From cb3e8c6af7661fbcafdcacc7e0ecdfb610d098fa Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 9 Jun 2018 09:27:03 +0100 Subject: gentoo resync : 09.06.2018 --- net-dns/Manifest.gz | Bin 9731 -> 9726 bytes net-dns/dnscap/Manifest | 2 +- net-dns/dnscap/dnscap-20130814.ebuild | 15 +- net-dns/dnscrypt-proxy/Manifest | 21 +- .../dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild | 72 ------ .../dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild | 8 +- .../dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild | 97 +++++++++ .../dnscrypt-proxy/files/dnscrypt-proxy-2.confd | 3 - .../dnscrypt-proxy/files/dnscrypt-proxy-2.initd | 19 -- .../dnscrypt-proxy/files/dnscrypt-proxy-2.service | 39 ---- .../dnscrypt-proxy/files/dnscrypt-proxy-2.socket | 21 -- net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf | 242 --------------------- net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd | 4 + .../dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 | 1 - net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd | 19 ++ .../dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 | 11 - .../dnscrypt-proxy/files/dnscrypt-proxy.service | 39 ++++ .../dnscrypt-proxy/files/dnscrypt-proxy.service-r1 | 18 -- net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket | 21 ++ .../dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 | 9 - net-dns/dnscrypt-proxy/metadata.xml | 10 +- net-dns/knot/Manifest | 2 + net-dns/knot/knot-2.6.7.ebuild | 103 +++++++++ net-dns/unbound/Manifest | 2 + net-dns/unbound/unbound-1.7.1.ebuild | 156 +++++++++++++ 25 files changed, 463 insertions(+), 471 deletions(-) delete mode 100644 net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild create mode 100644 net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 create mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket delete mode 100644 net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 create mode 100644 net-dns/knot/knot-2.6.7.ebuild create mode 100644 net-dns/unbound/unbound-1.7.1.ebuild (limited to 'net-dns') diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz index 2040c3f510cb..d5a8f88fd1b4 100644 Binary files a/net-dns/Manifest.gz and b/net-dns/Manifest.gz differ diff --git a/net-dns/dnscap/Manifest b/net-dns/dnscap/Manifest index 74156ef8f711..9e590cfa8c5d 100644 --- a/net-dns/dnscap/Manifest +++ b/net-dns/dnscap/Manifest @@ -1,4 +1,4 @@ AUX dnscap-20130814.install.patch 853 BLAKE2B 5f237bc91ee0e83d498d8df525d81aa137f520d484fbb05df29084669be611574bc53ad5258d3ccbc8068ff574c14126a19e22bf6a27cbf99cfc20b70565cc50 SHA512 03bda20b9034e2a594ae08824306583f1591ddc9b3fe5542d84e4a4534100a8b09f70b34db89a7a3edc97e4b4c9219a6586ca7b0f79878206efa8407bd44d23a DIST dnscap-20130814.tar.gz 99615 BLAKE2B e663349e4acc20b88f7aee14676736534746c54072a4bf5d9ab9aa9935781a39f4a94d0d718108aba6b4035390214d76caf62f9cd71b364507ec55c7e93fd07d SHA512 1969d8cc47c6206369a02b29064dbb7f663a2187203ab1f49d862082bfb6e44c9fccf90fb63d65a523c7a5cf4d24815a74b9dd18d81267b4447252d7a04f33dd -EBUILD dnscap-20130814.ebuild 692 BLAKE2B ceeae01e50d031c0ee05b40211a8ac0aa645b30352d9ed454feb720bd2344be4c15346aca31b674ad5bbecf5fdbce22bd8a923be43f2a4c5b925a03713063cf0 SHA512 78bad3b0062972efc800b64d4233e3665551d192c444ee94e633a651738a14709ef1ff2dd1ef9716f50452d0ef1322403dc11b3252f9d4cb0cb118e99882c8d4 +EBUILD dnscap-20130814.ebuild 616 BLAKE2B ae959b4432e505f41d0e7b72b280c56d82739aae617717fd0a41ba70bb77ca920f384c3528483945d169bed646b4cd4a53e58c6f12f1ffde64a027ce21aca597 SHA512 17d2ac3dde251af82c60c5776fb920d3e0dd2fb97acd1a52b326059afc3a298855c0e1384eaa4bc0cfc74ea3cbb33a27d5e8373a00a5e5aeba6c9834b0c0de61 MISC metadata.xml 340 BLAKE2B af2248099e5cbe707247fd010762031ae94faa37ce99b5c5a2dbf6cd64cc9efb50013041161c73128f95da3af02bb8b19624597439fb17a41ea08154e2e7be20 SHA512 b530daf6ee3fe2b034e019a2fa4d68cc43970bc2564702d5cbdb1af645dd155cd6733b882215990cfe365002422ed3c0fba50a5bf99815790b583a822f12d04c diff --git a/net-dns/dnscap/dnscap-20130814.ebuild b/net-dns/dnscap/dnscap-20130814.ebuild index baed5d542660..229ade9c0a25 100644 --- a/net-dns/dnscap/dnscap-20130814.ebuild +++ b/net-dns/dnscap/dnscap-20130814.ebuild @@ -1,12 +1,10 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=5 +EAPI=7 -inherit eutils - -DESCRIPTION="dnscap is a network capture utility designed specifically for DNS traffic" -HOMEPAGE="http://dnscap.dns-oarc.net/" +DESCRIPTION="network capture utility designed specifically for DNS traffic" +HOMEPAGE="https://dnscap.dns-oarc.net/" ## github commit tarball MY_GIT_COMMIT="727ed7d5e46625abc2c8d988689a300589e948b6" @@ -23,7 +21,4 @@ IUSE="" RDEPEND="net-libs/libpcap" DEPEND="${RDEPEND}" -src_prepare() { - ## adds DESTDIR to install target - epatch "${FILESDIR}/${P}.install.patch" -} +PATCHES=( "${FILESDIR}/${P}.install.patch" ) diff --git a/net-dns/dnscrypt-proxy/Manifest b/net-dns/dnscrypt-proxy/Manifest index 5c0c9d0fc35c..a28c6bc76cd8 100644 --- a/net-dns/dnscrypt-proxy/Manifest +++ b/net-dns/dnscrypt-proxy/Manifest @@ -1,15 +1,10 @@ AUX config-full-paths-r10.patch 2487 BLAKE2B a0c7ff420a9000903ec8fdf446c463ef367db2ec934147817f08c12277d5e1704db7c7ec89ec068a5cdc26f88eb794f8caf6d9eb318764783ad62e22ce9a2798 SHA512 15a8af5fff20d9f9d7931faf40d2f9ff1a960a764d7330287af65290e85e986892f0b94a6b311e8ae0be60be3b78caa10c71e438275f20d44706850c2a61d407 -AUX dnscrypt-proxy-2.confd 148 BLAKE2B 064ea4c9fc7f63091d4c20e9d978a3c8863711176c84707b99438a1caa29865eb1739e7ec4ae492f7e4e37c7834b8e20250fadd2483ad0267645ea636f70b22e SHA512 cacf0553e24b8adbe013133adbc5c77c98c5b8f4253497ffe986ceb8501f9b697ed773994e852dd8d9ea394f7a0fb4405f4297b48186f77f31dd1b597a46d4aa -AUX dnscrypt-proxy-2.initd 646 BLAKE2B 3ede3fd925b6fad6f42ce4b52184ebdaa9c9cc881886e2b18d45f10476a7957ea09037ba2faf8d9ff12f4a0352e982f5d267410a9f3531f1d0ad8f5558d6576d SHA512 faa119b18765eb59ddacad1340752f1bbd9d10acf59f6b79bc4c31fcbe9f0e5f08bf6cd214ce2a5bdafe13c5d1a116aacea2e09a181699f8f06f3ec34fb9dcaa -AUX dnscrypt-proxy-2.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f -AUX dnscrypt-proxy-2.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36 -AUX dnscrypt-proxy.conf 8912 BLAKE2B ea1b196528dae0c9536c12e3ed6b9839830ae4f89203ea19332d8238cbeba599a202557c75de1d77e2e4f306db1d2a1dd2bc352891bbc2f8a3595c8aa253fa6d SHA512 1e45f38a46383af14695cd44531335801ae315d819e9593e931be0fd513059c87ddfc9128158a532c6bc26cf113635c9630d8694764dff5a46a6a98c5ea8b42a -AUX dnscrypt-proxy.confd-r1 41 BLAKE2B e73624ac07b382c9dd66970e12da3e00a669d548a32b16aec6e4227a0af73980f294444507c86fa0ae26e8f9f19c6d533f83ecdcbdcf9d8c28a8c47439844d77 SHA512 2f381c21e92a8f74d47f6c5d3d18bcc32a2713d3b7d82f260d8e2770bfb6aea0a46f8d957796c64d02e6a0445f92c31b83b29724b8004ba9fcc7f6fcc93afaf3 -AUX dnscrypt-proxy.initd-r1 258 BLAKE2B 86ceff0c2affc0508cafa782803498be680f46520a380eb64eb2fde026c65cd349a4a5f995e5a285c35db1514a77e95b5067c96cd41905f253e101bffa453f41 SHA512 700849b9a0b8a3a224d0c149091937f751461bb42c7ac4a4bccecf28d9a7b64dd2f47601bee1f8d5c08bdfad2defdcab0c0bc22c7393873612f56d78cd0edc6a -AUX dnscrypt-proxy.service-r1 445 BLAKE2B f6e6af96d6b11892aa8d7aa111ca42dfe6589abbb6e5e214253fdc4f6d6686484e22dc24f45f05b23223bb8ada91e594bd0d015d35ed4850ce47e90d778a7867 SHA512 ff226e1f6416de04b42828ab89a0df48b4eac1385f489ccad594b5e07cbceb57249006951f25237a55effdd2acaf8ce7e0fb2c36fc17799f963d506696b0cb4f -AUX dnscrypt-proxy.socket-r1 152 BLAKE2B e4eb7875f749646f77675b39c7c74f57d5674d825329891b0f128e190ac3625d28f81df8004975828080c6eb9665a8c0825826b5ccf305694c03c2e196da3dd7 SHA512 920014c202344726e645f3bfa5def0f194c215cc0ce6e45750e82cee3434399497b9ad3fb5268afb1823689ced0fa8d177d6411b3153661b97fbd55984752a87 -DIST dnscrypt-proxy-1.9.5.tar.bz2 1290573 BLAKE2B 8f16fdb58012e00a8b58d36364377c3bc25158b9484a8df2bd6bc98d1c9cbf5ac758997e31f95ecaeb9da2f6b7272316c5a4a1c069a39549fbc1c1b136857da0 SHA512 84c0f7587521b3a198292cf20dd71cb592ccf8a9e003abbc62c5ca112f6c5ed27c49b1642cf91f403d52b4147e25f24af540b65cecfcf93814338329097df836 +AUX dnscrypt-proxy.confd 162 BLAKE2B 4547fc4a4ec00a809bac7b55bd7a7c8efb54e526179a7e2103fdf716711912987961969619e6b6e6b2e201253e90f828ffa5eb011c0870c112a028c4cfd89ce5 SHA512 25ccbc09df7b51bc0fa4587f7a715429ba11517c64db53086dd09df24470da71b81dbacebe227bd41d1f9576b4560dc58729969eb7b33aa233ec6a6a07d573ab +AUX dnscrypt-proxy.initd 646 BLAKE2B 3ede3fd925b6fad6f42ce4b52184ebdaa9c9cc881886e2b18d45f10476a7957ea09037ba2faf8d9ff12f4a0352e982f5d267410a9f3531f1d0ad8f5558d6576d SHA512 faa119b18765eb59ddacad1340752f1bbd9d10acf59f6b79bc4c31fcbe9f0e5f08bf6cd214ce2a5bdafe13c5d1a116aacea2e09a181699f8f06f3ec34fb9dcaa +AUX dnscrypt-proxy.service 1204 BLAKE2B 879571cc00eab424b10f6ed79d9d52ba1ee835fd3ad7ef295d113b21afed075b3670066cf5dbdf0647c02853bb242c6d037f6ad962e0e6a7225b86fe88a3c9ab SHA512 3ae8f2dbe93169a6ddf71db85103a297210287006a63c71e9837ddfb62cecf6de28dd3ead6028e2f239edc4dab5a16d27c3c84fd2fcc23e41ba71b7b8fbf8b1f +AUX dnscrypt-proxy.socket 517 BLAKE2B afa07d5a441b55de46059935a0fa9b7f61bcbfced925b24282be27978a507248303a43f32f2785d585e79c6a9f456a9c3118028014cb78cde5df4ea1be150b6c SHA512 9620307006642cd211b8032939b2e4f592f73d041c6a499f1c74160812853b03543ff84619e8060e064b99a3b7c44b794907722fe485233937e3804b49e29a36 DIST dnscrypt-proxy-2.0.14.tar.gz 2876583 BLAKE2B f93b2ba8991668691d503a5c039c4bb8eee0f474893c99ebd68067faa2a530832434c08654f61482a9d5b876ecf10329117b76a20b837fde00d72521170a1d86 SHA512 2574f900b6e2f75eeeee2f634e22df41145243c23cd9a890fcfa73f13b7d032bc2b029cbb6498f5c2cd33e212392ca2298a1dce6bb369be5c9afccc21a706613 -EBUILD dnscrypt-proxy-1.9.5-r1.ebuild 1817 BLAKE2B bb0c48cadf271b942beeaee69c49dbb2582c41f86176b84c6e929ad5dd5b55deacfa03d15143b2180d05ab03913a93702315712afc73bbbea53b152e43ab30f8 SHA512 87a35841daf4da9b666bae888f9b73fa7205f9e7054afe5bdc47d1112525e2eb1237416fa7702c38bc63ce0878fc61d752f6851af1cc07a0f9b5a3591b8f0704 -EBUILD dnscrypt-proxy-2.0.14.ebuild 2876 BLAKE2B 1d8617576f87525d517f7a32be2d4f044fdcfc865cc11278a4469c1c2ff9c6f550f8d244adc97852ca48d03388845259335f9d837e5e40d2893bbe74cf7e47d3 SHA512 f77bb0d9cb3bea881c4bb15cf027564937bfbde26fbcaad3e58ceefc39dfb935dc165428b9365810af1e4df7a7d00526a41d6b2d749ad357fcab1273d0006cbf -MISC metadata.xml 941 BLAKE2B 234421b342985e6980a870bc0f7e4dc96e2867d89aa589ac23723a7a7cc4767109de7f046c817c3a21ea1bab23d352210941dc092b002dd3a7374be6c459877c SHA512 6bad822978132f7467756a88695e9e87a3ec2c007af04b423496f7befc1fc4de781a78bac17167b6de6682688e3ef445e5dce7f6f3f3e9c25a632e6222268918 +DIST dnscrypt-proxy-2.0.15.tar.gz 2887764 BLAKE2B 7c4dd36f8305494566cb8548e478d9b89eed799dab124e574c0840c606f6c51cafb73818a07b18928a6457756a122d7bceabc108b1114b2b546d3db707d2ef3a SHA512 4517ab7b7eb1474f8c9e133a289caf6c02f472b51b910f1fbe1e5ffd6d389943626c8878e68f7f27a47b00301a427dfe9c563bc82b67cafab32f4ab3bc4c84b9 +EBUILD dnscrypt-proxy-2.0.14.ebuild 2868 BLAKE2B aa4eb4cf21e09fdb4926f6dc7f8047f3c107ab8dbcb892d3f3f791f898f24ed0b0e6e3b79cbed09661c069e2c090378ec03efd7b5d02c12c8df1763513542656 SHA512 4d9cdee6adc23292c4e9b9f66ef936875915c82f1d5b94991052b41873a4c7d5a7996e2ccd0e3aad6096579e0662601e8e7ddca4abc178182157bf31ff1e9fb6 +EBUILD dnscrypt-proxy-2.0.15.ebuild 2868 BLAKE2B aa4eb4cf21e09fdb4926f6dc7f8047f3c107ab8dbcb892d3f3f791f898f24ed0b0e6e3b79cbed09661c069e2c090378ec03efd7b5d02c12c8df1763513542656 SHA512 4d9cdee6adc23292c4e9b9f66ef936875915c82f1d5b94991052b41873a4c7d5a7996e2ccd0e3aad6096579e0662601e8e7ddca4abc178182157bf31ff1e9fb6 +MISC metadata.xml 741 BLAKE2B 301593e47c2511e5160a1fa8729df605be436feb3e1b1e14de5cbceb584c89c856c2af3081a1325c354919fbf691dcdc94773f5596ba13598f451ab55b6b09f8 SHA512 f1eaeede9bb33d5341ef874b344fc9f34be7111c2e789c6088386d75ae864e68cb658246dc939ca0a0adda3898cdf88cdc321ccf1af3d8a5579cddf259852cb0 diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild deleted file mode 100644 index f72136ca55b0..000000000000 --- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-1.9.5-r1.ebuild +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit systemd user - -DESCRIPTION="A tool for securing communications between a client and a DNS resolver" -HOMEPAGE="https://dnscrypt.org" -SRC_URI="https://download.dnscrypt.org/${PN}/${P}.tar.bz2" - -LICENSE="ISC" -SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="hardened libressl +plugins ssl systemd" - -RDEPEND=" - dev-libs/libsodium:= - net-libs/ldns - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - systemd? ( sys-apps/systemd )" -DEPEND="${RDEPEND} - virtual/pkgconfig" - -pkg_setup() { - enewgroup dnscrypt - enewuser dnscrypt -1 -1 /var/empty dnscrypt -} - -src_configure() { - econf \ - $(use_enable hardened pie) \ - $(use_enable plugins) \ - $(use_enable ssl openssl) \ - $(use_with systemd) -} - -src_install() { - local DOCS=( AUTHORS ChangeLog NEWS README* THANKS *txt ) - - default - - newinitd "${FILESDIR}"/${PN}.initd-r1 ${PN} - newconfd "${FILESDIR}"/${PN}.confd-r1 ${PN} - systemd_newunit "${FILESDIR}"/${PN}.service-r1 ${PN}.service - systemd_newunit "${FILESDIR}"/${PN}.socket-r1 ${PN}.socket - insinto /etc - doins "${FILESDIR}"/${PN}.conf /etc -} - -pkg_preinst() { - # ship working default configuration for systemd users - if use systemd; then - sed -i 's/Daemonize yes/Daemonize no/g' "${D}"/etc/${PN}.conf - fi -} - -pkg_postinst() { - elog "After starting the service you will need to update your" - elog "/etc/resolv.conf and replace your current set of resolvers" - elog "with:" - elog - elog "nameserver 127.0.0.1" - elog - use systemd && elog "with systemd dnscrypt-proxy ignores LocalAddress setting in the config file" - use systemd && elog "edit dnscrypt-proxy.socket if you need to change the defaults" - elog - elog "Also see https://github.com/jedisct1/dnscrypt-proxy#usage." -} diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild index 0b64d8b992e3..5b04253b9c9b 100644 --- a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild +++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.14.ebuild @@ -42,10 +42,10 @@ src_install() { insinto "/usr/share/dnscrypt-proxy" doins -r "utils/generate-domains-blacklists/." - newinitd "${FILESDIR}"/dnscrypt-proxy-2.initd dnscrypt-proxy - newconfd "${FILESDIR}"/dnscrypt-proxy-2.confd dnscrypt-proxy - systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.service dnscrypt-proxy.service - systemd_newunit "${FILESDIR}"/dnscrypt-proxy-2.socket dnscrypt-proxy.socket + newinitd "${FILESDIR}"/dnscrypt-proxy.initd dnscrypt-proxy + newconfd "${FILESDIR}"/dnscrypt-proxy.confd dnscrypt-proxy + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.service dnscrypt-proxy.service + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.socket dnscrypt-proxy.socket einstalldocs } diff --git a/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild new file mode 100644 index 000000000000..5b04253b9c9b --- /dev/null +++ b/net-dns/dnscrypt-proxy/dnscrypt-proxy-2.0.15.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +EGO_PN="github.com/jedisct1/${PN}" + +inherit fcaps golang-build systemd user + +DESCRIPTION="A flexible DNS proxy, with support for encrypted DNS protocols" +HOMEPAGE="https://github.com/jedisct1/dnscrypt-proxy" +SRC_URI="https://${EGO_PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="ISC" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" + +FILECAPS=( cap_net_bind_service+ep usr/bin/dnscrypt-proxy ) +PATCHES=( "${FILESDIR}"/config-full-paths-r10.patch ) + +pkg_setup() { + enewgroup dnscrypt-proxy + enewuser dnscrypt-proxy -1 -1 /var/empty dnscrypt-proxy +} + +src_prepare() { + default + # Create directory structure suitable for building + mkdir -p "src/${EGO_PN%/*}" || die + mv "${PN}" "src/${EGO_PN}" || die + mv "vendor" "src/" || die +} + +src_install() { + dobin dnscrypt-proxy + + insinto /etc/dnscrypt-proxy + newins "src/${EGO_PN}"/example-dnscrypt-proxy.toml dnscrypt-proxy.toml + doins "src/${EGO_PN}"/example-{blacklist.txt,whitelist.txt} + doins "src/${EGO_PN}"/example-{cloaking-rules.txt,forwarding-rules.txt} + + insinto "/usr/share/dnscrypt-proxy" + doins -r "utils/generate-domains-blacklists/." + + newinitd "${FILESDIR}"/dnscrypt-proxy.initd dnscrypt-proxy + newconfd "${FILESDIR}"/dnscrypt-proxy.confd dnscrypt-proxy + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.service dnscrypt-proxy.service + systemd_newunit "${FILESDIR}"/dnscrypt-proxy.socket dnscrypt-proxy.socket + + einstalldocs +} + +pkg_postinst() { + fcaps_pkg_postinst + + if ! use filecaps; then + ewarn "'filecaps' USE flag is disabled" + ewarn "${PN} will fail to listen on port 53" + ewarn "please do one the following:" + ewarn "1) re-enable 'filecaps'" + ewarn "2) change port to > 1024" + ewarn "3) configure to run ${PN} as root (not recommended)" + ewarn + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if [[ ${v} == 1.* ]] ; then + elog "Version 2 is a complete rewrite of ${PN}" + elog "please clean up old config/log files" + elog + fi + if [[ ${v} == 2.* ]] ; then + elog "As of version 2.0.12 of ${PN} runs as an 'dnscrypt-proxy' user/group" + elog "you can remove obsolete 'dnscrypt' accounts from the system" + elog + fi + done + + if systemd_is_booted || has_version sys-apps/systemd; then + elog "Using systemd socket activation may cause issues with speed" + elog "latency and reliability of ${PN} and is discouraged by upstream" + elog "Existing installations advised to disable 'dnscrypt-proxy.socket'" + elog "It is disabled by default for new installations" + elog "check "$(systemd_get_systemunitdir)/${PN}.service" for details" + elog + + fi + + elog "After starting the service you will need to update your" + elog "/etc/resolv.conf and replace your current set of resolvers" + elog "with:" + elog + elog "nameserver 127.0.0.1" + elog + elog "Also see https://github.com/jedisct1/${PN}/wiki" +} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd deleted file mode 100644 index 492b2fc22940..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.confd +++ /dev/null @@ -1,3 +0,0 @@ -#DNSCRYPT_PROXY_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml" -#DNSCRYPT_PROXY_USER="dnscrypt-proxy" -#DNSCRYPT_PROXY_GROUP="dnscrypt-proxy" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd deleted file mode 100644 index 4a46acdc4bb3..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.initd +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -command="/usr/bin/dnscrypt-proxy" -command_args="${DNSCRYPT_PROXY_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}" -command_user="${DNSCRYPT_PROXY_USER:-dnscrypt-proxy}:${DNSCRYPT_PROXY_GROUP:-dnscrypt-proxy}" -pidfile="/run/${RC_SVCNAME}.pid" -start_stop_daemon_args="--background --make-pidfile" - -depend() { - use net logger - provide dns -} - -start_pre() { - checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${RC_SVCNAME}" - checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${RC_SVCNAME}" -} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service deleted file mode 100644 index ed02955621ba..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.service +++ /dev/null @@ -1,39 +0,0 @@ -[Unit] -Description=DNSCrypt-proxy client -Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki - -## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism. -## Always try without systemd sockets before reporting any issues related to speed, latency or reliability. -## If you enable this, the `listen_addresses` list in the main configuration file can be empty. -## Or, at least, the addresses it contains should not overlap with the systemd socket addresses. - -# Requires=dnscrypt-proxy.socket - -After=network.target -Wants=network.target -Before=nss-lookup.target -Wants=nss-lookup.target - -[Service] -ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml -NonBlocking=true - -DynamicUser=yes - -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes - -CacheDirectory=dnscrypt-proxy -ConfigurationDirectory=dnscrypt-proxy -LogsDirectory=dnscrypt-proxy -RuntimeDirectory=dnscrypt-proxy - -## Allow binding to 127.0.0.1:53 as non-root user -## without the .socket unit -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE - -[Install] -Also=dnscrypt-proxy.socket -WantedBy=multi-user.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket deleted file mode 100644 index ea38c90e8a5d..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy-2.socket +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=DNSCrypt-proxy socket -Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki - -[Socket] -## Listen on TCP socket. -ListenStream=127.0.0.1:53 - -## Listen on UDP socket. -ListenDatagram=127.0.0.1:53 - -## Below options are valid only for TCP socket. -## Applying them to UDP socket will result in warnings: -## TCP_NODELAY failed: Protocol not available -## TCP_DEFER_ACCEPT failed: Protocol not available -## Those can be safely ignored. -NoDelay=true -DeferAcceptSec=1 - -[Install] -WantedBy=sockets.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf deleted file mode 100644 index 52487c09c878..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.conf +++ /dev/null @@ -1,242 +0,0 @@ -###################################################### -# # -# Sample configuration file for dnscrypt-proxy # -# # -###################################################### - - -############## Resolver settings ############## - -## [CHANGE THIS] Short name of the resolver to use -## Usually the only thing you need to change in this configuration file. -## This corresponds to the first column in the dnscrypt-resolvers.csv file. -## Alternatively, "random" (without quotes) picks a random random resolver -## accessible over IPv4, that doesn't log and supports DNSSEC. - -ResolverName random - - -## Full path to the list of available DNSCrypt resolvers (dnscrypt-resolvers.csv) -## An up-to-date list is available here: -## https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv -## and the dnscrypt-update-resolvers.sh script can be used in order to -## automatically download and verify updates. - -ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv - - -## Manual settings, only for a custom resolver not present in the CSV file - -#ProviderName 2.dnscrypt.some.provider.name.tld -#ProviderKey 0000:1111:2222:3333:4444:5555:6666:7777:8888:9999:AAAA:BBBB:CCCC:DDDD:EEEE:FFFF -#ResolverAddress 111.222.333.444:56789 - - - -############## Process options ############## - -## [NOT AVAILABLE ON WINDOWS] Run the proxy as a background process. -## Unless you are using systemd, you probably want to change this to "yes" -## after having verified that the rest of the configuration works as expected. - -Daemonize yes - - -## Write the PID number to a file - -PidFile /run/dnscrypt-proxy.pid - - -## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and -## run the server as a less-privileged system user. -## The value for this parameter is a user name. - -User dnscrypt - - -############## Network/protocol settings ############## - -## Local address and port to listen to. -## A 127.0.0.x address is recommended for local use, but 0.0.0.0 or -## a specific interface address can be used on a router, or to -## configure a single machine to act as a DNS proxy for different -## devices. -## If the socket is created by systemd, the proxy cannot change the address -## using this option. You should edit systemd's dnscrypt-proxy.socket file -## instead. - -LocalAddress 127.0.0.1:53 - - -## Cache DNS responses to avoid outgoing traffic when the same queries -## are repeated multiple times in a row. - -LocalCache on - - -## Creates a new key pair for every query. -## This prevents logging servers from correlating client public keys with -## IP addresses. However, this option implies extra CPU load, and is not -## very useful with trusted/non-logging servers. - -EphemeralKeys off - - -## Maximum number of active requests waiting for a response. -## Keep it reasonable relative to the expected number of clients. - -# MaxActiveRequests 250 - - -## This is the maximum payload size allowed when using the UDP protocol. -## The default is safe, and rarely needs to be changed. - -# EDNSPayloadSize 1252 - - -## Ignore the time stamps when checking the certificates -## Do not enable this option ever, unless you know that you need it. - -# IgnoreTimestamps no - - -## Do not send queries using UDP. Only use TCP. -## Even if some resolvers mitigate this, DNS over TCP is almost always slower -## than UDP and doesn't offer additional security. -## Only enable this option if UDP doesn't work on your network. - -# TCPOnly no - - -## Forward queries for specific zones to one or more non-DNSCrypt resolvers. -## For instance, this can be used to redirect queries for local domains to -## the router, or queries for an internal domain to an internal DNS server. -## Multiple whitespace-delimited zones and IP addresses can be specified. -## Do not enable this unless you absolutely know you need it. -## If you see useless queries to these zones, you'd better block them with -## the BlackList feature instead of sending them in clear text to the router. -## This uses a plugin that requires dnscrypt-proxy to be compiled with -## the ldns library. - -#Forward domains:"localdomain" to:"192.168.0.1" - - -############## Logging ############## - -## Log the received DNS queries to a file, so you can watch in real-time what -## is happening on the network. -## The value for this parameter is a full path to the log file. -## The file name can be prefixed with ltsv: in order to store logs using the -## LTSV format (ex: ltsv:/tmp/dns-queries.log). - -# QueryLogFile /tmp/dns-queries.log - - -## Log file to write server errors and information to. -## If you use this tool for privacy, keeping logs of any kind is usually not -## a good idea. - -# LogFile /var/log/dnscrypt-proxy.log - - -## Don't log events with priority above this log level after the service has -## been started up. Default is 6. -## Valid values are between 0 (critical) to 7 (debug-level messages). - -# LogLevel 6 - - -## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon -## Log entries can optionally be prefixed with a string. - -Syslog on -# SyslogPrefix dnscrypt - - - -############## Local filtering ############## - -## If your network doesn't support IPv6, chances are that your -## applications are still constantly trying to resolve IPv6 addresses, -## causing unnecessary slowdowns. -## This causes the proxy to immediately reply to IPv6 requests, -## without having to send a useless request to upstream resolvers, and -## having to wait for a response. -## This uses a plugin that requires dnscrypt-proxy to be compiled with -## the ldns library. - -BlockIPv6 no - - -## Want to filter ads, malware, sensitive or inappropriate websites and -## domain names? This feature can block lists of IP addresses and names -## matching a list of patterns. The list of rules remains private, and -## the filtering process directly happens on your own network. In order -## to filter IP addresses, the list of IPs has to be put into a text -## file, with one IP address per line. Lists of domain names can also be -## blocked as well. Put the list into a text file, one domain per line. -## Domains can include wildcards (*) in order to match patterns. For -## example *sex* will match any name that contains the sex substring, and -## ads.* will match anything starting with ads. The Internet has plenty -## of free feeds of IP addresses and domain names used for malware, -## phishing and spam that you can use with this feature. -## -## This uses a plugin that requires dnscrypt-proxy to be compiled with -## the ldns library. -## -## To enable, uncomment one of the following definitions: - -## Block query names matching the rules stored in that file: -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" - -## Block responses whose IP addresses match IPs stored in that file: -# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" - -## Block both domain names and IP addresses: -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" - -## Same as the above + log the blocked queries in a file. -## The log file can be prefixed with ltsv: (ex: ltsv:/tmp/log.txt) in order to -## store logs using the LTSV format. -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" logfile:"/var/log/dnscrypt-blocked.log" -# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log" -# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log" - - - -############## User identification ############## - -## Use a client public key for identification -## By default, the client uses a randomized key pair in order to make tracking -## more difficult. This option does the opposite and uses a static key pair, so -## that DNS providers can offer premium services to queries signed with a known -## set of public keys. A client cannot decrypt the received responses without -## also knowing the secret key. -## The value for this property is the path to a file containing the secret key, -## encoded as a hexadecimal string. The corresponding public key is computed -## automatically. - -# ClientKey /etc/dnscrypt-client-secret.key - - - -############## Monitoring ############## - -## Do not actually start the proxy, but check that a valid certificate can be -## retrieved from the server and that it will remain valid for the specified -## time period. The process exit code is 0 if a valid certificate can be used, -## 2 if no valid certificates can be used, 3 if a timeout occurred, and 4 if a -## currently valid certificate is going to expire before the given margin. -## Useful in a cron job to monitor your own dnscrypt-servers. -## The margin is specified in minutes. - -# Test 2880 - - - -############## Recursive configuration ############## - -## A configuration file can include other configuration files by inserting -## the `Include` directive anywhere (the full path required, no quotes): - -# Include /etc/dnscrypt-proxy-common.conf diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd new file mode 100644 index 000000000000..a8db66a6ecd5 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd @@ -0,0 +1,4 @@ +#rc_use="tor" +#DNSCRYPT_PROXY_OPTS="-config /etc/dnscrypt-proxy/dnscrypt-proxy.toml" +#DNSCRYPT_PROXY_USER="dnscrypt-proxy" +#DNSCRYPT_PROXY_GROUP="dnscrypt-proxy" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 deleted file mode 100644 index 9137e1836fe0..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.confd-r1 +++ /dev/null @@ -1 +0,0 @@ -DNSCRYPT_OPTS="/etc/dnscrypt-proxy.conf" diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd new file mode 100644 index 000000000000..4a46acdc4bb3 --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/dnscrypt-proxy" +command_args="${DNSCRYPT_PROXY_OPTS:--config /etc/dnscrypt-proxy/dnscrypt-proxy.toml}" +command_user="${DNSCRYPT_PROXY_USER:-dnscrypt-proxy}:${DNSCRYPT_PROXY_GROUP:-dnscrypt-proxy}" +pidfile="/run/${RC_SVCNAME}.pid" +start_stop_daemon_args="--background --make-pidfile" + +depend() { + use net logger + provide dns +} + +start_pre() { + checkpath -q -d -m 0775 -o "${command_user}" /var/cache/"${RC_SVCNAME}" + checkpath -q -d -m 0775 -o "${command_user}" /var/log/"${RC_SVCNAME}" +} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 deleted file mode 100644 index 08196ff1a7c9..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.initd-r1 +++ /dev/null @@ -1,11 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -command="/usr/sbin/dnscrypt-proxy" -command_args="${DNSCRYPT_OPTS}" -pidfile="/run/${SVCNAME}.pid" - -depend() { - use net dns logger -} diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service new file mode 100644 index 000000000000..ed02955621ba --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service @@ -0,0 +1,39 @@ +[Unit] +Description=DNSCrypt-proxy client +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki + +## systemd sockets - Do not enable unless you are very familiar with the systemd socket activation mechanism. +## Always try without systemd sockets before reporting any issues related to speed, latency or reliability. +## If you enable this, the `listen_addresses` list in the main configuration file can be empty. +## Or, at least, the addresses it contains should not overlap with the systemd socket addresses. + +# Requires=dnscrypt-proxy.socket + +After=network.target +Wants=network.target +Before=nss-lookup.target +Wants=nss-lookup.target + +[Service] +ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml +NonBlocking=true + +DynamicUser=yes + +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes + +CacheDirectory=dnscrypt-proxy +ConfigurationDirectory=dnscrypt-proxy +LogsDirectory=dnscrypt-proxy +RuntimeDirectory=dnscrypt-proxy + +## Allow binding to 127.0.0.1:53 as non-root user +## without the .socket unit +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +Also=dnscrypt-proxy.socket +WantedBy=multi-user.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 deleted file mode 100644 index 8cbf5f1a4143..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.service-r1 +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=DNSCrypt client proxy -Documentation=man:dnscrypt-proxy(8) -Requires=dnscrypt-proxy.socket -After=network.target -Before=nss-lookup.target - -[Install] -Also=dnscrypt-proxy.socket -WantedBy=multi-user.target - -[Service] -Type=simple -NonBlocking=true - -# Edit the configuration file appropriately, or the service will not start. -# See https://dnscrypt.org for more information. -ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy.conf diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket new file mode 100644 index 000000000000..ea38c90e8a5d --- /dev/null +++ b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket @@ -0,0 +1,21 @@ +[Unit] +Description=DNSCrypt-proxy socket +Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki + +[Socket] +## Listen on TCP socket. +ListenStream=127.0.0.1:53 + +## Listen on UDP socket. +ListenDatagram=127.0.0.1:53 + +## Below options are valid only for TCP socket. +## Applying them to UDP socket will result in warnings: +## TCP_NODELAY failed: Protocol not available +## TCP_DEFER_ACCEPT failed: Protocol not available +## Those can be safely ignored. +NoDelay=true +DeferAcceptSec=1 + +[Install] +WantedBy=sockets.target diff --git a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 b/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 deleted file mode 100644 index 5ee0e4502cf1..000000000000 --- a/net-dns/dnscrypt-proxy/files/dnscrypt-proxy.socket-r1 +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=dnscrypt-proxy listening socket - -[Socket] -ListenStream=127.0.0.53:53 -ListenDatagram=127.0.0.53:53 - -[Install] -WantedBy=sockets.target diff --git a/net-dns/dnscrypt-proxy/metadata.xml b/net-dns/dnscrypt-proxy/metadata.xml index c1a85090aac5..d67745d93d23 100644 --- a/net-dns/dnscrypt-proxy/metadata.xml +++ b/net-dns/dnscrypt-proxy/metadata.xml @@ -12,15 +12,9 @@ dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating - requests using the DNSCrypt protocol and passing them to upstream - servers. + requests using the DNSCrypt or DNS-over-HTTPS protocol and passing them + to upstream servers. - - Enable plugin support to inspect and modify - queries and responses - Use systemd's socket activation instead of - creating the sockets itself - jedisct1/dnscrypt-proxy diff --git a/net-dns/knot/Manifest b/net-dns/knot/Manifest index 6ebc06e96f40..c895124c4746 100644 --- a/net-dns/knot/Manifest +++ b/net-dns/knot/Manifest @@ -3,6 +3,8 @@ AUX knot.init 861 BLAKE2B 30ffe287f4f83058407ceab00b2113dade3b60b38d76c86f156cc3 AUX knot.service 275 BLAKE2B c39b50630a84cb20d33a02ad82c0fc0c994b098766af0cd3e11b4ac6e2f6e6ebc38d6e5b99c358d5e771022fd6ad14fb7e04e95fd77ba677d10950e1fc52e9a9 SHA512 37c4700320a2781aa93ca92bc2634c3e080c87337b7d632d0e2fa23f6e2e8fa1985d1d8e2516fed02b612da4d340472d5f8d0ae37c5b323ac17bbd61ca243a86 DIST knot-2.5.7.tar.xz 1084656 BLAKE2B c2d583625a19f6a61248b3b42cdf14f5bb2bdbafdb20be6b0813744095a4016a4be2eb5e2dfaff0628238c60153480175a86706db0b88569d76156f86ba33968 SHA512 96e375f556309bb89cea982dda169cef70c23d03c48282110e47a44849c1102cd37d98aa7650781b399f5d932b724b8a935f0b9e55e4920465ae7b74a0d1d55a DIST knot-2.6.6.tar.xz 1120340 BLAKE2B 374d9b78f2ef2143d1221fced29184a52ee3773abd7cb08b6b48910f6ffc0f7c4f07c00d17d28344c93d71a709363bdf855d20587f87da622153c44d08d85fd8 SHA512 bd7a36decc74041f12971045cd69b8cc9e7ecce68f8d2b4cddc9b5f23ee96e8ed290d98fe9e6c441d6727ad4395bea615cbd9ec19cc641abce19ef8da6371972 +DIST knot-2.6.7.tar.xz 1121120 BLAKE2B c3000a08a8d873efc5a120d0f0154bcd16be0162ce3c21d74041181183c5f6f1600eeab3546737591ccd1522c8119202dc1f7dd576b70d4c006c0619b904f54a SHA512 021810b396e9aaca140c6df858c8dcb9a4be6ac8d64a413195b88d8073d39e1de0604058343bff7534d39f32de27b0e0bc2271a0e545bb9f809adfe1bfaec9a9 EBUILD knot-2.5.7.ebuild 1913 BLAKE2B df4f8dba2d9cf3b2a2905eee881bd57ec81d3086682c1791ea3c1a3a14df72997346873ff1f4bbaa08a70584123c260d27e4e436e76cf04840e379a58e3a143a SHA512 62e40fe7b3ddd94544cb1435f448ee3e9ed0175a1b68211ee0328c34163a52127d35fec146168a1846c4da44cca3098fe562828b8c62fef7238bfed3713596ed EBUILD knot-2.6.6.ebuild 1861 BLAKE2B 6aba8244d1e9af4a2da5e2d7ecd0cc2af6ddfdda408d4c57b210ad21478cc0b95f3e7b3dbba08e78d55a54769e90b99010f7230c392c4ffa19f01235150e667b SHA512 fc87b9e3a3561e7cb5b06ea59d38d9ef2dcdeab01fcbaddb0f89861e173ebbb9bfde6ab2c81e4bf2523cc1682f3386f1095a42ee6d010daa6a5dae5773c08c8a +EBUILD knot-2.6.7.ebuild 1861 BLAKE2B 6aba8244d1e9af4a2da5e2d7ecd0cc2af6ddfdda408d4c57b210ad21478cc0b95f3e7b3dbba08e78d55a54769e90b99010f7230c392c4ffa19f01235150e667b SHA512 fc87b9e3a3561e7cb5b06ea59d38d9ef2dcdeab01fcbaddb0f89861e173ebbb9bfde6ab2c81e4bf2523cc1682f3386f1095a42ee6d010daa6a5dae5773c08c8a MISC metadata.xml 1539 BLAKE2B c07704f4bbf249b7953403a33c71d7565ef2219b019dbccdc15d9d459ff57f0aa200ed5ae9ab74b07e352d8dcd12f62f5d7bb392b064dbeedad3257ced653675 SHA512 8b39c687fb8b9fb4bf25e0baa8c851ffb4980c0028bf0f64a3c642146139429e292c6ca3fbd01b7bb311ecbbe7bf1df128885b53971b836f541fe97bedf6f056 diff --git a/net-dns/knot/knot-2.6.7.ebuild b/net-dns/knot/knot-2.6.7.ebuild new file mode 100644 index 000000000000..2c624d4be58a --- /dev/null +++ b/net-dns/knot/knot-2.6.7.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd user + +DESCRIPTION="High-performance authoritative-only DNS server" +HOMEPAGE="https://www.knot-dns.cz/" +SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +KNOT_MODULES=( + "+dnsproxy" + "dnstap" + "+noudp" + "+onlinesign" + "rosedb" + "+rrl" + "+stats" + "+synthrecord" + "+whoami" +) +IUSE="doc caps +fastparser idn libidn2 systemd +utils ${KNOT_MODULES[@]}" + +RDEPEND=" + dev-db/lmdb + dev-libs/libedit + dev-libs/userspace-rcu + dev-python/lmdb + net-libs/gnutls + caps? ( sys-libs/libcap-ng ) + dnstap? ( + dev-libs/fstrm + dev-libs/protobuf-c + ) + idn? ( + !libidn2? ( net-dns/libidn ) + libidn2? ( net-dns/libidn2 ) + ) + systemd? ( sys-apps/systemd ) +" +DEPEND="${RDEPEND} + virtual/pkgconfig + doc? ( dev-python/sphinx ) +" + +S="${WORKDIR}/${P/_/-}" + +src_configure() { + local u + local my_conf=( + --with-storage="${EPREFIX}/var/lib/${PN}" + --with-rundir="${EPREFIX}/var/run/${PN}" + $(use_enable fastparser) + $(use_enable dnstap) + $(use_enable doc documentation) + $(use_enable utils utilities) + --enable-systemd=$(usex systemd) + $(use_with idn libidn) + ) + + for u in "${KNOT_MODULES[@]#+}"; do + my_conf+=("$(use_with ${u} module-${u})") + done + + econf "${my_conf[@]}" +} + +src_compile() { + default + + if use doc; then + emake -C doc html + HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} ) + fi +} + +src_test() { + emake check +} + +src_install() { + default + + rmdir "${D}var/run/${PN}" "${D}var/run/" || die + keepdir /var/lib/${PN} + + newinitd "${FILESDIR}/knot.init" knot + if use systemd; then + systemd_newunit "${FILESDIR}/knot-1.service" knot.service + fi + + find "${D}" -name '*.la' -delete || die +} + +pkg_postinst() { + enewgroup knot 53 + enewuser knot 53 -1 /var/lib/knot knot +} diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest index c0174410c388..8f2c442dd45b 100644 --- a/net-dns/unbound/Manifest +++ b/net-dns/unbound/Manifest @@ -15,6 +15,7 @@ DIST unbound-1.6.6.tar.gz 5460482 BLAKE2B af0d9ca0e5eeaebc3a2023dc7179a3bc80952d DIST unbound-1.6.7.tar.gz 5466931 BLAKE2B 57a051d5ac6d7fbc3d51613305651987670d0f50fbebf661505b42b6c8980543b34b52a4f9ca9e6ee4dbad59d9acf547b78cf35a691d0c00884da979ae22d8c4 SHA512 6e3d1a057081252183343d0d1b8ace742ab15e8f5244e61287340f49289d7449bed93fbfdaa3194c0e99ca23948f4b33038f75af5c5b26c938004d06fc3031e0 DIST unbound-1.6.8.tar.gz 5467536 BLAKE2B 06caffbd905c339b3d0667382114bb3e5d5da90988402c8f488f789f9bf6ab87377e6a26aa083a7e9ba3d023f37d3eeba1e069adf8a8a266b23fb8361aeb6e26 SHA512 653d88d5dbc8cf25f7261e4a9869b6591843c7ff27b5d63f979a94505daafbbb61e05d46bedd2d01230355d5f08dd9fe14ed04c5c7340f3f27581b61ad6edfa3 DIST unbound-1.7.0.tar.gz 5538228 BLAKE2B a825e2cbef74b3a78f9802056d6f0992f77e0d40d4d28889c98b9ffa224ec3281b6873eab59134dcca8dc56bdd17202b3817dd28ab30d0a0bb72d749426b7675 SHA512 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9 +DIST unbound-1.7.1.tar.gz 5565938 BLAKE2B 423dde8a13ea3539d86eade96507e6cdb4ac816393e99f58b4e0dc74a79c31bae57c87924ef737a567cc338d02d672f6c059c86d2f28a634f06e5f9a339f4260 SHA512 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255 EBUILD unbound-1.5.1-r2.ebuild 3427 BLAKE2B 193c35ecb00ae6303e6ab97852f79dffdf2bef64ce0b7c6e961370eb87d9506569e8aadfa6386624ce121162380b24fde713b36865b18bf228aacb3651defde8 SHA512 d3630f81fd44b40f5deb155473dc5835cc68e444be26afd0207fa734f285b566694b92dc073185cb24c9588a0ca5cb9ebf9c9268c2725c24a6c61d7ca73d1bcf EBUILD unbound-1.5.10.ebuild 3465 BLAKE2B 765d3f8f6a987a22195a235e515fb4fd29005a8e2b8d2eeadc9328993ba41d95655db10e1f8426b449311b08516b8dbd4abae382bf6d9b2f3608716c7f57f30c SHA512 28fb9da2c9bf08fbdd8e440c7c0f61da5ef25f7ca179b18e7c189e5c23f70dea295e1dd9b0fa289c75f5a4ee24ed9e1b3248f62fb0dc05d78068f22c00d100a7 EBUILD unbound-1.6.3.ebuild 3689 BLAKE2B 8bdfd0f5b48ed66d7eb167e187cac4c64c3c0a044f0523662f253514717a273671fa15e6e931ec03f3ea16a6f2f727701811f41a10ecd49326a9c855f694a2d1 SHA512 15d464ec999b6c98e05d5904e52af977036c2c7ea2bf1d54cebf05f6841f8c28adda1b5d6fa9f344d12ea8417f512a1f0c0487aad62627a7761e97e71f3b018c @@ -24,4 +25,5 @@ EBUILD unbound-1.6.7.ebuild 3696 BLAKE2B 224feff7eaac4169dcd877ce794df745a5e67c7 EBUILD unbound-1.6.8-r2.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303 EBUILD unbound-1.6.8.ebuild 3696 BLAKE2B 2b520948c09e02bba9a1685e25a46b94280d9ef65fc69091b0a6a33b176b8538033d3347aa828e6bb66df85383d1b33f343085f52b3a1e3150e6aa1bf8808c37 SHA512 06c2a8cc24f9ef503eacfcc0a6dd19c63651163dc7b6523f75360f6902deb8f74b616d370c3f93b4633cc823a93be7dc833d8427c70c1b5530cf96a77b056ee9 EBUILD unbound-1.7.0.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303 +EBUILD unbound-1.7.1.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303 MISC metadata.xml 1008 BLAKE2B 1852e514f97f9305848144ae0f9aaf8fb49546cd9afcd873ab67dcefee0503d5047809dc8c650006ccdb236c9ba9ff02cc5ecf726d61c25e17167409f91d3fb1 SHA512 f6654d6d254a4d51a8c454c542f1fbbff16bfeaa1cb681f110b9ae99a4231cdb7c073a5d42faba71168079330f9e01781df7a5b3e1bd70d771c874a5bbe9742a diff --git a/net-dns/unbound/unbound-1.7.1.ebuild b/net-dns/unbound/unbound-1.7.1.ebuild new file mode 100644 index 000000000000..9edf230ed88d --- /dev/null +++ b/net-dns/unbound/unbound-1.7.1.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="debug dnscrypt dnstap +ecdsa gost libressl python selinux static-libs systemd test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + ) + systemd? ( sys-apps/systemd ) + virtual/pkgconfig" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + # improve security on existing installs (bug #641042) + # as well as new installs where unbound homedir has just been created + if [[ -d "${ROOT}/etc/unbound" ]]; then + chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" + fi + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnscrypt) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(use_enable systemd) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_dounit "${FILESDIR}"/unbound.socket + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh + + # create space for auto-trust-anchor-file... + keepdir /etc/unbound/var + # ... and point example config to it + sed -i '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' "${ED}/etc/unbound/unbound.conf" +} + +pkg_postinst() { + # make var/ writable by unbound + if [[ -d "${ROOT}/etc/unbound/var" ]]; then + chown --no-dereference --from=root unbound: "${ROOT}/etc/unbound/var" + fi + einfo "" + einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" + einfo "set 'auto-trust-anchor-file: /etc/unbound/var/root-anchors.txt' in /etc/unbound/unbound.conf" + einfo "and run" + einfo "" + einfo " su -s /bin/sh -c '/usr/sbin/unbound-anchor -a /etc/unbound/var/root-anchors.txt' unbound" + einfo "" + einfo "as root to create it initially before starting unbound for the first time after enabling this." + einfo "" +} -- cgit v1.2.3