gentoo resync : 25.08.2020

5 files changed, 254 insertions, 3 deletions

diff --git a/net-dns/dnsviz/Manifest b/net-dns/dnsviz/Manifest
index 3e4db42712c2..00e808c83db2 100644
--- a/net-dns/dnsviz/Manifest
+++ b/net-dns/dnsviz/Manifest
@@ -1,3 +1,5 @@
+AUX dnsviz-0.8.2-add-ed448-support.patch 6452 BLAKE2B 77f12acf3bd4224200f677b24899c56061a9d99d03de681bfa117869a7af4148faa30004a200cd6bb968ce53b67d1d3b72a0374e441ebc9ae96e22c3a88b9c95 SHA512 d2e60d7270267dac1237b8d32ae2a5b603972a9e9901eee03cf7d51e004f3d2aba911b3032f710f4b293b308b3507dfa74eede0e2a653b6c86b90123c9b847ad
 DIST dnsviz-0.8.2.tar.gz 404265 BLAKE2B c4ba6b5a7d6fee7c8e2cba0c90f29560152dd4beed1ef4d80a6a3bf9f81646ee8f0d61c38329233e300f2b434cb5d9e9d2a926dc72997ae68ff0a57e147bafcf SHA512 5414d9bda6c0bf5fdc5a84a09cb5833619110702749b12f87d63f5149de473f4bd1b6960c506c60ec5fc5ff82d789536cee70a299ff13c960a45776de2916c80
-EBUILD dnsviz-0.8.2.ebuild 1402 BLAKE2B 1a6d391662d6c99a59cccf5106e2e44086379d34cac126ea4a42cbf752c65425f7a7f60a34590776808006b80df6248cc4cd8d1e22371a08b6a5ea79c0c94d92 SHA512 04101c7e2907e78caf4fe066e3ad2ff71379513f9e59ca80051f65f58839d2e16514cfbe22ee96cbe8b28c9ce5208b86995b06ae823fd03554b1f35c2443e8af
-MISC metadata.xml 687 BLAKE2B d648e9100b7cd371d7235c0f370d10f8cce3f7eef83afabe1e6d6df1619ea2ff1eb08ded3c724df22ee7d406c2f7c65b158ae67a4472084b832d0d806fc21cb9 SHA512 bcd03b712bf637a1019c3d22d9e336d514ffd9ba7ae3f05685371897af8893177a709ec8546c186a1b54de89794931f985aa72570c0eaa1d7a88d6579478dbb3
+EBUILD dnsviz-0.8.2-r1.ebuild 1731 BLAKE2B 0a4c8990500142c456f82fd177e63d08597f4ac4eaa4865b618ac03743fc1ec950b0bf035ec3d79f0565848b29b481285e76bfaa8d57a42f07f45ee0ecff3886 SHA512 5c800d8be346f2d7996fac14ef5fbc76ecb275b61b784bde622df3de8d52a39fd635b2a0290955354d1c5ebac33effa11586abf78df32d8d3292082b8721da71
+EBUILD dnsviz-0.8.2.ebuild 1408 BLAKE2B ff5fa7495e31ee1d10e3891a6f3465ad9f9e20a3d3f8fbdc37ad161eed6669961922c5362d0793b4043858ab9b82e07a973fa455409acd349d5c701594c45e26 SHA512 04b4f2b950065a7442bd4cccd36147b8689303f9a9bb8c6763da1b0df49cbd44720c221c35a6e0be38a83a6a83c15db0dab3c4e642fe11a863d8a924936045ad
+MISC metadata.xml 799 BLAKE2B dc78a89bd168c950054144b3e3569fb9db9a9d423612d1bdb5eb56c6422e92de7d8bfb148c4d43784bddb811e3a2ab46a98875bef76c8c7198ed40aac9c02263 SHA512 87c3f080a01cc3b3524bde90e153c4cc0eae9c0c98c482ceffde452520e70bc2f84500aa8c8425086090ad81ea3cae5b489286256d3875875358836ca5b87a35
diff --git a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
new file mode 100644
index 000000000000..aaee35f2902a
--- /dev/null
+++ b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+inherit distutils-r1 eutils
+
+DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
+HOMEPAGE="https://dnsviz.net/"
+SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+	dev-python/dnspython[${PYTHON_USEDEP}]
+	>=dev-python/m2crypto-0.31.0[${PYTHON_USEDEP}]
+	>=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]"
+
+RDEPEND="
+	${DEPEND}"
+
+PATCHES=( "${FILESDIR}"/${PN}-0.8.2-add-ed448-support.patch )
+
+python_prepare_all() {
+	# Fix the ebuild to use correct FHS/Gentoo policy paths for 0.8.2
+	sed -i \
+		-e "s|share/doc/dnsviz|share/doc/${PF}|g" \
+			"${S}"/setup.py \
+			|| die
+
+	distutils-r1_python_prepare_all
+}
+
+python_test() {
+	distutils_install_for_testing
+
+	"${EPYTHON}" tests/offline_tests.py -v || die
+
+	# No need to pull in net-dns/bind for this small test
+	if hash named-checkconf &>/dev/null ; then
+		"${EPYTHON}" tests/local_probe_tests.py -v || die
+	else
+		einfo "Skipping local_probe_tests -- named-checkconf not found!"
+	fi
+}
+
+pkg_postinst() {
+	elog "Support for extra feature can be get from:"
+	optfeature "Support for pre-deployment testing" net-dns/bind
+
+	# Warn about extra requirements for >=OpenSSL 1.1.0
+	if has_version '=dev-libs/openssl-1.1*'; then
+	   echo
+	   ewarn "With OpenSSL version 1.1.0 and later,the OpenSSL GOST Engine"
+	   ewarn "is necessary to validate DNSSEC signatures with algorithm 12"
+	   ewarn "(GOST R 34.10-2001) and digests of type 3 (GOST R 34.11-94)"
+	   ewarn "OpenSSL GOST Engine can be get from --> dev-libs/gost-engine"
+	fi
+}
diff --git a/net-dns/dnsviz/dnsviz-0.8.2.ebuild b/net-dns/dnsviz/dnsviz-0.8.2.ebuild
index 7a798a386531..8a8cbadb11a8 100644
--- a/net-dns/dnsviz/dnsviz-0.8.2.ebuild
+++ b/net-dns/dnsviz/dnsviz-0.8.2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_6 )
+PYTHON_COMPAT=( python3_{6,7,8} )
 inherit distutils-r1 eutils
 
 DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
diff --git a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
new file mode 100644
index 000000000000..1d4d88e97e6d
--- /dev/null
+++ b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
@@ -0,0 +1,182 @@
+From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
+From: Pascal Ernster <git@hardfalcon.net>
+Date: Mon, 22 Jul 2019 04:25:18 +0200
+Subject: [PATCH] Replace libnacl with python-cryptography, add support for
+ algo 16 (Ed448)
+
+Origin: https://github.com/dnsviz/dnsviz/pull/54
+
+---
+ Dockerfile              |  2 +-
+ README.md               |  8 ++++----
+ contrib/dnsviz-py2.spec |  2 +-
+ contrib/dnsviz-py3.spec |  2 +-
+ dnsviz/crypto.py        | 30 +++++++++++++++++++++++++-----
+ requirements.txt        |  2 +-
+ setup.py                |  2 +-
+ 7 files changed, 34 insertions(+), 14 deletions(-)
+
+diff --git a/Dockerfile b/Dockerfile
+index dc6a0d9e..61a319de 100644
+--- a/Dockerfile
++++ b/Dockerfile
+@@ -2,7 +2,7 @@ FROM alpine:edge
+ 
+ RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
+ RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
+-	pip3 install pygraphviz m2crypto dnspython libnacl && \
++	pip3 install pygraphviz m2crypto dnspython cryptography && \
+ 	apk del builddeps
+ 
+ COPY . /tmp/dnsviz
+diff --git a/README.md b/README.md
+index e9dcda83..03d9c3dd 100644
+--- a/README.md
++++ b/README.md
+@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
+ 
+ * M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
+ 
+-* libnacl - https://github.com/saltstack/libnacl
++* Cryptography (2.6 or later) - https://cryptography.io/
+ 
+ Note that the software versions listed above are known to work with the current
+ version of DNSViz.  Other versions might also work well together, but might
+@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
+ ```
+ (Note that this installs the dependencies that are python packages, but some of
+ these packages have non-python dependecies, such as Graphviz (required for
+-pygraphviz) and libsodium (required for libnacl), that are not installed
++pygraphviz) and OpenSSL (required for Cryptography), that are not installed
+ automatically.)
+ 
+ Next download and install DNSViz from the Python Package Index (PyPI):
+@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
+ $ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
+ ```
+ 
+-Install dnspython, pygraphviz, M2Crypto, and libnacl.
++Install dnspython, pygraphviz, M2Crypto, and Cryptography.
+ ```
+-$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
++$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
+ ```
+ For python2:
+ ```
+diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
+index 0bea597b..65033c95 100644
+--- a/contrib/dnsviz-py2.spec
++++ b/contrib/dnsviz-py2.spec
+@@ -15,7 +15,7 @@ BuildRequires:  make
+ Requires:       python2-pygraphviz >= 1.3
+ Requires:       m2crypto >= 0.28.0
+ Requires:       python2-dns >= 1.13
+-Requires:       python2-libnacl
++Requires:       python2-cryptography
+ 
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
+index ef25f4b5..975f3e10 100644
+--- a/contrib/dnsviz-py3.spec
++++ b/contrib/dnsviz-py3.spec
+@@ -15,7 +15,7 @@ BuildRequires:  make
+ Requires:       python3-pygraphviz >= 1.3
+ Requires:       python3-m2crypto >= 0.28.0
+ Requires:       python3-dns >= 1.13
+-Requires:       python3-libnacl
++Requires:       python3-cryptography
+ 
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
+index b011cbf3..283eac4d 100644
+--- a/dnsviz/crypto.py
++++ b/dnsviz/crypto.py
+@@ -55,7 +55,7 @@
+         'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
+         'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
+         'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
+-        'libnacl': (set([15]), set(), set()),
++        'cryptography': (set([15,16]), set(), set()),
+ }
+ _logged_modules = set()
+ 
+@@ -72,12 +72,19 @@
+     _supported_digest_algs.update(set([1,2,4]))
+ 
+ try:
+-    from libnacl.sign import Verifier as ed25519Verifier
++    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+ except ImportError:
+     pass
+ else:
+     _supported_algs.add(15)
+ 
++try:
++    from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
++except ImportError:
++    pass
++else:
++    _supported_algs.add(16)
++
+ GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
+ GOST_ENGINE_NAME = b'gost'
+ GOST_DIGEST_NAME = b'GOST R 34.11-94'
+@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
+ 
+ def _validate_rrsig_ed25519(alg, sig, msg, key):
+     try:
+-        verifier = ed25519Verifier(binascii.hexlify(key))
+-        return verifier.verify(sig + msg) == msg
+-    except ValueError:
++        verifier = Ed25519PublicKey.from_public_bytes(key)
++        verifier.verify(sig, msg)
++    except:
+         return False
++    else:
++        return True
++
++def _validate_rrsig_ed448(alg, sig, msg, key):
++    try:
++        verifier = Ed448PublicKey.from_public_bytes(key)
++        verifier.verify(sig, msg)
++    except:
++        return False
++    else:
++        return True
+ 
+ def validate_rrsig(alg, sig, msg, key):
+     if not alg_is_supported(alg):
+@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
+         return _validate_rrsig_ec(alg, sig, msg, key)
+     elif alg in (15,):
+         return _validate_rrsig_ed25519(alg, sig, msg, key)
++    elif alg in (16,):
++        return _validate_rrsig_ed448(alg, sig, msg, key)
+ 
+ def get_digest_for_nsec3(val, salt, alg, iterations):
+     if not nsec3_alg_is_supported(alg):
+diff --git a/requirements.txt b/requirements.txt
+index d6b2de5e..af2be235 100644
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -1,4 +1,4 @@
+ dnspython
+ pygraphviz
+ m2crypto
+-libnacl
++cryptography
+diff --git a/setup.py b/setup.py
+index ba1016e3..b531c025 100644
+--- a/setup.py
++++ b/setup.py
+@@ -135,7 +135,7 @@ def run(self):
+                 'pygraphviz (>=1.1)',
+                 'm2crypto (>=0.24.0)',
+                 'dnspython (>=1.11)',
+-                'libnacl',
++                'cryptography (>=2.6)',
+         ],
+         classifiers=[
+                 'Development Status :: 5 - Production/Stable',
diff --git a/net-dns/dnsviz/metadata.xml b/net-dns/dnsviz/metadata.xml
index c1ee72309eb6..910b4bc2b997 100644
--- a/net-dns/dnsviz/metadata.xml
+++ b/net-dns/dnsviz/metadata.xml
@@ -5,6 +5,10 @@
 		<email>hasan.calisir@psauxit.com</email>
 		<name>Hasan ÇALIŞIR</name>
 	</maintainer>
+	<maintainer type="person">
+		<email>whissi@gentoo.org</email>
+		<name>Thomas Deutschmann</name>
+	</maintainer>
 	<maintainer type="project">
 		<email>proxy-maint@gentoo.org</email>
 		<name>Proxy Maintainers</name>