reinit the tree, so we can have metadata

9 files changed, 198 insertions, 0 deletions

diff --git a/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch
new file mode 100644
index 000000000000..c1be28cbc0db
--- /dev/null
+++ b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch
@@ -0,0 +1,72 @@
+From 858da540f70a4411ad8fbe7144cef6ce9da18f89 Mon Sep 17 00:00:00 2001
+From: wouter <wouter@be551aaa-1e26-0410-a405-d3ace91eadb9>
+Date: Mon, 5 Jan 2015 13:51:22 +0000
+Subject: [PATCH] - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores
+ missing   IP_MTU_DISCOVER OMIT option.
+
+--- a/services/listen_dnsport.c
++++ b/services/listen_dnsport.c
+@@ -368,29 +368,47 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
+  * (and also uses the interface mtu to determine the size of the packets).
+  * So there won't be any EMSGSIZE error.  Against DNS fragmentation attacks.
+  * FreeBSD already has same semantics without setting the option. */
+-#    if defined(IP_PMTUDISC_OMIT)
+-		int action = IP_PMTUDISC_OMIT;
+-#    else
+-		int action = IP_PMTUDISC_DONT;
+-#    endif
++		int omit_set = 0;
++		int action;
++#   if defined(IP_PMTUDISC_OMIT)
++		action = IP_PMTUDISC_OMIT;
+ 		if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 
+ 			&action, (socklen_t)sizeof(action)) < 0) {
+-			log_err("setsockopt(..., IP_MTU_DISCOVER, "
+-#    if defined(IP_PMTUDISC_OMIT)
+-				"IP_PMTUDISC_OMIT"
++
++			if (errno != EINVAL) {
++				log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
++					strerror(errno));
++
++#    ifndef USE_WINSOCK
++				close(s);
+ #    else
+-				"IP_PMTUDISC_DONT"
++				closesocket(s);
+ #    endif
+-				"...) failed: %s",
+-				strerror(errno));
++				*noproto = 0;
++				*inuse = 0;
++				return -1;
++			}
++		}
++		else
++		{
++		    omit_set = 1;
++		}
++#   endif
++		if (omit_set == 0) {
++   			action = IP_PMTUDISC_DONT;
++			if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
++				&action, (socklen_t)sizeof(action)) < 0) {
++				log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
++					strerror(errno));
+ #    ifndef USE_WINSOCK
+-			close(s);
++				close(s);
+ #    else
+-			closesocket(s);
++				closesocket(s);
+ #    endif
+-			*noproto = 0;
+-			*inuse = 0;
+-			return -1;
++				*noproto = 0;
++				*inuse = 0;
++				return -1;
++			}
+ 		}
+ #  elif defined(IP_DONTFRAG)
+ 		int off = 0;
diff --git a/net-dns/unbound/files/unbound-1.4.12-gentoo.patch b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch
new file mode 100644
index 000000000000..57920689783e
--- /dev/null
+++ b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch
@@ -0,0 +1,12 @@
+diff -Naur unbound-1.4.12.orig/doc/example.conf.in unbound-1.4.12/doc/example.conf.in
+--- unbound-1.4.12.orig/doc/example.conf.in	2011-07-14 17:33:37.000000000 +0900
++++ unbound-1.4.12/doc/example.conf.in	2011-07-16 10:01:06.644402341 +0900
+@@ -334,7 +334,7 @@
+ 	# with several entries, one file per entry.
+ 	# Zone file format, with DS and DNSKEY entries.
+ 	# Note this gets out of date, use auto-trust-anchor-file please.
+-	# trust-anchor-file: ""
++	# trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+ 	
+ 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
+ 	# single line, surrounded by "". TTL is ignored. class is IN default.
diff --git a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
new file mode 100644
index 000000000000..c4c0ffa3d6d1
--- /dev/null
+++ b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
@@ -0,0 +1,12 @@
+diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in
+--- unbound-1.5.7.orig/doc/example.conf.in	2015-12-10 08:59:18.000000000 +0100
++++ unbound-1.5.7/doc/example.conf.in	2016-01-05 04:08:01.666760015 +0100
+@@ -378,7 +378,7 @@
+ 	# with several entries, one file per entry.
+ 	# Zone file format, with DS and DNSKEY entries.
+ 	# Note this gets out of date, use auto-trust-anchor-file please.
+-	# trust-anchor-file: ""
++	# trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+ 
+ 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
+ 	# single line, surrounded by "". TTL is ignored. class is IN default.
diff --git a/net-dns/unbound/files/unbound-anchor.service b/net-dns/unbound/files/unbound-anchor.service
new file mode 100644
index 000000000000..f55cf9db5d1e
--- /dev/null
+++ b/net-dns/unbound/files/unbound-anchor.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Update of the root trust anchor for DNSSEC validation
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+Before=unbound.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/unbound-anchor
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd
new file mode 100644
index 000000000000..b4de7cf1142e
--- /dev/null
+++ b/net-dns/unbound/files/unbound.confd
@@ -0,0 +1,4 @@
+# Settings should normally not need any changes.
+
+# Location of the unbound configuration file. Leave empty for the default.
+#UNBOUND_CONFFILE="/etc/unbound/unbound.conf"
diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd
new file mode 100644
index 000000000000..b295f285dd1e
--- /dev/null
+++ b/net-dns/unbound/files/unbound.initd
@@ -0,0 +1,55 @@
+#!/sbin/openrc-run
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+name="unbound daemon"
+extra_commands="configtest"
+extra_started_commands="reload"
+description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address."
+description_configtest="Run syntax tests for configuration files only."
+description_reload="Kills all children and reloads the configuration."
+
+
+UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound}
+UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf}
+UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf}
+
+depend() {
+	need net
+	use logger
+	provide dns
+	after auth-dns
+}
+
+checkconfig() {
+	UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}")
+	return $?
+}
+
+configtest() {
+	ebegin "Checking ${SVCNAME} configuration"
+	checkconfig
+	eend $?
+}
+
+start() {
+	checkconfig || return $?
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \
+		--exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}"
+	eend $?
+}
+
+stop() {
+	checkconfig || return $?
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --pidfile "${UNBOUND_PIDFILE}"
+	eend $?
+}
+
+reload() {
+	checkconfig || return $?
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${UNBOUND_PIDFILE}"
+	eend $?
+}
diff --git a/net-dns/unbound/files/unbound.service b/net-dns/unbound/files/unbound.service
new file mode 100644
index 000000000000..41dd6fabd290
--- /dev/null
+++ b/net-dns/unbound/files/unbound.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Unbound recursive Domain Name Server
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+ExecStartPre=/usr/sbin/unbound-checkconf
+ExecStart=/usr/sbin/unbound -d
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-dns/unbound/files/unbound.socket b/net-dns/unbound/files/unbound.socket
new file mode 100644
index 000000000000..0628064a4a5e
--- /dev/null
+++ b/net-dns/unbound/files/unbound.socket
@@ -0,0 +1,5 @@
+[Socket]
+ListenDatagram=127.0.0.1:1153
+ListenStream=127.0.0.1:1153
+[Install]
+WantedBy=sockets.target
diff --git a/net-dns/unbound/files/unbound_at.service b/net-dns/unbound/files/unbound_at.service
new file mode 100644
index 000000000000..84b34af45446
--- /dev/null
+++ b/net-dns/unbound/files/unbound_at.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Unbound recursive Domain Name Server
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+Type=simple
+ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf
+ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf
+
+[Install]
+WantedBy=multi-user.target