diff options
Diffstat (limited to 'net-dns/bind')
| -rw-r--r-- | net-dns/bind/Manifest | 20 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.11.1_p1.ebuild | 426 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.11.1_p3.ebuild | 426 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.11.2.ebuild | 423 | ||||
| -rw-r--r-- | net-dns/bind/files/10bind.env | 1 | ||||
| -rw-r--r-- | net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch | 97 | ||||
| -rw-r--r-- | net-dns/bind/files/generate-rndc-key.sh | 7 | ||||
| -rw-r--r-- | net-dns/bind/files/localhost.zone-r3 | 11 | ||||
| -rw-r--r-- | net-dns/bind/files/named.cache-r3 | 92 | ||||
| -rw-r--r-- | net-dns/bind/files/named.conf | 1 | ||||
| -rw-r--r-- | net-dns/bind/files/named.conf-r8 | 166 | ||||
| -rw-r--r-- | net-dns/bind/files/named.confd-r7 | 48 | ||||
| -rw-r--r-- | net-dns/bind/files/named.init-r13 | 252 | ||||
| -rw-r--r-- | net-dns/bind/files/named.service-r1 | 13 | ||||
| -rw-r--r-- | net-dns/bind/metadata.xml | 22 |
15 files changed, 2005 insertions, 0 deletions
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest new file mode 100644 index 000000000000..acb2017bbac7 --- /dev/null +++ b/net-dns/bind/Manifest @@ -0,0 +1,20 @@ +AUX 10bind.env 27 SHA256 5ad6a4402372b43809618051873b63646746f400447bba30dc4dfecd028e3650 SHA512 8ae5326b158b8a3eeaab667c84dd712fefd25d10832598783fa497285183cbdee554796c22d32fec54cd00461469f29ed473a730304a00aacdf06c1bb6c33d55 WHIRLPOOL 8fe00482e9ba95698cd814893784bd502ac0edb318450edac60bff4d2b4810068cd5e1f58cfce1ca5e05d5967d36728bf67cd927ce7d991832d1a07593d27c37 +AUX bind-9.11.0_p5-dyndb-dlopen.patch 2932 SHA256 87a0d02ef647cda2503c4b04f75423036f24cb0c50d9e0ff9b67cf45f0b2973b SHA512 4aef9a107e15953ff81b8354e5e68756650e951ce4e12181d8ac200bd006f6d10c75f0af496a0755d883b921af2aa7984fbe15fdbd5ef8ec47ab6e185027f646 WHIRLPOOL 843a3c327481d1b3e4ece8e52a389b8720e0b8288f99d4396b30b6183c70674d4ab5b2d8244a400b8843380bc648af4fbd738d3d63fc6e36d0c768f1a288651c +AUX generate-rndc-key.sh 183 SHA256 7d9c010a62db7561770fefdfb557bdae17f18835e62bfb9761680054d851ab44 SHA512 6c611120185c1a61b2b6da228efc28302ebd36c819b97793920543ce2cfff4da84f43ec53ddd072f008b04c7087cc19108c4279cb962d12a7e073b47235d14ee WHIRLPOOL d071d473faa6e1feca55ce6e4dd68d76b566372b8cee2e27fd89b48fd4651fe3cff957ac66ad895dccdba1373f18b75f67daeb9bc292dc9a7bc6f3f6da330f91 +AUX localhost.zone-r3 426 SHA256 3f39e9b5be72435e961cd6f5acdfe396b05640bf370969acf918a939575122bc SHA512 979d8693046033c24490dca536f0d649795bbdf57eed32017b32d07d7d3c51b35197e4edd79d8258074a1bf14b71376472ba6ae749f62ceaf74d7a6a0559fa89 WHIRLPOOL 0b7bba480e8bb8cc61e0c9efe2eaba4288fd05b9ae6aeda5e691ad50fc2741bc19b7669a4de56821de2a792df0fe4501d98ff92287dc79cc0bdf766526d365bd +AUX named.cache-r3 3316 SHA256 2265e9862c5188841f21e906e67e3d9bd83b5bad1f4305c38b7bcd921c5ec406 SHA512 512ea771b011c8ca25b90a473bf1bd8cd0467853a469e03f1685d35979a772722d704e373eaf640cdda93201ef53d18e38127dcce37ff6138310f9de218dd682 WHIRLPOOL 534552732b0609eec9845a98172ee832f2c6d8ba4bca7f76c356e0689238c61831d7823b331cc156fd0a27be2434c89befba7473fde2ecee89b6972eff3a0f93 +AUX named.conf 32 SHA256 f0423c4ee8495da487e07e9144bec1d25f46a0cd2dfa7cfd7a761ef15bfefc98 SHA512 c344fd4949eb80114d0c157517ece3f4b9505b94e3de00489d4b2b23beb74612f38cf3443f2f3b98fe01d98ad1842f45ff1d1826d67937e72e4629bbdf683a59 WHIRLPOOL 2542b9afcb86d14b516f11a7b32f472b0b0415b29ddb618b9c99385aa3d4a04bbc22f6197443dc2de643791994d9799a00eaef508d8306cc622d18e65bc96c3f +AUX named.conf-r8 4020 SHA256 c1f93d78f46aa6a562d1530ae1697d16fe9020435b835e192cafcb66ff22d7fc SHA512 60ab117e488604810a6e42a627eae465f6241208e726e763127f84102d05a661cceeddd00bc9d8d92c3da7d73d034ef876ace6744a0516b2bcadbaff1d9c82ad WHIRLPOOL 005f5185451a5a20ab9f7d5e0374b051e051315f6a28245241c74bfc1d6a6f3ca2b742a2a774a8dd6e04cef887c69b07bbef31896db02031bdf3e99569274178 +AUX named.confd-r7 1364 SHA256 3cf1ab72446cb9417de916e4cd732f2056fb74d2c6f03da6741b7bae8c415448 SHA512 68fa7c8963ac59349de3d05972c07aa0123b7bebbe0ba9604463ccfd1b377c2babe01eed4745cbe0f7d3831d1b47c2fa620f8092c67465fb771cae4932b0861a WHIRLPOOL 53ae821e10b8ee9becc265030a1cd7758706c1348ffe857edfde744d3214dbc0d648550d83801f4340fe06884ac8edaddbf2e39b8440d007c36b0895f201609a +AUX named.init-r13 6202 SHA256 a1a25bd66fa2edac593e77c5469e110466b7d8dc1bfa3f72a49c7117196986a4 SHA512 c675adec65796989dc8524d533868975d4e2c3b2ed5f09aa3cd92ec21b8dfb161582dd5afdf08ab78174873f3e1458e90c2d50958f0b5a303078540a675ec0c9 WHIRLPOOL 7e9065f30634faceb14adcf87afeafd0e038c710e8668024f3cf44980180874a1614247979842b48ca506e5dc8acd7f22540b94d4c8a2cc7126045c248fb96ad +AUX named.service-r1 327 SHA256 5c57f181cbb153fe6beb9385c56b874ea56afc19cca105ea3c5cadf2138c349d SHA512 1d3dbf9d1de0c23c398a523b05c0fb266b6b699e54d232818b28205f697ca227acae9f2778d6f41309b117a6cd78eee170b745594b786b1c1571d5f66d6c3de4 WHIRLPOOL fbfbb8ec1bd7bf1796be0daa66ec0918b175f3953b0312c492a09097f4e7c9b60d303330f525c03d1aa7b0934c2bc134e90800afb7e40e06f77f865c8710dd66 +DIST bind-9.11.1-P1.tar.gz 9745364 SHA256 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 SHA512 5683ae7be264e11b5b2a843d216e3ca4959b7de109863d5435090b2e033d6c405689e4ce57385ca787b1c948f4437aea39b8d5164a1d347c167f87337e9fc760 WHIRLPOOL a9dd3cabfe04f16a60ce9d55d3bfdd57d05bddd9fb86996e952756bf40b63dda78d269903d1ae951b499cea899e154e2936117ad2bc6de0e30c0937c8292e45b +DIST bind-9.11.1-P3.tar.gz 9749095 SHA256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 SHA512 bf92ce1e07e5c84cc42b413bdbd3ad97f37712a6dc330dc10182992d948b7a393d5446efa188379b39020c34d810cebe2a7acccc9b8aa6bb564e1f3e6be42e96 WHIRLPOOL 93c139c979a60f9f3d8e54cf9f23e25a6d64180f7c2be6ba8c41488e9eec985c0bd67ab28e7f502c155c57b643b47b4c12d1ee5877077be37e07138adbd93a56 +DIST bind-9.11.2.tar.gz 9782180 SHA256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a SHA512 c837c0a360049b0077b155eede9b6a71f63d1caca2ddf20a8ab7860a1033a3750e49cd2804dcf8c43b0aef04bcea99422d1302b4eae1646eb69a5ae6d64625b9 WHIRLPOOL e77846ffbe8f70b295f4aeeb110946ba98a3d4a2fd79b059728226d0916429e8a5657b1dea0f545581588153f3f00ba7c99e326359be4bad3f1ed637a75d52ed +DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2 +EBUILD bind-9.11.1_p1.ebuild 12498 SHA256 62b9f9ef5ecccaf6be82c58ede7b449cd67d7a9a490a1443a4de45d5fb409ea5 SHA512 d7b3972d58d051007b764b7301ba3edd6102f45cb214f4b41c2f6348eac693d86c31f059ff5898dcb7c662ba79dad329d220db9e090e120f378c51ccd8b38bfa WHIRLPOOL cb9e2fb15a13682afbc698605870dedeccff8d2dad98e82dc4469a86631e96f5f30f66a9c53059d85b7b6b05a8f3371cc489a62b8851a6dd082b078aba30fe18 +EBUILD bind-9.11.1_p3.ebuild 12499 SHA256 0b38e97b60487fcbd9ffabf11f700e7cb90a09c0aabead232f320128eb8ac1e3 SHA512 a8ca80141447d31cb6e13e3735b3811bf626d6ee9db251b4180c517521c5e7f02d06f5f9006490950a8eab222d6f0baca1f6cfb519aa431a283b9b0dd5dff2df WHIRLPOOL ea25f316604fcaf3379b178c779a9692e188384cffc8de16f76aaebd94cba424b686b91a766a2aa55b100779b7aa54efda9a6fc3b0f548acd601ba4280d4c330 +EBUILD bind-9.11.2.ebuild 12431 SHA256 af45ada25adaac0110363d9ee4d400f71e9307c6ce3b26906ce7448f766e82ae SHA512 fe2b99f8d354eeb88f586a256996d4c03f2bd6b29d5cf9780e79ceb09eec0de0a8606415b48a019a357b598b9ef20db76b0e6617231d31350dbf47476dae26e5 WHIRLPOOL 5b0527fcb9ad14c7d92e6e6fce7de73f31d10abc8274057a5dfa93f3c8f403551a74ee57a71e3b139a3bf367be5dae00409c0188019c53cca04aacb426c48a75 +MISC ChangeLog 13297 SHA256 4d0045e6ff541c64902f94168dfd5ff70e05e7d5bc1cf5e817736fadc1785c92 SHA512 2a5f50500efb399be99d1aada968f779e685a1e7edfcf4d9ef56ddbf7cb47bb29556995731a59b3566f4eb20c71bdb170b7e03f97dcf0108d3b1e583a4e68847 WHIRLPOOL 48a57d85327680fcf62dd26edac49844829ea83e0dd094c21bf3226c25a8667af2b7f8d974bf47855e9b964b4a17779a3a1031ed00ca57c435e23abfdbe4af1d +MISC ChangeLog-2015 85716 SHA256 b34fb291b038caf3fd1bb5f6553fdb05469ca71cc3ad27366df77432a81ab1cc SHA512 d012fe08e05c7c8d45abc92043cd90b1f24bf9faf038ea529da760cf4ad65946887b694250ac82e7683df67e43a77bb85588af4cae79209d1a83b50c1506957c WHIRLPOOL d2a8db6f2ca33a0e16be2c80bc5c364d1e4e2e4edc63a139b0c440da3ce0ea05715eb41401ec59e1175b10fd2db175924409ad5a76a7985683a747b9f2967c70 +MISC metadata.xml 1085 SHA256 8319244c68d6ad3a4f01fbec5f553c24ff721be302e8b2d1958041ce3be6b8d7 SHA512 a04b103703aaebc79738193b378f94df74461e918bf8fa7a99459e42b41b59a1b294113040cf5892d77b4c7c31b1448d9869b53cd2a9fb2f885ab1a1a6ba2f3b WHIRLPOOL 133a74f625c42b8a1c8b09c1387386b7a075bf0dddb78e79a82ff56d407520ff7c5cbbfef6c8153b57abecd609eba79ee79eae0fa474f597220f5449f9e762f4 diff --git a/net-dns/bind/bind-9.11.1_p1.ebuild b/net-dns/bind/bind-9.11.1_p1.ebuild new file mode 100644 index 000000000000..7fba0854e43c --- /dev/null +++ b/net-dns/bind/bind-9.11.1_p1.ebuild @@ -0,0 +1,426 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Re dlz/mysql and threads, needs to be verified.. +# MySQL uses thread local storage in its C api. Thus MySQL +# requires that each thread of an application execute a MySQL +# thread initialization to setup the thread local storage. +# This is impossible to do safely while staying within the DLZ +# driver API. This is a limitation caused by MySQL, and not the DLZ API. +# Because of this BIND MUST only run with a single thread when +# using the MySQL driver. + +EAPI="5" + +PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) + +inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd + +MY_PV="${PV/_p/-P}" +MY_PV="${MY_PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SDB_LDAP_VER="1.1.0-fc14" + +RRL_PV="${MY_PV}" + +NSLINT_DIR="contrib/nslint-3.0a2/" + +# SDB-LDAP: http://bind9-ldap.bayour.com/ + +DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" +HOMEPAGE="http://www.isc.org/software/bind" +SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz + doc? ( mirror://gentoo/dyndns-samples.tbz2 )" +# sdb-ldap? ( +# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 +# )" + +LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# -berkdb by default re bug 602682 +IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 +json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs ++threads urandom xml +zlib" +# sdb-ldap - patch broken +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 + +REQUIRED_USE="postgres? ( dlz ) + berkdb? ( dlz ) + mysql? ( dlz !threads ) + odbc? ( dlz ) + ldap? ( dlz ) + gost? ( !libressl ssl ) + threads? ( caps ) + dnstap? ( threads ) + python? ( ${PYTHON_REQUIRED_USE} )" +# sdb-ldap? ( dlz ) + +DEPEND=" + ssl? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + ) + mysql? ( >=virtual/mysql-4.0 ) + odbc? ( >=dev-db/unixODBC-2.2.6 ) + ldap? ( net-nds/openldap ) + idn? ( net-dns/idnkit ) + postgres? ( dev-db/postgresql:= ) + caps? ( >=sys-libs/libcap-2.1.0 ) + xml? ( dev-libs/libxml2 ) + geoip? ( >=dev-libs/geoip-1.4.6 ) + gssapi? ( virtual/krb5 ) + gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) + seccomp? ( sys-libs/libseccomp ) + json? ( dev-libs/json-c ) + lmdb? ( dev-db/lmdb ) + zlib? ( sys-libs/zlib ) + dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) + python? ( + ${PYTHON_DEPS} + dev-python/ply[${PYTHON_USEDEP}] + )" +# sdb-ldap? ( net-nds/openldap ) + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bind ) + || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" + +S="${WORKDIR}/${MY_P}" + +# bug 479092, requires networking +RESTRICT="test" + +pkg_setup() { + ebegin "Creating named group and user" + enewgroup named 40 + enewuser named 40 -1 /etc/bind named + eend ${?} +} + +src_prepare() { + # bug 600212 + epatch "${FILESDIR}"/${PN}-9.11.0_p5-dyndb-dlopen.patch + + # Adjusting PATHs in manpages + for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do + sed -i \ + -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ + -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ + -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ + "${i}" || die "sed failed, ${i} doesn't exist" + done + +# if use dlz; then +# # sdb-ldap patch as per bug #160567 +# # Upstream URL: http://bind9-ldap.bayour.com/ +# # New patch take from bug 302735 +# if use sdb-ldap; then +# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch +# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ +# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ +# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ +# fi +# fi + + # should be installed by bind-tools + sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die + + # Disable tests for now, bug 406399 + sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + + if use nslint; then + sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die + fi + + # bug #220361 + rm aclocal.m4 + rm -rf libtool.m4/ + eautoreconf +} + +src_configure() { + local myconf="" + + if use urandom; then + myconf="${myconf} --with-randomdev=/dev/urandom" + else + myconf="${myconf} --with-randomdev=/dev/random" + fi + + use geoip && myconf="${myconf} --with-geoip" + + # bug #158664 +# gcc-specs-ssp && replace-flags -O[23s] -O + + # To include db.h from proper path + use berkdb && append-flags "-I$(db_includedir)" + + export BUILD_CC=$(tc-getBUILD_CC) + econf \ + --sysconfdir=/etc/bind \ + --localstatedir=/var \ + --with-libtool \ + --enable-full-report \ + --without-readline \ + $(use_enable caps linux-caps) \ + $(use_enable filter-aaaa) \ + $(use_enable fixed-rrset) \ + $(use_enable ipv6) \ + $(use_enable rpz rpz-nsdname) \ + $(use_enable rpz rpz-nsip) \ + $(use_enable seccomp) \ + $(use_enable threads) \ + $(use_with berkdb dlz-bdb) \ + $(use_with dlz dlopen) \ + $(use_with dlz dlz-filesystem) \ + $(use_with dlz dlz-stub) \ + $(use_with gost) \ + $(use_with gssapi) \ + $(use_with idn) \ + $(use_with json libjson) \ + $(use_with ldap dlz-ldap) \ + $(use_with mysql dlz-mysql) \ + $(use_with odbc dlz-odbc) \ + $(use_with postgres dlz-postgres) \ + $(use_with lmdb) \ + $(use_with python) \ + $(use_with ssl ecdsa) \ + $(use_with ssl openssl "${EPREFIX}"/usr) \ + $(use_with xml libxml2) \ + $(use_with zlib) \ + ${myconf} + + # $(use_enable static-libs static) \ + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h + + if use nslint; then + cd $NSLINT_DIR + econf + fi +} + +src_compile() { + emake + + if use nslint; then + emake -C $NSLINT_DIR CCOPT="${CFLAGS}" + fi +} + +src_install() { + emake DESTDIR="${D}" install + + if use nslint; then + cd $NSLINT_DIR + dobin nslint + doman nslint.8 + cd "${S}" + fi + + dodoc CHANGES FAQ README + + if use idn; then + dodoc contrib/idn/README.idnkit + fi + + if use doc; then + dodoc doc/arm/Bv9ARM.pdf + + docinto misc + dodoc doc/misc/* + + # might a 'html' useflag make sense? + docinto html + dohtml -r doc/arm/* + + docinto contrib + dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} + + # some handy-dandy dynamic dns examples + pushd "${D}"/usr/share/doc/${PF} 1>/dev/null + tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die + popd 1>/dev/null + fi + + insinto /etc/bind + newins "${FILESDIR}"/named.conf-r8 named.conf + + # ftp://ftp.rs.internic.net/domain/named.cache: + insinto /var/bind + newins "${FILESDIR}"/named.cache-r3 named.cache + + insinto /var/bind/pri + newins "${FILESDIR}"/localhost.zone-r3 localhost.zone + + newinitd "${FILESDIR}"/named.init-r13 named + newconfd "${FILESDIR}"/named.confd-r7 named + + if use gost; then + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die + else + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die + fi + + newenvd "${FILESDIR}"/10bind.env 10bind + + # Let's get rid of those tools and their manpages since they're provided by bind-tools + rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* + rm -f "${D}"/usr/share/man/man8/nsupdate.8* + rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} + rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} + for tool in dsfromkey importkey keyfromlabel keygen \ + revoke settime signzone verify; do + rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" + rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* + done + + # bug 405251, library archives aren't properly handled by --enable/disable-static + if ! use static-libs; then + find "${D}" -type f -name '*.a' -delete || die + fi + + # bug 405251 + find "${D}" -type f -name '*.la' -delete || die + + if use python; then + install_python_tools() { + dosbin bin/python/dnssec-{checkds,coverage} + } + python_foreach_impl install_python_tools + + python_replicate_script "${D}usr/sbin/dnssec-checkds" + python_replicate_script "${D}usr/sbin/dnssec-coverage" + fi + + # bug 450406 + dosym named.cache /var/bind/root.cache + + dosym /var/bind/pri /etc/bind/pri + dosym /var/bind/sec /etc/bind/sec + dosym /var/bind/dyn /etc/bind/dyn + keepdir /var/bind/{pri,sec,dyn} + + dodir /var/log/named + + fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} + fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/log/named /var/bind/{,sec,dyn} + + systemd_newunit "${FILESDIR}/named.service-r1" named.service + systemd_dotmpfilesd "${FILESDIR}"/named.conf + exeinto /usr/libexec + doexe "${FILESDIR}/generate-rndc-key.sh" +} + +pkg_postinst() { + if [ ! -f '/etc/bind/rndc.key' ]; then + if use urandom; then + einfo "Using /dev/urandom for generating rndc.key" + /usr/sbin/rndc-confgen -r /dev/urandom -a + echo + else + einfo "Using /dev/random for generating rndc.key" + /usr/sbin/rndc-confgen -a + echo + fi + chown root:named /etc/bind/rndc.key + chmod 0640 /etc/bind/rndc.key + fi + + einfo + einfo "You can edit /etc/conf.d/named to customize named settings" + einfo + use mysql || use postgres || use ldap && { + elog "If your named depends on MySQL/PostgreSQL or LDAP," + elog "uncomment the specified rc_named_* lines in your" + elog "/etc/conf.d/named config to ensure they'll start before bind" + einfo + } + einfo "If you'd like to run bind in a chroot AND this is a new" + einfo "install OR your bind doesn't already run in a chroot:" + einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." + einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" + einfo + + CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) + if [[ -n ${CHROOT} ]]; then + elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + elog "To enable the old behaviour (without using mount) uncomment the" + elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + elog "If you decide to use the new/default method, ensure to make backup" + elog "first and merge your existing configs/zones to /etc/bind and" + elog "/var/bind because bind will now mount the needed directories into" + elog "the chroot dir." + fi +} + +pkg_config() { + CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) + CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) + CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) + + if [[ -z "${CHROOT}" ]]; then + eerror "This config script is designed to automate setting up" + eerror "a chrooted bind/named. To do so, please first uncomment" + eerror "and set the CHROOT variable in '/etc/conf.d/named'." + die "Unset CHROOT" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + ewarn "To enable the old behaviour (without using mount) uncomment the" + ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 + fi + + echo; einfo "Setting up the chroot directory..." + + mkdir -m 0750 -p ${CHROOT} + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} + mkdir -m 0750 -p ${CHROOT}/etc/bind + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ + # As of bind 9.8.0 + if has_version net-dns/bind[gost]; then + if [ "$(get_libdir)" = "lib64" ]; then + mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines + ln -s lib64 ${CHROOT}/usr/lib + else + mkdir -m 0755 -p ${CHROOT}/usr/lib/engines + fi + fi + chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind + + mknod ${CHROOT}/dev/null c 1 3 + chmod 0666 ${CHROOT}/dev/null + + mknod ${CHROOT}/dev/zero c 1 5 + chmod 0666 ${CHROOT}/dev/zero + + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 + chmod 0666 ${CHROOT}/dev/urandom + else + mknod ${CHROOT}/dev/random c 1 8 + chmod 0666 ${CHROOT}/dev/random + fi + + if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then + cp -a /etc/bind ${CHROOT}/etc/ + cp -a /var/bind ${CHROOT}/var/ + fi + + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" +} diff --git a/net-dns/bind/bind-9.11.1_p3.ebuild b/net-dns/bind/bind-9.11.1_p3.ebuild new file mode 100644 index 000000000000..dae4b60bd0f8 --- /dev/null +++ b/net-dns/bind/bind-9.11.1_p3.ebuild @@ -0,0 +1,426 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Re dlz/mysql and threads, needs to be verified.. +# MySQL uses thread local storage in its C api. Thus MySQL +# requires that each thread of an application execute a MySQL +# thread initialization to setup the thread local storage. +# This is impossible to do safely while staying within the DLZ +# driver API. This is a limitation caused by MySQL, and not the DLZ API. +# Because of this BIND MUST only run with a single thread when +# using the MySQL driver. + +EAPI="5" + +PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) + +inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd + +MY_PV="${PV/_p/-P}" +MY_PV="${MY_PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SDB_LDAP_VER="1.1.0-fc14" + +RRL_PV="${MY_PV}" + +NSLINT_DIR="contrib/nslint-3.0a2/" + +# SDB-LDAP: http://bind9-ldap.bayour.com/ + +DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" +HOMEPAGE="http://www.isc.org/software/bind" +SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz + doc? ( mirror://gentoo/dyndns-samples.tbz2 )" +# sdb-ldap? ( +# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 +# )" + +LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" +SLOT="0" +KEYWORDS="alpha amd64 arm ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# -berkdb by default re bug 602682 +IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 +json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs ++threads urandom xml +zlib" +# sdb-ldap - patch broken +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 + +REQUIRED_USE="postgres? ( dlz ) + berkdb? ( dlz ) + mysql? ( dlz !threads ) + odbc? ( dlz ) + ldap? ( dlz ) + gost? ( !libressl ssl ) + threads? ( caps ) + dnstap? ( threads ) + python? ( ${PYTHON_REQUIRED_USE} )" +# sdb-ldap? ( dlz ) + +DEPEND=" + ssl? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + ) + mysql? ( >=virtual/mysql-4.0 ) + odbc? ( >=dev-db/unixODBC-2.2.6 ) + ldap? ( net-nds/openldap ) + idn? ( net-dns/idnkit ) + postgres? ( dev-db/postgresql:= ) + caps? ( >=sys-libs/libcap-2.1.0 ) + xml? ( dev-libs/libxml2 ) + geoip? ( >=dev-libs/geoip-1.4.6 ) + gssapi? ( virtual/krb5 ) + gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) + seccomp? ( sys-libs/libseccomp ) + json? ( dev-libs/json-c ) + lmdb? ( dev-db/lmdb ) + zlib? ( sys-libs/zlib ) + dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) + python? ( + ${PYTHON_DEPS} + dev-python/ply[${PYTHON_USEDEP}] + )" +# sdb-ldap? ( net-nds/openldap ) + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bind ) + || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" + +S="${WORKDIR}/${MY_P}" + +# bug 479092, requires networking +RESTRICT="test" + +pkg_setup() { + ebegin "Creating named group and user" + enewgroup named 40 + enewuser named 40 -1 /etc/bind named + eend ${?} +} + +src_prepare() { + # bug 600212 + epatch "${FILESDIR}"/${PN}-9.11.0_p5-dyndb-dlopen.patch + + # Adjusting PATHs in manpages + for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do + sed -i \ + -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ + -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ + -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ + "${i}" || die "sed failed, ${i} doesn't exist" + done + +# if use dlz; then +# # sdb-ldap patch as per bug #160567 +# # Upstream URL: http://bind9-ldap.bayour.com/ +# # New patch take from bug 302735 +# if use sdb-ldap; then +# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch +# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ +# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ +# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ +# fi +# fi + + # should be installed by bind-tools + sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die + + # Disable tests for now, bug 406399 + sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + + if use nslint; then + sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die + fi + + # bug #220361 + rm aclocal.m4 + rm -rf libtool.m4/ + eautoreconf +} + +src_configure() { + local myconf="" + + if use urandom; then + myconf="${myconf} --with-randomdev=/dev/urandom" + else + myconf="${myconf} --with-randomdev=/dev/random" + fi + + use geoip && myconf="${myconf} --with-geoip" + + # bug #158664 +# gcc-specs-ssp && replace-flags -O[23s] -O + + # To include db.h from proper path + use berkdb && append-flags "-I$(db_includedir)" + + export BUILD_CC=$(tc-getBUILD_CC) + econf \ + --sysconfdir=/etc/bind \ + --localstatedir=/var \ + --with-libtool \ + --enable-full-report \ + --without-readline \ + $(use_enable caps linux-caps) \ + $(use_enable filter-aaaa) \ + $(use_enable fixed-rrset) \ + $(use_enable ipv6) \ + $(use_enable rpz rpz-nsdname) \ + $(use_enable rpz rpz-nsip) \ + $(use_enable seccomp) \ + $(use_enable threads) \ + $(use_with berkdb dlz-bdb) \ + $(use_with dlz dlopen) \ + $(use_with dlz dlz-filesystem) \ + $(use_with dlz dlz-stub) \ + $(use_with gost) \ + $(use_with gssapi) \ + $(use_with idn) \ + $(use_with json libjson) \ + $(use_with ldap dlz-ldap) \ + $(use_with mysql dlz-mysql) \ + $(use_with odbc dlz-odbc) \ + $(use_with postgres dlz-postgres) \ + $(use_with lmdb) \ + $(use_with python) \ + $(use_with ssl ecdsa) \ + $(use_with ssl openssl "${EPREFIX}"/usr) \ + $(use_with xml libxml2) \ + $(use_with zlib) \ + ${myconf} + + # $(use_enable static-libs static) \ + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h + + if use nslint; then + cd $NSLINT_DIR + econf + fi +} + +src_compile() { + emake + + if use nslint; then + emake -C $NSLINT_DIR CCOPT="${CFLAGS}" + fi +} + +src_install() { + emake DESTDIR="${D}" install + + if use nslint; then + cd $NSLINT_DIR + dobin nslint + doman nslint.8 + cd "${S}" + fi + + dodoc CHANGES FAQ README + + if use idn; then + dodoc contrib/idn/README.idnkit + fi + + if use doc; then + dodoc doc/arm/Bv9ARM.pdf + + docinto misc + dodoc doc/misc/* + + # might a 'html' useflag make sense? + docinto html + dohtml -r doc/arm/* + + docinto contrib + dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} + + # some handy-dandy dynamic dns examples + pushd "${D}"/usr/share/doc/${PF} 1>/dev/null + tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die + popd 1>/dev/null + fi + + insinto /etc/bind + newins "${FILESDIR}"/named.conf-r8 named.conf + + # ftp://ftp.rs.internic.net/domain/named.cache: + insinto /var/bind + newins "${FILESDIR}"/named.cache-r3 named.cache + + insinto /var/bind/pri + newins "${FILESDIR}"/localhost.zone-r3 localhost.zone + + newinitd "${FILESDIR}"/named.init-r13 named + newconfd "${FILESDIR}"/named.confd-r7 named + + if use gost; then + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die + else + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die + fi + + newenvd "${FILESDIR}"/10bind.env 10bind + + # Let's get rid of those tools and their manpages since they're provided by bind-tools + rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* + rm -f "${D}"/usr/share/man/man8/nsupdate.8* + rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} + rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} + for tool in dsfromkey importkey keyfromlabel keygen \ + revoke settime signzone verify; do + rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" + rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* + done + + # bug 405251, library archives aren't properly handled by --enable/disable-static + if ! use static-libs; then + find "${D}" -type f -name '*.a' -delete || die + fi + + # bug 405251 + find "${D}" -type f -name '*.la' -delete || die + + if use python; then + install_python_tools() { + dosbin bin/python/dnssec-{checkds,coverage} + } + python_foreach_impl install_python_tools + + python_replicate_script "${D}usr/sbin/dnssec-checkds" + python_replicate_script "${D}usr/sbin/dnssec-coverage" + fi + + # bug 450406 + dosym named.cache /var/bind/root.cache + + dosym /var/bind/pri /etc/bind/pri + dosym /var/bind/sec /etc/bind/sec + dosym /var/bind/dyn /etc/bind/dyn + keepdir /var/bind/{pri,sec,dyn} + + dodir /var/log/named + + fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} + fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/log/named /var/bind/{,sec,dyn} + + systemd_newunit "${FILESDIR}/named.service-r1" named.service + systemd_dotmpfilesd "${FILESDIR}"/named.conf + exeinto /usr/libexec + doexe "${FILESDIR}/generate-rndc-key.sh" +} + +pkg_postinst() { + if [ ! -f '/etc/bind/rndc.key' ]; then + if use urandom; then + einfo "Using /dev/urandom for generating rndc.key" + /usr/sbin/rndc-confgen -r /dev/urandom -a + echo + else + einfo "Using /dev/random for generating rndc.key" + /usr/sbin/rndc-confgen -a + echo + fi + chown root:named /etc/bind/rndc.key + chmod 0640 /etc/bind/rndc.key + fi + + einfo + einfo "You can edit /etc/conf.d/named to customize named settings" + einfo + use mysql || use postgres || use ldap && { + elog "If your named depends on MySQL/PostgreSQL or LDAP," + elog "uncomment the specified rc_named_* lines in your" + elog "/etc/conf.d/named config to ensure they'll start before bind" + einfo + } + einfo "If you'd like to run bind in a chroot AND this is a new" + einfo "install OR your bind doesn't already run in a chroot:" + einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." + einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" + einfo + + CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) + if [[ -n ${CHROOT} ]]; then + elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + elog "To enable the old behaviour (without using mount) uncomment the" + elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + elog "If you decide to use the new/default method, ensure to make backup" + elog "first and merge your existing configs/zones to /etc/bind and" + elog "/var/bind because bind will now mount the needed directories into" + elog "the chroot dir." + fi +} + +pkg_config() { + CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) + CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) + CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) + + if [[ -z "${CHROOT}" ]]; then + eerror "This config script is designed to automate setting up" + eerror "a chrooted bind/named. To do so, please first uncomment" + eerror "and set the CHROOT variable in '/etc/conf.d/named'." + die "Unset CHROOT" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + ewarn "To enable the old behaviour (without using mount) uncomment the" + ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 + fi + + echo; einfo "Setting up the chroot directory..." + + mkdir -m 0750 -p ${CHROOT} + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} + mkdir -m 0750 -p ${CHROOT}/etc/bind + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ + # As of bind 9.8.0 + if has_version net-dns/bind[gost]; then + if [ "$(get_libdir)" = "lib64" ]; then + mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines + ln -s lib64 ${CHROOT}/usr/lib + else + mkdir -m 0755 -p ${CHROOT}/usr/lib/engines + fi + fi + chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind + + mknod ${CHROOT}/dev/null c 1 3 + chmod 0666 ${CHROOT}/dev/null + + mknod ${CHROOT}/dev/zero c 1 5 + chmod 0666 ${CHROOT}/dev/zero + + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 + chmod 0666 ${CHROOT}/dev/urandom + else + mknod ${CHROOT}/dev/random c 1 8 + chmod 0666 ${CHROOT}/dev/random + fi + + if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then + cp -a /etc/bind ${CHROOT}/etc/ + cp -a /var/bind ${CHROOT}/var/ + fi + + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" +} diff --git a/net-dns/bind/bind-9.11.2.ebuild b/net-dns/bind/bind-9.11.2.ebuild new file mode 100644 index 000000000000..f7482be23e5b --- /dev/null +++ b/net-dns/bind/bind-9.11.2.ebuild @@ -0,0 +1,423 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Re dlz/mysql and threads, needs to be verified.. +# MySQL uses thread local storage in its C api. Thus MySQL +# requires that each thread of an application execute a MySQL +# thread initialization to setup the thread local storage. +# This is impossible to do safely while staying within the DLZ +# driver API. This is a limitation caused by MySQL, and not the DLZ API. +# Because of this BIND MUST only run with a single thread when +# using the MySQL driver. + +EAPI="5" + +PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) + +inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd + +MY_PV="${PV/_p/-P}" +MY_PV="${MY_PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SDB_LDAP_VER="1.1.0-fc14" + +RRL_PV="${MY_PV}" + +NSLINT_DIR="contrib/nslint-3.0a2/" + +# SDB-LDAP: http://bind9-ldap.bayour.com/ + +DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" +HOMEPAGE="http://www.isc.org/software/bind" +SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz + doc? ( mirror://gentoo/dyndns-samples.tbz2 )" +# sdb-ldap? ( +# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 +# )" + +LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# -berkdb by default re bug 602682 +IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 +json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs ++threads urandom xml +zlib" +# sdb-ldap - patch broken +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 + +REQUIRED_USE="postgres? ( dlz ) + berkdb? ( dlz ) + mysql? ( dlz !threads ) + odbc? ( dlz ) + ldap? ( dlz ) + gost? ( !libressl ssl ) + threads? ( caps ) + dnstap? ( threads ) + python? ( ${PYTHON_REQUIRED_USE} )" +# sdb-ldap? ( dlz ) + +DEPEND=" + ssl? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + ) + mysql? ( >=virtual/mysql-4.0 ) + odbc? ( >=dev-db/unixODBC-2.2.6 ) + ldap? ( net-nds/openldap ) + idn? ( net-dns/idnkit ) + postgres? ( dev-db/postgresql:= ) + caps? ( >=sys-libs/libcap-2.1.0 ) + xml? ( dev-libs/libxml2 ) + geoip? ( >=dev-libs/geoip-1.4.6 ) + gssapi? ( virtual/krb5 ) + gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) + seccomp? ( sys-libs/libseccomp ) + json? ( dev-libs/json-c ) + lmdb? ( dev-db/lmdb ) + zlib? ( sys-libs/zlib ) + dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) + python? ( + ${PYTHON_DEPS} + dev-python/ply[${PYTHON_USEDEP}] + )" +# sdb-ldap? ( net-nds/openldap ) + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bind ) + || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" + +S="${WORKDIR}/${MY_P}" + +# bug 479092, requires networking +RESTRICT="test" + +pkg_setup() { + ebegin "Creating named group and user" + enewgroup named 40 + enewuser named 40 -1 /etc/bind named + eend ${?} +} + +src_prepare() { + # Adjusting PATHs in manpages + for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do + sed -i \ + -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ + -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ + -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ + "${i}" || die "sed failed, ${i} doesn't exist" + done + +# if use dlz; then +# # sdb-ldap patch as per bug #160567 +# # Upstream URL: http://bind9-ldap.bayour.com/ +# # New patch take from bug 302735 +# if use sdb-ldap; then +# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch +# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ +# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ +# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ +# fi +# fi + + # should be installed by bind-tools + sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die + + # Disable tests for now, bug 406399 + sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + + if use nslint; then + sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die + fi + + # bug #220361 + rm aclocal.m4 + rm -rf libtool.m4/ + eautoreconf +} + +src_configure() { + local myconf="" + + if use urandom; then + myconf="${myconf} --with-randomdev=/dev/urandom" + else + myconf="${myconf} --with-randomdev=/dev/random" + fi + + use geoip && myconf="${myconf} --with-geoip" + + # bug #158664 +# gcc-specs-ssp && replace-flags -O[23s] -O + + # To include db.h from proper path + use berkdb && append-flags "-I$(db_includedir)" + + export BUILD_CC=$(tc-getBUILD_CC) + econf \ + --sysconfdir=/etc/bind \ + --localstatedir=/var \ + --with-libtool \ + --enable-full-report \ + --without-readline \ + $(use_enable caps linux-caps) \ + $(use_enable filter-aaaa) \ + $(use_enable fixed-rrset) \ + $(use_enable ipv6) \ + $(use_enable rpz rpz-nsdname) \ + $(use_enable rpz rpz-nsip) \ + $(use_enable seccomp) \ + $(use_enable threads) \ + $(use_with berkdb dlz-bdb) \ + $(use_with dlz dlopen) \ + $(use_with dlz dlz-filesystem) \ + $(use_with dlz dlz-stub) \ + $(use_with gost) \ + $(use_with gssapi) \ + $(use_with idn) \ + $(use_with json libjson) \ + $(use_with ldap dlz-ldap) \ + $(use_with mysql dlz-mysql) \ + $(use_with odbc dlz-odbc) \ + $(use_with postgres dlz-postgres) \ + $(use_with lmdb) \ + $(use_with python) \ + $(use_with ssl ecdsa) \ + $(use_with ssl openssl "${EPREFIX}"/usr) \ + $(use_with xml libxml2) \ + $(use_with zlib) \ + ${myconf} + + # $(use_enable static-libs static) \ + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h + + if use nslint; then + cd $NSLINT_DIR + econf + fi +} + +src_compile() { + emake + + if use nslint; then + emake -C $NSLINT_DIR CCOPT="${CFLAGS}" + fi +} + +src_install() { + emake DESTDIR="${D}" install + + if use nslint; then + cd $NSLINT_DIR + dobin nslint + doman nslint.8 + cd "${S}" + fi + + dodoc CHANGES README + + if use idn; then + dodoc contrib/idn/README.idnkit + fi + + if use doc; then + dodoc doc/arm/Bv9ARM.pdf + + docinto misc + dodoc doc/misc/* + + # might a 'html' useflag make sense? + docinto html + dohtml -r doc/arm/* + + docinto contrib + dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} + + # some handy-dandy dynamic dns examples + pushd "${D}"/usr/share/doc/${PF} 1>/dev/null + tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die + popd 1>/dev/null + fi + + insinto /etc/bind + newins "${FILESDIR}"/named.conf-r8 named.conf + + # ftp://ftp.rs.internic.net/domain/named.cache: + insinto /var/bind + newins "${FILESDIR}"/named.cache-r3 named.cache + + insinto /var/bind/pri + newins "${FILESDIR}"/localhost.zone-r3 localhost.zone + + newinitd "${FILESDIR}"/named.init-r13 named + newconfd "${FILESDIR}"/named.confd-r7 named + + if use gost; then + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die + else + sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die + fi + + newenvd "${FILESDIR}"/10bind.env 10bind + + # Let's get rid of those tools and their manpages since they're provided by bind-tools + rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* + rm -f "${D}"/usr/share/man/man8/nsupdate.8* + rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} + rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} + for tool in dsfromkey importkey keyfromlabel keygen \ + revoke settime signzone verify; do + rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" + rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* + done + + # bug 405251, library archives aren't properly handled by --enable/disable-static + if ! use static-libs; then + find "${D}" -type f -name '*.a' -delete || die + fi + + # bug 405251 + find "${D}" -type f -name '*.la' -delete || die + + if use python; then + install_python_tools() { + dosbin bin/python/dnssec-{checkds,coverage} + } + python_foreach_impl install_python_tools + + python_replicate_script "${D}usr/sbin/dnssec-checkds" + python_replicate_script "${D}usr/sbin/dnssec-coverage" + fi + + # bug 450406 + dosym named.cache /var/bind/root.cache + + dosym /var/bind/pri /etc/bind/pri + dosym /var/bind/sec /etc/bind/sec + dosym /var/bind/dyn /etc/bind/dyn + keepdir /var/bind/{pri,sec,dyn} + + dodir /var/log/named + + fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} + fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/log/named /var/bind/{,sec,dyn} + + systemd_newunit "${FILESDIR}/named.service-r1" named.service + systemd_dotmpfilesd "${FILESDIR}"/named.conf + exeinto /usr/libexec + doexe "${FILESDIR}/generate-rndc-key.sh" +} + +pkg_postinst() { + if [ ! -f '/etc/bind/rndc.key' ]; then + if use urandom; then + einfo "Using /dev/urandom for generating rndc.key" + /usr/sbin/rndc-confgen -r /dev/urandom -a + echo + else + einfo "Using /dev/random for generating rndc.key" + /usr/sbin/rndc-confgen -a + echo + fi + chown root:named /etc/bind/rndc.key + chmod 0640 /etc/bind/rndc.key + fi + + einfo + einfo "You can edit /etc/conf.d/named to customize named settings" + einfo + use mysql || use postgres || use ldap && { + elog "If your named depends on MySQL/PostgreSQL or LDAP," + elog "uncomment the specified rc_named_* lines in your" + elog "/etc/conf.d/named config to ensure they'll start before bind" + einfo + } + einfo "If you'd like to run bind in a chroot AND this is a new" + einfo "install OR your bind doesn't already run in a chroot:" + einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." + einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" + einfo + + CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) + if [[ -n ${CHROOT} ]]; then + elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + elog "To enable the old behaviour (without using mount) uncomment the" + elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + elog "If you decide to use the new/default method, ensure to make backup" + elog "first and merge your existing configs/zones to /etc/bind and" + elog "/var/bind because bind will now mount the needed directories into" + elog "the chroot dir." + fi +} + +pkg_config() { + CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) + CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) + CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) + + if [[ -z "${CHROOT}" ]]; then + eerror "This config script is designed to automate setting up" + eerror "a chrooted bind/named. To do so, please first uncomment" + eerror "and set the CHROOT variable in '/etc/conf.d/named'." + die "Unset CHROOT" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + ewarn "To enable the old behaviour (without using mount) uncomment the" + ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 + fi + + echo; einfo "Setting up the chroot directory..." + + mkdir -m 0750 -p ${CHROOT} + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} + mkdir -m 0750 -p ${CHROOT}/etc/bind + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ + # As of bind 9.8.0 + if has_version net-dns/bind[gost]; then + if [ "$(get_libdir)" = "lib64" ]; then + mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines + ln -s lib64 ${CHROOT}/usr/lib + else + mkdir -m 0755 -p ${CHROOT}/usr/lib/engines + fi + fi + chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind + + mknod ${CHROOT}/dev/null c 1 3 + chmod 0666 ${CHROOT}/dev/null + + mknod ${CHROOT}/dev/zero c 1 5 + chmod 0666 ${CHROOT}/dev/zero + + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 + chmod 0666 ${CHROOT}/dev/urandom + else + mknod ${CHROOT}/dev/random c 1 8 + chmod 0666 ${CHROOT}/dev/random + fi + + if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then + cp -a /etc/bind ${CHROOT}/etc/ + cp -a /var/bind ${CHROOT}/var/ + fi + + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" +} diff --git a/net-dns/bind/files/10bind.env b/net-dns/bind/files/10bind.env new file mode 100644 index 000000000000..13c7910b2c61 --- /dev/null +++ b/net-dns/bind/files/10bind.env @@ -0,0 +1 @@ +CONFIG_PROTECT="/var/bind" diff --git a/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch b/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch new file mode 100644 index 000000000000..5fc8f3c18897 --- /dev/null +++ b/net-dns/bind/files/bind-9.11.0_p5-dyndb-dlopen.patch @@ -0,0 +1,97 @@ +From ae903759c205f8a5039458d780c0e0c4442b7291 Mon Sep 17 00:00:00 2001 +From: Mark Andrews <marka@isc.org> +Date: Tue, 30 May 2017 11:31:34 +1000 +Subject: [PATCH] 4530. [bug] "dyndb" is dependent on dlopen + existing / being enabled. [RT #45291] + +From aa3a8979bc7eb1596d044eff572b3c35310584fa Mon Sep 17 00:00:00 2001 +From: Mark Andrews <marka@isc.org> +Date: Tue, 30 May 2017 11:34:37 +1000 +Subject: [PATCH] 4530. [bug] "dyndb" is dependent on dlopen + existing / being enabled. [RT #45291] + +diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c +index a477508..dec68a7 100644 +--- a/lib/dns/dyndb.c ++++ b/lib/dns/dyndb.c +@@ -80,7 +80,7 @@ impfind(const char *name) { + return (NULL); + } + +-#if HAVE_DLFCN_H ++#if HAVE_DLFCN_H && HAVE_DLOPEN + static isc_result_t + load_symbol(void *handle, const char *filename, + const char *symbol_name, void **symbolp) +--- a/bin/named/server.c ++++ b/bin/named/server.c +@@ -1496,6 +1496,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { + return (result); + } + ++#ifdef HAVE_DLOPEN + static isc_result_t + configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx, + const dns_dyndbctx_t *dctx) +@@ -1521,6 +1522,7 @@ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx, + name, isc_result_totext(result)); + return (result); + } ++#endif + + + static isc_result_t +@@ -4669,6 +4671,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, + else + (void)cfg_map_get(config, "dyndb", &dyndb_list); + ++#ifdef HAVE_DLOPEN + for (element = cfg_list_first(dyndb_list); + element != NULL; + element = cfg_list_next(element)) +@@ -4686,6 +4689,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, + + CHECK(configure_dyndb(dyndb, mctx, dctx)); + } ++#endif + + /* + * Setup automatic empty zones. If recursion is off then +diff --git a/lib/bind9/check.c b/lib/bind9/check.c +index 097dd96..99b995c 100644 +--- a/lib/bind9/check.c ++++ b/lib/bind9/check.c +@@ -2988,6 +2988,9 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, + { + const cfg_obj_t *zones = NULL; + const cfg_obj_t *keys = NULL; ++#ifndef HAVE_DLOPEN ++ const cfg_obj_t *dyndb = NULL; ++#endif + const cfg_listelt_t *element, *element2; + isc_symtab_t *symtab = NULL; + isc_result_t result = ISC_R_SUCCESS; +@@ -3041,6 +3044,20 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, + result = ISC_R_FAILURE; + } + ++#ifndef HAVE_DLOPEN ++ if (voptions != NULL) ++ (void)cfg_map_get(voptions, "dyndb", &dyndb); ++ else ++ (void)cfg_map_get(config, "dyndb", &dyndb); ++ ++ if (dyndb != NULL) { ++ cfg_obj_log(dyndb, logctx, ISC_LOG_ERROR, ++ "dynamic loading of databases is not supported"); ++ if (tresult != ISC_R_SUCCESS) ++ result = ISC_R_NOTIMPLEMENTED; ++ } ++#endif ++ + /* + * Check that the response-policy and catalog-zones options + * refer to zones that exist. +-- +2.9.0 + diff --git a/net-dns/bind/files/generate-rndc-key.sh b/net-dns/bind/files/generate-rndc-key.sh new file mode 100644 index 000000000000..8314d77cd68c --- /dev/null +++ b/net-dns/bind/files/generate-rndc-key.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ ! -s /etc/bind/rndc.key ]; then + /usr/sbin/rndc-confgen -a > /dev/null 2>&1 || exit 1 + chmod 640 /etc/bind/rndc.key + chown root.named /etc/bind/rndc.key +fi diff --git a/net-dns/bind/files/localhost.zone-r3 b/net-dns/bind/files/localhost.zone-r3 new file mode 100644 index 000000000000..2e7a5912b972 --- /dev/null +++ b/net-dns/bind/files/localhost.zone-r3 @@ -0,0 +1,11 @@ +$TTL 1W +@ IN SOA localhost. root.localhost. ( + 2008122601 ; Serial + 28800 ; Refresh + 14400 ; Retry + 604800 ; Expire - 1 week + 86400 ) ; Minimum +@ IN NS localhost. +@ IN A 127.0.0.1 + +@ IN AAAA ::1 diff --git a/net-dns/bind/files/named.cache-r3 b/net-dns/bind/files/named.cache-r3 new file mode 100644 index 000000000000..198d1b39b9b1 --- /dev/null +++ b/net-dns/bind/files/named.cache-r3 @@ -0,0 +1,92 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: August 29, 2017 +; related version of root zone: 2017082901 +; +; FORMERLY NS.INTERNIC.NET +; +. 3600000 NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file
\ No newline at end of file diff --git a/net-dns/bind/files/named.conf b/net-dns/bind/files/named.conf new file mode 100644 index 000000000000..1cfc82d08e79 --- /dev/null +++ b/net-dns/bind/files/named.conf @@ -0,0 +1 @@ +d /run/named 0750 named named - diff --git a/net-dns/bind/files/named.conf-r8 b/net-dns/bind/files/named.conf-r8 new file mode 100644 index 000000000000..39f9be267f37 --- /dev/null +++ b/net-dns/bind/files/named.conf-r8 @@ -0,0 +1,166 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-* for more details. + * Online versions of the documentation can be found here: + * https://kb.isc.org/article/AA-01031 + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + /* Deny transfers by default except for the listed hosts. + * If we have other name servers, place them here. + */ + none; +}; + +/* + * You might put in here some ips which are allowed to use the cache or + * recursive queries + */ +acl "trusted" { + 127.0.0.0/8; + ::1/128; +}; + +options { + directory "/var/bind"; + pid-file "/run/named/named.pid"; + + /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ + //bindkeys-file "/etc/bind/bind.keys"; + + listen-on-v6 { ::1; }; + listen-on { 127.0.0.1; }; + + allow-query { + /* + * Accept queries from our "trusted" ACL. We will + * allow anyone to query our master zones below. + * This prevents us from becoming a free DNS server + * to the masses. + */ + trusted; + }; + + allow-query-cache { + /* Use the cache for the "trusted" ACL. */ + trusted; + }; + + allow-recursion { + /* Only trusted addresses are allowed to use recursion. */ + trusted; + }; + + allow-transfer { + /* Zone tranfers are denied by default. */ + none; + }; + + allow-update { + /* Don't allow updates, e.g. via nsupdate. */ + none; + }; + + /* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ +/* + forward first; + forwarders { + // 123.123.123.123; // Your ISP NS + // 124.124.124.124; // Your ISP NS + // 4.2.2.1; // Level3 Public DNS + // 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; + +*/ + + dnssec-enable yes; + //dnssec-validation yes; + + /* + * As of bind 9.8.0: + * "If the root key provided has expired, + * named will log the expiration and validation will not work." + */ + dnssec-validation auto; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; +}; + +/* +logging { + channel default_log { + file "/var/log/named/named.log" versions 5 size 50M; + print-time yes; + print-severity yes; + print-category yes; + }; + + category default { default_log; }; + category general { default_log; }; +}; +*/ + +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; +}; + +zone "." in { + type hint; + file "/var/bind/named.cache"; +}; + +zone "localhost" IN { + type master; + file "pri/localhost.zone"; + notify no; +}; + +/* + * Briefly, a zone which has been declared delegation-only will be effectively + * limited to containing NS RRs for subdomains, but no actual data beyond its + * own apex (for example, its SOA RR and apex NS RRset). This can be used to + * filter out "wildcard" or "synthesized" data from NAT boxes or from + * authoritative name servers whose undelegated (in-zone) data is of no + * interest. + * See http://www.isc.org/software/bind/delegation-only for more info + */ + +//zone "COM" { type delegation-only; }; +//zone "NET" { type delegation-only; }; + +//zone "YOUR-DOMAIN.TLD" { +// type master; +// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; +// allow-query { any; }; +// allow-transfer { xfer; }; +//}; + +//zone "YOUR-SLAVE.TLD" { +// type slave; +// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; +// masters { <MASTER>; }; + + /* Anybody is allowed to query but transfer should be controlled by the master. */ +// allow-query { any; }; +// allow-transfer { none; }; + + /* The master should be the only one who notifies the slaves, shouldn't it? */ +// allow-notify { <MASTER>; }; +// notify no; +//}; diff --git a/net-dns/bind/files/named.confd-r7 b/net-dns/bind/files/named.confd-r7 new file mode 100644 index 000000000000..477a4806151d --- /dev/null +++ b/net-dns/bind/files/named.confd-r7 @@ -0,0 +1,48 @@ +# Set various named options here. +# +#OPTIONS="" + +# Set this to the number of processors you want bind to use. +# Leave this unchanged if you want bind to automatically detect the number +#CPU="1" + +# If you wish to run bind in a chroot: +# 1) un-comment the CHROOT= assignment, below. You may use +# a different chroot directory but MAKE SURE it's empty. +# 2) run: emerge --config =<bind-version> +# +#CHROOT="/chroot/dns" + +# Uncomment to enable binmount of /usr/share/GeoIP +#CHROOT_GEOIP="1" + +# Uncomment the line below to avoid that the init script mounts the needed paths +# into the chroot directory. +# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1". +#CHROOT_NOMOUNT="1" + +# Uncomment this option if you have setup your own chroot environment and you +# don't want/need the chroot consistency check +#CHROOT_NOCHECK=1 + +# Default pid file location +PIDFILE="${CHROOT}/run/named/named.pid" + +# Scheduling priority: 19 is the lowest and -20 is the highest. +# Default: 0 +#NAMED_NICELEVEL="0" + +# Uncomment rc_named_use/rc_named_after for the database you need. +# Its necessary to ensure the database backend will be started before named. + +# MySQL +#rc_named_use="mysql" +#rc_named_after="mysql" + +# PostgreSQL +#rc_named_use="pg_autovacuum postgresql" +#rc_named_after="pg_autovacuum postgresql" + +# LDAP +#rc_named_use="ldap" +#rc_named_after="ldap" diff --git a/net-dns/bind/files/named.init-r13 b/net-dns/bind/files/named.init-r13 new file mode 100644 index 000000000000..4240a09176b8 --- /dev/null +++ b/net-dns/bind/files/named.init-r13 @@ -0,0 +1,252 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="checkconfig checkzones" +extra_started_commands="reload" + +depend() { + need net + use logger + provide dns +} + +NAMED_CONF=${CHROOT}/etc/bind/named.conf + +OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0} +MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60} + +_mount() { + local from + local to + local opts + local ret=0 + + if [ "${#}" -lt 3 ]; then + eerror "_mount(): to few arguments" + return 1 + fi + + from=$1 + to=$2 + shift 2 + + opts="${*}" + shift $# + + if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then + einfo "mounting ${from} to ${to}" + mount ${from} ${to} ${opts} + ret=$? + + eend $ret + return $ret + fi + + return 0 +} + +_umount() { + local dir=$1 + local ret=0 + + if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then + ebegin "umounting ${dir}" + umount ${dir} + ret=$? + + eend $ret + return $ret + fi + + return 0 +} + +_get_pidfile() { + # as suggested in bug #107724, bug 335398#c17 + [ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\ + /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2) + [ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid +} + +check_chroot() { + if [ -n "${CHROOT}" ]; then + [ ! -d "${CHROOT}" ] && return 1 + [ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1 + [ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1 + [ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1 + [ ! -d "${CHROOT}/var/log/named" ] && return 1 + [ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1 + [ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1 + [ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1 + if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then + if [ -d "/usr/lib64" ]; then + [ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1 + elif [ -d "/usr/lib" ]; then + [ ! -d "${CHROOT}/usr/lib/engines" ] && return 1 + fi + fi + fi + + return 0 +} + +checkconfig() { + ebegin "Checking named configuration" + + if [ ! -f "${NAMED_CONF}" ] ; then + eerror "No ${NAMED_CONF} file exists!" + return 1 + fi + + /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || { + eerror "named-checkconf failed! Please fix your config first." + return 1 + } + + eend 0 + return 0 +} + +checkzones() { + ebegin "Checking named configuration and zones" + /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} + eend $? +} + +start() { + local piddir + + ebegin "Starting ${CHROOT:+chrooted }named" + + if [ -n "${CHROOT}" ]; then + if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then + check_chroot || { + eend 1 + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } + fi + + if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then + if [ ! -e /usr/lib/engines/libgost.so ]; then + eend 1 + eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support" + return 1 + fi + cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || { + eend 1 + eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'" + return 1 + } + fi + cp -Lp /etc/localtime "${CHROOT}/etc/localtime" + + if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then + einfo "Mounting chroot dirs" + _mount /etc/bind ${CHROOT}/etc/bind -o bind + _mount /var/bind ${CHROOT}/var/bind -o bind + _mount /var/log/named ${CHROOT}/var/log/named -o bind + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + _mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind + fi + fi + + # On initial startup, if piddir inside the chroot /var/run/named + # Then the .../var/run part might not exist yet + checkpath -q -d -o root:root -m 0755 "${piddir}/.." + fi + + checkconfig || { eend 1; return 1; } + + # create piddir (usually /run/named) if necessary, bug 334535 + _get_pidfile + piddir="${PIDFILE%/*}" + checkpath -q -d -o root:named -m 0770 "${piddir}" || { + eerror "Failed to create PID directory at $piddir" + eend 1 + return 1 + } + + # In case someone have $CPU set in /etc/conf.d/named + if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then + CPU="-n ${CPU}" + fi + + start-stop-daemon --start --pidfile ${PIDFILE} \ + --nicelevel ${NAMED_NICELEVEL:-0} \ + --exec /usr/sbin/named \ + -- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT} + eend $? +} + +stop() { + local reported=0 + + ebegin "Stopping ${CHROOT:+chrooted }named" + + # Workaround for now, until openrc's restart has been fixed. + # openrc doesn't care about a restart() function in init scripts. + if [ "${RC_CMD}" = "restart" ]; then + if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then + check_chroot || { + eend 1 + eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first" + return 1 + } + fi + + checkconfig || { eend 1; return 1; } + fi + + # -R 10, bug 335398 + _get_pidfile + start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \ + --exec /usr/sbin/named + + if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then + ebegin "Umounting chroot dirs" + + # just to be sure everything gets clean + while fuser -s ${CHROOT} 2>/dev/null; do + if [ "${reported}" -eq 0 ]; then + einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)" + elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then + eerror "Waiting until all named processes are stopped failed!" + eend 1 + break + fi + sleep 1 + reported=$((reported+1)) + done + + [ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP + _umount ${CHROOT}/etc/bind + _umount ${CHROOT}/var/log/named + _umount ${CHROOT}/var/bind + fi + + eend $? +} + +reload() { + local ret + + ebegin "Reloading named.conf and zone files" + + checkconfig || { eend 1; return 1; } + + _get_pidfile + if [ -n "${PIDFILE}" ]; then + start-stop-daemon --pidfile $PIDFILE --signal HUP + ret=$? + else + ewarn "Unable to determine the pidfile... this is" + ewarn "a fallback mode. Please check your installation!" + + $RC_SERVICE restart + ret=$? + fi + + eend $ret +} diff --git a/net-dns/bind/files/named.service-r1 b/net-dns/bind/files/named.service-r1 new file mode 100644 index 000000000000..65fbdb941ca0 --- /dev/null +++ b/net-dns/bind/files/named.service-r1 @@ -0,0 +1,13 @@ +[Unit] +Description=Internet domain name server +After=network.target + +[Service] +ExecStartPre=/usr/libexec/generate-rndc-key.sh +ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf +ExecStart=/usr/sbin/named -f -u named +ExecReload=/usr/sbin/rndc reload +ExecStop=/usr/sbin/rndc stop + +[Install] +WantedBy=multi-user.target diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml new file mode 100644 index 000000000000..ce5bde7aab6f --- /dev/null +++ b/net-dns/bind/metadata.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>idl0r@gentoo.org</email> + <name>Christian Ruppert</name> + </maintainer> + <longdescription>ISC's bind dns server, used the world 'round.</longdescription> + <use> + <flag name="dnstap">Enables dnstap packet logging</flag> + <flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag> + <flag name="filter-aaaa">Enable filtering of AAAA records over IPv4</flag> + <flag name="fixed-rrset">Enables fixed rrset-order option</flag> + <flag name="gost">Enables gost OpenSSL engine support</flag> + <flag name="gssapi">Enable gssapi support</flag> + <flag name="json">Enable JSON statistics channel</flag> + <flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag> + <flag name="nslint">Build and install the nslint util</flag> + <flag name="rpz">Enable response policy rewriting (rpz)</flag> + <flag name="urandom">Use /dev/urandom instead of /dev/random</flag> + </use> +</pkgmetadata> |