BY VERISIGN, INC.
-;
-. 3600000 NS J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
-J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
-;
-; OPERATED BY RIPE NCC
-;
-. 3600000 NS K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
-K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
-;
-; OPERATED BY ICANN
-;
-. 3600000 NS L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
-L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
-;
-; OPERATED BY WIDE
-;
-. 3600000 NS M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
-M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
-; End of file
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2017-06-09 17:39 Christian Ruppert
0 siblings, 0 replies; 16+ messages in thread
From: Christian Ruppert @ 2017-06-09 17:39 UTC (permalink / raw
To: gentoo-commits
commit: 8266797e5918f9d72fc0333486fc6c5bad2d367f
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 9 17:35:18 2017 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Fri Jun 9 17:35:18 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8266797e
net-dns/bind: Fix compilation with dyndb and dlopen, bug 600212, thanks to all involved'
Package-Manager: Portage-2.3.6, Repoman-2.3.2
net-dns/bind/bind-9.11.0_p5.ebuild | 3 +
.../bind/files/bind-9.11.0_p5-dyndb-dlopen.patch | 97 ++++++++++++++++++++++
2 files changed, 100 insertions(+)
diff --git a/net-dns/bind/bind-9.11.0_p5.ebuild b/net-dns/bind/bind-9.11.0_p5.ebuild
index 7b82a673244..887f9abcb52 100644
--- a/net-dns/bind/bind-9.11.0_p5.ebuild
+++ b/net-dns/bind/bind-9.11.0_p5.ebuild
@@ -100,6 +100,9 @@ pkg_setup() {
}
src_prepare() {
+ # bug 600212
+ epatch "${FILESDIR}"/${P}-dyndb-dlopen.patch
+
# Adjusting PATHs in manpages
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
sed -i \
diff --git a/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch b/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch
new file mode 100644
index 00000000000..5fc8f3c1889
--- /dev/null
+++ b/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch
@@ -0,0 +1,97 @@
+From ae903759c205f8a5039458d780c0e0c4442b7291 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 30 May 2017 11:31:34 +1000
+Subject: [PATCH] 4530. [bug] "dyndb" is dependent on dlopen
+ existing / being enabled. [RT #45291]
+
+From aa3a8979bc7eb1596d044eff572b3c35310584fa Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 30 May 2017 11:34:37 +1000
+Subject: [PATCH] 4530. [bug] "dyndb" is dependent on dlopen
+ existing / being enabled. [RT #45291]
+
+diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c
+index a477508..dec68a7 100644
+--- a/lib/dns/dyndb.c
++++ b/lib/dns/dyndb.c
+@@ -80,7 +80,7 @@ impfind(const char *name) {
+ return (NULL);
+ }
+
+-#if HAVE_DLFCN_H
++#if HAVE_DLFCN_H && HAVE_DLOPEN
+ static isc_result_t
+ load_symbol(void *handle, const char *filename,
+ const char *symbol_name, void **symbolp)
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -1496,6 +1496,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
+ return (result);
+ }
+
++#ifdef HAVE_DLOPEN
+ static isc_result_t
+ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx,
+ const dns_dyndbctx_t *dctx)
+@@ -1521,6 +1522,7 @@ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx,
+ name, isc_result_totext(result));
+ return (result);
+ }
++#endif
+
+
+ static isc_result_t
+@@ -4669,6 +4671,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ else
+ (void)cfg_map_get(config, "dyndb", &dyndb_list);
+
++#ifdef HAVE_DLOPEN
+ for (element = cfg_list_first(dyndb_list);
+ element != NULL;
+ element = cfg_list_next(element))
+@@ -4686,6 +4689,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+
+ CHECK(configure_dyndb(dyndb, mctx, dctx));
+ }
++#endif
+
+ /*
+ * Setup automatic empty zones. If recursion is off then
+diff --git a/lib/bind9/check.c b/lib/bind9/check.c
+index 097dd96..99b995c 100644
+--- a/lib/bind9/check.c
++++ b/lib/bind9/check.c
+@@ -2988,6 +2988,9 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
+ {
+ const cfg_obj_t *zones = NULL;
+ const cfg_obj_t *keys = NULL;
++#ifndef HAVE_DLOPEN
++ const cfg_obj_t *dyndb = NULL;
++#endif
+ const cfg_listelt_t *element, *element2;
+ isc_symtab_t *symtab = NULL;
+ isc_result_t result = ISC_R_SUCCESS;
+@@ -3041,6 +3044,20 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
+ result = ISC_R_FAILURE;
+ }
+
++#ifndef HAVE_DLOPEN
++ if (voptions != NULL)
++ (void)cfg_map_get(voptions, "dyndb", &dyndb);
++ else
++ (void)cfg_map_get(config, "dyndb", &dyndb);
++
++ if (dyndb != NULL) {
++ cfg_obj_log(dyndb, logctx, ISC_LOG_ERROR,
++ "dynamic loading of databases is not supported");
++ if (tresult != ISC_R_SUCCESS)
++ result = ISC_R_NOTIMPLEMENTED;
++ }
++#endif
++
+ /*
+ * Check that the response-policy and catalog-zones options
+ * refer to zones that exist.
+--
+2.9.0
+
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2018-01-08 9:08 Christian Ruppert
0 siblings, 0 replies; 16+ messages in thread
From: Christian Ruppert @ 2018-01-08 9:08 UTC (permalink / raw
To: gentoo-commits
commit: f19bdf3ec00322110716de71bcce886e54c4bc3b
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 8 09:08:05 2018 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Mon Jan 8 09:08:05 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f19bdf3e
net-dns/bind: Cleanup + Update named.cache re bug 640774
Package-Manager: Portage-2.3.19, Repoman-2.3.6
net-dns/bind/Manifest | 1 -
net-dns/bind/bind-9.11.1_p1.ebuild | 426 -------------------------------------
net-dns/bind/files/named.cache-r3 | 6 +-
3 files changed, 3 insertions(+), 430 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 2c7ff2a5ff4..255a899b17a 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,4 +1,3 @@
-DIST bind-9.11.1-P1.tar.gz 9745364 BLAKE2B 6f7ff5afd8478b95787848f315226b26b76e34ff594c604f18e2948617f04e7f8bf4568a225e3aa4c706c5d379b27e91a84831e0a3d1d1b0d15f02ba6772fc76 SHA512 5683ae7be264e11b5b2a843d216e3ca4959b7de109863d5435090b2e033d6c405689e4ce57385ca787b1c948f4437aea39b8d5164a1d347c167f87337e9fc760
DIST bind-9.11.1-P3.tar.gz 9749095 BLAKE2B 1b68b57b9aed1a5210464e9c47a4e0569f1932076c042a7096dc04f69b45da9df8b2d56ec0f1f0d0fb136e7f61a39b3cb20d1912075f3a4138cbdf47f859cf0a SHA512 bf92ce1e07e5c84cc42b413bdbd3ad97f37712a6dc330dc10182992d948b7a393d5446efa188379b39020c34d810cebe2a7acccc9b8aa6bb564e1f3e6be42e96
DIST bind-9.11.2.tar.gz 9782180 BLAKE2B e64a85126a0fd7c735a54ec2a3b9a260e3068571f16923365af636b7fdb686a378ec6782bfcfc0f25ec19792475a8bd24fdd34acf8b33456809ebc8b8eb562d0 SHA512 c837c0a360049b0077b155eede9b6a71f63d1caca2ddf20a8ab7860a1033a3750e49cd2804dcf8c43b0aef04bcea99422d1302b4eae1646eb69a5ae6d64625b9
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.11.1_p1.ebuild b/net-dns/bind/bind-9.11.1_p1.ebuild
deleted file mode 100644
index eaa05818163..00000000000
--- a/net-dns/bind/bind-9.11.1_p1.ebuild
+++ /dev/null
@@ -1,426 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-NSLINT_DIR="contrib/nslint-3.0a2/"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
-# )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( !libressl ssl )
- threads? ( caps )
- dnstap? ( threads )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
-
-DEPEND="
- ssl? (
- !libressl? ( dev-libs/openssl:0[-bindist] )
- libressl? ( dev-libs/libressl )
- )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( net-dns/idnkit )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- # bug 600212
- epatch "${FILESDIR}"/${PN}-9.11.0_p5-dyndb-dlopen.patch
-
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL: http://bind9-ldap.bayour.com/
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- if use nslint; then
- sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
- fi
-
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-}
-
-src_configure() {
- local myconf=""
-
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
-
- use geoip && myconf="${myconf} --with-geoip"
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- --without-readline \
- $(use_enable caps linux-caps) \
- $(use_enable filter-aaaa) \
- $(use_enable fixed-rrset) \
- $(use_enable ipv6) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable seccomp) \
- $(use_enable threads) \
- $(use_with berkdb dlz-bdb) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with gost) \
- $(use_with gssapi) \
- $(use_with idn) \
- $(use_with json libjson) \
- $(use_with ldap dlz-ldap) \
- $(use_with mysql dlz-mysql) \
- $(use_with odbc dlz-odbc) \
- $(use_with postgres dlz-postgres) \
- $(use_with lmdb) \
- $(use_with python) \
- $(use_with ssl ecdsa) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with xml libxml2) \
- $(use_with zlib) \
- ${myconf}
-
- # $(use_enable static-libs static) \
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-
- if use nslint; then
- cd $NSLINT_DIR
- econf
- fi
-}
-
-src_compile() {
- emake
-
- if use nslint; then
- emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- if use nslint; then
- cd $NSLINT_DIR
- dobin nslint
- doman nslint.8
- cd "${S}"
- fi
-
- dodoc CHANGES FAQ README
-
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
-
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
-
- docinto misc
- dodoc doc/misc/*
-
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
-
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
-
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/files/named.cache-r3 b/net-dns/bind/files/named.cache-r3
index 198d1b39b9b..4fb2143df52 100644
--- a/net-dns/bind/files/named.cache-r3
+++ b/net-dns/bind/files/named.cache-r3
@@ -9,8 +9,8 @@
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
-; last update: August 29, 2017
-; related version of root zone: 2017082901
+; last update: November 16, 2017
+; related version of root zone: 2017111601
;
; FORMERLY NS.INTERNIC.NET
;
@@ -21,7 +21,7 @@ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2019-02-17 9:02 Mikle Kolyada
0 siblings, 0 replies; 16+ messages in thread
From: Mikle Kolyada @ 2019-02-17 9:02 UTC (permalink / raw
To: gentoo-commits
commit: 62f712e79805c9d040c9bf278b64c5a892d81d92
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 17 09:02:16 2019 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Feb 17 09:02:16 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62f712e7
net-dns/bind: Security cleanup
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-dns/bind/Manifest | 2 -
net-dns/bind/bind-9.11.2_p1.ebuild | 423 ---------------------
net-dns/bind/bind-9.11.3-r1.ebuild | 402 --------------------
net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch | 110 ------
.../bind/files/bind-9.12.1_p2-CVE-2018-5738.patch | 95 -----
net-dns/bind/metadata.xml | 1 -
6 files changed, 1033 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index c66ef2d610f..a66bfcf96cf 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,5 +1,3 @@
-DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597
-DIST bind-9.11.3.tar.gz 9523375 BLAKE2B 978986e02767b8ac9f015b52e87b3bc161a7ea72f59f343dcb23f50fbe8474528c4b27ee4fd54bdbe6bd825ce6e8b164e8ad145260b2cdcd004e8892bacd313b SHA512 1f0da13165d1ee872800fe10bb8b0f69c6c76515f9861c1528fb6005213bb71b21a1270906d2ea9ded3eaf6df1a1bac0f2c80aa511683b8d57dcff4f278d8c35
DIST bind-9.11.4_p2.tar.gz 9617963 BLAKE2B 409cad7e0976f2e46406d45e87241d61d4d4f00bf08442c4dddbad490ea3d6e42eaad5851fddb83c61a897689a8fdba0cd920aaa0d36329868d26100ba48f946 SHA512 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60
DIST bind-9.12.2_p2.tar.gz 9422128 BLAKE2B c7d56f025f381a0136aa67ccd49a3254fcfe566d5e3601410e5cada26ccab32a901fe6e14bc14e6e287fa2b3904a4eee8e3ef63329f9bc4cb11f204590ff3623 SHA512 458adf6b3d0df286e7d345a21c40b639efcb275e76f9e0bf4e40a5d76dcac875016324393e129f29397be326d1017367c506ec9cbb35871c98fad4281bc4e05a
DIST bind-9.12.3_p1.tar.gz 8625693 BLAKE2B 1899e04e409d3dafe63494fb7a0d8b813a6487754149bbfd01888cddc5e134ac675e9ac790684fb6fd8de4b1484e23ed7f1881c01234c9f16b27180c9a4594a9 SHA512 c1c91de88e4297e79b527775edd525c6fa948f169977563ab2e6ca93cac7317f8ca85863567f5cc151d4c6e3c081864ab1cf813bcfdd1165b52e9471b8317c28
diff --git a/net-dns/bind/bind-9.11.2_p1.ebuild b/net-dns/bind/bind-9.11.2_p1.ebuild
deleted file mode 100644
index d02197d6ec2..00000000000
--- a/net-dns/bind/bind-9.11.2_p1.ebuild
+++ /dev/null
@@ -1,423 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-NSLINT_DIR="contrib/nslint-3.0a2/"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
-# )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( !libressl ssl )
- threads? ( caps )
- dnstap? ( threads )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
-
-DEPEND="
- ssl? (
- !libressl? ( dev-libs/openssl:0[-bindist] )
- libressl? ( dev-libs/libressl )
- )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( net-dns/idnkit )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL: http://bind9-ldap.bayour.com/
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- if use nslint; then
- sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
- fi
-
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-}
-
-src_configure() {
- local myconf=""
-
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
-
- use geoip && myconf="${myconf} --with-geoip"
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- --without-readline \
- $(use_enable caps linux-caps) \
- $(use_enable filter-aaaa) \
- $(use_enable fixed-rrset) \
- $(use_enable ipv6) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable seccomp) \
- $(use_enable threads) \
- $(use_with berkdb dlz-bdb) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with gost) \
- $(use_with gssapi) \
- $(use_with idn) \
- $(use_with json libjson) \
- $(use_with ldap dlz-ldap) \
- $(use_with mysql dlz-mysql) \
- $(use_with odbc dlz-odbc) \
- $(use_with postgres dlz-postgres) \
- $(use_with lmdb) \
- $(use_with python) \
- $(use_with ssl ecdsa) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with xml libxml2) \
- $(use_with zlib) \
- ${myconf}
-
- # $(use_enable static-libs static) \
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-
- if use nslint; then
- cd $NSLINT_DIR
- econf
- fi
-}
-
-src_compile() {
- emake
-
- if use nslint; then
- emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- if use nslint; then
- cd $NSLINT_DIR
- dobin nslint
- doman nslint.8
- cd "${S}"
- fi
-
- dodoc CHANGES README
-
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
-
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
-
- docinto misc
- dodoc doc/misc/*
-
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
-
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
-
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.11.3-r1.ebuild b/net-dns/bind/bind-9.11.3-r1.ebuild
deleted file mode 100644
index 74e4fcd1fc1..00000000000
--- a/net-dns/bind/bind-9.11.3-r1.ebuild
+++ /dev/null
@@ -1,402 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI="5"
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-NSLINT_DIR="contrib/nslint-3.0a2/"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
-# )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs
-+threads urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz !threads )
- odbc? ( dlz )
- ldap? ( dlz )
- gost? ( !libressl ssl )
- threads? ( caps )
- dnstap? ( threads )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
-
-DEPEND="
- ssl? (
- !libressl? ( dev-libs/openssl:0[-bindist] )
- libressl? ( dev-libs/libressl )
- )
- mysql? ( >=virtual/mysql-4.0 )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- idn? ( net-dns/idnkit )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- gssapi? ( virtual/krb5 )
- gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
- seccomp? ( sys-libs/libseccomp )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-
- # bug 657654 / CVE-2018-5738
- epatch "${FILESDIR}/${P}-CVE-2018-5738.patch"
-
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL: http://bind9-ldap.bayour.com/
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4
- rm -rf libtool.m4/
- eautoreconf
-}
-
-src_configure() {
- local myconf=""
-
- if use urandom; then
- myconf="${myconf} --with-randomdev=/dev/urandom"
- else
- myconf="${myconf} --with-randomdev=/dev/random"
- fi
-
- use geoip && myconf="${myconf} --with-geoip"
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf \
- --sysconfdir=/etc/bind \
- --localstatedir=/var \
- --with-libtool \
- --enable-full-report \
- --without-readline \
- $(use_enable caps linux-caps) \
- $(use_enable filter-aaaa) \
- $(use_enable fixed-rrset) \
- $(use_enable ipv6) \
- $(use_enable rpz rpz-nsdname) \
- $(use_enable rpz rpz-nsip) \
- $(use_enable seccomp) \
- $(use_enable threads) \
- $(use_with berkdb dlz-bdb) \
- $(use_with dlz dlopen) \
- $(use_with dlz dlz-filesystem) \
- $(use_with dlz dlz-stub) \
- $(use_with gost) \
- $(use_with gssapi) \
- $(use_with idn) \
- $(use_with json libjson) \
- $(use_with ldap dlz-ldap) \
- $(use_with mysql dlz-mysql) \
- $(use_with odbc dlz-odbc) \
- $(use_with postgres dlz-postgres) \
- $(use_with lmdb) \
- $(use_with python) \
- $(use_with ssl ecdsa) \
- $(use_with ssl openssl "${EPREFIX}"/usr) \
- $(use_with xml libxml2) \
- $(use_with zlib) \
- ${myconf}
-
- # $(use_enable static-libs static) \
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- dodoc CHANGES README
-
- if use idn; then
- dodoc contrib/idn/README.idnkit
- fi
-
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
-
- docinto misc
- dodoc doc/misc/*
-
- # might a 'html' useflag make sense?
- docinto html
- dohtml -r doc/arm/*
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- if use gost; then
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
- else
- sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
- fi
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
- rm -f "${D}"/usr/share/man/man8/nsupdate.8*
- rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
- rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
- rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${D}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${D}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${D}usr/sbin/dnssec-checkds"
- python_replicate_script "${D}usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym /var/bind/pri /etc/bind/pri
- dosym /var/bind/sec /etc/bind/sec
- dosym /var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key
- chmod 0640 /etc/bind/rndc.key
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT}
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
- mkdir -m 0750 -p ${CHROOT}/etc/bind
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
- # As of bind 9.8.0
- if has_version net-dns/bind[gost]; then
- if [ "$(get_libdir)" = "lib64" ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
- ln -s lib64 ${CHROOT}/usr/lib
- else
- mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
- fi
- fi
- chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
-
- mknod ${CHROOT}/dev/null c 1 3
- chmod 0666 ${CHROOT}/dev/null
-
- mknod ${CHROOT}/dev/zero c 1 5
- chmod 0666 ${CHROOT}/dev/zero
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9
- chmod 0666 ${CHROOT}/dev/urandom
- else
- mknod ${CHROOT}/dev/random c 1 8
- chmod 0666 ${CHROOT}/dev/random
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/
- cp -a /var/bind ${CHROOT}/var/
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch
deleted file mode 100644
index 4a2c7832ebf..00000000000
--- a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-diff --git a/bin/named/server.c b/bin/named/server.c
-index 64a5180..41a1826 100644
---- a/bin/named/server.c
-+++ b/bin/named/server.c
-@@ -3376,10 +3376,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- dns_acache_setcachesize(view->acache, max_acache_size);
- }
-
-- CHECK(configure_view_acl(vconfig, config, ns_g_config,
-- "allow-query", NULL, actx,
-- ns_g_mctx, &view->queryacl));
--
- /*
- * Make the list of response policy zone names for a view that
- * is used for real lookups and so cares about hints.
-@@ -4258,9 +4254,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- INSIST(result == ISC_R_SUCCESS);
- view->trust_anchor_telemetry = cfg_obj_asboolean(obj);
-
-- CHECK(configure_view_acl(vconfig, config, ns_g_config,
-- "allow-query-cache-on", NULL, actx,
-- ns_g_mctx, &view->cacheonacl));
- /*
- * Set sources where additional data and CNAME/DNAME
- * targets for authoritative answers may be found.
-@@ -4287,22 +4280,40 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- view->additionalfromcache = ISC_TRUE;
- }
-
-+ CHECK(configure_view_acl(vconfig, config, ns_g_config,
-+ "allow-query-cache-on", NULL, actx,
-+ ns_g_mctx, &view->cacheonacl));
-+
- /*
-- * Set "allow-query-cache", "allow-recursion", and
-- * "allow-recursion-on" acls if configured in named.conf.
-- * (Ignore the global defaults for now, because these ACLs
-- * can inherit from each other when only some of them set at
-- * the options/view level.)
-+ * Set the "allow-query", "allow-query-cache", "allow-recursion",
-+ * and "allow-recursion-on" ACLs if configured in named.conf, but
-+ * NOT from the global defaults. This is done by leaving the third
-+ * argument to configure_view_acl() NULL.
-+ *
-+ * We ignore the global defaults here because these ACLs
-+ * can inherit from each other. If any are still unset after
-+ * applying the inheritance rules, we'll look up the defaults at
-+ * that time.
- */
-- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache",
-- NULL, actx, ns_g_mctx, &view->cacheacl));
-+
-+ /* named.conf only */
-+ CHECK(configure_view_acl(vconfig, config, NULL,
-+ "allow-query", NULL, actx,
-+ ns_g_mctx, &view->queryacl));
-+
-+ /* named.conf only */
-+ CHECK(configure_view_acl(vconfig, config, NULL,
-+ "allow-query-cache", NULL, actx,
-+ ns_g_mctx, &view->cacheacl));
-
- if (strcmp(view->name, "_bind") != 0 &&
- view->rdclass != dns_rdataclass_chaos)
- {
-+ /* named.conf only */
- CHECK(configure_view_acl(vconfig, config, NULL,
- "allow-recursion", NULL, actx,
- ns_g_mctx, &view->recursionacl));
-+ /* named.conf only */
- CHECK(configure_view_acl(vconfig, config, NULL,
- "allow-recursion-on", NULL, actx,
- ns_g_mctx, &view->recursiononacl));
-@@ -4340,18 +4351,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- * the global config.
- */
- if (view->recursionacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, ns_g_config,
- "allow-recursion", NULL,
- actx, ns_g_mctx,
- &view->recursionacl));
- }
- if (view->recursiononacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, ns_g_config,
- "allow-recursion-on", NULL,
- actx, ns_g_mctx,
- &view->recursiononacl));
- }
- if (view->cacheacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, ns_g_config,
- "allow-query-cache", NULL,
- actx, ns_g_mctx,
-@@ -4365,6 +4379,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- CHECK(dns_acl_none(mctx, &view->cacheacl));
- }
-
-+ if (view->queryacl == NULL) {
-+ /* global default only */
-+ CHECK(configure_view_acl(NULL, NULL, ns_g_config,
-+ "allow-query", NULL,
-+ actx, ns_g_mctx,
-+ &view->queryacl));
-+ }
-+
- /*
- * Ignore case when compressing responses to the specified
- * clients. This causes case not always to be preserved,
diff --git a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch
deleted file mode 100644
index 75c98d4f175..00000000000
--- a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-diff --git a/bin/named/server.c b/bin/named/server.c
-index f63554e..847c4ff 100644
---- a/bin/named/server.c
-+++ b/bin/named/server.c
-@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- CHECKM(named_config_getport(config, &port), "port");
- dns_view_setdstport(view, port);
-
-- CHECK(configure_view_acl(vconfig, config, named_g_config,
-- "allow-query", NULL, actx,
-- named_g_mctx, &view->queryacl));
--
- /*
- * Make the list of response policy zone names for a view that
- * is used for real lookups and so cares about hints.
-@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- "allow-query-cache-on", NULL, actx,
- named_g_mctx, &view->cacheonacl));
- /*
-- * Set "allow-query-cache", "allow-recursion", and
-- * "allow-recursion-on" acls if configured in named.conf.
-- * (Ignore the global defaults for now, because these ACLs
-- * can inherit from each other when only some of them set at
-- * the options/view level.)
-+ * Set the "allow-query", "allow-query-cache", "allow-recursion",
-+ * and "allow-recursion-on" ACLs if configured in named.conf, but
-+ * NOT from the global defaults. This is done by leaving the third
-+ * argument to configure_view_acl() NULL.
-+ *
-+ * We ignore the global defaults here because these ACLs
-+ * can inherit from each other. If any are still unset after
-+ * applying the inheritance rules, we'll look up the defaults at
-+ * that time.
- */
-- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache",
-- NULL, actx, named_g_mctx, &view->cacheacl));
-+
-+ /* named.conf only */
-+ CHECK(configure_view_acl(vconfig, config, NULL,
-+ "allow-query", NULL, actx,
-+ named_g_mctx, &view->queryacl));
-+
-+ /* named.conf only */
-+ CHECK(configure_view_acl(vconfig, config, NULL,
-+ "allow-query-cache", NULL, actx,
-+ named_g_mctx, &view->cacheacl));
-
- if (strcmp(view->name, "_bind") != 0 &&
- view->rdclass != dns_rdataclass_chaos)
- {
-+ /* named.conf only */
- CHECK(configure_view_acl(vconfig, config, NULL,
- "allow-recursion", NULL, actx,
- named_g_mctx, &view->recursionacl));
-+ /* named.conf only */
- CHECK(configure_view_acl(vconfig, config, NULL,
- "allow-recursion-on", NULL, actx,
- named_g_mctx, &view->recursiononacl));
-@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- * the global config.
- */
- if (view->recursionacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, named_g_config,
- "allow-recursion", NULL,
- actx, named_g_mctx,
- &view->recursionacl));
- }
- if (view->recursiononacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, named_g_config,
- "allow-recursion-on", NULL,
- actx, named_g_mctx,
- &view->recursiononacl));
- }
- if (view->cacheacl == NULL) {
-+ /* global default only */
- CHECK(configure_view_acl(NULL, NULL, named_g_config,
- "allow-query-cache", NULL,
- actx, named_g_mctx,
-@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
- CHECK(dns_acl_none(mctx, &view->cacheacl));
- }
-
-+ if (view->queryacl == NULL) {
-+ /* global default only */
-+ CHECK(configure_view_acl(NULL, NULL, named_g_config,
-+ "allow-query", NULL,
-+ actx, named_g_mctx,
-+ &view->queryacl));
-+ }
-+
- /*
- * Ignore case when compressing responses to the specified
- * clients. This causes case not always to be preserved,
diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml
index 8ccec0f9e0a..06a3fa600f2 100644
--- a/net-dns/bind/metadata.xml
+++ b/net-dns/bind/metadata.xml
@@ -17,7 +17,6 @@
<flag name="json">Enable JSON statistics channel</flag>
<flag name="libidn2">Enables IDN support using <pkg>net-dns/libidn2</pkg> rather than using <pkg>net-dns/idnkit</pkg></flag>
<flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag>
- <flag name="nslint">Build and install the nslint util</flag>
<flag name="rpz">Enable response policy rewriting (rpz)</flag>
<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
</use>
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2020-02-14 16:01 Thomas Deutschmann
0 siblings, 0 replies; 16+ messages in thread
From: Thomas Deutschmann @ 2020-02-14 16:01 UTC (permalink / raw
To: gentoo-commits
commit: a1391e36805f38ef6a18fd2077095ad3f6c63261
Author: Jouni Kosonen <jouni.kosonen <AT> tukesoft <DOT> com>
AuthorDate: Sun Feb 2 05:48:52 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Feb 14 16:01:41 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1391e36
net-dns/bind: fix building against >=dev-db/mysql-connector-c-8.x
Closes: https://bugs.gentoo.org/692834
Signed-off-by: Jouni Kosonen <jouni.kosonen <AT> tukesoft.com>
Closes: https://github.com/gentoo/gentoo/pull/14529
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-dns/bind/bind-9.14.8.ebuild | 4 ++++
net-dns/bind/bind-9.14.9.ebuild | 4 ++++
net-dns/bind/bind-9.15.6.ebuild | 4 ++++
net-dns/bind/files/bind-9.14.8-mysql8-bool.patch | 15 +++++++++++++++
4 files changed, 27 insertions(+)
diff --git a/net-dns/bind/bind-9.14.8.ebuild b/net-dns/bind/bind-9.14.8.ebuild
index 18d9dbd9cc7..71849d180ed 100644
--- a/net-dns/bind/bind-9.14.8.ebuild
+++ b/net-dns/bind/bind-9.14.8.ebuild
@@ -85,6 +85,10 @@ S="${WORKDIR}/${MY_P}"
# bug 479092, requires networking
RESTRICT="test"
+PATCHES=(
+ "${FILESDIR}"/bind-9.14.8-mysql8-bool.patch
+)
+
pkg_setup() {
ebegin "Creating named group and user"
enewgroup named 40
diff --git a/net-dns/bind/bind-9.14.9.ebuild b/net-dns/bind/bind-9.14.9.ebuild
index 817b8fb0b91..1a057167b9e 100644
--- a/net-dns/bind/bind-9.14.9.ebuild
+++ b/net-dns/bind/bind-9.14.9.ebuild
@@ -85,6 +85,10 @@ S="${WORKDIR}/${MY_P}"
# bug 479092, requires networking
RESTRICT="test"
+PATCHES=(
+ "${FILESDIR}"/bind-9.14.8-mysql8-bool.patch
+)
+
pkg_setup() {
ebegin "Creating named group and user"
enewgroup named 40
diff --git a/net-dns/bind/bind-9.15.6.ebuild b/net-dns/bind/bind-9.15.6.ebuild
index b23f8ad912a..1bbaa64bb03 100644
--- a/net-dns/bind/bind-9.15.6.ebuild
+++ b/net-dns/bind/bind-9.15.6.ebuild
@@ -83,6 +83,10 @@ S="${WORKDIR}/${MY_P}"
# bug 479092, requires networking
RESTRICT="test"
+PATCHES=(
+ "${FILESDIR}"/bind-9.14.8-mysql8-bool.patch
+)
+
pkg_setup() {
ebegin "Creating named group and user"
enewgroup named 40
diff --git a/net-dns/bind/files/bind-9.14.8-mysql8-bool.patch b/net-dns/bind/files/bind-9.14.8-mysql8-bool.patch
new file mode 100644
index 00000000000..8546edc1521
--- /dev/null
+++ b/net-dns/bind/files/bind-9.14.8-mysql8-bool.patch
@@ -0,0 +1,15 @@
+--- a/contrib/dlz/drivers/dlz_mysql_driver.c
++++ b/contrib/dlz/drivers/dlz_mysql_driver.c
+@@ -789,8 +789,11 @@ mysql_create(const char *dlzname, unsigned int argc, char *argv[],
+ char *endp;
+ int j;
+ unsigned int flags = 0;
++#if MYSQL_VERSION_ID >= 80000
++ typedef bool my_bool; // Workaround to make library work with MySQL client 8.0 as well as earlier versions
++#endif
+ #if MYSQL_VERSION_ID >= 50000
+- my_bool auto_reconnect = 1;
++ my_bool auto_reconnect = 1;
+ #endif
+
+ UNUSED(driverarg);
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2020-09-15 17:58 Patrick McLean
0 siblings, 0 replies; 16+ messages in thread
From: Patrick McLean @ 2020-09-15 17:58 UTC (permalink / raw
To: gentoo-commits
commit: afebccb91e5cb5df6fbb95523be96bdc60b430de
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Tue Sep 15 17:57:18 2020 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Sep 15 17:57:33 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afebccb9
net-dns/bind-9.16.6-r1: Revbump, pull in patch for bug #741162
Closes: https://bugs.gentoo.org/741162
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.7, Repoman-3.0.1
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
net-dns/bind/bind-9.16.6-r1.ebuild | 379 ++++++++++++++++++++++++
net-dns/bind/files/bind-9.16.6-bug-741162.patch | 31 ++
2 files changed, 410 insertions(+)
diff --git a/net-dns/bind/bind-9.16.6-r1.ebuild b/net-dns/bind/bind-9.16.6-r1.ebuild
new file mode 100644
index 00000000000..4cce9cdc72a
--- /dev/null
+++ b/net-dns/bind/bind-9.16.6-r1.ebuild
@@ -0,0 +1,379 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+
+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use systemd
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+# -berkdb by default re bug 602682
+IUSE="-berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
+json ldap libressl lmdb mysql odbc postgres python selinux static-libs
+urandom xml +zlib"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="
+ ?? ( geoip geoip2 )
+ postgres? ( dlz )
+ berkdb? ( dlz )
+ mysql? ( dlz )
+ odbc? ( dlz )
+ ldap? ( dlz )
+ dnsrps? ( dlz )
+ python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+DEPEND="
+ acct-group/named
+ acct-user/named
+ !libressl? ( dev-libs/openssl:=[-bindist] )
+ libressl? ( dev-libs/libressl:= )
+ mysql? ( dev-db/mysql-connector-c:0= )
+ odbc? ( >=dev-db/unixODBC-2.2.6 )
+ ldap? ( net-nds/openldap )
+ postgres? ( dev-db/postgresql:= )
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ xml? ( dev-libs/libxml2 )
+ geoip? ( >=dev-libs/geoip-1.4.6 )
+ geoip2? ( dev-libs/libmaxminddb )
+ gssapi? ( virtual/krb5 )
+ json? ( dev-libs/json-c:= )
+ lmdb? ( dev-db/lmdb )
+ zlib? ( sys-libs/zlib )
+ dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
+ python? (
+ ${PYTHON_DEPS}
+ dev-python/ply[${PYTHON_USEDEP}]
+ )
+ dev-libs/libuv:=
+"
+
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ sys-process/psmisc"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+ # should fix https://bugs.gentoo.org/741162 taken from:
+ # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4073
+ "${FILESDIR}/bind-9.16.6-bug-741162.patch"
+)
+
+# bug 479092, requires networking
+# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
+#RESTRICT="test"
+
+src_prepare() {
+ default
+
+ # should be installed by bind-tools
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+ # Disable tests for now, bug 406399
+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+ # bug #220361
+ rm aclocal.m4 || die
+ rm -rf libtool.m4/ || die
+ eautoreconf
+
+ use python && python_copy_sources
+}
+
+src_configure() {
+ bind_configure --without-python
+ use python && python_foreach_impl python_configure
+}
+
+bind_configure() {
+ local myeconfargs=(
+ AR="$(type -P $(tc-getAR))"
+ --prefix="${EPREFIX}"/usr
+ --sysconfdir=/etc/bind
+ --localstatedir=/var
+ --with-libtool
+ --enable-full-report
+ --without-readline
+ --with-openssl="${EPREFIX}"/usr
+ --without-cmocka
+ $(use_enable caps linux-caps)
+ $(use_enable dnsrps)
+ $(use_enable dnstap)
+ $(use_enable fixed-rrset)
+ # $(use_enable static-libs static)
+ $(use_with berkdb dlz-bdb)
+ $(use_with dlz dlopen)
+ $(use_with dlz dlz-filesystem)
+ $(use_with dlz dlz-stub)
+ $(use_with gssapi)
+ $(use_with json json-c)
+ $(use_with ldap dlz-ldap)
+ $(use_with mysql dlz-mysql)
+ $(use_with odbc dlz-odbc)
+ $(use_with postgres dlz-postgres)
+ $(use_with lmdb)
+ $(use_with xml libxml2)
+ $(use_with zlib)
+ "${@}"
+ )
+
+ use geoip && myeconfargs+=( --enable-geoip )
+ use geoip2 && myeconfargs+=( --with-maxminddb )
+
+ # bug #158664
+# gcc-specs-ssp && replace-flags -O[23s] -O
+
+ # To include db.h from proper path
+ use berkdb && append-flags "-I$(db_includedir)"
+
+ export BUILD_CC=$(tc-getBUILD_CC)
+ econf "${myeconfargs[@]}"
+
+ # bug #151839
+ echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+python_configure() {
+ pushd "${BUILD_DIR}" >/dev/null || die
+ bind_configure --with-python
+ popd >/dev/null || die
+}
+
+src_compile() {
+ default
+ use python && python_foreach_impl python_compile
+}
+
+python_compile() {
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+ emake
+ popd >/dev/null || die
+}
+
+src_install() {
+ default
+
+ # don't create /var/run
+ rmdir "${ED}"/var/run || die
+
+ dodoc CHANGES README
+
+ if use doc; then
+ docinto misc
+ dodoc -r doc/misc/
+
+ # might a 'html' useflag make sense?
+ docinto html
+ dodoc -r doc/arm/
+
+ docinto contrib
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+ # some handy-dandy dynamic dns examples
+ pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+ popd 1>/dev/null || die
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+
+ # ftp://ftp.rs.internic.net/domain/named.cache:
+ insinto /var/bind
+ newins "${FILESDIR}"/named.cache-r3 named.cache
+
+ insinto /var/bind/pri
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+ newinitd "${FILESDIR}"/named.init-r13 named
+ newconfd "${FILESDIR}"/named.confd-r7 named
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools
+ rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
+ rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
+ rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
+ rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
+ for tool in dsfromkey importkey keyfromlabel keygen \
+ revoke settime signzone verify; do
+ rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
+ rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
+ done
+
+ # bug 405251, library archives aren't properly handled by --enable/disable-static
+ if ! use static-libs; then
+ find "${ED}" -type f -name '*.a' -delete || die
+ fi
+
+ # bug 405251
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ use python && python_foreach_impl python_install
+
+ # bug 450406
+ dosym named.cache /var/bind/root.cache
+
+ dosym ../../var/bind/pri /etc/bind/pri
+ dosym ../../var/bind/sec /etc/bind/sec
+ dosym ../../var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ systemd_dotmpfilesd "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+python_install() {
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+ emake DESTDIR="${D}" install
+ python_scriptinto /usr/sbin
+ python_doscript dnssec-{checkds,coverage}
+ python_optimize
+ popd >/dev/null || die
+}
+
+pkg_postinst() {
+ if [ ! -f '/etc/bind/rndc.key' ]; then
+ if use urandom; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -r /dev/urandom -a
+ echo
+ else
+ einfo "Using /dev/random for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ echo
+ fi
+ chown root:named /etc/bind/rndc.key || die
+ chmod 0640 /etc/bind/rndc.key || die
+ fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT} || die
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+ mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+ chown root:named \
+ ${CHROOT} \
+ ${CHROOT}/var/{bind,log/named} \
+ ${CHROOT}/run/named/ \
+ ${CHROOT}/etc/bind \
+ || die
+
+ mknod ${CHROOT}/dev/null c 1 3 || die
+ chmod 0666 ${CHROOT}/dev/null || die
+
+ mknod ${CHROOT}/dev/zero c 1 5 || die
+ chmod 0666 ${CHROOT}/dev/zero || die
+
+ if use urandom; then
+ mknod ${CHROOT}/dev/urandom c 1 9 || die
+ chmod 0666 ${CHROOT}/dev/urandom || die
+ else
+ mknod ${CHROOT}/dev/random c 1 8 || die
+ chmod 0666 ${CHROOT}/dev/random || die
+ fi
+
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+ cp -a /etc/bind ${CHROOT}/etc/ || die
+ cp -a /var/bind ${CHROOT}/var/ || die
+ fi
+
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ if use geoip; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+ elif use geoip2; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+ fi
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}
diff --git a/net-dns/bind/files/bind-9.16.6-bug-741162.patch b/net-dns/bind/files/bind-9.16.6-bug-741162.patch
new file mode 100644
index 00000000000..9cc030c82b3
--- /dev/null
+++ b/net-dns/bind/files/bind-9.16.6-bug-741162.patch
@@ -0,0 +1,31 @@
+commit 56d2cf6f1ef008ab6cb50545af9b1d8a5c1ece81
+Author: Ondřej Surý <ondrej@isc.org>
+Date: Mon Aug 24 10:15:07 2020 +0200
+
+ Print diagnostics on dns_name_issubdomain() failure in fctx_create()
+
+ Log diagnostic message when dns_name_issubdomain() in the fctx_create()
+ when the resolver is qname minimizing and forwarding at the same time.
+
+ (cherry picked from commit 0a22024c270a38a54f0d51621a046b726df158c0)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 8a36693a9a..b37e756c53 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -5122,7 +5122,14 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
+
+ log_ns_ttl(fctx, "fctx_create");
+
+- INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain));
++ if (!dns_name_issubdomain(&fctx->name, &fctx->domain)) {
++ dns_name_format(&fctx->domain, buf, sizeof(buf));
++ UNEXPECTED_ERROR(__FILE__, __LINE__,
++ "'%s' is not subdomain of '%s'", fctx->info,
++ buf);
++ result = ISC_R_UNEXPECTED;
++ goto cleanup_fcount;
++ }
+
+ fctx->qmessage = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2020-09-18 19:23 Patrick McLean
0 siblings, 0 replies; 16+ messages in thread
From: Patrick McLean @ 2020-09-18 19:23 UTC (permalink / raw
To: gentoo-commits
commit: 956c96ce1bac9fcd9e792f9d64215da236d282f9
Author: Jan Ziak <0xe2.0x9a.0x9b <AT> gmail <DOT> com>
AuthorDate: Fri Sep 4 20:56:02 2020 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Sep 18 19:22:37 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=956c96ce
net-dns/bind-9.16.6-r2: Revbump, USE=ldap on multilib (bug #739062)
Closes: https://bugs.gentoo.org/739062
Signed-off-by: Jan Ziak <0xe2.0x9a.0x9b <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/17419
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
.../bind/{bind-9.16.6-r1.ebuild => bind-9.16.6-r2.ebuild} | 2 ++
.../bind/files/ldap-library-path-on-multilib-machines.patch | 13 +++++++++++++
2 files changed, 15 insertions(+)
diff --git a/net-dns/bind/bind-9.16.6-r1.ebuild b/net-dns/bind/bind-9.16.6-r2.ebuild
similarity index 99%
rename from net-dns/bind/bind-9.16.6-r1.ebuild
rename to net-dns/bind/bind-9.16.6-r2.ebuild
index 4cce9cdc72a..4f12a967f86 100644
--- a/net-dns/bind/bind-9.16.6-r1.ebuild
+++ b/net-dns/bind/bind-9.16.6-r2.ebuild
@@ -87,6 +87,8 @@ PATCHES=(
# should fix https://bugs.gentoo.org/741162 taken from:
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4073
"${FILESDIR}/bind-9.16.6-bug-741162.patch"
+
+ "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
)
# bug 479092, requires networking
diff --git a/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch b/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch
new file mode 100644
index 00000000000..5286c72f11b
--- /dev/null
+++ b/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch
@@ -0,0 +1,13 @@
+diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
+index f769cf1..721d480 100644
+--- a/contrib/dlz/config.dlz.in
++++ b/contrib/dlz/config.dlz.in
+@@ -396,7 +396,7 @@ case "$use_dlz_ldap" in
+ *)
+ DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
+ [-I$use_dlz_ldap/include],
+- [-L$use_dlz_ldap/lib -lldap -llber])
++ [-lldap -llber])
+
+ AC_MSG_RESULT(
+ [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2021-07-18 17:54 Mikle Kolyada
0 siblings, 0 replies; 16+ messages in thread
From: Mikle Kolyada @ 2021-07-18 17:54 UTC (permalink / raw
To: gentoo-commits
commit: 6e8faaad077caf9048e2c5a132ddade0b0b316aa
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 18 17:42:47 2021 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Jul 18 17:53:02 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e8faaad
net-dns/bind: create /dev/urandom again
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
net-dns/bind/{bind-9.16.15-r1.ebuild => bind-9.16.15-r2.ebuild} | 5 ++++-
net-dns/bind/files/{named.init-r13 => named.init-r14} | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/net-dns/bind/bind-9.16.15-r1.ebuild b/net-dns/bind/bind-9.16.15-r2.ebuild
similarity index 98%
rename from net-dns/bind/bind-9.16.15-r1.ebuild
rename to net-dns/bind/bind-9.16.15-r2.ebuild
index 35e114e47df..9beac1bb886 100644
--- a/net-dns/bind/bind-9.16.15-r1.ebuild
+++ b/net-dns/bind/bind-9.16.15-r2.ebuild
@@ -222,7 +222,7 @@ src_install() {
insinto /var/bind/pri
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
- newinitd "${FILESDIR}"/named.init-r13 named
+ newinitd "${FILESDIR}"/named.init-r14 named
newconfd "${FILESDIR}"/named.confd-r7 named
newenvd "${FILESDIR}"/10bind.env 10bind
@@ -355,6 +355,9 @@ pkg_config() {
mknod ${CHROOT}/dev/zero c 1 5 || die
chmod 0666 ${CHROOT}/dev/zero || die
+ mknod ${CHROOT}/dev/urandom c 1 9 || die
+ chmod 0666 ${CHROOT}/dev/urandom || die
+
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
cp -a /etc/bind ${CHROOT}/etc/ || die
cp -a /var/bind ${CHROOT}/var/ || die
diff --git a/net-dns/bind/files/named.init-r13 b/net-dns/bind/files/named.init-r14
similarity index 98%
rename from net-dns/bind/files/named.init-r13
rename to net-dns/bind/files/named.init-r14
index 4240a09176b..ff6ab216abc 100644
--- a/net-dns/bind/files/named.init-r13
+++ b/net-dns/bind/files/named.init-r14
@@ -77,7 +77,7 @@ check_chroot() {
[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
[ ! -d "${CHROOT}/var/log/named" ] && return 1
[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
- [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
+ [ ! -c "${CHROOT}/dev/urandom" ] && return 1
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
if [ -d "/usr/lib64" ]; then
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2022-06-03 7:33 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-06-03 7:33 UTC (permalink / raw
To: gentoo-commits
commit: f06ef44e355a161ac9185b1b389addf510a08616
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 3 07:32:56 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jun 3 07:33:00 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f06ef44e
net-dns/bind: backport FORTIFY_SOURCE=3 named-checkconf crash fix
Closes: https://bugs.gentoo.org/847295
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-dns/bind/bind-9.16.29-r1.ebuild | 376 +++++++++++++++++++++
.../bind/files/bind-9.16.29-fortify-source-3.patch | 35 ++
2 files changed, 411 insertions(+)
diff --git a/net-dns/bind/bind-9.16.29-r1.ebuild b/net-dns/bind/bind-9.16.29-r1.ebuild
new file mode 100644
index 000000000000..ab9d7f6ac2ec
--- /dev/null
+++ b/net-dns/bind/bind-9.16.29-r1.ebuild
@@ -0,0 +1,376 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+
+inherit python-r1 autotools toolchain-funcs flag-o-matic db-use systemd tmpfiles
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+# -berkdb by default re bug 602682
+IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
+json ldap lmdb mysql odbc postgres python selinux static-libs xml +zlib"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+# Upstream dropped the old geoip library, but the BIND configuration for using
+# GeoIP remained the same.
+REQUIRED_USE="
+ postgres? ( dlz )
+ berkdb? ( dlz )
+ mysql? ( dlz )
+ odbc? ( dlz )
+ ldap? ( dlz )
+ dnsrps? ( dlz )
+ python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+DEPEND="
+ acct-group/named
+ acct-user/named
+ berkdb? ( sys-libs/db:= )
+ dev-libs/openssl:=[-bindist(-)]
+ mysql? ( dev-db/mysql-connector-c:0= )
+ odbc? ( >=dev-db/unixODBC-2.2.6 )
+ ldap? ( net-nds/openldap:= )
+ postgres? ( dev-db/postgresql:= )
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ xml? ( dev-libs/libxml2 )
+ geoip? ( dev-libs/libmaxminddb:= )
+ geoip2? ( dev-libs/libmaxminddb:= )
+ gssapi? ( virtual/krb5 )
+ json? ( dev-libs/json-c:= )
+ lmdb? ( dev-db/lmdb:= )
+ zlib? ( sys-libs/zlib )
+ dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
+ python? (
+ ${PYTHON_DEPS}
+ dev-python/ply[${PYTHON_USEDEP}]
+ )
+ dev-libs/libuv:=
+"
+
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ sys-process/psmisc"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+ "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
+ "${FILESDIR}/${P}-fortify-source-3.patch"
+)
+
+# bug 479092, requires networking
+# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
+#RESTRICT="test"
+
+src_prepare() {
+ default
+
+ # should be installed by bind-tools
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+ # Disable tests for now, bug 406399
+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+ # bug #220361
+ rm aclocal.m4 || die
+ rm -rf libtool.m4/ || die
+ eautoreconf
+
+ use python && python_copy_sources
+}
+
+src_configure() {
+ bind_configure --without-python
+ use python && python_foreach_impl python_configure
+}
+
+bind_configure() {
+ local myeconfargs=(
+ AR="$(type -P $(tc-getAR))"
+ --prefix="${EPREFIX}"/usr
+ --sysconfdir=/etc/bind
+ --localstatedir=/var
+ --with-libtool
+ --enable-full-report
+ --without-readline
+ --with-openssl="${ESYSROOT}"/usr
+ --without-cmocka
+ # Removed in 9.17, drags in libunwind dependency too
+ --disable-backtrace
+ $(use_enable caps linux-caps)
+ $(use_enable dnsrps)
+ $(use_enable dnstap)
+ $(use_enable fixed-rrset)
+ # $(use_enable static-libs static)
+ $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
+ $(use_with dlz dlopen)
+ $(use_with dlz dlz-filesystem)
+ $(use_with dlz dlz-stub)
+ $(use_with gssapi)
+ $(use_with json json-c)
+ $(use_with ldap dlz-ldap)
+ $(use_with mysql dlz-mysql)
+ $(use_with odbc dlz-odbc)
+ $(use_with postgres dlz-postgres)
+ $(use_with lmdb)
+ $(use_with xml libxml2)
+ $(use_with zlib)
+ "${@}"
+ )
+ # This is for users to start to migrate back to USE=geoip, rather than
+ # USE=geoip2
+ if use geoip ; then
+ myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
+ elif use geoip2 ; then
+ # Added 2020/09/30
+ # Remove USE=geoip2 support after 2020/03/01
+ ewarn "USE=geoip2 is deprecated; update your USE flags!"
+ myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
+ else
+ myeconfargs+=( --without-maxminddb --disable-geoip )
+ fi
+
+ # bug #158664
+# gcc-specs-ssp && replace-flags -O[23s] -O
+
+ # To include db.h from proper path
+ use berkdb && append-flags "-I$(db_includedir)"
+
+ export BUILD_CC=$(tc-getBUILD_CC)
+ econf "${myeconfargs[@]}"
+
+ # bug #151839
+ echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+python_configure() {
+ pushd "${BUILD_DIR}" >/dev/null || die
+ bind_configure --with-python
+ popd >/dev/null || die
+}
+
+src_compile() {
+ default
+ use python && python_foreach_impl python_compile
+}
+
+python_compile() {
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+ emake
+ popd >/dev/null || die
+}
+
+src_install() {
+ default
+
+ dodoc CHANGES README
+
+ if use doc; then
+ docinto misc
+ dodoc -r doc/misc/
+
+ # might a 'html' useflag make sense?
+ docinto html
+ dodoc -r doc/arm/
+
+ docinto contrib
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+ # some handy-dandy dynamic dns examples
+ pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+ popd 1>/dev/null || die
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+
+ # ftp://ftp.rs.internic.net/domain/named.cache:
+ insinto /var/bind
+ newins "${FILESDIR}"/named.cache-r3 named.cache
+
+ insinto /var/bind/pri
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+ newinitd "${FILESDIR}"/named.init-r14 named
+ newconfd "${FILESDIR}"/named.confd-r7 named
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools
+ rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
+ rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
+ rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
+ rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
+ for tool in dsfromkey importkey keyfromlabel keygen \
+ revoke settime signzone verify; do
+ rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
+ rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
+ done
+
+ # bug 405251, library archives aren't properly handled by --enable/disable-static
+ if ! use static-libs; then
+ find "${ED}" -type f -name '*.a' -delete || die
+ fi
+
+ # bug 405251
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ use python && python_foreach_impl python_install
+
+ # bug 450406
+ dosym named.cache /var/bind/root.cache
+
+ dosym ../../var/bind/pri /etc/bind/pri
+ dosym ../../var/bind/sec /etc/bind/sec
+ dosym ../../var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ dotmpfiles "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+python_install() {
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+ emake DESTDIR="${D}" install
+ python_scriptinto /usr/sbin
+ python_doscript dnssec-{checkds,coverage}
+ python_optimize
+ popd >/dev/null || die
+}
+
+pkg_postinst() {
+ tmpfiles_process named.conf
+
+ if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ chown root:named /etc/bind/rndc.key || die
+ chmod 0640 /etc/bind/rndc.key || die
+ fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT} || die
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+ mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+ chown root:named \
+ ${CHROOT} \
+ ${CHROOT}/var/{bind,log/named} \
+ ${CHROOT}/run/named/ \
+ ${CHROOT}/etc/bind \
+ || die
+
+ mknod ${CHROOT}/dev/null c 1 3 || die
+ chmod 0666 ${CHROOT}/dev/null || die
+
+ mknod ${CHROOT}/dev/zero c 1 5 || die
+ chmod 0666 ${CHROOT}/dev/zero || die
+
+ mknod ${CHROOT}/dev/urandom c 1 9 || die
+ chmod 0666 ${CHROOT}/dev/urandom || die
+
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+ cp -a /etc/bind ${CHROOT}/etc/ || die
+ cp -a /var/bind ${CHROOT}/var/ || die
+ fi
+
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ if use geoip; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+ elif use geoip2; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+ fi
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}
diff --git a/net-dns/bind/files/bind-9.16.29-fortify-source-3.patch b/net-dns/bind/files/bind-9.16.29-fortify-source-3.patch
new file mode 100644
index 000000000000..d084d6e62ce8
--- /dev/null
+++ b/net-dns/bind/files/bind-9.16.29-fortify-source-3.patch
@@ -0,0 +1,35 @@
+https://gitlab.isc.org/isc-projects/bind9/-/commit/b6670787d25743ddf39dfe8e615828efc928f50d
+https://gitlab.isc.org/isc-projects/bind9/-/issues/3351
+https://bugs.gentoo.org/847295
+
+From: Evan Hunt <each@isc.org>
+Date: Fri, 13 May 2022 19:59:58 -0700
+Subject: [PATCH] prevent a possible buffer overflow in configuration check
+
+corrected code that could have allowed a buffer overfow while
+parsing named.conf.
+
+(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472)
+--- a/lib/bind9/check.c
++++ b/lib/bind9/check.c
+@@ -2500,8 +2500,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
+ } else if (dns_name_isula(zname)) {
+ ula = true;
+ }
+- tmp += strlen(tmp);
+ len -= strlen(tmp);
++ tmp += strlen(tmp);
+ (void)snprintf(tmp, len, "%u/%s", zclass,
+ (ztype == CFG_ZONE_INVIEW) ? target
+ : (viewname != NULL) ? viewname
+@@ -3247,8 +3247,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
+ char *tmp = keydirbuf;
+ size_t len = sizeof(keydirbuf);
+ dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
+- tmp += strlen(tmp);
+ len -= strlen(tmp);
++ tmp += strlen(tmp);
+ (void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
+ tresult = keydirexist(zconfig, (const char *)keydirbuf,
+ kaspname, keydirs, logctx, mctx);
+GitLab
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2024-02-18 10:48 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-02-18 10:48 UTC (permalink / raw
To: gentoo-commits
commit: 3a319063509bd1c35f3cc25cbe21ea5d1be7e2fa
Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Wed Feb 14 00:43:06 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 10:48:21 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a319063
net-dns/bind: add 9.16.48
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Bug: https://bugs.gentoo.org/924447
Bug: https://bugs.gentoo.org/914365
Bug: https://bugs.gentoo.org/919679
Closes: https://bugs.gentoo.org/923781
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-dns/bind/Manifest | 1 +
net-dns/bind/bind-9.16.48.ebuild | 389 ++++++++++++++++++++++++++++++++++++++
net-dns/bind/files/named.cache-r4 | 92 +++++++++
3 files changed, 482 insertions(+)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 55e646801f19..d4792c0c9730 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -2,4 +2,5 @@ DIST bind-9.16.37.tar.xz 5109440 BLAKE2B 3b18f7c780ce04e296498e30c09628ad8eb89f3
DIST bind-9.16.39.tar.xz 5120164 BLAKE2B d9fb51435dce11c8854084cc21de79df3ae6529baead76dcf27711bcff33469d1fd6fbd3366b61bc921f92850620c9b7464d4dbe08dd0c7e2f3e5e1c1100cb79 SHA512 6e2e30815222a289e94f6857fdb6b142558ca56ecf5f8291f843f8476da8e4011042f1dd2bed031e5d9924370ae0705ce5b3ea2ce10ae830f8980b669eb26328
DIST bind-9.16.41.tar.xz 5121884 BLAKE2B 53ccc399acc98f79930f51314c1f4e1135370347f05c7a293ac416669c6125b2d56edda20b9ecd86e6ec3ccf05a95c3eb0b836c26b14cf7ee3d1869f578280e5 SHA512 93c374ef82ff36e222a790161942635d0b977813b5040f8895e1c032b4ca1925addc8ef3a06417445036dc35aeb708cc61bd589c6a9cb78980f77ab402c44bee
DIST bind-9.16.42.tar.xz 5123476 BLAKE2B 7cda7df38beaa602fde0142b46c8bcf401cda8afdf00383724ccaa8f3e3f71d320bbd4b7f3be33bcc9c59465932caab1f8c62ca64b79a1470cbdaa01f0048b00 SHA512 cf29e72c9c979f3cf8ba0b17357fb09c37f1436a7f3a518f49ce4b4c682fb367dd3d8e71de6603c166c95a7c535a77a9f2a1393a59723294626acefebbc95fd6
+DIST bind-9.16.48.tar.xz 5131176 BLAKE2B 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 SHA512 83829a5045e2a29dd2b491d3ab72b545f5664023fcd4aa205a44dbb7bcc5c737b4466c0d73f124b8d88fd33c56776871a07dde1ba0530d43eec8e7304a08d353
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.16.48.ebuild b/net-dns/bind/bind-9.16.48.ebuild
new file mode 100644
index 000000000000..de224e397d1c
--- /dev/null
+++ b/net-dns/bind/bind-9.16.48.ebuild
@@ -0,0 +1,389 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..12} )
+
+inherit python-r1 autotools multiprocessing toolchain-funcs flag-o-matic db-use systemd tmpfiles
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+# -berkdb by default re bug #602682
+IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
+json ldap lmdb mysql odbc postgres python selinux static-libs test xml +zlib"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+RESTRICT="!test? ( test )"
+
+# Upstream dropped the old geoip library, but the BIND configuration for using
+# GeoIP remained the same.
+REQUIRED_USE="
+ postgres? ( dlz )
+ berkdb? ( dlz )
+ mysql? ( dlz )
+ odbc? ( dlz )
+ ldap? ( dlz )
+ dnsrps? ( dlz )
+ python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+DEPEND="
+ acct-group/named
+ acct-user/named
+ berkdb? ( sys-libs/db:= )
+ dev-libs/openssl:=[-bindist(-)]
+ mysql? ( dev-db/mysql-connector-c:0= )
+ odbc? ( >=dev-db/unixODBC-2.2.6 )
+ ldap? ( net-nds/openldap:= )
+ postgres? ( dev-db/postgresql:= )
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ xml? ( dev-libs/libxml2 )
+ geoip? ( dev-libs/libmaxminddb:= )
+ geoip2? ( dev-libs/libmaxminddb:= )
+ gssapi? ( virtual/krb5 )
+ json? ( dev-libs/json-c:= )
+ lmdb? ( dev-db/lmdb:= )
+ zlib? ( sys-libs/zlib )
+ dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
+ python? (
+ ${PYTHON_DEPS}
+ dev-python/ply[${PYTHON_USEDEP}]
+ )
+ dev-libs/libuv:=
+"
+
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ sys-process/psmisc"
+
+BDEPEND="
+ test? (
+ dev-util/cmocka
+ dev-util/kyua
+ )
+"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+ "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
+)
+
+src_prepare() {
+ default
+
+ # Should be installed by bind-tools
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+ # Slow tests
+ sed -i "s/{name='mem_test'}/{name='mem_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
+ sed -i "s/{name='timer_test'}/{name='timer_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
+
+ # Conditionally broken
+ use sparc && ( sed -i "/{name='netmgr_test'}/d" "lib/isc/tests/Kyuafile" || die )
+
+ # bug #220361
+ rm aclocal.m4 || die
+ rm -rf libtool.m4/ || die
+ eautoreconf
+
+ use python && python_copy_sources
+}
+
+src_configure() {
+ bind_configure --without-python
+ use python && python_foreach_impl python_configure
+}
+
+bind_configure() {
+ local myeconfargs=(
+ AR="$(type -P $(tc-getAR))"
+ --prefix="${EPREFIX}"/usr
+ --sysconfdir=/etc/bind
+ --localstatedir=/var
+ --with-libtool
+ --enable-full-report
+ --without-readline
+ --with-openssl="${ESYSROOT}"/usr
+ $(use_with test cmocka)
+ # Removed in 9.17, drags in libunwind dependency too
+ --disable-backtrace
+ $(use_enable caps linux-caps)
+ $(use_enable dnsrps)
+ $(use_enable dnstap)
+ $(use_enable fixed-rrset)
+ $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
+ $(use_with dlz dlopen)
+ $(use_with dlz dlz-filesystem)
+ $(use_with dlz dlz-stub)
+ $(use_with gssapi)
+ $(use_with json json-c)
+ $(use_with ldap dlz-ldap)
+ $(use_with mysql dlz-mysql)
+ $(use_with odbc dlz-odbc)
+ $(use_with postgres dlz-postgres)
+ $(use_with lmdb)
+ $(use_with xml libxml2)
+ $(use_with zlib)
+ "${@}"
+ )
+
+ # This is for users to start to migrate back to USE=geoip, rather than
+ # USE=geoip2
+ if use geoip ; then
+ myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
+ elif use geoip2 ; then
+ # Added 2020/09/30
+ # Remove USE=geoip2 support after 2020/03/01
+ ewarn "USE=geoip2 is deprecated; update your USE flags!"
+ myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
+ else
+ myeconfargs+=( --without-maxminddb --disable-geoip )
+ fi
+
+ # bug #158664
+ #gcc-specs-ssp && replace-flags -O[23s] -O
+
+ # To include db.h from proper path
+ use berkdb && append-flags "-I$(db_includedir)"
+
+ export BUILD_CC=$(tc-getBUILD_CC)
+ econf "${myeconfargs[@]}"
+
+ # bug #151839
+ echo '#undef SO_BSDCOMPAT' >> config.h || die
+}
+
+python_configure() {
+ pushd "${BUILD_DIR}" >/dev/null || die
+ bind_configure --with-python
+ popd >/dev/null || die
+}
+
+src_compile() {
+ default
+ use python && python_foreach_impl python_compile
+}
+
+python_compile() {
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+ emake
+ popd >/dev/null || die
+}
+
+src_test() {
+ # system tests ('emake test') require network configuration for IPs etc
+ # so we run the unit tests instead.
+ TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit
+}
+
+src_install() {
+ default
+
+ dodoc CHANGES README
+
+ if use doc; then
+ docinto misc
+ dodoc -r doc/misc/
+
+ # might a 'html' useflag make sense?
+ docinto html
+ dodoc -r doc/arm/
+
+ docinto contrib
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+ # some handy-dandy dynamic dns examples
+ pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+ popd 1>/dev/null || die
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+
+ # ftp://ftp.rs.internic.net/domain/named.cache:
+ insinto /var/bind
+ newins "${FILESDIR}"/named.cache-r4 named.cache
+
+ insinto /var/bind/pri
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+ newinitd "${FILESDIR}"/named.init-r14 named
+ newconfd "${FILESDIR}"/named.confd-r7 named
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools
+ rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
+ rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
+ rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
+ rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
+ for tool in dsfromkey importkey keyfromlabel keygen \
+ revoke settime signzone verify; do
+ rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
+ rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
+ done
+
+ # bug 405251, library archives aren't properly handled by --enable/disable-static
+ if ! use static-libs; then
+ find "${ED}" -type f -name '*.a' -delete || die
+ fi
+
+ # bug 405251
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ use python && python_foreach_impl python_install
+
+ # bug 450406
+ dosym named.cache /var/bind/root.cache
+
+ dosym ../../var/bind/pri /etc/bind/pri
+ dosym ../../var/bind/sec /etc/bind/sec
+ dosym ../../var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ dotmpfiles "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+python_install() {
+ pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+ emake DESTDIR="${D}" install
+ python_scriptinto /usr/sbin
+ python_doscript dnssec-{checkds,coverage}
+ python_optimize
+ popd >/dev/null || die
+}
+
+pkg_postinst() {
+ tmpfiles_process named.conf
+
+ if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ chown root:named /etc/bind/rndc.key || die
+ chmod 0640 /etc/bind/rndc.key || die
+ fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT} || die
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+ mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+ chown root:named \
+ ${CHROOT} \
+ ${CHROOT}/var/{bind,log/named} \
+ ${CHROOT}/run/named/ \
+ ${CHROOT}/etc/bind \
+ || die
+
+ mknod ${CHROOT}/dev/null c 1 3 || die
+ chmod 0666 ${CHROOT}/dev/null || die
+
+ mknod ${CHROOT}/dev/zero c 1 5 || die
+ chmod 0666 ${CHROOT}/dev/zero || die
+
+ mknod ${CHROOT}/dev/urandom c 1 9 || die
+ chmod 0666 ${CHROOT}/dev/urandom || die
+
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+ cp -a /etc/bind ${CHROOT}/etc/ || die
+ cp -a /var/bind ${CHROOT}/var/ || die
+ fi
+
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ if use geoip; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+ elif use geoip2; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+ fi
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}
diff --git a/net-dns/bind/files/named.cache-r4 b/net-dns/bind/files/named.cache-r4
new file mode 100644
index 000000000000..860b808e119a
--- /dev/null
+++ b/net-dns/bind/files/named.cache-r4
@@ -0,0 +1,92 @@
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: January 24, 2024
+; related version of root zone: 2024012401
+;
+; FORMERLY NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
+B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file
\ No newline at end of file
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2024-08-31 7:10 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-08-31 7:10 UTC (permalink / raw
To: gentoo-commits
commit: 0795ed82642d14ebb9e975db7bfd98fbca25c770
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 28 14:53:08 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 31 07:10:11 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0795ed82
net-dns/bind: bump to 9.18.0
- punted CHROOT stuff to simplify the ebuild and scripts
- bind-tools binaries (dig, delv etc) are not stand alone binaries
anymore but link to bind libraries, i.e. net-dns/bind and
net-dns/bind-tools by neccesity produce the same libraries resulting
in file collisions. soft blocked each other for now
- net-dns/bind now produces everything, including binaries produced by
net-dns/bind-tools
- old style dlz drivers have been removed upstream. prefer dumping from
datastore (database, ldap etc) to a file on a regular basis/on demand
instead anyway
- licensing: bind is mozilla-2.0
- dev-libs/jemalloc is the preferred allocator for bind-9.18. made it
obligatory and dropped sparc keyword
- json and zlib USE flags dropped and made obligatory. zlib is more or
less necessary because of doh stuff. json requirement is a small
library. xml is still behind a USE flag as it has the potential to
bring in big libraries (icu etc)
- python is optional and only used for testing
- upstream dropped berkdb support
- unified geoip and geoip2 USE flags
- build system now uses a more traditional autotools stack. punted old
stuff from the ebuild
- do not install a zone file for loopback addresses. they are already
built in
- no need for named.cache as well
- install named.conf.auth as a sample config file for authoratative
named server. recursive server do not need one to function
- openrc init script and confd revized, mostly because of punting chroot
Bug: https://bugs.gentoo.org/832218
Bug: https://bugs.gentoo.org/930348
Bug: https://bugs.gentoo.org/936568
Bug: https://bugs.gentoo.org/937907
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-dns/bind/Manifest | 1 +
net-dns/bind/bind-9.18.0.ebuild | 151 ++++++++++++++++++++++++++++++++++++++
net-dns/bind/files/named.conf-r9 | 21 ++++++
net-dns/bind/files/named.confd-r8 | 18 +++++
net-dns/bind/files/named.init-r15 | 99 +++++++++++++++++++++++++
net-dns/bind/metadata.xml | 2 +
6 files changed, 292 insertions(+)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 56161e2f3eed..8e14a31310ce 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,4 @@
DIST bind-9.16.48.tar.xz 5131176 BLAKE2B 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 SHA512 83829a5045e2a29dd2b491d3ab72b545f5664023fcd4aa205a44dbb7bcc5c737b4466c0d73f124b8d88fd33c56776871a07dde1ba0530d43eec8e7304a08d353
DIST bind-9.16.48.tar.xz.asc 833 BLAKE2B 740ed58863ed3a7dee6ada4edd03cad5378ea0aa53cd6f071ca1911bb2d6b285ed292f32846790d42b97e8d9bb72588f1cd30c4e10557ac1e9f1df545923a9b1 SHA512 7bd813b5ab6f9677fc4ef21e0c3930f6319fa6c49d6869570794bc28212fe8935b72f9f217cfce692a2dec9ec29994f345d1b1145cef1ca976c5361f6ce0f75d
+DIST bind-9.18.0.tar.xz 5292320 BLAKE2B 3ed32880bcaf47d3a56a59cf35506c6f28acdfa52365615a3cd9671bbbc6437a1aab8cebb3ed6dec61af25b71357f8924ae8aae8779cdd422e8a3ff6ee3ef4e5 SHA512 941fe32499e1e7b08c2554f2e68a4886160d239ae23c9810f0cc0565636b5ce218dad5d332c1f4d101ce15f85b6cc2cd877fbf9ebdafb693a83ae57f999cab12
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.18.0.ebuild b/net-dns/bind/bind-9.18.0.ebuild
new file mode 100644
index 000000000000..7499493af4f4
--- /dev/null
+++ b/net-dns/bind/bind-9.18.0.ebuild
@@ -0,0 +1,151 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{8..10} )
+
+inherit python-any-r1 systemd tmpfiles
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+RRL_PV="${MY_PV}"
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz"
+
+LICENSE="MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux"
+IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn geoip gssapi lmdb selinux static-libs test-extra xml"
+
+DEPEND="
+ acct-group/named
+ acct-user/named
+ dev-libs/jemalloc
+ dev-libs/json-c:=
+ dev-libs/libuv:=
+ sys-libs/zlib
+ dev-libs/openssl:=[-bindist(-)]
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
+ doh? ( net-libs/nghttp2 )
+ geoip? ( dev-libs/libmaxminddb )
+ gssapi? ( virtual/krb5 )
+ idn? ( net-dns/libidn2 )
+ lmdb? ( dev-db/lmdb )
+ xml? ( dev-libs/libxml2 )
+"
+BDEPEND="
+ test-extra? (
+ ${PYTHON_DEPS}
+ dev-python/pytest
+ dev-perl/Net-DNS-SEC
+ dev-util/cmocka
+ )
+"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ sys-process/psmisc
+ !net-dns/bind-tools
+"
+
+S="${WORKDIR}/${MY_P}"
+
+src_configure() {
+ local myeconfargs=(
+ --prefix="${EPREFIX}"/usr
+ --sysconfdir=/etc/bind
+ --localstatedir=/var
+ --enable-full-report
+ --without-readline
+ --with-openssl="${ESYSROOT}"/usr
+ --with-jemalloc
+ --with-json-c
+ --with-zlib
+ $(use_enable caps linux-caps)
+ $(use_enable dnsrps)
+ $(use_enable dnstap)
+ $(use_enable doh)
+ $(use_with doh libnghttp2)
+ $(use_enable fixed-rrset)
+ $(use_enable static-libs static)
+ $(use_enable geoip)
+ $(use_with geoip maxminddb)
+ $(use_with gssapi)
+ $(use_with idn libidn2)
+ $(use_with lmdb)
+ $(use_with xml libxml2)
+ "${@}"
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # "${WORKDIR}/${P}"/bin/tests/system/README
+ # ifconfig.sh up and then down as root
+ #default
+
+ # just run the tests that dont mock around with IPs
+ emake -C lib/ check
+}
+
+src_install() {
+ default
+
+ dodoc CHANGES README.md
+
+ if use doc; then
+ docinto misc
+ dodoc -r doc/misc/
+
+ docinto html
+ dodoc -r doc/arm/
+
+ docinto dnssec-guide
+ dodoc -r doc/dnssec-guide/
+
+ docinto contrib
+ dodoc contrib/scripts/nanny.pl
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r9 named.conf.auth
+
+ newinitd "${FILESDIR}"/named.init-r15 named
+ newconfd "${FILESDIR}"/named.confd-r8 named
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+
+ dosym ../../var/bind/pri /etc/bind/pri
+ dosym ../../var/bind/sec /etc/bind/sec
+ dosym ../../var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /etc/bind/{bind.keys,named.conf.auth}
+ fperms 0640 /etc/bind/{bind.keys,named.conf.auth}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ dotmpfiles "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+ tmpfiles_process named.conf
+
+ if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ chown root:named /etc/bind/rndc.key || die
+ chmod 0640 /etc/bind/rndc.key || die
+ fi
+}
diff --git a/net-dns/bind/files/named.conf-r9 b/net-dns/bind/files/named.conf-r9
new file mode 100644
index 000000000000..e14996561731
--- /dev/null
+++ b/net-dns/bind/files/named.conf-r9
@@ -0,0 +1,21 @@
+options {
+ directory "/var/cache/bind";
+ pid-file "/run/named/named.pid";
+ listen-on { 127.0.0.1; };
+ listen-on-v6 { ::1; };
+ allow-recursion {
+ none;
+ };
+ allow-transfer {
+ none;
+ };
+ allow-update {
+ none;
+ };
+};
+
+zone "example.com." {
+ type primary;
+ file "/var/lib/bind/db.example.com";
+ notify explicit;
+};
diff --git a/net-dns/bind/files/named.confd-r8 b/net-dns/bind/files/named.confd-r8
new file mode 100644
index 000000000000..915c51d4f19f
--- /dev/null
+++ b/net-dns/bind/files/named.confd-r8
@@ -0,0 +1,18 @@
+# Set various named options here.
+#
+#OPTIONS=""
+
+# config file path
+NAMED_CONF="/etc/bind/named.conf"
+
+# Set this to the number of processors you want bind to use.
+# Leave this unchanged if you want bind to automatically detect the number
+#CPU="1"
+
+# Default pid file location
+# use named.conf to specify pid-file location
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+# Default: 0
+#NAMED_NICELEVEL="0"
+
diff --git a/net-dns/bind/files/named.init-r15 b/net-dns/bind/files/named.init-r15
new file mode 100644
index 000000000000..d5539d9aa854
--- /dev/null
+++ b/net-dns/bind/files/named.init-r15
@@ -0,0 +1,99 @@
+#!/sbin/openrc-run
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+ need net
+ use logger
+ provide dns
+}
+
+NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf}
+
+_get_pidfile() {
+ # as suggested in bug #107724, bug 335398#c17
+ [ -n "${PIDFILE}" ] || PIDFILE=$(\
+ /usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
+ [ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid"
+}
+
+checkconfig() {
+ ebegin "Checking named configuration"
+
+ if [ ! -f "${NAMED_CONF}" ] ; then
+ eerror "No ${NAMED_CONF} file exists!"
+ return 1
+ fi
+ /usr/bin/named-checkconf ${NAMED_CONF} || {
+ eerror "named-checkconf failed! Please fix your config first."
+ return 1
+ }
+ eend 0
+}
+
+checkzones() {
+ ebegin "Checking named configuration and zones"
+ /usr/bin/named-checkconf -z ${NAMED_CONF}
+ eend $?
+}
+
+start() {
+ local piddir
+
+ ebegin "Starting named"
+ checkconfig || { eend 1; return 1; }
+
+ # create piddir (usually /run/named) if necessary, bug 334535
+ _get_pidfile
+ piddir="${PIDFILE%/*}"
+ checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+ eerror "Failed to create PID directory at $piddir"
+ eend 1
+ return 1
+ }
+
+ # In case someone have $CPU set in /etc/conf.d/named
+ if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+ CPU="-n ${CPU}"
+ fi
+
+ start-stop-daemon --start --pidfile ${PIDFILE} \
+ --nicelevel ${NAMED_NICELEVEL:-0} \
+ --exec /usr/sbin/named \
+ -- -u named ${CPU} ${OPTIONS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping named"
+ # -R 10, bug 335398
+ _get_pidfile
+ start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+ --exec /usr/sbin/named
+ eend $?
+}
+
+reload() {
+ local ret
+
+ ebegin "Reloading named.conf and zone files"
+
+ checkconfig || { eend 1; return 1; }
+
+ _get_pidfile
+ if [ -n "${PIDFILE}" ]; then
+ start-stop-daemon --pidfile $PIDFILE --signal HUP
+ ret=$?
+ else
+ ewarn "Unable to determine the pidfile... this is"
+ ewarn "a fallback mode. Please check your installation!"
+
+ $RC_SERVICE restart
+ ret=$?
+ fi
+
+ eend $ret
+}
diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml
index ec13f291d0cd..49012f10c364 100644
--- a/net-dns/bind/metadata.xml
+++ b/net-dns/bind/metadata.xml
@@ -9,10 +9,12 @@
<flag name="dnstap">Enables dnstap packet logging</flag>
<flag name="dnsrps">Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an external response policy provider</flag>
<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
+ <flag name="doh">Enables dns-over-https</flag>
<flag name="fixed-rrset">Enables fixed rrset-order option</flag>
<flag name="geoip2">Enable GeoIP2 API from MaxMind</flag>
<flag name="gssapi">Enable gssapi support</flag>
<flag name="json">Enable JSON statistics channel</flag>
<flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag>
+ <flag name="test-extra">Pulls in extra dependencies for additional testing</flag>
</use>
</pkgmetadata>
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2024-08-31 7:10 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-08-31 7:10 UTC (permalink / raw
To: gentoo-commits
commit: 20c274b220ba9be18fa465ff03cd9e7b95b1591b
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 16 18:35:50 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 31 07:10:13 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20c274b2
net-dns/bind: restore chroot support
Bug: https://bugs.gentoo.org/832218
Bug: https://bugs.gentoo.org/930348
Bug: https://bugs.gentoo.org/936568
Bug: https://bugs.gentoo.org/937907
Bug: https://github.com/gentoo/gentoo/pull/24001
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-dns/bind/bind-9.18.0.ebuild | 89 +++++++++++++++++++-
net-dns/bind/files/named.confd-r8 | 19 +++++
net-dns/bind/files/named.init-r15 | 170 ++++++++++++++++++++++++++++++++++++--
3 files changed, 268 insertions(+), 10 deletions(-)
diff --git a/net-dns/bind/bind-9.18.0.ebuild b/net-dns/bind/bind-9.18.0.ebuild
index 7499493af4f4..dd465d39879c 100644
--- a/net-dns/bind/bind-9.18.0.ebuild
+++ b/net-dns/bind/bind-9.18.0.ebuild
@@ -143,9 +143,96 @@ pkg_postinst() {
tmpfiles_process named.conf
if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
+ einfo "Generating rndc.key"
/usr/sbin/rndc-confgen -a
chown root:named /etc/bind/rndc.key || die
chmod 0640 /etc/bind/rndc.key || die
fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT} || die
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+ mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+ chown root:named \
+ ${CHROOT} \
+ ${CHROOT}/var/{bind,log/named} \
+ ${CHROOT}/run/named/ \
+ ${CHROOT}/etc/bind \
+ || die
+
+ mknod ${CHROOT}/dev/null c 1 3 || die
+ chmod 0666 ${CHROOT}/dev/null || die
+
+ mknod ${CHROOT}/dev/zero c 1 5 || die
+ chmod 0666 ${CHROOT}/dev/zero || die
+
+ if [[ "${CHROOT_NOMOUNT:-0}" -ne 0 ]]; then
+ cp -a /etc/bind ${CHROOT}/etc/ || die
+ cp -a /var/bind ${CHROOT}/var/ || die
+ fi
+
+ if [[ "${CHROOT_GEOIP:-0}" -eq 1 ]]; then
+ if use geoip; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+ elif use geoip2; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+ fi
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
}
diff --git a/net-dns/bind/files/named.confd-r8 b/net-dns/bind/files/named.confd-r8
index 915c51d4f19f..2d2ef4b868f6 100644
--- a/net-dns/bind/files/named.confd-r8
+++ b/net-dns/bind/files/named.confd-r8
@@ -9,6 +9,25 @@ NAMED_CONF="/etc/bind/named.conf"
# Leave this unchanged if you want bind to automatically detect the number
#CPU="1"
+# If you wish to run bind in a chroot:
+# 1) un-comment the CHROOT= assignment, below. You may use
+# a different chroot directory but MAKE SURE it's empty.
+# 2) run: emerge --config =<bind-version>
+#
+#CHROOT="/chroot/dns"
+
+# Uncomment to enable binmount of /usr/share/GeoIP
+#CHROOT_GEOIP="1"
+
+# Uncomment the line below to avoid that the init script mounts the needed paths
+# into the chroot directory.
+# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
+#CHROOT_NOMOUNT="1"
+
+# Uncomment this option if you have setup your own chroot environment and you
+# don't want/need the chroot consistency check
+#CHROOT_NOCHECK=1
+
# Default pid file location
# use named.conf to specify pid-file location
diff --git a/net-dns/bind/files/named.init-r15 b/net-dns/bind/files/named.init-r15
index d5539d9aa854..bdee10cc61e8 100644
--- a/net-dns/bind/files/named.init-r15
+++ b/net-dns/bind/files/named.init-r15
@@ -11,13 +11,83 @@ depend() {
provide dns
}
-NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf}
+NAMED_CONF=${NAMED_CONF:-${CHROOT}/etc/bind/named.conf}
+
+OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
+MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
+
+_mount() {
+ local from
+ local to
+ local opts
+ local ret=0
+
+ if [ "${#}" -lt 3 ]; then
+ eerror "_mount(): to few arguments"
+ return 1
+ fi
+
+ from=$1
+ to=$2
+ shift 2
+
+ opts="${*}"
+ shift $#
+
+ if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
+ einfo "mounting ${from} to ${to}"
+ mount ${from} ${to} ${opts}
+ ret=$?
+
+ eend $ret
+ return $ret
+ fi
+
+ return 0
+}
+
+_umount() {
+ local dir=$1
+ local ret=0
+
+ if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
+ ebegin "umounting ${dir}"
+ umount ${dir}
+ ret=$?
+
+ eend $ret
+ return $ret
+ fi
+
+ return 0
+}
_get_pidfile() {
# as suggested in bug #107724, bug 335398#c17
- [ -n "${PIDFILE}" ] || PIDFILE=$(\
- /usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
- [ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid"
+ [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+ /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+ [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
+}
+
+check_chroot() {
+ if [ -n "${CHROOT}" ]; then
+ [ ! -d "${CHROOT}" ] && return 1
+ [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
+ [ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
+ [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
+ [ ! -d "${CHROOT}/var/log/named" ] && return 1
+ [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
+ [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
+ if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+ if [ -d "/usr/lib64" ]; then
+ [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
+ elif [ -d "/usr/lib" ]; then
+ [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
+ fi
+ fi
+ fi
+
+ return 0
}
checkconfig() {
@@ -27,23 +97,65 @@ checkconfig() {
eerror "No ${NAMED_CONF} file exists!"
return 1
fi
- /usr/bin/named-checkconf ${NAMED_CONF} || {
+
+ /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
eerror "named-checkconf failed! Please fix your config first."
return 1
}
+
eend 0
+ return 0
}
checkzones() {
ebegin "Checking named configuration and zones"
- /usr/bin/named-checkconf -z ${NAMED_CONF}
+ /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
eend $?
}
start() {
local piddir
- ebegin "Starting named"
+ ebegin "Starting ${CHROOT:+chrooted }named"
+
+ if [ -n "${CHROOT}" ]; then
+ if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+ check_chroot || {
+ eend 1
+ eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+ return 1
+ }
+ fi
+
+ if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+ if [ ! -e /usr/lib/engines/libgost.so ]; then
+ eend 1
+ eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
+ return 1
+ fi
+ cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
+ eend 1
+ eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
+ return 1
+ }
+ fi
+ cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
+
+ if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+ einfo "Mounting chroot dirs"
+ _mount /etc/bind ${CHROOT}/etc/bind -o bind
+ _mount /var/bind ${CHROOT}/var/bind -o bind
+ _mount /var/log/named ${CHROOT}/var/log/named -o bind
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+ fi
+ fi
+
+ # On initial startup, if piddir inside the chroot /var/run/named
+ # Then the .../var/run part might not exist yet
+ checkpath -q -d -o root:root -m 0755 "${piddir}/.."
+ fi
+
checkconfig || { eend 1; return 1; }
# create piddir (usually /run/named) if necessary, bug 334535
@@ -63,16 +175,56 @@ start() {
start-stop-daemon --start --pidfile ${PIDFILE} \
--nicelevel ${NAMED_NICELEVEL:-0} \
--exec /usr/sbin/named \
- -- -u named ${CPU} ${OPTIONS}
+ -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
eend $?
}
stop() {
- ebegin "Stopping named"
+ local reported=0
+
+ ebegin "Stopping ${CHROOT:+chrooted }named"
+
+ # Workaround for now, until openrc's restart has been fixed.
+ # openrc doesn't care about a restart() function in init scripts.
+ if [ "${RC_CMD}" = "restart" ]; then
+ if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+ check_chroot || {
+ eend 1
+ eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+ return 1
+ }
+ fi
+
+ checkconfig || { eend 1; return 1; }
+ fi
+
# -R 10, bug 335398
_get_pidfile
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
--exec /usr/sbin/named
+
+ if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+ ebegin "Umounting chroot dirs"
+
+ # just to be sure everything gets clean
+ while fuser -s ${CHROOT} 2>/dev/null; do
+ if [ "${reported}" -eq 0 ]; then
+ einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
+ elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
+ eerror "Waiting until all named processes are stopped failed!"
+ eend 1
+ break
+ fi
+ sleep 1
+ reported=$((reported+1))
+ done
+
+ [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
+ _umount ${CHROOT}/etc/bind
+ _umount ${CHROOT}/var/log/named
+ _umount ${CHROOT}/var/bind
+ fi
+
eend $?
}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/
@ 2024-09-02 8:30 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-09-02 8:30 UTC (permalink / raw
To: gentoo-commits
commit: 29cee14c48811f73113b4ceb29f86025f53fda5e
Author: Paul Zander <negril.nx+gentoo <AT> gmail <DOT> com>
AuthorDate: Sun Sep 1 21:20:51 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep 2 08:29:19 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29cee14c
net-dns/bind: 9.18.29-r1 properly include named.conf.auth
Signed-off-by: Paul Zander <negril.nx+gentoo <AT> gmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-dns/bind/bind-9.18.29-r1.ebuild | 7 ++++---
net-dns/bind/files/{named.conf-r9 => named.conf.auth} | 0
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net-dns/bind/bind-9.18.29-r1.ebuild b/net-dns/bind/bind-9.18.29-r1.ebuild
index f2f369fcaef3..79eab49c7f11 100644
--- a/net-dns/bind/bind-9.18.29-r1.ebuild
+++ b/net-dns/bind/bind-9.18.29-r1.ebuild
@@ -113,7 +113,8 @@ src_install() {
fi
insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r9 named.conf.auth
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+ newins "${FILESDIR}"/named.conf.auth named.conf.auth
newinitd "${FILESDIR}"/named.init-r15 named
newconfd "${FILESDIR}"/named.confd-r8 named
@@ -146,8 +147,8 @@ src_install() {
keepdir /var/bind/{pri,sec,dyn} /var/log/named
fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /etc/bind/{bind.keys,named.conf.auth}
- fperms 0640 /etc/bind/{bind.keys,named.conf.auth}
+ fowners root:named /etc/bind/{bind.keys,named.conf,named.conf.auth}
+ fperms 0640 /etc/bind/{bind.keys,named.conf,named.conf.auth}
fperms 0750 /etc/bind /var/bind/pri
fperms 0770 /var/log/named /var/bind/{,sec,dyn}
diff --git a/net-dns/bind/files/named.conf-r9 b/net-dns/bind/files/named.conf.auth
similarity index 100%
rename from net-dns/bind/files/named.conf-r9
rename to net-dns/bind/files/named.conf.auth
^ permalink raw reply related [flat|nested] 16+ messages in thread
end of thread, other threads:[~2024-09-02 8:30 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-15 17:58 [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/files/, net-dns/bind/ Patrick McLean
-- strict thread matches above, loose matches on Subject: below --
2024-09-02 8:30 Sam James
2024-08-31 7:10 Sam James
2024-08-31 7:10 Sam James
2024-02-18 10:48 Sam James
2022-06-03 7:33 Sam James
2021-07-18 17:54 Mikle Kolyada
2020-09-18 19:23 Patrick McLean
2020-02-14 16:01 Thomas Deutschmann
2019-02-17 9:02 Mikle Kolyada
2018-01-08 9:08 Christian Ruppert
2017-06-09 17:39 Christian Ruppert
2016-01-20 18:56 Christian Ruppert
2015-12-27 19:39 Christian Ruppert
2015-10-17 12:18 Christian Ruppert
2015-10-04 8:29 Pacho Ramos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox