diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-dns/unbound | |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-dns/unbound')
| -rw-r--r-- | net-dns/unbound/Manifest | 22 | ||||
| -rw-r--r-- | net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch | 72 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound-1.4.12-gentoo.patch | 12 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch | 12 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound-anchor.service | 13 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.confd | 4 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.initd | 55 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.service | 12 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.socket | 5 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound_at.service | 13 | ||||
| -rw-r--r-- | net-dns/unbound/metadata.xml | 34 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.5.1-r2.ebuild | 122 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.5.10.ebuild | 124 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.6.3.ebuild | 130 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.6.4.ebuild | 130 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.6.6.ebuild | 130 |
16 files changed, 890 insertions, 0 deletions
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest new file mode 100644 index 000000000000..04f249ff7fbd --- /dev/null +++ b/net-dns/unbound/Manifest @@ -0,0 +1,22 @@ +AUX 0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch 2032 SHA256 b5312b80a37501198345214a7eeaf589340ab698dc3390e3addb146c35f2e9b6 SHA512 1a28fca9fa39cf4c07e2f9b75058ca1d00a176ab4f0b96130fbe4773f503f39f7f16518e82f58d289001dd468e53e54f1e208e99eec713fda0efd35517c4bcb3 WHIRLPOOL 7f630f1c7b0be788a4a288501fb47065b31a8afb9b4d462122e01c01f7be9f8575aa141502fc83d57c6f330a0d8a3f8423489452f878fb6314868c6e2586204c +AUX unbound-1.4.12-gentoo.patch 639 SHA256 8223261764f067355a5c013b2c8b13384480c91782fc42ae339dcc8bed843448 SHA512 81292d898284c27e0b30a90816d283d2fffd5810afb38b5a79ff4acc94d82c91bd5414d177f11745c5ee7e56d1600a67bdc4d7395504ff6266103b4e018baf6c WHIRLPOOL 29fb59e16d8f3f4e4d6029f2b3ec6dfd3665c366f3842b318a80b5721a9770b7fd47ad5e0169ab9539f87ed49d03a282f47507754c09cf17ea0d99705f1860c0 +AUX unbound-1.5.7-trust-anchor-file.patch 632 SHA256 787630b5111e70daa7f6fe2c9a8c8524b94c1ee51b5f2c045cee4e4db778cfe6 SHA512 fe9cb259a17452ab84df98eb8caaaa389e40e149e4de6f1245e78c350d1c6af42d1b094be6779ec19ce5ea11f86e102ae9767c8785d54cfa9746390c73e0f329 WHIRLPOOL 8b044dc717461a8d321394d7668fbd338e957cd3f8dc3e0bb2c4e5b90b8ab83e349edc4a1955080d0724585f8fbe535a4edb5a943e6e36c8188c770b6d215fe5 +AUX unbound-anchor.service 263 SHA256 cbb233e37b5136ab089a909472bfb0b58185f138df974a8abc9121d86cf2ba17 SHA512 c0f8ff2df106d1f05786cf5d69b48cdf69ba2fd42645bf6b7fa2d34d6c3fdd1608fb470c4fb0216164386e8b22977292ae8932c784a6967774e3daae1b8aeb95 WHIRLPOOL 0fa95e2d8113f9940b89c3c26194b37ab99a85f7ffb699240e6bad32213565c614a4f41d88e08d4b0a15e5a8b0b6a81a029d0f8dac9f7b36763ed3c5b18b0b05 +AUX unbound.confd 171 SHA256 7da812ef83f8f8b9351363525ab6bebd5348faed76d0ae424dcbd7cb6a830dfd SHA512 e3e4c7f97c13d133724417a70e4f20dac6f1f4b5a4e2e573c410148059d9f722589249b3dd4668069d4e324abef60f5981f20b1797623f37db9c9422410dc13f WHIRLPOOL d88c7542891ea7420253598c1fb94982a01d378aacf26a75c28650acc6f0093f526e0fab51f8e1b60681809bd253f765f8f73aa205bef5c4949766861f410ca5 +AUX unbound.initd 1370 SHA256 fe18b49ea3c50bf17343581599953dac1cc190d1ea9aab1e69eab0b295420c76 SHA512 ee28d0fdc0abd10fbdeb3d2d01a6f06f4bfa83c78f0d64290cf187a76b31fee8f838c051ae962d90bf7c154678c3f866161564257f1834454e681775fd82fc49 WHIRLPOOL bb772ee2d1681ce69efc07e9afbd6791cda1c90ccac52da7081e4346cbd2c365eb307391061dbd63b792ad8977d059e3cf33f0ad8efd56cec8b4c5547c9c77da +AUX unbound.service 247 SHA256 6c12373b61f136edd95bea3dc6b7f56499de83aae7c925aee30e6db99051d72d SHA512 7904225d0e9fb3ea5b97521ed24f24fcc4db650cfff8523b896ddd9edfccbd61e817775ad0449acf30d02dba5f714d633b60cace6010d472f438df7c22381dfc WHIRLPOOL c156a2b96e1c1a6d787ee7c143b8c5cd8bf00b9e8cb00f90a5113ecd502f4d5fa2f0249debd10ef7f15d38d33f5d1c9ac4c15c61485f227fa70cd42af696ee3d +AUX unbound.socket 101 SHA256 9bc0b128f4b275e67fc404eddf7c44e2e72c390128c836508394d57fe663a719 SHA512 935ab3bd5bc3d3347e44c20482aa19396d243b89f2dbc7bf9f89b16a2559715866e16dfd9f5c4866222d8ee968f158a773475d94629f0ef9fa9b8fd23f0fbc2e WHIRLPOOL 3111c10ad16f9b776ba5b19c38c11caea8100daa3c69e9cb8d97d1725937f0fa7da488a3a5a6ffba9793337538e142dc2fe4ff6130c441ff6e474fc5c538d698 +AUX unbound_at.service 304 SHA256 6d8dfaf740f47af87bf521e871d824aefa10c702f724ae57998656b443fb8675 SHA512 71bd8c422ffe57e448b66f97775075a407671757266d40294a670b41cd1a59f16b65488d30aa74b79b7536f0c4c50adb56e32377e8029fd6c327b85c022c5fe3 WHIRLPOOL c304eec4a9293b92499b6895c57b7553a3d0247a00eed7f8299f4d0b2b7d24a33ca383125270b0616d826f71fa5e800e1a0b32c38316f03d806a2399dfb3cbcd +DIST unbound-1.5.1.tar.gz 4805176 SHA256 0ff82709fb2bd7ecbde8dbdcf60fa417d2b43379570a3d460193a76a169900ec SHA512 85d7069cf47709aceb7d9457c8befb1b327adfb098d8aa98082fc9bf710274e8ba86b56d796c86917639bb7e57ab5c40af1bc79090de038c6375be2c3877e0c4 WHIRLPOOL e23f7d399a1f01da5aec98ff0fa3b377e8a76789d237ceaf0e9146c96a97088716a0ec6c0f68f95f57af16743e73c1bc7209889a04a698bf7aa5d0706c7514f5 +DIST unbound-1.5.10.tar.gz 4941299 SHA256 a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486 SHA512 1c413886a12d4b626e03e076da6b9ccbcc8fd4769649fef8895eca74199bc22aec33c026e777524e8fe0327045a194f79b52282fe40674a9fb15cac58c4493f6 WHIRLPOOL 4e4ef7e4a89a6d8cd7b359a38cfb8a5cd99ea4e59a89ab894181b149346cf1e2875ec6b2af0985925cc50ff1c2f50fbfe569569ead2913127631781003c84742 +DIST unbound-1.6.3.tar.gz 5381240 SHA256 4c7e655c1d0d2d133fdeb81bc1ab3aa5c155700f66c9f5fb53fa6a5c3ea9845f SHA512 1d84fcc4c4b2a2b5cce6540cf252ff964f4acae3b6567c61cee69b76c6cee3e00270b1f7cc7ad83a2754afb33cc199c8b6e8116e5b587811714398b1d34de8a3 WHIRLPOOL c4cc7b45686bb3e5128f8c2e28b6e87867b983e01c53d336d85f342dc84e5c9a01491a7325f8290620a02ff9323173f433892f114ee5f4350cf41e91bbc74831 +DIST unbound-1.6.4.tar.gz 5477897 SHA256 df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed SHA512 1abf50552c97b304884f07372f9fb05f9f30354647cf5299192deac81fa28a41d89d84ee092baef644a6069d0f545d36e7e814c9b8f83f21a7a53572d9a91907 WHIRLPOOL 36cadfa940ae121ab0d261fa70b91114462aeb56b0c3b1505e58a307248d4741a040b1cecd62ad42e95958798b7aa5331c45cc879d83298318d9eee184de8a17 +DIST unbound-1.6.6.tar.gz 5460482 SHA256 972b14dc33093e672652a7b2b5f159bab2198b0fe9c9e1c5707e1895d4d4b390 SHA512 910fd0956b8828d3db0511a85bf6ab6c4c3982f17c70ccb7123d1de1650d24c2906bc29ac4ea83fd7d95d8af29e2cbc88df666f365e51296f552292ef9753016 WHIRLPOOL 0aff265050876defa900303c152f643258dd26b9c1fd4abdd901a849fe96481b488cafdd834dbca73b769dff19971300b5ae4798e3286c17bc5b24f70beb7a83 +EBUILD unbound-1.5.1-r2.ebuild 3427 SHA256 ef825ebe8f6e5b0e5fefdd687201ea56e573728dcbc9f711e2a2eea2b9726481 SHA512 d3630f81fd44b40f5deb155473dc5835cc68e444be26afd0207fa734f285b566694b92dc073185cb24c9588a0ca5cb9ebf9c9268c2725c24a6c61d7ca73d1bcf WHIRLPOOL dd17fc532fe0d1469e6c4d4fe47a6c32ca775fdde2c9d444c71d0241595be8c84e5434a925d1cfc6ce293fb401bfccc65d555c50ad272b3fd00a2af46c184b68 +EBUILD unbound-1.5.10.ebuild 3465 SHA256 6bdb4b942c097a199169f936b044f5ca54dae40fb13ecb1d5a9b02a22d62fbd1 SHA512 28fb9da2c9bf08fbdd8e440c7c0f61da5ef25f7ca179b18e7c189e5c23f70dea295e1dd9b0fa289c75f5a4ee24ed9e1b3248f62fb0dc05d78068f22c00d100a7 WHIRLPOOL 3ab215abb5e4826b1cbd4ae550be68ad06da04fd2f6781ccee41807dfa3386d3a3d31bdc966eda6c1e38fc0d7fb250f00608bb9f9543664c5ec08fc11fd0a6c7 +EBUILD unbound-1.6.3.ebuild 3669 SHA256 6e81fc507a65073bcc3a6ca5b9f9c5f23bab2d12867effc11561e417437e419f SHA512 d7d1035bab213ff950883ecac04f7c3ff972b6f83465a2c09afba1339ef1e74e560cb9cc818800d02a79462d2b857832596bc80b2088b5db9083f82a9032a5a6 WHIRLPOOL 403ad626abf7780baef05cf0379b50fbff64c54c82fc08fa4eb8b62fe08c46e0b398dbf0452290dcb887091b76cb4daa2a86ee882a7d8e69bfd4321880662c0c +EBUILD unbound-1.6.4.ebuild 3669 SHA256 6e81fc507a65073bcc3a6ca5b9f9c5f23bab2d12867effc11561e417437e419f SHA512 d7d1035bab213ff950883ecac04f7c3ff972b6f83465a2c09afba1339ef1e74e560cb9cc818800d02a79462d2b857832596bc80b2088b5db9083f82a9032a5a6 WHIRLPOOL 403ad626abf7780baef05cf0379b50fbff64c54c82fc08fa4eb8b62fe08c46e0b398dbf0452290dcb887091b76cb4daa2a86ee882a7d8e69bfd4321880662c0c +EBUILD unbound-1.6.6.ebuild 3676 SHA256 8d2ec13b1eabc2d9adaaec9ebce3c02a31e69b5701ce8361bd5d5bb90f4410df SHA512 112962ccdb8e60f8fb195061e607c449416355bcc5524a7bd6df2964d5a1508d4ddd7f5969b9f2b2e3b0acefc4fa7b6f687ef634cbcf24dc416cecfd9964dc7d WHIRLPOOL bc25f1e89eb85cf2b98dc4fca4a4cea07a04ed0dde33227e022f125a1bad4cfce214a4803319423c1ce2b7a3c3cc65bbb02668e539154fceccb673128522aa8a +MISC ChangeLog 4993 SHA256 f53fa7175ae0b710ddb0df108b922db89f4449ec5a9b674134629be88164cba9 SHA512 336d83dc5de953102832d944a4ec0df67624a998da034863fac513094ddc08f903a98d7c1b3c255619e4d8b7f6544185f3372cec32c81c0ae406280e4a891042 WHIRLPOOL 8b367cc1e7547c94f2d52c6ff5f2a334dfc78087789e00bb5ad0bfaf9c6ff6e5f91afac6188c28ef5e396104f4dc65f567bfccf847cab9338e91850b76e62780 +MISC ChangeLog-2015 14623 SHA256 5aa53f86707049ae9653275aa1607755fd461a8cea88b2389febaf920423947f SHA512 1081e4336632d07cb6999dd3a09081bc69115139d14ee19c93e9bd282891cfa2695831cd0cf56ec0ce1c2afc10adaa4e3e0d0e3a804c5062cecf965342e6bb96 WHIRLPOOL c7f367a9ead9954dab00363b0e965eb25100c23d35a11371856daec8eb3c14770f0afa6956ef0cc70a57f6308209eb380150f0f8d6441f671ac36ac3695374ec +MISC metadata.xml 1320 SHA256 6b777d45f60b6c9650a3ff8f3ff27032ee3533c13b9e58a4ba4c798a89aaeb07 SHA512 d9b83f4424bf5cf789ecbc44a0f1a8092dfe84409ae4416653a19cfceb3b544c23161b183d37e1cfaf436a5683e74908a0234fccc80c411455338e705548549f WHIRLPOOL ceaa79330a14546188def51da229062d020fd52d80e765d2b19f4aba69a1e7230ed8fc7fc4d887a1dbc9b6136eb6b42e0889d9d340df38c7958b4c1d710eca1a diff --git a/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch new file mode 100644 index 000000000000..c1be28cbc0db --- /dev/null +++ b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch @@ -0,0 +1,72 @@ +From 858da540f70a4411ad8fbe7144cef6ce9da18f89 Mon Sep 17 00:00:00 2001 +From: wouter <wouter@be551aaa-1e26-0410-a405-d3ace91eadb9> +Date: Mon, 5 Jan 2015 13:51:22 +0000 +Subject: [PATCH] - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores + missing IP_MTU_DISCOVER OMIT option. + +--- a/services/listen_dnsport.c ++++ b/services/listen_dnsport.c +@@ -368,29 +368,47 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, + * (and also uses the interface mtu to determine the size of the packets). + * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. + * FreeBSD already has same semantics without setting the option. */ +-# if defined(IP_PMTUDISC_OMIT) +- int action = IP_PMTUDISC_OMIT; +-# else +- int action = IP_PMTUDISC_DONT; +-# endif ++ int omit_set = 0; ++ int action; ++# if defined(IP_PMTUDISC_OMIT) ++ action = IP_PMTUDISC_OMIT; + if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, + &action, (socklen_t)sizeof(action)) < 0) { +- log_err("setsockopt(..., IP_MTU_DISCOVER, " +-# if defined(IP_PMTUDISC_OMIT) +- "IP_PMTUDISC_OMIT" ++ ++ if (errno != EINVAL) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", ++ strerror(errno)); ++ ++# ifndef USE_WINSOCK ++ close(s); + # else +- "IP_PMTUDISC_DONT" ++ closesocket(s); + # endif +- "...) failed: %s", +- strerror(errno)); ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } ++ } ++ else ++ { ++ omit_set = 1; ++ } ++# endif ++ if (omit_set == 0) { ++ action = IP_PMTUDISC_DONT; ++ if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, ++ &action, (socklen_t)sizeof(action)) < 0) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", ++ strerror(errno)); + # ifndef USE_WINSOCK +- close(s); ++ close(s); + # else +- closesocket(s); ++ closesocket(s); + # endif +- *noproto = 0; +- *inuse = 0; +- return -1; ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } + } + # elif defined(IP_DONTFRAG) + int off = 0; diff --git a/net-dns/unbound/files/unbound-1.4.12-gentoo.patch b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch new file mode 100644 index 000000000000..57920689783e --- /dev/null +++ b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch @@ -0,0 +1,12 @@ +diff -Naur unbound-1.4.12.orig/doc/example.conf.in unbound-1.4.12/doc/example.conf.in +--- unbound-1.4.12.orig/doc/example.conf.in 2011-07-14 17:33:37.000000000 +0900 ++++ unbound-1.4.12/doc/example.conf.in 2011-07-16 10:01:06.644402341 +0900 +@@ -334,7 +334,7 @@ + # with several entries, one file per entry. + # Zone file format, with DS and DNSKEY entries. + # Note this gets out of date, use auto-trust-anchor-file please. +- # trust-anchor-file: "" ++ # trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + + # Trusted key for validation. DS or DNSKEY. specify the RR on a + # single line, surrounded by "". TTL is ignored. class is IN default. diff --git a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch new file mode 100644 index 000000000000..c4c0ffa3d6d1 --- /dev/null +++ b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch @@ -0,0 +1,12 @@ +diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in +--- unbound-1.5.7.orig/doc/example.conf.in 2015-12-10 08:59:18.000000000 +0100 ++++ unbound-1.5.7/doc/example.conf.in 2016-01-05 04:08:01.666760015 +0100 +@@ -378,7 +378,7 @@ + # with several entries, one file per entry. + # Zone file format, with DS and DNSKEY entries. + # Note this gets out of date, use auto-trust-anchor-file please. +- # trust-anchor-file: "" ++ # trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + + # Trusted key for validation. DS or DNSKEY. specify the RR on a + # single line, surrounded by "". TTL is ignored. class is IN default. diff --git a/net-dns/unbound/files/unbound-anchor.service b/net-dns/unbound/files/unbound-anchor.service new file mode 100644 index 000000000000..f55cf9db5d1e --- /dev/null +++ b/net-dns/unbound/files/unbound-anchor.service @@ -0,0 +1,13 @@ +[Unit] +Description=Update of the root trust anchor for DNSSEC validation +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target +Before=unbound.service + +[Service] +Type=oneshot +ExecStart=/usr/sbin/unbound-anchor + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd new file mode 100644 index 000000000000..b4de7cf1142e --- /dev/null +++ b/net-dns/unbound/files/unbound.confd @@ -0,0 +1,4 @@ +# Settings should normally not need any changes. + +# Location of the unbound configuration file. Leave empty for the default. +#UNBOUND_CONFFILE="/etc/unbound/unbound.conf" diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd new file mode 100644 index 000000000000..b295f285dd1e --- /dev/null +++ b/net-dns/unbound/files/unbound.initd @@ -0,0 +1,55 @@ +#!/sbin/openrc-run +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +name="unbound daemon" +extra_commands="configtest" +extra_started_commands="reload" +description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address." +description_configtest="Run syntax tests for configuration files only." +description_reload="Kills all children and reloads the configuration." + + +UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound} +UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf} +UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf} + +depend() { + need net + use logger + provide dns + after auth-dns +} + +checkconfig() { + UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}") + return $? +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +start() { + checkconfig || return $? + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \ + --exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}" + eend $? +} + +stop() { + checkconfig || return $? + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile "${UNBOUND_PIDFILE}" + eend $? +} + +reload() { + checkconfig || return $? + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile "${UNBOUND_PIDFILE}" + eend $? +} diff --git a/net-dns/unbound/files/unbound.service b/net-dns/unbound/files/unbound.service new file mode 100644 index 000000000000..41dd6fabd290 --- /dev/null +++ b/net-dns/unbound/files/unbound.service @@ -0,0 +1,12 @@ +[Unit] +Description=Unbound recursive Domain Name Server +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +ExecStartPre=/usr/sbin/unbound-checkconf +ExecStart=/usr/sbin/unbound -d + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/unbound/files/unbound.socket b/net-dns/unbound/files/unbound.socket new file mode 100644 index 000000000000..0628064a4a5e --- /dev/null +++ b/net-dns/unbound/files/unbound.socket @@ -0,0 +1,5 @@ +[Socket] +ListenDatagram=127.0.0.1:1153 +ListenStream=127.0.0.1:1153 +[Install] +WantedBy=sockets.target diff --git a/net-dns/unbound/files/unbound_at.service b/net-dns/unbound/files/unbound_at.service new file mode 100644 index 000000000000..84b34af45446 --- /dev/null +++ b/net-dns/unbound/files/unbound_at.service @@ -0,0 +1,13 @@ +[Unit] +Description=Unbound recursive Domain Name Server +After=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +Type=simple +ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf +ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml new file mode 100644 index 000000000000..f12c6693d624 --- /dev/null +++ b/net-dns/unbound/metadata.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>mschiff@gentoo.org</email> + <name>Marc Schiffbauer</name> + </maintainer> + <maintainer type="person"> + <email>nabeken@tknetworks.org</email> + <description>Proxied developer. Please CC on bugs.</description> + <name>TANABE Ken-ichi</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription lang="en"> + Unbound is a validating, recursive, and caching DNS resolver. + + The C implementation of Unbound is developed and maintained by NLnet + Labs. It is based on ideas and algorithms taken from a java prototype + developed by Verisign labs, Nominet, Kirei and ep.net. + + Unbound is designed as a set of modular components, so that also + DNSSEC (secure DNS) validation and stub-resolvers (that do not run + as a server, but are linked into an application) are easily possible. + </longdescription> + <use> + <flag name="dnscrypt">Enable DNSCrypt support</flag> + <flag name="dnstap">Enable dnstap support</flag> + <flag name="ecdsa">Enable ECDSA support</flag> + <flag name="gost">Enable GOST support</flag> + </use> +</pkgmetadata> diff --git a/net-dns/unbound/unbound-1.5.1-r2.ebuild b/net-dns/unbound/unbound-1.5.1-r2.ebuild new file mode 100644 index 000000000000..eeb41c65a8f5 --- /dev/null +++ b/net-dns/unbound/unbound-1.5.1-r2.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm ~hppa ppc ppc64 x86" +IUSE="debug dnstap +ecdsa gost python selinux static-libs test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}] + >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( dev-libs/openssl:0[-bindist] ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.4.12-gentoo.patch + epatch "${FILESDIR}"/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh +} diff --git a/net-dns/unbound/unbound-1.5.10.ebuild b/net-dns/unbound/unbound-1.5.10.ebuild new file mode 100644 index 000000000000..93b077ac9bc5 --- /dev/null +++ b/net-dns/unbound/unbound-1.5.10.ebuild @@ -0,0 +1,124 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~hppa ~mips ppc ppc64 x86" +IUSE="debug dnstap +ecdsa gost libressl python selinux static-libs test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + )" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh +} diff --git a/net-dns/unbound/unbound-1.6.3.ebuild b/net-dns/unbound/unbound-1.6.3.ebuild new file mode 100644 index 000000000000..7b72e64ed4e6 --- /dev/null +++ b/net-dns/unbound/unbound-1.6.3.ebuild @@ -0,0 +1,130 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="debug dnscrypt dnstap +ecdsa gost libressl python selinux static-libs systemd test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + dnscrypt? ( dev-libs/libsodium ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + ) + systemd? ( sys-apps/systemd ) + virtual/pkgconfig" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnscrypt) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(use_enable systemd) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_dounit "${FILESDIR}"/unbound.socket + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh +} diff --git a/net-dns/unbound/unbound-1.6.4.ebuild b/net-dns/unbound/unbound-1.6.4.ebuild new file mode 100644 index 000000000000..7b72e64ed4e6 --- /dev/null +++ b/net-dns/unbound/unbound-1.6.4.ebuild @@ -0,0 +1,130 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="debug dnscrypt dnstap +ecdsa gost libressl python selinux static-libs systemd test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + dnscrypt? ( dev-libs/libsodium ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + ) + systemd? ( sys-apps/systemd ) + virtual/pkgconfig" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnscrypt) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(use_enable systemd) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_dounit "${FILESDIR}"/unbound.socket + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh +} diff --git a/net-dns/unbound/unbound-1.6.6.ebuild b/net-dns/unbound/unbound-1.6.6.ebuild new file mode 100644 index 000000000000..983c471e4d59 --- /dev/null +++ b/net-dns/unbound/unbound-1.6.6.ebuild @@ -0,0 +1,130 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="debug dnscrypt dnstap +ecdsa gost libressl python selinux static-libs systemd test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + dnscrypt? ( dev-libs/libsodium ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + ) + systemd? ( sys-apps/systemd ) + virtual/pkgconfig" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnscrypt) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(use_enable systemd) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_dounit "${FILESDIR}"/unbound.socket + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh +} |