gentoo auto-resync : 02:12:2024 - 02:07:07

author: V3n3RiX <venerix@koprulu.sector> 2024-12-02 02:07:07 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-12-02 02:07:07 +0000
commit: d4f65848c7ecabb56e2f93889cbd20078cd347f7 (patch)
tree: 180032f5afeb689db6a270d612f3e3364ed8fd2b /net-dns
parent: c635a4b7ddb6105bfc6fef130b188a087726677b (diff)
25 files changed, 951 insertions, 5 deletions
diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz
index 9856737e75bb..e292f1479ad8 100644
--- a/net-dns/Manifest.gz
+++ b/net-dns/Manifest.gz
diff --git a/net-dns/coredns/Manifest b/net-dns/coredns/Manifest
index f163c6578bc9..0ce100f6e220 100644
--- a/net-dns/coredns/Manifest
+++ b/net-dns/coredns/Manifest
@@ -10,8 +10,11 @@ DIST coredns-1.11.3-deps.tar.xz 6662680 BLAKE2B 44bc099586cdaffc381141e347c89215
 DIST coredns-1.11.3.tar.gz 653856 BLAKE2B db9efdd1b674f6908ff094866ca5c148e018d7ddae2ae1cc07c13fbf78dcc4e6ed478d2e5946f73d43b8ee6a1924fecd53759e6b9a41935d084fbb1d84b7bb10 SHA512 3ec9296626a2994d1259329e50b032d2972ef8e05bfed742c0ee570414adbfa8f296046b9356ef73d885a1f1c1e3660421762267535ec2d3f357c3064a75d405
 DIST coredns-1.11.4-deps.tar.xz 8743848 BLAKE2B a083c85ed3a43b1d97ab928a133511dd7ae58431803387b5aa3b6d3dbf93f35f5aca18ca6a35e258e7596ef7c7718fe3599f1af48735a0f3d8e08eef5669c18e SHA512 d6d7d8ca5f085d5e04e4499041eb89ac88a6a2b2737b10c8979765d9e397261cfa48ed4c12a369c6794741a4e7150b44b3c09663b9cd2ca4bf8540843df22e55
 DIST coredns-1.11.4.tar.gz 663610 BLAKE2B 2cb3930009bc68a3725da38bdd919a8b3969199bdae9fdbc4495361a9e83b9046f46a1c1ec1adf67170b75fe011fd0b24dd73163bef81ac43b7ea50faae5a1a2 SHA512 90506926736152958d6ec154734a6cce689406aea9eed7d68e868fa48361b0fb5c899d445f52e13a5401b91683c8ed7715c80617efaabdd7b5d9dde6ca634984
+DIST coredns-1.12.0-deps.tar.xz 8762780 BLAKE2B 674f181aea1e48577bc97c64fba4eb90bef600e600d183b1043ddaa9a5a53cbaa70f1822a82fd51c817a18f13ec22be4c82dc08b41f133ec552b1174e0f9ee62 SHA512 853d8327537ada98d734591ce7dc3b6afdda9a43de1712de9452824de7be85bfe1314d89467f132b84181e4f0e229f637f87cd70e17eb663adb2dd17bd5aa0ca
+DIST coredns-1.12.0.tar.gz 666624 BLAKE2B 87cd5f71d433a95d2cb0a80b9028e2051d3090538e18d11c9f53bf9307d4176ecc568e605ab76b1d4d1398fcf83aaec70b06ffec1e365d37dadc8a0782850d01 SHA512 b86cb6042adf0510204bacb04927e7cb6f43a2d48b26140384e014bdab353d095942c21843e9cea2ebe7cb3d003c49d0192ae208649509535b556b773e893c70
 EBUILD coredns-1.11.2-r1.ebuild 3160 BLAKE2B c4b5ed9a5277aad2e9d79ca63d40ab2478fab9e5cb1231f474621a281c7f6142af413b1762e0874900dd1969d255dd88a2163efc6d543a424880da1fa37586c6 SHA512 3bac92da0f02cebba5567441a695d66e60cd7df993d6bc9f90bff58b78689c7a36c4e539e1c9074596edb86654e8b732eb78861fbe462ff1afe490d2c784a7eb
 EBUILD coredns-1.11.3.ebuild 2663 BLAKE2B c74ff154bfff0f72c557ab9322fdcc9079ad367ed2a7bbacc2d3bd497f610b4e565ecf555a6541826c3f23e678e59dbe520c50e9ca0959a4766d247f5de4383a SHA512 a007acee479f0ba345efa1e53679e2b5c6ccb690b1e80ec3d987dede65e0769631061afa1bdf82c847d94c4f2bb912a7ad889ac630755fa6674b6727ec60cc09
 EBUILD coredns-1.11.4.ebuild 2663 BLAKE2B c74ff154bfff0f72c557ab9322fdcc9079ad367ed2a7bbacc2d3bd497f610b4e565ecf555a6541826c3f23e678e59dbe520c50e9ca0959a4766d247f5de4383a SHA512 a007acee479f0ba345efa1e53679e2b5c6ccb690b1e80ec3d987dede65e0769631061afa1bdf82c847d94c4f2bb912a7ad889ac630755fa6674b6727ec60cc09
+EBUILD coredns-1.12.0.ebuild 2663 BLAKE2B c74ff154bfff0f72c557ab9322fdcc9079ad367ed2a7bbacc2d3bd497f610b4e565ecf555a6541826c3f23e678e59dbe520c50e9ca0959a4766d247f5de4383a SHA512 a007acee479f0ba345efa1e53679e2b5c6ccb690b1e80ec3d987dede65e0769631061afa1bdf82c847d94c4f2bb912a7ad889ac630755fa6674b6727ec60cc09
 EBUILD coredns-9999.ebuild 2712 BLAKE2B f66174da18e2ced3971b77859b8f4e4f1a51c266185ed4a649122ea8af20a2db3c7a8888047488373114dc1cbcff95b1d42a90473b610c1786548cc6777279de SHA512 91ca378310ce84b6b04e0c77d65d20c817fed33df6b9cab44738821a22704c008173b848f646515ba76877151b3c57ef0aed674477e2e05f15777d3d7181b5c1
 MISC metadata.xml 1154 BLAKE2B ebdfb6dea854f81e82c8d02fe60a315db893dc395b649bf4f37c2aae90721f1af73ac7a2394ee15964e78154e40580cfc29eb9bdac518514b1314cc55190e657 SHA512 511ecdf71de14a237f0288f817e791dfb81a7abacb53746e32d79c880ba4c5288a86c310fa877b503176c31a737d98329f6c2b6bd1b175ce4ec2a73df6a9fe9d
diff --git a/net-dns/coredns/coredns-1.12.0.ebuild b/net-dns/coredns/coredns-1.12.0.ebuild
new file mode 100644
index 000000000000..7f69279c8135
--- /dev/null
+++ b/net-dns/coredns/coredns-1.12.0.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit fcaps go-module multiprocessing systemd tmpfiles toolchain-funcs
+
+DESCRIPTION="CoreDNS is a DNS server that chains plugins"
+HOMEPAGE="https://github.com/coredns/coredns"
+
+if [[ ${PV} == 9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/coredns/coredns.git"
+else
+	SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	SRC_URI+=" https://dev.gentoo.org/~zmedico/dist/${P}-deps.tar.xz"
+	KEYWORDS="~amd64"
+fi
+
+# main
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" MIT BSD ISC MPL-2.0 BSD-2"
+
+SLOT="0"
+# TODO: debug test failure with deps tarball
+RESTRICT="test"
+
+RDEPEND="acct-user/coredns
+	acct-group/coredns"
+
+FILECAPS=(
+	-m 755 'cap_net_bind_service=+ep' usr/bin/${PN}
+)
+
+src_unpack() {
+	if [[ ${PV} == 9999* ]]; then
+		git-r3_src_unpack
+		go-module_live_vendor
+	else
+		default
+	fi
+}
+
+src_prepare() {
+	[[ ${PV} != 9999* ]] && { ln -sv ../vendor ./ || die ; }
+	default
+}
+
+src_compile() {
+	[[ ${PV} == 9999* ]] &&	local GIT_COMMIT="$(git describe --dirty --always)"
+	ego build -ldflags="-s -w -X github.com/coredns/coredns/coremain.GitCommit=${GIT_COMMIT}"
+}
+
+src_install() {
+	dobin "${PN}"
+	einstalldocs
+	doman man/*
+
+	newinitd "${FILESDIR}"/coredns.initd coredns
+	newconfd "${FILESDIR}"/coredns.confd coredns
+
+	insinto /etc/coredns/
+	newins "${FILESDIR}"/Corefile.example Corefile
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/coredns.logrotated coredns
+
+	systemd_dounit "${FILESDIR}"/coredns.service
+	newtmpfiles "${FILESDIR}"/coredns.tmpfiles "${PN}.conf"
+}
+
+src_test() {
+	# eclass default '-x' makes tests output unreadable
+	export GOFLAGS="-v -mod=readonly"
+
+	local known_fail=(
+		"TestZoneExternalCNAMELookupWithProxy"
+		"TestMetricsSeveralBlocs"
+		"TestMetricsAvailable"
+		"TestMetricsAvailableAfterReload"
+		"TestMetricsAvailableAfterReloadAndFailedReload"
+	)
+	# concat as '|^Test1$|^Test2$|^Test3...$':
+	local known_fail_re="$(printf '|^%s$' "${known_fail[@]}")"
+	# drop '|' in the begining:
+	known_fail_re="${known_fail_re:1}"
+
+	local working_tests_re="$(
+		# get list of all test:
+		{ GOFLAGS="-mod=readonly" go test -list . ./... ||
+			die "Can't get list of tests"; } |
+		# skip "no tests" messages as well as know failures:
+		grep -v -E " |${known_fail_re}" |
+		# format a regexp:
+		sed -z 's/\n/$|^/g'
+	)"
+	# drop '|^' in the end:
+	working_tests_re="^${working_tests_re::-2}"
+
+	go test -race -run "${working_tests_re}" ./... || die "Tests failed"
+	go test -race -run "${known_fail_re}" ./... || ewarn "Known test failure"
+}
+
+pkg_postinst() {
+	fcaps_pkg_postinst
+	tmpfiles_process ${PN}.conf
+}
diff --git a/net-dns/dnsmasq/Manifest b/net-dns/dnsmasq/Manifest
index ffc4c60650b3..cd494b90c160 100644
--- a/net-dns/dnsmasq/Manifest
+++ b/net-dns/dnsmasq/Manifest
@@ -6,5 +6,5 @@ AUX dnsmasq.service-r1 278 BLAKE2B 3bfe6a01efd5f8338c3bb134a061f8ecbef850293c4a8
 DIST dnsmasq-2.89.tar.xz 562700 BLAKE2B d8be39697ce7d4e7beacf6d94a9ba1842fe0099f7ed7ebb243a7e6e5af8c83195e4723e60841705aee70a43510279be8484a9474191ddcf17eac1ff4edc5389f SHA512 4384ed5b673e10eaf6532e6eaeb5c0a6b817581433cc28c632bdcbadbfc050a0ab73bc5b73c98d708cd39515bb3f72168714b0aa5f16436cebdd18020648d428
 DIST dnsmasq-2.90.tar.xz 570672 BLAKE2B e5a7a3f3b1457c94f508a17c32f1f14267ed61009058295e0202bee7a1798a3eb72c70e53c799f25fb6030b389c5eefc5e50845896b71b733c0fc302d730dff7 SHA512 e169de1892f935e219b0f49d90107f95cba42b40bca20bd3c973313c2cd4df58b929af6628cd988419051d81c3b4ccf8e9f816274df7d0840e79f5bf49602442
 EBUILD dnsmasq-2.89-r1.ebuild 4837 BLAKE2B 74552b0fcbeb0bf2b0ae42154bdcb1ade2c9a06e2a86616869e2029c7851f0bb2bb5dc198799ff1f481975009529ab309cda5bfe03b5060e771f9202c81f408e SHA512 ad508eb7fec26485dd3c81f147aa32bae5191d0018e45a8ef1e59634f27df4845a7a7c5584c1b93161fa1985ce0b96e16b80d173d2a95d9757f8eab6ea95c569
-EBUILD dnsmasq-2.90.ebuild 4926 BLAKE2B 117ffa34b9c961e37af39d87e63fbc69d192cd02587baa2b145bc2fd8ff463f1f7cdd76349394955f2555f8fb2e289ff3db669ba749c464409a3bd642b66a53b SHA512 c9f2f6517cf9130845b639edf6b10f81b7fb34e1fd82d33ef44b3b84d5253671f11ddd46a7bc16670daa6c53715b134aebb81960808058e27c183fdd6c619a6f
+EBUILD dnsmasq-2.90.ebuild 5060 BLAKE2B b16ee4a91ac2d642f84d45c18431924c573f207c363b133b242fd1a9692b322ec738cfe2f7155efc48648e6176f09d3a980e335ecce99d324d2238b77945d7f4 SHA512 76d9a2deaee75c32dc1e8e9db562ca3be81b10e2274150498e6c03d2bb61c513401c2ed502fdee815d65a574bd2e85c24849a70a63fcd9efe7822f0737bb7935
 MISC metadata.xml 1449 BLAKE2B 532b630e5c03652df74dec95bbb6c1c03b0d8a8fbc78ed1b2d40f47fdfbc20ce21172259f630acb5d14eb32b849d1d5b34482ffe77d4b5eee64051e839f17607 SHA512 e58549ceaf7a252f0b8b4c3a678cbc57bca66bf749bffbf8ec5544e79a380af695e3412c8d59d941bd08ed6cb95ab27bc2a13fbc46a4f5368d9e209e3e33bc99
diff --git a/net-dns/dnsmasq/dnsmasq-2.90.ebuild b/net-dns/dnsmasq/dnsmasq-2.90.ebuild
index 107d47dbf6f5..5cf41c4ac93b 100644
--- a/net-dns/dnsmasq/dnsmasq-2.90.ebuild
+++ b/net-dns/dnsmasq/dnsmasq-2.90.ebuild
@@ -5,7 +5,7 @@ EAPI=8
 
 LUA_COMPAT=( lua5-{1..4} luajit )
 
-inherit toolchain-funcs lua-single systemd
+inherit flag-o-matic toolchain-funcs lua-single systemd
 
 DESCRIPTION="Small forwarding DNS server"
 HOMEPAGE="https://thekelleys.org.uk/dnsmasq/doc.html"
@@ -114,6 +114,9 @@ src_prepare() {
 }
 
 src_configure() {
+	# https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017855.html (bug #945183)
+	append-cflags -std=gnu17
+
 	COPTS=(
 		$(use_have -n auth-dns auth)
 		$(use_have conntrack)
diff --git a/net-dns/getdns/Manifest b/net-dns/getdns/Manifest
index bfeb097ddc30..dd135f240349 100644
--- a/net-dns/getdns/Manifest
+++ b/net-dns/getdns/Manifest
@@ -1,8 +1,12 @@
 AUX getdns-1.4.2-stubby.service.patch 568 BLAKE2B f2e605116f924b109bf2cd734c8eb79314aeb02b0e30e2fd8d62117b44a74f20e64b1b527253a09525ad9ab26aa2a64a51940773064de87e295d1831dfe9e51b SHA512 67c88787d48662d5c555cd2cdff5916a2211aaf45a13b41e0a909d703dcbc66cb3de834cc94b7c3d292d16a99d024b07098b4e0bb1c790e48201ca9ffb598bd2
 AUX getdns-1.7.2-clang16.patch 1488 BLAKE2B 992a4f97808880d5ed959cf4f0a04776ba162f5d55dbd56d2c0dc47bcc3e617da2b366b895a7891ed9a3126054272fa0d98277c840c4d853f05c2290b42a5253 SHA512 106db48bb52ff482909b89eaf51781880bf7a60c483b7b7fe8e67bb448038876f2343f21152ae3bd2c9115f133eb094290520f3803da1322d5b59abb85ddfef5
+AUX getdns-1.7.3-cmake-linking.patch 2216 BLAKE2B cee478b3630cf8c7923b257deaf33ec000cfc5609061f1359ffb2fbccb860a1690ef6d07e079b0d33d5e1fe8c80e06559927489d6dbff89bc8e14c93687573ff SHA512 5c0ae491be3c1bca32202253703b1ce494f3c0d80fce943849aee6b2946968121409585d2e8ba45a98c434089126282e95c777c80665772bba69abe578589d37
+AUX stubby-0.4.3-install-dir.patch 1306 BLAKE2B 09c80b51371ec96748c84848a1c6a81fa82f5ff7cea50f91f5af2400462ac970639e15bf90ec739e3d73d2752627daa5f3992d0f70dc79d9ea69d5ca06c0fd0f SHA512 4362d96e35156d52020168f847ee97c384fd2d46e0698101b8cfb999d04d362abe077da48dfd4aac8596332c2d142b802dda5ad10a42a2befe1fd43017ea0f2d
 AUX stubby.confd-r1 546 BLAKE2B 2f81b79b290264701ee75029ee61e006e7f6e2425ebd8090e2f07d4aed4903b88e07576893f653a8704f5181b3fb67f51327e41fef909bc56f5022bf124a4183 SHA512 10793c0ab9081c083dd702b57ffd864aa5a6d76f678eeb704b577188c0a00536f39f2dbb960d8333564b99981a5e2d4414802ffa8506b7cb41fc517680e2b78c
 AUX stubby.initd-r2 625 BLAKE2B 83737407d4ba1d64edabd346868e8401438a9b90b7ddea2d11387ca2dd4d27b68b53039dbf83c60d54c63e9e72171421c40ecaefd5b9b6d8bd4a09eb2a6dcb54 SHA512 0149fd219af720102988663f58f730228f8684267daaf279bcb80fbf70aba3d3d8cd41e745af2b3afbae6270259232dcc5bada0f58c935e6157620c06c53f347
 AUX stubby.logrotate 90 BLAKE2B 8417a72ee319a12a38b94dcbd38617925539ec4971443097be155012ca7eefadb558c9ea01af03e77f1c28441f06fce73f01c2bfbbe9d305ec56b728b5eb886c SHA512 1dc35b1d0572de915304e632d9b4e6f3017deb3c906d93fad532564d70b961c5595194ac8e11d1888710ff3b5cf9512e1a1a5007d10128dde31875bee8c9e0e0
 DIST getdns-1.7.2.tar.gz 702969 BLAKE2B 668a754200b816790f39a772d89c28e14bc5dbd041e07d9e53605ad44d63d6637078b66881c35dda62ed61622142797cc8f0041522e076cf551651fca688053a SHA512 6c4a75a4696c46ec8bd9e9659a93fd81f3490b43da28a4c95f99a766027c7588fc493a8ac51563afb8f975c0e5b77d5ea67014d80e78ee2bb17fba1d1073d19f
+DIST getdns-1.7.3.tar.gz 703262 BLAKE2B 830063fc6f882a624fb7a6bb36fcb4f049a83ddd4515a906152a76d0247f4397b1e12ace7ce07053e7a42432c4f3683fe999ff36d8ede13a005ebecd14a78326 SHA512 d5725a24378b6fe0018daefdaba5565d2d4d51109ef66609fc34270a0a69accb95f5f895d0cdfc5caca51d2ec586db126f367439f05aed12507395af26739e2f
 EBUILD getdns-1.7.2-r1.ebuild 2236 BLAKE2B 207ea6b862e871a5d1913f031729adcc56d1d1bc4386aa7cfb2952e0f5add4fa726691d5b81641fa06f62f32524b85d367f399e69836bd6b5b81032248bc7238 SHA512 e9b9d96348c9a8a3853b3474b0d3207a8fd45346fa06a056d5c534389005d0ea2ffe25f76396a04bd521d117c59582d170c849c868856137b7c44c6fcd147ff4
-MISC metadata.xml 661 BLAKE2B 2eddca7fcdeb24c4522ba4a753fccdffaee7f706666b0b5193ede93f3da969021e0f533aea8da71a1587ffbf3f4d826e220fa8bfec2b90ec6a6d89b66d337eac SHA512 b7d258232ddb38b60196ba61dec4c78b760ebe2bbc654ba2c2c838f8931510910e4662de0003f4364d76072fabff2cd83f63f1688412bb60f4de0c40ecde32a2
+EBUILD getdns-1.7.3.ebuild 2355 BLAKE2B f542306f0cdb61961bc27c102a41d2966c7902e2250203a1eafd11416165621ed42fa48f8418ff49523466fc23e81020ea529f8e0573bd4a519fd7ca9bc9553e SHA512 5ce8d918100ba1b4645457c99a7241d6adc4becf1e516305d4b75975d156fcf2e839b3761b7eb7e0301b517e953698f3346f9189143a28f443c3ddd1106f83a9
+MISC metadata.xml 723 BLAKE2B 57f6b447b5d9c981d204567758b6946cbe11a0f5528255724faf71d3367eb993204b135105cd9cfcd5ca55d453e2dacabfd48fcdf001686f48c18fdc12e8030a SHA512 432f002ddc1ee5d641d93524e6a520857335270d398352d72201e16fa3b9bd6618feec118b04a635dbb5417883fa3be2ba3c238ebcf85baa15d2c6ad570314b6
diff --git a/net-dns/getdns/files/getdns-1.7.3-cmake-linking.patch b/net-dns/getdns/files/getdns-1.7.3-cmake-linking.patch
new file mode 100644
index 000000000000..18e9e51d3285
--- /dev/null
+++ b/net-dns/getdns/files/getdns-1.7.3-cmake-linking.patch
@@ -0,0 +1,40 @@
+diff -ur a/cmake/modules/FindGnuTLS.cmake b/cmake/modules/FindGnuTLS.cmake
+--- a/cmake/modules/FindGnuTLS.cmake	2024-10-16 21:33:11.113665484 +0200
++++ b/cmake/modules/FindGnuTLS.cmake	2024-10-16 21:33:40.923835214 +0200
+@@ -38,8 +38,8 @@
+ 
+ if (PkgGnuTLS_FOUND AND PkgGnuTLSDane_FOUND)
+   set(GNUTLS_INCLUDE_DIR ${PkgGnuTLS_INCLUDE_DIRS} $PkgGnuTLSDane_INCLUDE_DIRS} CACHE FILEPATH "GnuTLS include path")
+-  set(NETTLE_LIBRARIES ${PkgGnuTLS_LIBRARIES} ${PkgGnuTLSDane_LIBRARIES} CACHE STRING "GnuTLS libraries")
+-  set(NETTLE_VERSION ${PkgGnuTLS_VERSION})
++  set(GNUTLS_LIBRARIES ${PkgGnuTLS_LIBRARIES} ${PkgGnuTLSDane_LIBRARIES} CACHE STRING "GnuTLS libraries")
++  set(GNUTLS_VERSION ${PkgGnuTLS_VERSION})
+   add_library(GnuTLS::GnuTLS ALIAS PkgConfig::PkgGnuTLS)
+   add_library(GnuTLS::Dane ALIAS PkgConfig::PkgGnuTLSDane)
+   set(GnuTLS_FOUND ON)
+diff -ur a/cmake/modules/FindNettle.cmake b/cmake/modules/FindNettle.cmake
+--- a/cmake/modules/FindNettle.cmake	2024-10-16 21:05:17.521591723 +0200
++++ b/cmake/modules/FindNettle.cmake	2024-10-16 21:50:42.414650647 +0200
+@@ -34,12 +34,20 @@
+ if(PKG_CONFIG_FOUND)
+   pkg_check_modules(PkgNettle IMPORTED_TARGET GLOBAL nettle)
+   pkg_check_modules(PkgHogweed IMPORTED_TARGET GLOBAL QUIET hogweed)
++  if (UNIX)
++    pkg_check_modules(PkgGmp IMPORTED_TARGET GLOBAL QUIET gmp)
++  endif ()
+ endif()
+ 
+-if(PkgNettle_FOUND AND PkHogweed_FOUND)
++if(PkgNettle_FOUND AND PkgHogweed_FOUND)
+   set(NETTLE_INCLUDE_DIR ${PkgNettle_INCLUDE_DIRS} ${PkgHogweed_INCLUDE_DIRS} CACHE FILEPATH "Nettle include path")
+-  set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} CACHE STRING "Nettle libraries")
++  if (PkgGmp_FOUND)
++    set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} ${PkgGmp_LIBRARIES} CACHE STRING "Nettle libraries")
++  else ()
++    set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} CACHE STRING "Nettle libraries")
++  endif ()
+   set(NETTLE_VERSION ${PkgNettle_VERSION})
++  set_target_properties(PkgConfig::PkgNettle PROPERTIES INTERFACE_LINK_LIBRARIES "${NETTLE_LIBRARIES}")
+   add_library(Nettle::Nettle ALIAS PkgConfig::PkgNettle)
+   add_library(Nettle::Hogweed ALIAS PkgConfig::PkgHogweed)
+   set(Nettle_FOUND ON)
diff --git a/net-dns/getdns/files/stubby-0.4.3-install-dir.patch b/net-dns/getdns/files/stubby-0.4.3-install-dir.patch
new file mode 100644
index 000000000000..51f846e3aa95
--- /dev/null
+++ b/net-dns/getdns/files/stubby-0.4.3-install-dir.patch
@@ -0,0 +1,28 @@
+diff -ur a/stubby/CMakeLists.txt b/stubby/CMakeLists.txt
+--- a/stubby/CMakeLists.txt	2024-10-14 20:08:06.950985143 +0200
++++ b/stubby/CMakeLists.txt	2024-10-14 20:09:29.408454887 +0200
+@@ -58,13 +58,6 @@
+ else ()
+   set(RUNSTATEDIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/run")
+ endif ()
+-install(DIRECTORY
+-  DESTINATION ${RUNSTATEDIR}
+-  DIRECTORY_PERMISSIONS
+-  OWNER_READ OWNER_WRITE OWNER_EXECUTE
+-  GROUP_READ GROUP_EXECUTE
+-  WORLD_READ WORLD_EXECUTE
+-  )
+ set(STUBBYCONFDIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}/stubby")
+ 
+ find_package(Libyaml REQUIRED)
+@@ -187,8 +180,8 @@
+ if (ENABLE_WINDOWS_SERVICE)
+   install(TARGETS stubres LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+ endif ()
+-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/stubby.1 DESTINATION share/man/man1)
+-install(FILES AUTHORS COPYING ChangeLog NEWS README.md DESTINATION share/doc/stubby)
++install(FILES ${CMAKE_CURRENT_BINARY_DIR}/stubby.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
++install(FILES AUTHORS COPYING ChangeLog NEWS README.md DESTINATION ${CMAKE_INSTALL_DOCDIR}/stubby)
+ 
+ # Ensure the file gets CRLF line endings on Windows.
+ file(GENERATE OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/stubby.yml INPUT ${CMAKE_CURRENT_SOURCE_DIR}/stubby.yml.example)
diff --git a/net-dns/getdns/getdns-1.7.3.ebuild b/net-dns/getdns/getdns-1.7.3.ebuild
new file mode 100644
index 000000000000..e86d32e2ef54
--- /dev/null
+++ b/net-dns/getdns/getdns-1.7.3.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+_SRCURI_P="${P/%_beta1/-beta.1}"
+
+inherit cmake fcaps systemd tmpfiles
+
+DESCRIPTION="Modern asynchronous DNS API"
+HOMEPAGE="https://getdnsapi.net/"
+SRC_URI="https://getdnsapi.net/releases/${_SRCURI_P//./-}/${_SRCURI_P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc examples +getdns-query +getdns-server-mon gnutls +idn libev libevent libuv minimal static-libs stubby test +unbound"
+
+S="${WORKDIR}/${_SRCURI_P}"
+
+# https://bugs.gentoo.org/661760
+# https://github.com/getdnsapi/getdns/issues/407
+# (As of 1.7.0, seems to need network)
+RESTRICT="test"
+#RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/libbsd
+	dev-libs/libyaml
+	dev-libs/openssl:=
+	idn? ( net-dns/libidn2:= )
+	gnutls? (
+		net-libs/gnutls:0=[dane,openssl]
+		dev-libs/nettle:0=
+	)
+	libev? ( dev-libs/libev:= )
+	libevent? ( dev-libs/libevent:= )
+	libuv? ( dev-libs/libuv:= )
+	test? ( dev-libs/check )
+	!minimal? ( >=net-dns/unbound-1.5.9:= )
+"
+RDEPEND="
+	${DEPEND}
+	stubby? (
+		acct-group/stubby
+		acct-user/stubby
+		sys-libs/libcap
+	)
+"
+BDEPEND="
+	doc? ( app-text/doxygen )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.4.2-stubby.service.patch"
+	"${FILESDIR}/${PN}-1.7.3-cmake-linking.patch"
+	"${FILESDIR}/stubby-0.4.3-install-dir.patch"
+)
+
+src_configure() {
+	local mycmakeargs=(
+		-DCMAKE_INSTALL_RUNSTATEDIR=/var/run/stubby
+		-DBUILD_DOXYGEN=$(usex doc)
+		-DBUILD_GETDNS_QUERY=$(usex getdns-query)
+		-DBUILD_GETDNS_SERVER_MON=$(usex getdns-server-mon)
+		-DBUILD_STUBBY=$(usex stubby)
+		-DENABLE_STATIC=$(usex static-libs)
+		-DBUILD_TESTING:BOOL=$(usex test)
+		-DENABLE_UNBOUND_EVENT_API=$(usex unbound)
+		-DENABLE_STUB_ONLY=$(usex minimal)
+		-DUSE_GNUTLS=$(usex gnutls)
+		-DUSE_LIBEV=$(usex libev)
+		-DUSE_LIBEVENT2=$(usex libevent)
+		-DUSE_LIBIDN2=$(usex idn)
+		-DUSE_LIBUV=$(usex libuv)
+	)
+	cmake_src_configure
+}
+
+src_install() {
+	cmake_src_install
+	if use stubby; then
+		newinitd "${FILESDIR}"/stubby.initd-r2 stubby
+		newconfd "${FILESDIR}"/stubby.confd-r1 stubby
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}"/stubby.logrotate stubby
+		systemd_dounit "${S}"/stubby/systemd/stubby.service
+		dotmpfiles "${S}"/stubby/systemd/stubby.conf
+	fi
+}
+
+pkg_postinst() {
+	if use stubby; then
+		fcaps cap_net_bind_service=ei usr/bin/stubby
+		tmpfiles_process stubby.conf
+	fi
+}
diff --git a/net-dns/getdns/metadata.xml b/net-dns/getdns/metadata.xml
index 115e5fa205a5..9e9856efb041 100644
--- a/net-dns/getdns/metadata.xml
+++ b/net-dns/getdns/metadata.xml
@@ -10,5 +10,6 @@
 		<flag name="libevent">Enable <pkg>dev-libs/libevent</pkg> support</flag>
 		<flag name="libev">Enable <pkg>dev-libs/libev</pkg> support</flag>
 		<flag name="libuv">Enable <pkg>dev-libs/libuv</pkg> support</flag>
+		<flag name="minimal">Only build stub resolution mode</flag>
 	</use>
 </pkgmetadata>
diff --git a/net-dns/knot-resolver/Manifest b/net-dns/knot-resolver/Manifest
index 9765577cae97..3c26c714ec57 100644
--- a/net-dns/knot-resolver/Manifest
+++ b/net-dns/knot-resolver/Manifest
@@ -2,6 +2,13 @@ AUX knot-resolver-5.5.3-docdir.patch 925 BLAKE2B 9d40a287fe0a6d883d46dbe13fa3ba5
 AUX knot-resolver-5.5.3-nghttp-openssl.patch 1087 BLAKE2B 4570658d9d358384c435c0b4694995945f9c788249899670e000d3273ae6c2631ff69319660db2d04f4143e24746bc0160295042a7887d30dae09de11556ce8e SHA512 50e8a99aef8bc4ce41ddb4d1760cd96818859b440aa74effdc1482af150c21f4fc3e451fae739a07161fc5a2e0ee2cd093c26950dd4e16de430e6bb8a635dd84
 AUX knot-resolver-5.7.0-r2-tmpfiles.patch 1353 BLAKE2B f93e30113275fb92d524cfd7daf72d8f1da95970d721d4e5a83cb8fd3d1d1d95d65ade26609028b413645be3d23c2d3f30f9b43a36b8900e456fd32f316ec146 SHA512 6f9ec265ff7a82292dfcb8b1ab5756f9835573048c29829dd41fc595b535ab7a4d8c2e03cbe49894a78319fb4cf01d6be0ad02dbdc2e7e5559552d5f52a94908
 AUX knot-resolver-5.7.4-libsystemd.patch 627 BLAKE2B c59e1ff9e99d11031227725625471a2229fc4143a5e0fdd2946aa35c025322981ad67b0717524cd7bbc0f13ea891906d3f7b74733c4bed534ad9a4ed41b59176 SHA512 2cfa807f2b72664ca6bc4ac7e41701bfe6fdab08b2f44fbd0eadb5aa165b726cb540eeef1480cc095e3b984f15205924984c3039cdc4d6cf1e0068f7524e9f99
+AUX knot-resolver-6.0.9-config-example.patch 992 BLAKE2B 35d2d4705ee916ffba56a4019bf07fddf64b4ec52fe599338a008acf94c6ec418ee8c6ff2b40706eaffe050b52f322cac5bac27956b639e28b53accabfc24869 SHA512 64d70abeb89210d26fa5d0fa56d8ab9a6294b5955704ccd333f83d94d7aa5e312c3342b9d370697c8eb74590e6c38422d23640a1d3806a33e9817ae56a283ec9
+AUX knot-resolver-6.0.9-libsystemd.patch 799 BLAKE2B 21c94660986683ed2515320c1e9d75fd62d98947c1accbacc3694431a9baf1d35a72c4f487e3938101e104368b5aefab91162f5909501241eefff3b6d7da8d8b SHA512 71fe41053eb4cfa22a7440da49f4f314acba5b688ef938dd4602b00eb12e0f88fdb4d45a6d8fbf816c4ea1f5363b9973c0d3d7f60286b63a7dfa071b7f016046
+AUX knot-resolver-6.0.9-pytest_tomli.patch 929 BLAKE2B 1a0349c2bfbe945411c2220e50be2c93fb917d3c81c8f506576ce7457595da932ab1a717b812656b76b1abc928bd0276327cd37d524a402410016d092d5f71dc SHA512 643e208b9c12156b8a5173afe2d46e489c9f9eb396847c825a484594f3fe3fe7395bd15083a0940e3de36a0b5e6a866364e8dc32297f0e9a4fafde5088ade002
+AUX knot-resolver-6.0.9-sd_notify_alt.patch 2556 BLAKE2B 3f64633d82e1a2b78c0c8f04da68aeb280553ae1ce27a21eca66320e7c99e3f0ee8d15119da8d9ac2fe1d742e1b62ce502a66ef47b2b35c14c1945872bd312b2 SHA512 46135f5f2dfa58055ed6e9b4948d57a56a18119679d82033bb6e4fa9da82975c54a9eff73ecadfd8a597285593ae2d9b7841c078a6587277a3a51219eb3a6d14
+AUX knot-resolver.confd 336 BLAKE2B eb4e119a67bee3cdcebcee7f917ad13a1976eb04fb82f42f810f79ea6550f3b8391842aa213808686f939194768c1ba339e586c0af7df0d34c9309e5b541d93d SHA512 422569884ff1bd7bcc73e710738022de77b8b063125127b584488272f66ee105256b12b1b66b45a68520f6f5c15f519eb7166ba3dc8fb5f9982158d0d0be3fbd
+AUX knot-resolver.initd 936 BLAKE2B f0681cf1c837089348196487ad6858998e76ce6f2303e68478e5b0d9b0de6307f198d5dbbf05a4debea3f02b604352c5460636e29251452833df1b397e5d11af SHA512 535b626f95de4c79906c2df0bf0665234aab05f7bc30a67a8eaf0db37b4bc6cf630d613323a5fa882bb2b40ee712805c8259323c3c87a004c70e8834926d7208
+AUX kres-cache-gc.initd 625 BLAKE2B 9b6002cb2811d1c6ad30e1c6dc98fc39bb17760d80f76f3c218857dd10023001c75684c8930a596713513bae067d68992cb1d91d167eeadd95214cba736b8135 SHA512 f4826fcdb61445aecc6b380f2e44dc193e93eaf6164f6f98e89cd67d5b1aa130eb17941e623276401982a7bf454a2155d3e339ad34d18f0b0bb361260622dfd6
 AUX kresd.confd-r1 284 BLAKE2B e57439a2b7fd0f433c8ea221129c1696a74c6db95f1182a0a434eb7a53feeb5a8f8678539323bb8094e19e45d781747aae3acccd683fd3b3b4f375934191a77c SHA512 40200c590638e19f9fe26367e10148c022f11dba1182cde2d10cab695de52fd2acb8133e9f05ecc93457fccb019ef4c0b3e47999e0926bd50f1d283ba80d1195
 AUX kresd.initd-r1 793 BLAKE2B 267b16475029eee74eed892fb73e8abc9f197a974f35fb22d6013b9ae68a4e5f18c0f5f371ec6309057aa31db7938f5f7dd3e87d9e1b00598253088a61aad452 SHA512 457eccdd9ec841920674d175d3bf8d25a75ea1f076cdb72a8aa24d743664412250436360e73e96fd5ce3370340c27ed6bf37faac502155e13971541653f84b72
 AUX kresd.initd-r2 801 BLAKE2B add0d31ee7781e987d67e5b3bf187177c9e50819dd7dbdcce3637912a27ec6da8a7c0575a4212cfe0aa620fa749558a852fd930a83871ca988b2fa6e8e0ef785 SHA512 041b3b7a31c1d9957f9437527987d88e89eeaa3f72aea2f5fc1dd28f40aab7b222a5edf42ccca8f522dae60c893d2d82900329006cf7a4f4bcc733f6a1208a4a
@@ -9,6 +16,9 @@ DIST knot-resolver-5.7.2.tar.xz 1928336 BLAKE2B c4f17a050752a5d1ed141bae646f53f3
 DIST knot-resolver-5.7.2.tar.xz.asc 833 BLAKE2B f73f52d7b2326a58a37b821cd8495d20c93017bd1f7bad2cc828f807f1886fc376dc95405b3b36047719f8566e27d7c1052b7ab11fae3d1d67c5563a293d965e SHA512 cf05ceca455400004cf249b1029b93619a1d5fcf839bca1259a7b411a1ddef1da0aff187ea0023c587de1981e91a8d26af3bb22341cf426e5055e8ca1c4024e2
 DIST knot-resolver-5.7.4.tar.xz 1931124 BLAKE2B 670bd0bac1417fde0f7b6a02797e49e22af081e55b63c23e1fcd8dee369f21b7a2a8997fe641f69e7f0de5cbc7960307f32c939eb85c260fb2de015542dfce1e SHA512 5d8ea5b5b0cba5a1058aaa6e04573c838895d6b2c204e8d09c9ad898fb074c52ef7589afdad164b007edf151167d31fd0f940466edfeec597f96e5bc1cd72171
 DIST knot-resolver-5.7.4.tar.xz.asc 833 BLAKE2B 6432bc23ff779998eb351d57db34bcd9e41ea928fa5d83463122012d8adad16edec7afbcbfb0f0b41789c7797c895216b793ced2d6a01d69fdc3b0f2d12879cb SHA512 d34a0e1fd8be372c325199ace5bb6f20b2b395a4fb5a6f6f4c2c89f29741ecfd36234900b0e836c174df831716012589231551b13426a6728e37aba6c74c197f
+DIST knot-resolver-6.0.9.tar.xz 2127432 BLAKE2B 185a78737f6830b4ff036a537f2ceb032388e50ef050c239f0ce21d84a1fa2d1632aa95802a73d4ff80bcb18cef23f444a10b594121cd449cee3c12182dcab2e SHA512 98b3074927d9cb484738592a6cad84b818130aafd91473ee6e17458884c3ff5cb528e22d020d8b8b92b429feb2e3432e9cb77574f505bdf2e5f6f286009ecd59
+DIST knot-resolver-6.0.9.tar.xz.asc 833 BLAKE2B 10c9c895bd3a728b8a9d3769cb72ccc5dbf5c17164df388d1519c5e4734e21ee568c079191ada6ff76f1a150be911d79c5d1ebb02597c32d1aa5003a5ceaf02d SHA512 b46a9346deda328fbe6638657e2d87903052ac36b11ff5d4f68bd145487687c1c2f43a7b62e40585f5853816b7ed66b1af3b98642e882f72e36cf521f5eb1bce
 EBUILD knot-resolver-5.7.2.ebuild 2215 BLAKE2B 373293e59d03c0d65329f3dba92072d7618206d7a5d084555495f639f8b906e5cc3014b4c4dcbcca56826af2afa418d6cd135ae22c1dc57e9132df056b54c1b6 SHA512 77f661a294e6fecda8fe0cbc31e8518822f30f6b05093ff629c28147f2bae780e81fef5d47251e654094b72f6eb533e3e05c61b787664fac0fc7e84399a3508a
 EBUILD knot-resolver-5.7.4-r1.ebuild 2107 BLAKE2B 2c9837a63016339f06b9b3793458c36468ae4117ef8fbef6462443e17001fb82a43f832cbca605316c1205f4a84006f589f986e871b8eb433cfdfbda50a86085 SHA512 acb6c8b7698c64ef4cbbf2608ba7db18c2e4c5e95411c1af7c907037d398fc9424247cb760889e25b06d813f076a8c3831b16fe2c86e526bfe03fec390ef00ce
-MISC metadata.xml 448 BLAKE2B 9314270946aa31927ca0e48d512acde53d11c56b295c91ddb64b17cc75d143ae84995c7810b37267966ee7d864283c3c363a4f1afc5dd71fd52991db2c67b0eb SHA512 c25cccfd240ef9f12572d836ffb5185dfb3acf482299fdd7b18c9bcc92363099df2a751cad18d014a16e6756c7887eb13732c576f606df636f36edb657d69e59
+EBUILD knot-resolver-6.0.9.ebuild 4544 BLAKE2B 693aa572ff552ddff76a49e6506dc2e89fb7822663d5d195af6426d5de45238f9cdc290a22155f8dcb4ffffee17aaf704a8c67547ca88c25f92039fcd1c811ec SHA512 5b1dbb81ce534383f281e03eb356e14218fd51af82b69a7546a0659ee83d4197d9bce5745674be7021df5ee8598bd68aec135618e23873366229cd66687f9501
+MISC metadata.xml 666 BLAKE2B 1a1dd25bfce96daec18b94625384ffa003d17eb87ce89d4c74d1a935c79cb176a1bd7e7fdb3989e41dcbf6aea6e5b48125134722d858ad20a76fd1725703ee8c SHA512 a7e66a0096de02ed0815fe1536e70987e71f61f36e6cb51b7017fcebf4680e421a39a29fd351edbc2e2a8410b54bfecadcd533b87441013d5eb107faf4598499
diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-config-example.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-config-example.patch
new file mode 100644
index 000000000000..1e20fad33e16
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-config-example.patch
@@ -0,0 +1,40 @@
+From 432f3078eb506dc002de94a6472e3ccf3097f274 Mon Sep 17 00:00:00 2001
+From: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
+Date: Fri, 22 Nov 2024 13:23:38 +0100
+Subject: [PATCH] Add config.yaml in etc_dir
+
+---
+ etc/config/meson.build | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/etc/config/meson.build b/etc/config/meson.build
+index ca888084..29abb992 100644
+--- a/etc/config/meson.build
++++ b/etc/config/meson.build
+@@ -10,6 +10,11 @@ example_configs = [
+   'config.privacy',
+   'config.personal',
+   'config.splitview',
++  'config.dev.yaml',
++  'config.example.docker.yaml',
++  'config.example.isp.yaml',
++  'config.example.internal.yaml',
++  'config.example.personal.yaml',
+ ]
+ 
+ install_data(
+@@ -17,6 +22,11 @@ install_data(
+   install_dir: examples_dir,
+ )
+ 
++install_data(
++  sources: 'config.example.personal.yaml',
++  rename: 'config.yaml',
++  install_dir: etc_dir,
++)
+ 
+ # kresd.conf
+ install_kresd_conf = get_option('install_kresd_conf') == 'enabled'
+-- 
+2.45.2
+
diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-libsystemd.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-libsystemd.patch
new file mode 100644
index 000000000000..6010881b3037
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-libsystemd.patch
@@ -0,0 +1,25 @@
+--- a/meson.build
++++ b/meson.build
+@@ -145,7 +145,7 @@ xdp = meson.get_compiler('c').has_header('libknot/xdp/xdp.h')
+ ### Systemd
+ systemd_files = get_option('systemd_files')
+ systemd_legacy_units = get_option('systemd_legacy_units')
+-libsystemd = dependency('libsystemd', required: systemd_files == 'enabled')
++libsystemd = dependency('libsystemd', required: get_option('systemd'))
+ 
+ # Uh, lifted this trivial line from tests/meson.build due to dependency sorting:
+ build_extra_tests = get_option('extra_tests') == 'enabled'
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -227,3 +227,10 @@ option(
+   value: 'auto',
+   description: 'add rpath to the knot resolver executables',
+ )
++
++option(
++  'systemd',
++  type: 'feature',
++  value: 'auto',
++  description: 'systemd watchdog support',
++)
+
diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-pytest_tomli.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-pytest_tomli.patch
new file mode 100644
index 000000000000..9e9db90ffe66
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-pytest_tomli.patch
@@ -0,0 +1,31 @@
+From 70d2254de37555167cf60b60d1539ecc9d798fea Mon Sep 17 00:00:00 2001
+From: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
+Date: Mon, 25 Nov 2024 22:21:07 +0000
+Subject: [PATCH] use tomli instead toml for pytest
+
+---
+ tests/manager/test_knot_resolver_manager.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/manager/test_knot_resolver_manager.py b/tests/manager/test_knot_resolver_manager.py
+index 05d0e61d..b45c79a4 100644
+--- a/tests/manager/test_knot_resolver_manager.py
++++ b/tests/manager/test_knot_resolver_manager.py
+@@ -1,11 +1,11 @@
+-import toml
++import tomli
+ 
+ from knot_resolver import __version__
+ 
+ 
+ def test_version():
+-    with open("pyproject.toml", "r") as f:
+-        pyproject = toml.load(f)
++    with open("pyproject.toml", "rb") as f:
++        pyproject = tomli.load(f)
+ 
+     version = pyproject["tool"]["poetry"]["version"]
+     assert __version__ == version
+-- 
+2.45.2
+
diff --git a/net-dns/knot-resolver/files/knot-resolver-6.0.9-sd_notify_alt.patch b/net-dns/knot-resolver/files/knot-resolver-6.0.9-sd_notify_alt.patch
new file mode 100644
index 000000000000..9752b314cfa0
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver-6.0.9-sd_notify_alt.patch
@@ -0,0 +1,82 @@
+https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1608
+Draft: daemon: add sd_notify alternative
+This allows kresd to run even if libsystemd is not available.
+
+diff --git a/daemon/main.c b/daemon/main.c
+index 44b8ae4c1b745c19ae91f6c9119b895d7738947f..230b1e453217682df387165c08f4115d795cb983 100644
+--- a/daemon/main.c
++++ b/daemon/main.c
+@@ -36,6 +36,8 @@
+ #include <uv.h>
+ #if ENABLE_LIBSYSTEMD
+ #include <systemd/sd-daemon.h>
++#else
++static int notify_ready(const char *state);
+ #endif
+ #include <libknot/error.h>
+ 
+@@ -68,6 +70,7 @@ KR_EXPORT const char *malloc_conf = "narenas:1";
+ #define TCP_BACKLOG_DEFAULT 128
+ #endif
+ 
++
+ /** I don't know why linker is dropping these functions otherwise. TODO: revisit. */
+ KR_EXPORT void kr_misc_unused(void)
+ {
+@@ -209,6 +212,8 @@ static int run_worker(uv_loop_t *loop, bool leader, struct args *args)
+ 	/* Notify supervisor. */
+ #if ENABLE_LIBSYSTEMD
+ 	sd_notify(0, "READY=1");
++#else
++	notify_ready("READY=1");
+ #endif
+ 	/* Run event loop */
+ 	uv_run(loop, UV_RUN_DEFAULT);
+@@ -414,6 +419,47 @@ static int start_listening(flagged_fd_array_t *fds) {
+ 	return some_bad_ret;
+ }
+ 
++#if !ENABLE_LIBSYSTEMD
++/* Notify supervisord about successful inicialization
++ * @note tested only on an abstract address in $NOTIFY_SOCKET*/
++static int notify_ready(const char *state)
++{
++	int sockfd;
++	struct sockaddr_un addr;
++	char *socket_path = getenv("NOTIFY_SOCKET");
++	if (!socket_path) {
++		kr_log_error(WORKER, "Failed retrieving env variable $NOTIFY_SOCKET\n");
++		return EXIT_FAILURE;
++	}
++	if ((sockfd = socket(AF_UNIX, SOCK_DGRAM, 0)) == -1) {
++		kr_log_error(WORKER, "Failed to create unix socket at $NOTIFY_SOCKET ('%s'): %s\n",
++				socket_path, strerror(errno));
++		return EXIT_FAILURE;
++	}
++
++	addr.sun_family = AF_UNIX;
++
++	int addrlen;
++	if (socket_path[0] == '@') {
++		addr.sun_path[0] = '\0';
++		strncpy(&addr.sun_path[1], socket_path + 1, sizeof(addr.sun_path) - 2);
++		addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path + 1) + 1;
++	} else {
++		strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path) - 1);
++		addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path) + 1;
++	}
++	if (sendto(sockfd, state, strlen(state), 0, &addr, addrlen) == -1) {
++		kr_log_error(WORKER, "Failed to send notify message to '%s': %s\n",
++			socket_path, strerror(errno));
++		close(sockfd);
++		return EXIT_FAILURE;
++	}
++
++	close(sockfd);
++	return kr_ok();
++}
++#endif /* if !ENABLE_LIBSYSTEMD */
++
+ /* Drop POSIX 1003.1e capabilities. */
+ static void drop_capabilities(void)
+ {
diff --git a/net-dns/knot-resolver/files/knot-resolver.confd b/net-dns/knot-resolver/files/knot-resolver.confd
new file mode 100644
index 000000000000..8c3c65cf5772
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver.confd
@@ -0,0 +1,10 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+#KNOT_RESOLVER_USER=knot-resolver
+#KNOT_RESOLVER_GROUP=knot-resolver
+#KNOT_RESOLVER_CONFIG="/etc/knot-resolver/config.yaml"
+#KNOT_RESOLVER_PIDFILE="/run/knot-resolver.pid"
+
+#LOG TARGET : syslog stdout stderr
+#KNOT_RESOLVER_LOG="syslog"
diff --git a/net-dns/knot-resolver/files/knot-resolver.initd b/net-dns/knot-resolver/files/knot-resolver.initd
new file mode 100644
index 000000000000..79c9ec786a8b
--- /dev/null
+++ b/net-dns/knot-resolver/files/knot-resolver.initd
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KNOT_RESOLVER_USER:=knot-resolver}
+: ${KNOT_RESOLVER_GROUP:=knot-resolver}
+: ${KNOT_RESOLVER_CONFIG:=/etc/knot-resolver/config.yaml}
+: ${KNOT_RESOLVER_PIDFILE:=/run/knot-resolver.pid}
+: ${KNOT_RESOLVER_LOG:=syslog}
+
+export KRES_LOGGING_TARGET="${KNOT_RESOLVER_LOG}"
+
+command="/usr/bin/knot-resolver"
+command_args="-c ${KNOT_RESOLVER_CONFIG}"
+command_user="${KNOT_RESOLVER_USER}:${KNOT_RESOLVER_GROUP}"
+pidfile="${KNOT_RESOLVER_PIDFILE}"
+command_background=true
+retry="TERM/60/KILL/5"
+
+extra_started_commands="reload"
+
+capabilities="^cap_net_bind_service,^cap_setpcap"
+
+name="knot-resolver manager"
+description="scaleable caching DNS resolver"
+
+depend() {
+    need net
+    use logger
+    provide dns
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	/usr/bin/kresctl --config=${KNOT_RESOLVER_CONFIG} reload
+	eend $?
+}
diff --git a/net-dns/knot-resolver/files/kres-cache-gc.initd b/net-dns/knot-resolver/files/kres-cache-gc.initd
new file mode 100644
index 000000000000..2f62e9564d3f
--- /dev/null
+++ b/net-dns/knot-resolver/files/kres-cache-gc.initd
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KRES_CACHE_GROUP:=knot-resolver}
+: ${KRES_CACHE_USER:=knot-resolver}
+: ${KRES_CACHE_DIR:=/var/cache/knot-resolver}
+: ${KRES_CACHE_PIDFILE:=/var/run/kres-cache-gc.pid}
+: ${KRES_CACHE_OPTS:="-d 1000"}
+
+command="/usr/bin/kres-cache-gc"
+command_args="-c ${KRES_CACHE_DIR} ${KRES_CACHE_OPTS}"
+command_user="${KRES_CACHE_USER}:${KRES_CACHE_GROUP}"
+pidfile="${KRES_CACHE_PIDFILE}"
+command_background=true
+
+name="kres-cache-gc"
+description="Knot Resolver Garbage Collector daemon"
+
+depend() {
+    need kresd
+}
diff --git a/net-dns/knot-resolver/knot-resolver-6.0.9.ebuild b/net-dns/knot-resolver/knot-resolver-6.0.9.ebuild
new file mode 100644
index 000000000000..6ef4cbb64fd0
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-6.0.9.ebuild
@@ -0,0 +1,176 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+DISTUTILS_EXT=1
+DISTUTILS_OPTIONAL=1
+DISTUTILS_SINGLE_IMPL=1
+DISTUTILS_USE_PEP517=poetry
+# waiting app-admin/supervisor for py3_13
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit distutils-r1 lua-single meson tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+SRC_URI="
+	https://knot-resolver.nic.cz/release/${P}.tar.xz
+	verify-sig? ( https://knot-resolver.nic.cz/release/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+IUSE="caps dnstap jemalloc +manager nghttp2 prometheus systemd test xdp"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="
+	${LUA_REQUIRED_USE}
+	manager? ( ${PYTHON_REQUIRED_USE} )
+"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	>=net-dns/knot-3.3:=[xdp?]
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	jemalloc? ( dev-libs/jemalloc:= )
+	manager? (
+		${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			app-admin/supervisor[${PYTHON_USEDEP}]
+			dev-python/aiohttp[${PYTHON_USEDEP}]
+			dev-python/jinja2[${PYTHON_USEDEP}]
+			dev-python/pyyaml[${PYTHON_USEDEP}]
+			dev-python/typing-extensions[${PYTHON_USEDEP}]
+			prometheus? ( dev-python/prometheus-client[${PYTHON_USEDEP}] )
+		')
+	)
+	nghttp2? ( net-libs/nghttp2:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		dev-util/cmocka
+		manager? (
+			$(python_gen_cond_dep '
+				dev-python/pyparsing[${PYTHON_USEDEP}]
+				dev-python/pytest-asyncio[${PYTHON_USEDEP}]
+				dev-python/tomli[${PYTHON_USEDEP}]
+			')
+		)
+	)
+"
+BDEPEND="
+	virtual/pkgconfig
+	manager? (
+		${DISTUTILS_DEPS}
+		${PYTHON_DEPS}
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-knot-resolver-20240304 )
+"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.gpg
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+	"${FILESDIR}"/${PN}-6.0.9-libsystemd.patch
+	"${FILESDIR}"/${PN}-6.0.9-config-example.patch
+	"${FILESDIR}"/${PN}-6.0.9-sd_notify_alt.patch
+	"${FILESDIR}"/${PN}-6.0.9-pytest_tomli.patch
+)
+
+pkg_setup() {
+	lua-single_pkg_setup
+	use manager && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	use manager && distutils-r1_src_prepare
+}
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		# requires non-gentoo lua modules (basexx, cqueues)
+		-Dconfig_tests=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dinstall_kresd_conf=enabled
+		-Dopenssl=disabled
+		-Dmalloc=$(usex jemalloc jemalloc disabled)
+		-Dsystemd_files=enabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature nghttp2)
+		$(meson_feature systemd)
+		$(meson_feature systemd systemd_legacy_units)
+		$(meson_feature test unit_tests)
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+	use manager && distutils-r1_src_compile
+}
+
+src_test() {
+	meson_src_test
+	use manager && distutils-r1_src_test
+}
+
+python_test() {
+	epytest tests/manager
+}
+
+src_install() {
+	meson_src_install
+	if use manager; then
+		distutils-r1_src_install
+		newinitd "${FILESDIR}"/knot-resolver.initd knot-resolver
+		newconfd "${FILESDIR}"/knot-resolver.confd knot-resolver
+	else
+		rm "${ED}"/usr/lib/systemd/system/knot-resolver.service || die
+	fi
+	fowners -R ${PN}: /etc/${PN}
+	newinitd "${FILESDIR}"/kresd.initd-r2 kresd
+	newconfd "${FILESDIR}"/kresd.confd-r1 kresd
+	newinitd "${FILESDIR}"/kres-cache-gc.initd kres-cache-gc
+}
+
+pkg_postinst() {
+	tmpfiles_process knot-resolver.conf
+	if use manager; then
+		elog "You choose the new way, called the manager, to start Knot Resolver :"
+		use systemd && elog "	systemctl start knot-resolver.service"
+		use !systemd && elog "	/etc/init.d/knot-resolver start"
+		elog "Configuration file : /etc/knot-resolver/config.yaml"
+		elog ""
+		elog "The older way, without the manager, is still available :"
+	else
+		elog "You choose the older way, without the manager, to start Knot Resolver :"
+	fi
+	use systemd && elog "	systemctl start kresd@N.service"
+	use !systemd && elog "	/etc/init.d/kresd start"
+	elog "Configuration file : /etc/knot-resolver/kresd.conf"
+	elog ""
+	elog "Optional garbage collector : /etc/init.d/kres-cache-gc"
+	elog ""
+	use !manager && elog "The new way is available with the useflag manager."
+}
diff --git a/net-dns/knot-resolver/metadata.xml b/net-dns/knot-resolver/metadata.xml
index c6e3e25b513e..caa5fc35963b 100644
--- a/net-dns/knot-resolver/metadata.xml
+++ b/net-dns/knot-resolver/metadata.xml
@@ -9,9 +9,15 @@
 		<flag name="kresc">
 			Build (experimental) command-line client
 		</flag>
+		<flag name="manager">
+			Manager is a user-friendly interface and a component handling rolling restarts, config update logic and more.
+		</flag>
 		<flag name="nghttp2">
 			DNS-over-HTTPS support
 		</flag>
+		<flag name="prometheus">
+			Metrics exported in Prometheus
+		</flag>
 		<flag name="xdp">
 			Enable eXpress Data Path
 		</flag>
diff --git a/net-dns/knot/Manifest b/net-dns/knot/Manifest
index e95a261143ed..452acf718334 100644
--- a/net-dns/knot/Manifest
+++ b/net-dns/knot/Manifest
@@ -1,7 +1,11 @@
+AUX knot-1.init 891 BLAKE2B 2301f632deba8af7c4f4107cb44ff611eff0b1ce2e5c60c9e3c0670fc7b07a8c93d64b4c2933035df2bc06543a08560d7b687a3925b57efc9251ae0ade3418c3 SHA512 aae41f5443c3f19350cd6869ed5355d194fe99a0110e7f565e4d136c0e258f01e85c374bbb02d4714f21ca8681e6c0858c94cad4c8679f33f567fbb7b9b3452c
 AUX knot-1.service 337 BLAKE2B a6645b2ab92612f3c6640f4e9601cefe087a519d8a40b222e05dbd44c8b8c5c87a01d500d5ac328fdee1cae3f9dd126448a8b82b979e13a4ff5285fa48b983d5 SHA512 58c4186e57ebd00b86dae34d5d208ed8801c0376da40cccb23b3d4542a7ee04a1003a12a4b89347b76a384b50eae4a61f96164bf22ec987ce05b1c65691659e7
 AUX knot.init 861 BLAKE2B 30ffe287f4f83058407ceab00b2113dade3b60b38d76c86f156cc31c33cc4f2ec8cf7f22172823755b71385ca18cc1044605b5479c9de05284f911d500b5dc40 SHA512 e5faa96cbee618e9042bdfd0628f06c4bc4d23c7295521771e16f6eae715835a240799e8425317b03b1ea162966defb5d6b6592139cb1d9d61b47a24961ec9b9
+AUX knot.tmpfile 58 BLAKE2B a107ca27b8d47253409c319d0e69ab151237844d10840155e6ceeb37b8c63268de52c161f63ca27b6c3ec4092c7759fc46d325d4cd79063caa33ef82e23e119e SHA512 db13a4108ce820032a72aa788e6cf79c6bb0870ec457f454dea9102f07255dd5c1543723436665da92236c093ee97161f72298131f80dff09d5faf6aba24bde8
 DIST knot-3.2.2.tar.xz 1632748 BLAKE2B 185567dc883f946570fe60cd7d01d96162c5f13ac84330e5551c293b5011c162401fd25ddbdb43bf9242e13c3cdc8225be107dc579619fe54c05335601cd27ae SHA512 29fadb96c1ea525c6183f9e7552f4ad370579b67d74aec1910a92d561cc2c5656fd7876015f29161d279a07c23643f6584308bf9fa0e74d351b17af54e5e9a7f
 DIST knot-3.2.9.tar.xz 1642600 BLAKE2B 2c81b2afa96c6077778c3458b2ddeeb8b47ea99607ba755a904278f9755a32171738418ea442b1e6b4afcebe0db2c86e68845d38f8e78342b8354411d1e34af8 SHA512 baf8da222e38198c85fa62e45e71b29ddac7c90433b811710ace1e0395e6e7b5d63547ce8f3a62792ee11259ec2e36d6ddd8fff999416f9171671444a95086cf
+DIST knot-3.4.2.tar.xz 1632976 BLAKE2B 0b633b27b22665db243bc4222f05028a17ee7ec6ba5960ff1cfe503d27bf3d26218f771cb15b70bbf8782898bcc7748bd5c27d55747607a1d93f784cdadddad7 SHA512 d5353fdd51224e20a8009aea7df6fe7503a726756c82041b770d8e90cae00b38ede7ecb2f31178ccb9f472a98b86f90208d4627fa4aaaf3c0383272b451e3015
 EBUILD knot-3.2.2.ebuild 2351 BLAKE2B 456d0058996844d267484c81541b35d55d48c4451c23762abb98b378f73f6371f66f2dae327fc98d1f648779b784cdcf796d4edb1bae86a9578103c59f5b0c86 SHA512 f07e0ef6885cc8ee60dfcf8a3b064bd7edb81d2f4b7d236f7fecba3ff3292cbdb3f2f2d9fa42ad45da0fc2f5f5142feda4cae40ca0dc0b0954a91db3fb2064f9
 EBUILD knot-3.2.9.ebuild 2362 BLAKE2B f60e095c8213bbdc2e074ee42de0e2e337676c25130659352a76e1778b548358c3774513fbd9fbc3d43e3979add8fde4348653a8b81f1df1b1d37e719f960f23 SHA512 fb5dd093c85ce7cb8e85532f2a634d9d0492ed4ef290ccf46af97ee40f6f2d4d0a9ec5dfa06509bdfc0431b45a08c30be20ac96a4e836b8e6de19b58119e296c
-MISC metadata.xml 2134 BLAKE2B 3146dae8c2a77647e608c17a2ef319162956b87c24ed41b15c9e2f89a1d43d4137a281220e168ecd2d6e9a7d2aac39656398d9fc4ed44234b242593c15849725 SHA512 352cf20a4701f0c102abcd78a3ed21b6b114b6dbe4500e0d1f8ae7467219fccc6baa34c482432094be4d6f2f573be4237a35ff9d8a940edb527d0161ae50b985
+EBUILD knot-3.4.2.ebuild 3348 BLAKE2B eb4d0fb6c91fc7ed0b9415e3c44c4ae0653c3063a24c21e91a7365334cdb88bf275f81e65fc90990b9689ab8ff9f76b290a12a60588ca973f98d2fb30b567b86 SHA512 5ba5bcc094d07831481e0453cbd6e511ea99560e71f717379d0f5b16a1efb4ce48e1aba8ec547a532224d00ec19696e1349810f827b776def8eccd4d0e39c4ba
+MISC metadata.xml 2358 BLAKE2B 49b224bac7b6828b759663e64d9f768afa7904ab5ad87fbc48a22c9e26a24e3ccec5306171a8ee6cdef32dfe1798cfd6257a8af62f42e70d5b9f487f44dab60b SHA512 a8d48af1366421e506b6117620916a775a3ebca50cdffdd40ee45429fc181aef3d70d5f0f8a99df09ea07babbe6c6c124a2716c71ffa09ec6806e0dc10d44ba4
diff --git a/net-dns/knot/files/knot-1.init b/net-dns/knot/files/knot-1.init
new file mode 100644
index 000000000000..989a576dcc59
--- /dev/null
+++ b/net-dns/knot/files/knot-1.init
@@ -0,0 +1,42 @@
+#!/sbin/openrc-run
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KNOT_USER:=knot}
+: ${KNOT_GROUP:=knot}
+: ${KNOT_PIDFILE:=/run/knot.pid}
+: ${KNOT_CONFIG:=/etc/knot/knot.conf}
+
+name="knot"
+description="High-performance authoritative-only DNS server"
+command="/usr/sbin/knotd"
+command_args="-c ${KNOT_CONFIG}"
+command_user="${KNOT_USER}:${KNOT_GROUP}"
+command_background=true
+pidfile="${KNOT_PIDFILE}"
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+checkconfig() {
+	/usr/bin/knotc conf-check 1>/dev/null || return 1
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile $pidfile
+	eend $?
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkconfig || return 1
+	fi
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkconfig || return 1
+	fi
+}
diff --git a/net-dns/knot/files/knot.tmpfile b/net-dns/knot/files/knot.tmpfile
new file mode 100644
index 000000000000..dfc488ca0583
--- /dev/null
+++ b/net-dns/knot/files/knot.tmpfile
@@ -0,0 +1,2 @@
+d /run/knot	0750	knot	knot
+d /var/lib/knot	0750	knot	knot
diff --git a/net-dns/knot/knot-3.4.2.ebuild b/net-dns/knot/knot-3.4.2.ebuild
new file mode 100644
index 000000000000..06a4f78e8400
--- /dev/null
+++ b/net-dns/knot/knot-3.4.2.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic systemd tmpfiles
+
+# subslot: libknot major.libdnssec major.libzscanner major
+KNOT_SUBSLOT="15.9.4"
+
+DESCRIPTION="High-performance authoritative-only DNS server"
+HOMEPAGE="https://www.knot-dns.cz/ https://gitlab.nic.cz/knot/knot-dns"
+SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz"
+
+S="${WORKDIR}/${P/_/-}"
+
+LICENSE="GPL-3+"
+SLOT="0/${KNOT_SUBSLOT}"
+KEYWORDS="~amd64 ~riscv ~x86"
+
+KNOT_MODULES=(
+	"+authsignal"
+	"+cookies"
+	"+dnsproxy"
+	"dnstap"
+	"geoip"
+	"+noudp"
+	"+onlinesign"
+	"+queryacl"
+	"+rrl"
+	"+stats"
+	"+synthrecord"
+	"+whoami"
+)
+
+IUSE="caps +daemon dbus +doc doh +fastparser +idn pkcs11 quic systemd test +utils xdp ${KNOT_MODULES[@]}"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	dev-libs/libedit
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	quic? ( net-libs/ngtcp2[gnutls] )
+"
+RDEPEND="
+	dev-db/lmdb:=
+	net-libs/gnutls:=[pkcs11?]
+	daemon? (
+		${COMMON_DEPEND}
+		acct-group/knot
+		acct-user/knot
+		dev-libs/userspace-rcu:=
+		caps? ( sys-libs/libcap-ng )
+		dbus? ( sys-apps/dbus )
+		geoip? ( dev-libs/libmaxminddb:= )
+		systemd? ( sys-apps/systemd:= )
+		)
+	utils? (
+		${COMMON_DEPEND}
+		doh? ( net-libs/nghttp2:= )
+		idn? ( net-dns/libidn2:= )
+	)
+	xdp? (
+		>=dev-libs/libbpf-1.0:=
+		net-libs/xdp-tools
+		utils? ( net-libs/libmnl:= )
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	test? (
+		pkcs11? ( dev-libs/softhsm )
+	)
+"
+
+src_prepare() {
+	default
+
+	# these tests call this daemon file knot/server/dthreads.h
+	if use test && use !daemon; then
+		sed -i \
+		-e '/test_atomic/d' \
+		-e '/test_spinlock/d' \
+		tests/Makefile.am || die
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	local u
+	local my_conf=(
+		--with-storage="${EPREFIX}/var/lib/${PN}"
+		--with-rundir="${EPREFIX}/var/run/${PN}"
+		$(use_enable caps cap_ng)
+		$(use_enable daemon)
+		$(use_enable fastparser)
+		$(use_enable dnstap)
+		$(use_enable doc documentation)
+		$(use_with doh libnghttp2)
+		$(use_enable geoip maxminddb)
+		$(use_with idn libidn)
+		$(use_enable quic)
+		$(use_enable systemd)
+		$(use_enable utils utilities)
+		$(use_enable xdp)
+	)
+
+	# modules (except dnstap forced by use_enable if set with utils) are only used by daemon
+	if use daemon; then
+		for u in "${KNOT_MODULES[@]#+}"; do
+			my_conf+=("$(use_with ${u} module-${u})")
+		done
+	else
+			my_conf+=("--disable-modules")
+	fi
+
+	if use !daemon; then
+		my_conf+=("--enable-dbus=no")
+	elif use dbus; then
+		my_conf+=("--enable-dbus=libdbus")
+	elif use !dbus && use !systemd; then
+		my_conf+=("--enable-dbus=no")
+	elif use !dbus && use systemd; then
+		my_conf+=("--enable-dbus=systemd")
+	fi
+
+	if use riscv; then
+		append-libs -latomic
+	fi
+
+	econf "${my_conf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	use doc && local HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} )
+
+	default
+
+	if use daemon; then
+		rmdir "${D}/var/run/${PN}" "${D}/var/run/" || die
+
+		newinitd "${FILESDIR}/knot-1.init" knot
+
+		newtmpfiles "${FILESDIR}"/${PN}.tmpfile ${PN}.conf
+
+		use systemd && systemd_newunit distro/common/knot.service knot.service
+	fi
+
+	find "${D}" -name '*.la' -delete || die
+
+	keepdir /var/lib/knot
+}
+
+pkg_postinst() {
+	use daemon && tmpfiles_process ${PN}.conf
+}
diff --git a/net-dns/knot/metadata.xml b/net-dns/knot/metadata.xml
index d7aafeb4ba1e..eb4839a1be64 100644
--- a/net-dns/knot/metadata.xml
+++ b/net-dns/knot/metadata.xml
@@ -10,9 +10,15 @@
 		<name>Proxy Maintainers</name>
 	</maintainer>
 	<use>
+		<flag name="authsignal">
+			Enable Automatic Authenticated DNSSEC Bootstrapping records
+		</flag>
 		<flag name="cookies">
 			Enable the DNS cookie module (RFC 7873)
 		</flag>
+		<flag name="daemon">
+			Enable Knot DNS main daemon
+		</flag>
 		<flag name="doh">
 			Enable DNS over HTTP (DoH) using libnghttp2
 		</flag>
@@ -42,6 +48,9 @@
 			Enable the module that sign zones on the fly instead of
 			pre-signing zone
 		</flag>
+		<flag name="pkcs11">
+			Add support for PKCS#11
+		</flag>
 		<flag name="queryacl">
 			Enable the module for query access control
 		</flag>
author	V3n3RiX <venerix@koprulu.sector>	2024-12-02 02:07:07 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-12-02 02:07:07 +0000
commit	d4f65848c7ecabb56e2f93889cbd20078cd347f7 (patch)
tree	180032f5afeb689db6a270d612f3e3364ed8fd2b /net-dns
parent	c635a4b7ddb6105bfc6fef130b188a087726677b (diff)