diff options
Diffstat (limited to 'net-dns/unbound')
| -rw-r--r-- | net-dns/unbound/Manifest | 2 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound-1.10.1-find-ar.patch | 11 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.10.1-r1.ebuild | 184 |
3 files changed, 197 insertions, 0 deletions
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest index 1e1fae06b9be..64243029e652 100644 --- a/net-dns/unbound/Manifest +++ b/net-dns/unbound/Manifest @@ -1,3 +1,4 @@ +AUX unbound-1.10.1-find-ar.patch 335 BLAKE2B f32a6a4f0cd48f5847beeeb0771a845f619fde94a1f3fe5d36d08960c4ec866678de556ce016d1cb92408ea82d606c1978702af0999f501e268b7debf039b4c2 SHA512 0af23b308a68c15cacc2debc2aa3e6476c725726f39b422a5ea4ac3122f45a1e1eb73e189dea66ddd721104301c12e3c54e8972161d76764703098ca6da22691 AUX unbound-1.5.7-trust-anchor-file.patch 847 BLAKE2B ca8f093671264108c1da772e161ddf948cd27cdf4d3b6189023a6a9642ee308ab361befcab923ca61a21c4b151252f409177c8247ca683e63133284bd65efbba SHA512 bfbdd947cb3dda8d1dd009eb476fb2934fca80236e617f1596f308a063c575196e75c67b22bfbd739c06318d3227c9b2838fba0f381f8c73fdf5b7231cd1d746 AUX unbound-1.6.3-pkg-config.patch 247 BLAKE2B af1a175a3944137fc7f4f4932182df5b278b7d88c4299e7ac5e520107fcfb5180d7e548c70b50794389d2c1406309f88e118acf9e065ab67cbb4c78fc0e4186f SHA512 06d8910ae6065c5a2bb2cc5a1935ae98688148b9c0af09622161b647775de00027ea4a22cb0d6b94f21d329c2d59ee56f67b073ee4042fbd4f78790d0c438ad7 AUX unbound-anchor.service 263 BLAKE2B 098bdc6e06607e57980e0367496fd9a2fc02ef19611ac4474d703624c92df9c2e86f4dbb116622babcd7975b2e1353f6156d46bcc5639daabef648d670806364 SHA512 c0f8ff2df106d1f05786cf5d69b48cdf69ba2fd42645bf6b7fa2d34d6c3fdd1608fb470c4fb0216164386e8b22977292ae8932c784a6967774e3daae1b8aeb95 @@ -7,5 +8,6 @@ AUX unbound.service 247 BLAKE2B d986319f9b43600d4f6443f50e214efd39fd20be6a7067b5 AUX unbound.socket 101 BLAKE2B 4885d311873d7f3e5daf1c0a63798b13761b7c0bfb1bead0bde11bc2a2a994d55670c992b42ea1b4bbee98d04a12f4e7e7517bd0e9caa74d8cac2d1dc0c33274 SHA512 935ab3bd5bc3d3347e44c20482aa19396d243b89f2dbc7bf9f89b16a2559715866e16dfd9f5c4866222d8ee968f158a773475d94629f0ef9fa9b8fd23f0fbc2e AUX unbound_at.service 304 BLAKE2B 0762200390475ff6a3ca4dc282b3eca3e55cb339528a73b0c6148f4df336c4c07e8da19320df6bedb49cb6884da565543f78456d38dc3000ca2a1abde84816be SHA512 71bd8c422ffe57e448b66f97775075a407671757266d40294a670b41cd1a59f16b65488d30aa74b79b7536f0c4c50adb56e32377e8029fd6c327b85c022c5fe3 DIST unbound-1.10.1.tar.gz 5729334 BLAKE2B 7ca4f23c12a551bc6e5d6ec32f19ca0f54526b9a4c868ced8f31cfd31dec23f8240b78f0c00d2cc6f9aa21f6c1b98697c85ef3ebd804a838a5a082893fe98094 SHA512 d07f3ac0e751c17a3ff7d99518c22529cf6856861218564a2ca073422905525cb9ddaf76c9600187946fadb7324343bcd85c34ff06bd322e0ea621a2d258bb85 +EBUILD unbound-1.10.1-r1.ebuild 5429 BLAKE2B 4f16093ae3a34a97fd475da9d5094987ae289b203a71a6ca881b7371fe2f3550bc4d126e8b29d93564affd62df6428b1d27737ff71fce4c85122156238cd59f1 SHA512 8fe49aba1ec04421a6f29a4ae72ee3175447ab087503d2b6f3fc3690f5573e9663a376d5166e1252b902e9a0177a3a148b9abab8f874825579e30d77a4b3295b EBUILD unbound-1.10.1.ebuild 5390 BLAKE2B ce7620d0f76f8ec2b304cb73e7f875938957f285bdf73741e7c43f3d720853500d0ff857d2ec101bacbd3d8a61e270c42d9aebb4365718b1cc434519b387d48b SHA512 2e9305db63c2889389362ea48938d0cdd66aeb3fc15636004b43ba2a9ab0a2c8ccf934125fc253c89927e24bbe68ce2e21ee2c736835d4fe8eedb560e996d3b3 MISC metadata.xml 1357 BLAKE2B 3fccac00ddfac90bb692169a01f19402fd5534f05a88a8981e6e276f535800f50e4ee138f2b815db176e426422e54a2d107219f214cfaeda979ce1b03710f71a SHA512 13ffc57b5a7ddd1a2ab76a4f29d7a5dc2926ed07ae74f74444ecda949aae2a611a1e194d9b482fe145a00021f603b22c7b8a44f1b7901600da261b0bc1f51525 diff --git a/net-dns/unbound/files/unbound-1.10.1-find-ar.patch b/net-dns/unbound/files/unbound-1.10.1-find-ar.patch new file mode 100644 index 000000000000..c840e30f1ea7 --- /dev/null +++ b/net-dns/unbound/files/unbound-1.10.1-find-ar.patch @@ -0,0 +1,11 @@ +--- a/acx_nlnetlabs.m4 ++++ b/acx_nlnetlabs.m4 +@@ -535,7 +535,7 @@ AC_CANONICAL_HOST + if echo "$host_os" | grep "sunos4" >/dev/null; then + lt_cv_sys_max_cmd_len=32750; + fi +-AC_PATH_TOOL(AR, ar, [false]) ++AC_CHECK_TOOL(AR, ar, [false]) + if test $AR = false; then + AC_MSG_ERROR([Cannot find 'ar', please extend PATH to include it]) + fi diff --git a/net-dns/unbound/unbound-1.10.1-r1.ebuild b/net-dns/unbound/unbound-1.10.1-r1.ebuild new file mode 100644 index 000000000000..30c4c5084639 --- /dev/null +++ b/net-dns/unbound/unbound-1.10.1-r1.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +PYTHON_COMPAT=( python3_{6,7} ) + +inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/" +SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0/8" # ABI version of libunbound.so +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" +RESTRICT="!test? ( test )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) + dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} ) + redis? ( dev-libs/hiredis:= )" + +BDEPEND="virtual/pkgconfig" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + ) + systemd? ( sys-apps/systemd )" + +RDEPEND="${CDEPEND} + net-dns/dnssec-root + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +PATCHES=( + "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + "${FILESDIR}"/${PN}-1.6.3-pkg-config.patch + "${FILESDIR}"/${P}-find-ar.patch +) + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + # improve security on existing installs (bug #641042) + # as well as new installs where unbound homedir has just been created + if [[ -d "${ROOT}/etc/unbound" ]]; then + chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" + fi + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + default + + eautoreconf + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnscrypt) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable ecs subnet) \ + $(multilib_native_use_enable redis cachedb) \ + $(use_enable static-libs static) \ + $(use_enable systemd) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --enable-event-api \ + --enable-ipsecmod \ + --enable-tfo-client \ + --enable-tfo-server \ + --with-libevent="${EPREFIX}"/usr \ + $(multilib_native_usex redis --with-libhiredis="${EPREFIX}/usr" --without-libhiredis) \ + --with-pidfile="${EPREFIX}"/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + use python && python_optimize + + newinitd "${FILESDIR}"/unbound-r1.initd unbound + newconfd "${FILESDIR}"/unbound-r1.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_dounit "${FILESDIR}"/unbound.socket + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh + + # create space for auto-trust-anchor-file... + keepdir /etc/unbound/var + # ... and point example config to it + sed -i \ + -e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \ + "${ED}/etc/unbound/unbound.conf" || \ + die + + # Used to store cache data + keepdir /var/lib/${PN} + fowners root:unbound /var/lib/${PN} + fperms 0750 /var/lib/${PN} + + find "${ED}" -name '*.la' -delete || die + if ! use static-libs ; then + find "${ED}" -name "*.a" -delete || die + fi +} + +pkg_postinst() { + # make var/ writable by unbound + if [[ -d "${EROOT}/etc/unbound/var" ]]; then + chown --no-dereference --from=root unbound: "${EROOT}/etc/unbound/var" + fi + + einfo "" + einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" + einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf" + einfo "and run" + einfo "" + einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound" + einfo "" + einfo "as root to create it initially before starting unbound for the first time after enabling this." + einfo "" +} |