gentoo resync : 25.08.2020

author: V3n3RiX <venerix@redcorelinux.org> 2020-08-25 10:45:55 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2020-08-25 10:45:55 +0100
commit: 3cf7c3ef441822c889356fd1812ebf2944a59851 (patch)
tree: c513fe68548b40365c1c2ebfe35c58ad431cdd77 /net-dns/unbound
parent: 05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff)
3 files changed, 48 insertions, 30 deletions
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
index 64243029e652..36dd0dcfa02b 100644
--- a/net-dns/unbound/Manifest
+++ b/net-dns/unbound/Manifest
@@ -8,6 +8,7 @@ AUX unbound.service 247 BLAKE2B d986319f9b43600d4f6443f50e214efd39fd20be6a7067b5
 AUX unbound.socket 101 BLAKE2B 4885d311873d7f3e5daf1c0a63798b13761b7c0bfb1bead0bde11bc2a2a994d55670c992b42ea1b4bbee98d04a12f4e7e7517bd0e9caa74d8cac2d1dc0c33274 SHA512 935ab3bd5bc3d3347e44c20482aa19396d243b89f2dbc7bf9f89b16a2559715866e16dfd9f5c4866222d8ee968f158a773475d94629f0ef9fa9b8fd23f0fbc2e
 AUX unbound_at.service 304 BLAKE2B 0762200390475ff6a3ca4dc282b3eca3e55cb339528a73b0c6148f4df336c4c07e8da19320df6bedb49cb6884da565543f78456d38dc3000ca2a1abde84816be SHA512 71bd8c422ffe57e448b66f97775075a407671757266d40294a670b41cd1a59f16b65488d30aa74b79b7536f0c4c50adb56e32377e8029fd6c327b85c022c5fe3
 DIST unbound-1.10.1.tar.gz 5729334 BLAKE2B 7ca4f23c12a551bc6e5d6ec32f19ca0f54526b9a4c868ced8f31cfd31dec23f8240b78f0c00d2cc6f9aa21f6c1b98697c85ef3ebd804a838a5a082893fe98094 SHA512 d07f3ac0e751c17a3ff7d99518c22529cf6856861218564a2ca073422905525cb9ddaf76c9600187946fadb7324343bcd85c34ff06bd322e0ea621a2d258bb85
-EBUILD unbound-1.10.1-r1.ebuild 5429 BLAKE2B 4f16093ae3a34a97fd475da9d5094987ae289b203a71a6ca881b7371fe2f3550bc4d126e8b29d93564affd62df6428b1d27737ff71fce4c85122156238cd59f1 SHA512 8fe49aba1ec04421a6f29a4ae72ee3175447ab087503d2b6f3fc3690f5573e9663a376d5166e1252b902e9a0177a3a148b9abab8f874825579e30d77a4b3295b
-EBUILD unbound-1.10.1.ebuild 5390 BLAKE2B ce7620d0f76f8ec2b304cb73e7f875938957f285bdf73741e7c43f3d720853500d0ff857d2ec101bacbd3d8a61e270c42d9aebb4365718b1cc434519b387d48b SHA512 2e9305db63c2889389362ea48938d0cdd66aeb3fc15636004b43ba2a9ab0a2c8ccf934125fc253c89927e24bbe68ce2e21ee2c736835d4fe8eedb560e996d3b3
+DIST unbound-1.11.0.tar.gz 5900967 BLAKE2B 3119bbcd78fa19c610937215abc64abcc1ca96ba42b6753a1e36fef501f68971ac2ee0cb9bde377e0b257c57f505aeac2315a6bf031626874d30967b0a5eb46a SHA512 511e787c5f9647286b07028702a8909390e0e6eafe7224459d5f1eee8a8dfb09c71e33f291e30851dc57411123b91dfe0e124787109a7e4afdf6f3b02768e7cd
+EBUILD unbound-1.10.1-r1.ebuild 5424 BLAKE2B 85fe1509a5c82edf8985ce6cfa80325db99959566a7f63b9407d3c19311d420e98cfb29674538325740b485b48351a2e7621f6afdeb13c4f3152bff8c880b996 SHA512 8d65dadb63f9a70ee72e7cbadfc45a5921d4ec886540d01cab588696b0bbf7b30d502bcef1c0ae38d0e554979ca9cbe90bb7444ed00e87defb687640f9ea0546
+EBUILD unbound-1.11.0.ebuild 6008 BLAKE2B dd27e2b8d4d1c320af8e268ae5f0d9f95d26782137bfb11deebe44533904da8716d894bfacdcd3bbd187c0d1d52d9e6a57a330f75ced2cb3d1b802f705bc352e SHA512 df2940e7037f61717bc8c53a6ce386d189b4bffbb4a8881074798718087ab78e10e5c840070f629432f2ca328727b585ba2695703f9572ba5913fe8ad461d415
 MISC metadata.xml 1357 BLAKE2B 3fccac00ddfac90bb692169a01f19402fd5534f05a88a8981e6e276f535800f50e4ee138f2b815db176e426422e54a2d107219f214cfaeda979ce1b03710f71a SHA512 13ffc57b5a7ddd1a2ab76a4f29d7a5dc2926ed07ae74f74444ecda949aae2a611a1e194d9b482fe145a00021f603b22c7b8a44f1b7901600da261b0bc1f51525
diff --git a/net-dns/unbound/unbound-1.10.1-r1.ebuild b/net-dns/unbound/unbound-1.10.1-r1.ebuild
index 30c4c5084639..f4046ee80426 100644
--- a/net-dns/unbound/unbound-1.10.1-r1.ebuild
+++ b/net-dns/unbound/unbound-1.10.1-r1.ebuild
@@ -13,7 +13,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"
 
 LICENSE="BSD GPL-2"
 SLOT="0/8" # ABI version of libunbound.so
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 x86"
 IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 RESTRICT="!test? ( test )"
diff --git a/net-dns/unbound/unbound-1.10.1.ebuild b/net-dns/unbound/unbound-1.11.0.ebuild
index 704a3c262452..30cafd751b15 100644
--- a/net-dns/unbound/unbound-1.10.1.ebuild
+++ b/net-dns/unbound/unbound-1.11.0.ebuild
@@ -2,9 +2,9 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
-PYTHON_COMPAT=( python3_{6,7} )
+PYTHON_COMPAT=( python3_{6,7,8,9} )
 
-inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user
+inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd
 
 MY_P=${PN}-${PV/_/}
 DESCRIPTION="A validating, recursive and caching DNS resolver"
@@ -13,7 +13,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"
 
 LICENSE="BSD GPL-2"
 SLOT="0/8" # ABI version of libunbound.so
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 x86"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86"
 IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 RESTRICT="!test? ( test )"
@@ -23,7 +23,9 @@ RESTRICT="!test? ( test )"
 # the executables. MULTILIB_USEDEP may be dropped once build system
 # is fixed.
 
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+CDEPEND="acct-group/unbound
+	acct-user/unbound
+	>=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
 	>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]
 	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )
 	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
@@ -60,19 +62,12 @@ RDEPEND="${RDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch
 	"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch
+	"${FILESDIR}"/${PN}-1.10.1-find-ar.patch
 )
 
 S=${WORKDIR}/${MY_P}
 
 pkg_setup() {
-	enewgroup unbound
-	enewuser unbound -1 -1 /etc/unbound unbound
-	# improve security on existing installs (bug #641042)
-	# as well as new installs where unbound homedir has just been created
-	if [[ -d "${ROOT}/etc/unbound" ]]; then
-		chown --no-dereference --from=unbound root "${ROOT}/etc/unbound"
-	fi
-
 	use python && python-single-r1_pkg_setup
 }
 
@@ -148,16 +143,18 @@ multilib_src_install_all() {
 
 	# create space for auto-trust-anchor-file...
 	keepdir /etc/unbound/var
+	fowners root:unbound /etc/unbound/var
+	fperms 0770 /etc/unbound/var
 	# ... and point example config to it
 	sed -i \
 		-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \
-		"${ED}/etc/unbound/unbound.conf" || \
-		die
+		"${ED}/etc/unbound/unbound.conf" \
+		|| die
 
 	# Used to store cache data
 	keepdir /var/lib/${PN}
 	fowners root:unbound /var/lib/${PN}
-	fperms 0750 /var/lib/${PN}
+	fperms 0770 /var/lib/${PN}
 
 	find "${ED}" -name '*.la' -delete || die
 	if ! use static-libs ; then
@@ -166,18 +163,38 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
-	# make var/ writable by unbound
-	if [[ -d "${EROOT}/etc/unbound/var" ]]; then
-		chown --no-dereference --from=root unbound: "${EROOT}/etc/unbound/var"
+	if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]] ; then
+		einfo "Trying to create unbound control key ..."
+		if ! unbound-control-setup &>/dev/null ; then
+			ewarn "Failed to create unbound control key!"
+		fi
 	fi
 
-	einfo ""
-	einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
-	einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf"
-	einfo "and run"
-	einfo ""
-	einfo "  su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound"
-	einfo ""
-	einfo "as root to create it initially before starting unbound for the first time after enabling this."
-	einfo ""
+	if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]] ; then
+		einfo ""
+		einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
+		einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf"
+		einfo "and run"
+		einfo ""
+		einfo "  su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound"
+		einfo ""
+		einfo "as root to create it initially before starting unbound for the first time after enabling this."
+		einfo ""
+	fi
+
+	# Our user is not available on prefix
+	use prefix && return
+
+	local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX)
+	su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null
+	if [ $? -ne 0 ] ; then
+		ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!"
+		ewarn "Run the following commands to restore default permission:"
+		ewarn ""
+		ewarn "    chown root:unbound ${EPREFIX}/etc/unbound/var"
+		ewarn "    chmod 0770 ${EPREFIX}/etc/unbound/var"
+	else
+		# Cleanup -- no reason to die here!
+		rm -f "${_perm_check_testfile}"
+	fi
 }
author	V3n3RiX <venerix@redcorelinux.org>	2020-08-25 10:45:55 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2020-08-25 10:45:55 +0100
commit	3cf7c3ef441822c889356fd1812ebf2944a59851 (patch)
tree	c513fe68548b40365c1c2ebfe35c58ad431cdd77 /net-dns/unbound
parent	05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff)