net-dns/unbound: add package with ipset module enable
This commit is contained in:
parent
535d24ebd6
commit
b24e984bdc
|
@ -0,0 +1,13 @@
|
||||||
|
AUX unbound-1.10.1-find-ar.patch 335 BLAKE2B f32a6a4f0cd48f5847beeeb0771a845f619fde94a1f3fe5d36d08960c4ec866678de556ce016d1cb92408ea82d606c1978702af0999f501e268b7debf039b4c2 SHA512 0af23b308a68c15cacc2debc2aa3e6476c725726f39b422a5ea4ac3122f45a1e1eb73e189dea66ddd721104301c12e3c54e8972161d76764703098ca6da22691
|
||||||
|
AUX unbound-1.5.7-trust-anchor-file.patch 847 BLAKE2B ca8f093671264108c1da772e161ddf948cd27cdf4d3b6189023a6a9642ee308ab361befcab923ca61a21c4b151252f409177c8247ca683e63133284bd65efbba SHA512 bfbdd947cb3dda8d1dd009eb476fb2934fca80236e617f1596f308a063c575196e75c67b22bfbd739c06318d3227c9b2838fba0f381f8c73fdf5b7231cd1d746
|
||||||
|
AUX unbound-1.6.3-pkg-config.patch 247 BLAKE2B af1a175a3944137fc7f4f4932182df5b278b7d88c4299e7ac5e520107fcfb5180d7e548c70b50794389d2c1406309f88e118acf9e065ab67cbb4c78fc0e4186f SHA512 06d8910ae6065c5a2bb2cc5a1935ae98688148b9c0af09622161b647775de00027ea4a22cb0d6b94f21d329c2d59ee56f67b073ee4042fbd4f78790d0c438ad7
|
||||||
|
AUX unbound-anchor.service 263 BLAKE2B 098bdc6e06607e57980e0367496fd9a2fc02ef19611ac4474d703624c92df9c2e86f4dbb116622babcd7975b2e1353f6156d46bcc5639daabef648d670806364 SHA512 c0f8ff2df106d1f05786cf5d69b48cdf69ba2fd42645bf6b7fa2d34d6c3fdd1608fb470c4fb0216164386e8b22977292ae8932c784a6967774e3daae1b8aeb95
|
||||||
|
AUX unbound-r1.confd 1553 BLAKE2B b3768275bd3f79f0076e9d80e9456c0829e42ba9bf815c70354e8386881147cc1afad6937ba7a2217845f70139cafd02f44150eaa5dd5d87f397a347f68078b0 SHA512 a6baf20b9911734b69784c393c8f38a0bf41c9621ab9332761ecb8b5fdcebf18be7f30a5a77bf3755aa45222b2f27f810a762436c43b03dd74e6806e04d5a90f
|
||||||
|
AUX unbound-r1.initd 3901 BLAKE2B d8db1b5342781566f57d801d077aec20d7911a39d5a453f981b1a3400a18dfb8d10593889885bb9211d458a4165dded625bba2e7313c8d98fdb1beb585ed63d1 SHA512 ec3520094a679fee962244364d8093b471e7edd5fce434c6d307854952f2ad9d2f041ce5fd5f23ece93a856d59a966daaf5abc114b7d1f3519b930b2e8f14f62
|
||||||
|
AUX unbound.service 247 BLAKE2B d986319f9b43600d4f6443f50e214efd39fd20be6a7067b55f98b82cb5d2c12c85b7db2a3c9ced0caf3db303f1ff0fd4eff511dbede3ab101e4b558681872351 SHA512 7904225d0e9fb3ea5b97521ed24f24fcc4db650cfff8523b896ddd9edfccbd61e817775ad0449acf30d02dba5f714d633b60cace6010d472f438df7c22381dfc
|
||||||
|
AUX unbound.socket 101 BLAKE2B 4885d311873d7f3e5daf1c0a63798b13761b7c0bfb1bead0bde11bc2a2a994d55670c992b42ea1b4bbee98d04a12f4e7e7517bd0e9caa74d8cac2d1dc0c33274 SHA512 935ab3bd5bc3d3347e44c20482aa19396d243b89f2dbc7bf9f89b16a2559715866e16dfd9f5c4866222d8ee968f158a773475d94629f0ef9fa9b8fd23f0fbc2e
|
||||||
|
AUX unbound_at.service 304 BLAKE2B 0762200390475ff6a3ca4dc282b3eca3e55cb339528a73b0c6148f4df336c4c07e8da19320df6bedb49cb6884da565543f78456d38dc3000ca2a1abde84816be SHA512 71bd8c422ffe57e448b66f97775075a407671757266d40294a670b41cd1a59f16b65488d30aa74b79b7536f0c4c50adb56e32377e8029fd6c327b85c022c5fe3
|
||||||
|
DIST unbound-1.19.3.tar.gz 6338685 BLAKE2B 5d9cbc26510afc2b92ecce6307cd9924a1b450892f7839f076535177ab35f78059d271e628e2aa995b62f5cf97add2363561a819d6e0181beb6b44421661d8f0 SHA512 f860614f090a5a081cceff8ca7f4b3d416c00a251ae14ceb6b4159dc8cd022f025592074d3d78aee2f86c3eeae9d1a314713e4740aa91062579143199accd159
|
||||||
|
DIST unbound-1.19.3.tar.gz.asc 833 BLAKE2B 6eb71dde451a123ffba44c298d83256613c6325b26adffb6f0347b468bf84e63b090655d12b323f8c187ad4782fad06514fe5ab0246087bd129393d1bdb1533c SHA512 1b6437d7ac4394ab7d6eb0d12f22b39538152f9c88175a5368263059950b8e6b093fa5392d1ff37874effef7a422afa9c690f766802208979a99500a4bea5906
|
||||||
|
EBUILD unbound-1.19.3.ebuild 6516 BLAKE2B 8e0c3af392a3668ffd0786be84ac7ffa276cbc7603073819105bd05abb909b9a5da200b3db2adf4b430c24fbe2ccb1a495188a519f8bb37d4d8963600b7d60fd SHA512 7b19a4252d2751aed3059c6c173bf37ad54d9b4258b9b19d4af6846ae25ba1707813394cab110f91e90ac7437fb18ea9a89c1385e6be6bd658f14717891e0440
|
||||||
|
MISC metadata.xml 1475 BLAKE2B d0e34f4ba056c090af979f2686d5dece53a554c7ea7612fee1991ce6838ce161359bd8405d6358c5e184b6721affeee5d6e1bd93095b92765cd38dba928daa5b SHA512 8fba72eba420d4c06fb3a9119c3f324c5679fe268b65fac23878ef15f3c3d784d372874c7d6428d1c7c2eb3a75380ad2e4d5fc1691e7c2d1b426b8cfa381222b
|
|
@ -0,0 +1,11 @@
|
||||||
|
--- a/acx_nlnetlabs.m4
|
||||||
|
+++ b/acx_nlnetlabs.m4
|
||||||
|
@@ -535,7 +535,7 @@ AC_CANONICAL_HOST
|
||||||
|
if echo "$host_os" | grep "sunos4" >/dev/null; then
|
||||||
|
lt_cv_sys_max_cmd_len=32750;
|
||||||
|
fi
|
||||||
|
-AC_PATH_TOOL(AR, ar, [false])
|
||||||
|
+AC_CHECK_TOOL(AR, ar, [false])
|
||||||
|
if test $AR = false; then
|
||||||
|
AC_MSG_ERROR([Cannot find 'ar', please extend PATH to include it])
|
||||||
|
fi
|
|
@ -0,0 +1,18 @@
|
||||||
|
To avoid below error messages like
|
||||||
|
|
||||||
|
[23109:0] error: Could not open autotrust file for writing, /etc/dnssec/root-anchors.txt: Permission denied
|
||||||
|
|
||||||
|
set 'trust-anchor-file' to same value in 'auto-trust-anchor-file'.
|
||||||
|
|
||||||
|
diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in
|
||||||
|
--- unbound-1.5.7.orig/doc/example.conf.in 2015-12-10 08:59:18.000000000 +0100
|
||||||
|
+++ unbound-1.5.7/doc/example.conf.in 2016-01-05 04:08:01.666760015 +0100
|
||||||
|
@@ -378,7 +378,7 @@
|
||||||
|
# with several entries, one file per entry.
|
||||||
|
# Zone file format, with DS and DNSKEY entries.
|
||||||
|
# Note this gets out of date, use auto-trust-anchor-file please.
|
||||||
|
- # trust-anchor-file: ""
|
||||||
|
+ # trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
||||||
|
|
||||||
|
# Trusted key for validation. DS or DNSKEY. specify the RR on a
|
||||||
|
# single line, surrounded by "". TTL is ignored. class is IN default.
|
|
@ -0,0 +1,11 @@
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -95,6 +95,8 @@ AC_SUBST(LIBUNBOUND_CURRENT)
|
||||||
|
AC_SUBST(LIBUNBOUND_REVISION)
|
||||||
|
AC_SUBST(LIBUNBOUND_AGE)
|
||||||
|
|
||||||
|
+PKG_PROG_PKG_CONFIG
|
||||||
|
+
|
||||||
|
CFLAGS="$CFLAGS"
|
||||||
|
AC_AIX
|
||||||
|
if test "$ac_cv_header_minix_config_h" = "yes"; then
|
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Update of the root trust anchor for DNSSEC validation
|
||||||
|
After=network.target
|
||||||
|
Before=nss-lookup.target
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
Before=unbound.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/sbin/unbound-anchor
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,36 @@
|
||||||
|
# /etc/conf.d/unbound
|
||||||
|
|
||||||
|
# Configuration file
|
||||||
|
#UNBOUND_CONFFILE="/etc/unbound/unbound.conf"
|
||||||
|
|
||||||
|
# PID file
|
||||||
|
# This is a fallback value which should NOT be changed. If you ever need
|
||||||
|
# to change PID file, please change value in configuration file instead!
|
||||||
|
#UNBOUND_PIDFILE="/run/unbound.pid"
|
||||||
|
|
||||||
|
# You can use this configuration option to pass additional options to the
|
||||||
|
# start-stop-daemon, see start-stop-daemon(8) for more details.
|
||||||
|
# Per default we wait 1000ms after we have started the service to ensure
|
||||||
|
# that the daemon is really up and running.
|
||||||
|
#UNBOUND_SSDARGS="--wait 1000"
|
||||||
|
|
||||||
|
# The termination timeout (start-stop-daemon parameter "retry") ensures
|
||||||
|
# that the service will be terminated within a given time (25 + 5 seconds
|
||||||
|
# per default) when you are stopping the service.
|
||||||
|
#UNBOUND_TERMTIMEOUT="TERM/25/KILL/5"
|
||||||
|
|
||||||
|
# Options to unbound
|
||||||
|
# See unbound(8) for more details
|
||||||
|
# Notes:
|
||||||
|
# * Do not specify another CONFIGFILE but use the variable above to change the location
|
||||||
|
#UNBOUND_OPTS=""
|
||||||
|
|
||||||
|
# If you want to preserve unbound's cache, set the following variable to
|
||||||
|
# a non-zero value. In this case unbound's cache will be dumped to disk
|
||||||
|
# before shutdown and loaded right after start.
|
||||||
|
# To be able to dump and load cache you have to set up keys (use `unbound-control-setup`)
|
||||||
|
# and need to set 'control-enable: yes' in your configuration!
|
||||||
|
# WARNING: If you don't know what you are doing you should NOT use this
|
||||||
|
# feature. Loading the cache with old or wrong data can result in
|
||||||
|
# old or wrong data being returned to clients.
|
||||||
|
#UNBOUND_PRESERVE_CACHE=""
|
|
@ -0,0 +1,137 @@
|
||||||
|
#!/sbin/openrc-run
|
||||||
|
# Copyright 1999-2018 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
UNBOUND_BINARY=${UNBOUND_BINARY:-"/usr/sbin/unbound"}
|
||||||
|
UNBOUND_CACHEFILE=${UNBOUND_CACHEFILE:-"/var/lib/unbound/${SVCNAME}.cache"}
|
||||||
|
UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-"/usr/sbin/unbound-checkconf"}
|
||||||
|
UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-"/etc/unbound/${SVCNAME}.conf"}
|
||||||
|
UNBOUND_CONTROL=${UNBOUND_CONTROL:-"/usr/sbin/unbound-control"}
|
||||||
|
UNBOUND_PIDFILE=${UNBOUND_PIDFILE:-"/run/unbound.pid"}
|
||||||
|
UNBOUND_SSDARGS=${UNBOUND_SSDARGS:-"--wait 1000"}
|
||||||
|
UNBOUND_TERMTIMEOUT=${UNBOUND_TERMTIMEOUT:-"TERM/25/KILL/5"}
|
||||||
|
UNBOUND_OPTS=${UNBOUND_OPTS:-""}
|
||||||
|
UNBOUND_LOAD_CACHE_TIMEOUT=${UNBOUND_LOAD_CACHE_TIMEOUT:-"30"}
|
||||||
|
|
||||||
|
getconfig() {
|
||||||
|
local key="$1"
|
||||||
|
local value_default="$2"
|
||||||
|
local value=
|
||||||
|
|
||||||
|
if service_started ; then
|
||||||
|
value="$(service_get_value "${key}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${value}" ] && [ -n "${UNBOUND_CONFFILE}" ] && [ -r "${UNBOUND_CONFFILE}" ] ; then
|
||||||
|
value=$("${UNBOUND_CHECKCONF}" -o ${key} "${UNBOUND_CONFFILE}")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${value}" ] ; then
|
||||||
|
# Value not explicitly set in the configfile or configfile does not exist
|
||||||
|
# or is not readable
|
||||||
|
echo "${value_default}"
|
||||||
|
else
|
||||||
|
echo "${value}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
command=${UNBOUND_BINARY}
|
||||||
|
command_args="${UNBOUND_OPTS} -c \"${UNBOUND_CONFFILE}\""
|
||||||
|
start_stop_daemon_args="${UNBOUND_SSDARGS}"
|
||||||
|
pidfile="$(getconfig pidfile /run/unbound.pid)"
|
||||||
|
retry="${UNBOUND_TERMTIMEOUT}"
|
||||||
|
|
||||||
|
required_files="${UNBOUND_CONFFILE}"
|
||||||
|
|
||||||
|
name="unbound daemon"
|
||||||
|
extra_commands="configtest"
|
||||||
|
extra_started_commands="reload save_cache"
|
||||||
|
description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address."
|
||||||
|
description_configtest="Run syntax tests for configuration files only."
|
||||||
|
description_reload="Kills all children and reloads the configuration."
|
||||||
|
description_save_cache="Saves the current cache to disk."
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
use net logger
|
||||||
|
provide dns
|
||||||
|
after auth-dns
|
||||||
|
}
|
||||||
|
|
||||||
|
configtest() {
|
||||||
|
local _config_status=
|
||||||
|
|
||||||
|
ebegin "Checking ${SVCNAME} configuration"
|
||||||
|
"${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" 1>/dev/null 2>&1
|
||||||
|
_config_status=$?
|
||||||
|
|
||||||
|
if [ ${_config_status} -ne 0 ] ; then
|
||||||
|
# Run command again but this time we will show the output
|
||||||
|
# Ugly, but ...
|
||||||
|
"${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}"
|
||||||
|
else
|
||||||
|
if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
|
||||||
|
local _is_control_enabled=$(getconfig control-enable no)
|
||||||
|
if [ "${_is_control_enabled}" != "yes" ] ; then
|
||||||
|
eerror "Cannot preserve cache: control-enable is 'no' in the config file!"
|
||||||
|
_config_status=2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
eend ${_config_status} "failed, please correct errors above"
|
||||||
|
}
|
||||||
|
|
||||||
|
save_cache() {
|
||||||
|
if [ "${RC_CMD}" != "restart" ] ; then
|
||||||
|
UNBOUND_PRESERVE_CACHE=1 configtest || return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
ebegin "Saving cache to '${UNBOUND_CACHEFILE}'"
|
||||||
|
${UNBOUND_CONTROL} -c "${UNBOUND_CONFFILE}" dump_cache > "${UNBOUND_CACHEFILE}"
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
start_pre() {
|
||||||
|
if [ "${RC_CMD}" != "restart" ] ; then
|
||||||
|
configtest || return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
start_post() {
|
||||||
|
if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
|
||||||
|
if [ -s "${UNBOUND_CACHEFILE}" ] ; then
|
||||||
|
ebegin "Loading cache from '${UNBOUND_CACHEFILE}'"
|
||||||
|
# Loading cache can fail which would block this runscript.
|
||||||
|
# Using `timeout` from coreutils will be our safeguard ...
|
||||||
|
timeout -k 5 ${UNBOUND_LOAD_CACHE_TIMEOUT} ${UNBOUND_CONTROL} -q -c "${UNBOUND_CONFFILE}" load_cache < "${UNBOUND_CACHEFILE}"
|
||||||
|
eend $?
|
||||||
|
else
|
||||||
|
ewarn "Loading cache from '${UNBOUND_CACHEFILE}' skipped: File does not exists or is empty!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# It is not a fatal error if preserved cache could not be loaded
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
stop_pre() {
|
||||||
|
if [ "${RC_CMD}" = "restart" ] ; then
|
||||||
|
configtest || return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
|
||||||
|
save_cache
|
||||||
|
fi
|
||||||
|
|
||||||
|
# It is not a fatal error if cache cannot be preserved
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
reload() {
|
||||||
|
configtest || return 1
|
||||||
|
ebegin "Reloading ${SVCNAME}"
|
||||||
|
start-stop-daemon --signal HUP --pidfile "${pidfile}"
|
||||||
|
eend $?
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Unbound recursive Domain Name Server
|
||||||
|
After=network.target
|
||||||
|
Before=nss-lookup.target
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStartPre=/usr/sbin/unbound-checkconf
|
||||||
|
ExecStart=/usr/sbin/unbound -d
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,5 @@
|
||||||
|
[Socket]
|
||||||
|
ListenDatagram=127.0.0.1:1153
|
||||||
|
ListenStream=127.0.0.1:1153
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Unbound recursive Domain Name Server
|
||||||
|
After=network.target
|
||||||
|
Before=nss-lookup.target
|
||||||
|
Wants=nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf
|
||||||
|
ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,35 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
|
||||||
|
<pkgmetadata>
|
||||||
|
<maintainer type="person">
|
||||||
|
<email>mschiff@gentoo.org</email>
|
||||||
|
<name>Marc Schiffbauer</name>
|
||||||
|
</maintainer>
|
||||||
|
<longdescription lang="en">
|
||||||
|
Unbound is a validating, recursive, and caching DNS resolver.
|
||||||
|
|
||||||
|
The C implementation of Unbound is developed and maintained by NLnet
|
||||||
|
Labs. It is based on ideas and algorithms taken from a java prototype
|
||||||
|
developed by Verisign labs, Nominet, Kirei and ep.net.
|
||||||
|
|
||||||
|
Unbound is designed as a set of modular components, so that also
|
||||||
|
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
|
||||||
|
as a server, but are linked into an application) are easily possible.
|
||||||
|
</longdescription>
|
||||||
|
<slots>
|
||||||
|
<subslots>Reflect ABI of libunbound.so.</subslots>
|
||||||
|
</slots>
|
||||||
|
<use>
|
||||||
|
<flag name="dnscrypt">Enable DNSCrypt support</flag>
|
||||||
|
<flag name="dnstap">Enable dnstap support</flag>
|
||||||
|
<flag name="ecdsa">Enable ECDSA support</flag>
|
||||||
|
<flag name="ecs">Enable EDNS client subnet support</flag>
|
||||||
|
<flag name="gost">Enable GOST support</flag>
|
||||||
|
<flag name="http2">Enable HTTP/2 support for DoH<pkg>net-libs/nghttp2</pkg></flag>
|
||||||
|
<flag name="redis">Enable cache db backend which uses<pkg>dev-libs/hiredis</pkg></flag>
|
||||||
|
<flag name="tfo">Enable TCP Fast Open client+server</flag>
|
||||||
|
</use>
|
||||||
|
<upstream>
|
||||||
|
<remote-id type="github">NLnetLabs/unbound</remote-id>
|
||||||
|
</upstream>
|
||||||
|
</pkgmetadata>
|
|
@ -0,0 +1,219 @@
|
||||||
|
# Copyright 1999-2024 Gentoo Authors
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
EAPI=8
|
||||||
|
|
||||||
|
PYTHON_COMPAT=( python3_{10..12} )
|
||||||
|
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/unbound.net.asc
|
||||||
|
inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd verify-sig
|
||||||
|
|
||||||
|
MY_P=${PN}-${PV/_/}
|
||||||
|
DESCRIPTION="A validating, recursive and caching DNS resolver"
|
||||||
|
HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"
|
||||||
|
SRC_URI="
|
||||||
|
https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz
|
||||||
|
verify-sig? ( https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz.asc )
|
||||||
|
"
|
||||||
|
S="${WORKDIR}"/${MY_P}
|
||||||
|
|
||||||
|
LICENSE="BSD GPL-2"
|
||||||
|
SLOT="0/8" # ABI version of libunbound.so
|
||||||
|
if [[ ${PV} != *_rc* ]] ; then
|
||||||
|
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86"
|
||||||
|
fi
|
||||||
|
IUSE="debug dnscrypt dnstap +ecdsa ecs gost +http2 python redis selinux static-libs systemd test +tfo threads"
|
||||||
|
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
|
||||||
|
RESTRICT="!test? ( test )"
|
||||||
|
|
||||||
|
# Note: expat is needed by executable only but the Makefile is custom
|
||||||
|
# and doesn't make it possible to easily install the library without
|
||||||
|
# the executables. MULTILIB_USEDEP may be dropped once build system
|
||||||
|
# is fixed.
|
||||||
|
DEPEND="
|
||||||
|
acct-group/unbound
|
||||||
|
acct-user/unbound
|
||||||
|
>=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
|
||||||
|
>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]
|
||||||
|
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
|
||||||
|
dnscrypt? ( dev-libs/libsodium:=[${MULTILIB_USEDEP}] )
|
||||||
|
dnstap? (
|
||||||
|
dev-libs/fstrm[${MULTILIB_USEDEP}]
|
||||||
|
>=dev-libs/protobuf-c-1.0.2-r1:=[${MULTILIB_USEDEP}]
|
||||||
|
)
|
||||||
|
ecdsa? (
|
||||||
|
dev-libs/openssl:0[-bindist(-)]
|
||||||
|
)
|
||||||
|
http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
|
||||||
|
python? ( ${PYTHON_DEPS} )
|
||||||
|
redis? ( dev-libs/hiredis:= )
|
||||||
|
systemd? ( sys-apps/systemd )
|
||||||
|
"
|
||||||
|
BDEPEND="
|
||||||
|
virtual/pkgconfig
|
||||||
|
python? ( dev-lang/swig )
|
||||||
|
test? (
|
||||||
|
net-libs/ldns[examples(-)]
|
||||||
|
dev-util/splint
|
||||||
|
app-text/wdiff
|
||||||
|
)
|
||||||
|
verify-sig? ( sec-keys/openpgp-keys-unbound )
|
||||||
|
"
|
||||||
|
RDEPEND="
|
||||||
|
${DEPEND}
|
||||||
|
net-dns/dnssec-root
|
||||||
|
selinux? ( sec-policy/selinux-bind )
|
||||||
|
"
|
||||||
|
|
||||||
|
QA_CONFIG_IMPL_DECL_SKIP=(
|
||||||
|
ioctlsocket # not on Linux (bug #900060)
|
||||||
|
)
|
||||||
|
|
||||||
|
PATCHES=(
|
||||||
|
"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch
|
||||||
|
"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch
|
||||||
|
"${FILESDIR}"/${PN}-1.10.1-find-ar.patch
|
||||||
|
)
|
||||||
|
|
||||||
|
pkg_setup() {
|
||||||
|
use python && python-single-r1_pkg_setup
|
||||||
|
}
|
||||||
|
|
||||||
|
src_prepare() {
|
||||||
|
default
|
||||||
|
|
||||||
|
eautoreconf
|
||||||
|
|
||||||
|
# Required for the python part
|
||||||
|
multilib_copy_sources
|
||||||
|
}
|
||||||
|
|
||||||
|
src_configure() {
|
||||||
|
[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
|
||||||
|
multilib-minimal_src_configure
|
||||||
|
}
|
||||||
|
|
||||||
|
multilib_src_configure() {
|
||||||
|
local myeconfargs=(
|
||||||
|
$(multilib_native_use_enable debug)
|
||||||
|
$(multilib_native_use_enable gost)
|
||||||
|
$(multilib_native_use_enable dnscrypt)
|
||||||
|
$(multilib_native_use_enable dnstap)
|
||||||
|
$(multilib_native_use_enable ecdsa)
|
||||||
|
$(multilib_native_use_enable ecs subnet)
|
||||||
|
$(multilib_native_use_enable redis cachedb)
|
||||||
|
$(multilib_native_use_enable static-libs static)
|
||||||
|
$(multilib_native_use_enable systemd)
|
||||||
|
$(multilib_native_use_with python pythonmodule)
|
||||||
|
$(multilib_native_use_with python pyunbound)
|
||||||
|
$(multilib_native_use_with threads pthreads)
|
||||||
|
$(multilib_native_use_with http2 libnghttp2)
|
||||||
|
$(multilib_native_use_enable tfo tfo-client)
|
||||||
|
$(multilib_native_use_enable tfo tfo-server)
|
||||||
|
|
||||||
|
--disable-flto
|
||||||
|
--disable-rpath
|
||||||
|
--enable-event-api
|
||||||
|
--enable-ipsecmod
|
||||||
|
--enable-ipset
|
||||||
|
|
||||||
|
--with-libevent="${ESYSROOT}"/usr
|
||||||
|
$(multilib_native_usex redis --with-libhiredis="${ESYSROOT}/usr" --without-libhiredis)
|
||||||
|
|
||||||
|
--with-pidfile="${EPREFIX}"/run/unbound.pid
|
||||||
|
--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
|
||||||
|
--with-ssl="${ESYSROOT}"/usr
|
||||||
|
--with-libexpat="${ESYSROOT}"/usr
|
||||||
|
|
||||||
|
# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
|
||||||
|
# $(use_enable debug lock-checks)
|
||||||
|
# $(use_enable debug alloc-checks)
|
||||||
|
# $(use_enable debug alloc-lite)
|
||||||
|
# $(use_enable debug alloc-nonregional)
|
||||||
|
)
|
||||||
|
|
||||||
|
econf "${myeconfargs[@]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
multilib_src_install() {
|
||||||
|
emake DESTDIR="${D}" install
|
||||||
|
systemd_dounit contrib/unbound.service
|
||||||
|
systemd_dounit contrib/unbound.socket
|
||||||
|
}
|
||||||
|
|
||||||
|
multilib_src_install_all() {
|
||||||
|
use python && python_optimize
|
||||||
|
|
||||||
|
newinitd "${FILESDIR}"/unbound-r1.initd unbound
|
||||||
|
newconfd "${FILESDIR}"/unbound-r1.confd unbound
|
||||||
|
|
||||||
|
systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
|
||||||
|
systemd_dounit "${FILESDIR}"/unbound-anchor.service
|
||||||
|
|
||||||
|
dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
|
||||||
|
|
||||||
|
# bug #315519
|
||||||
|
dodoc contrib/unbound_munin_
|
||||||
|
|
||||||
|
docinto selinux
|
||||||
|
dodoc contrib/selinux/*
|
||||||
|
|
||||||
|
exeinto /usr/share/${PN}
|
||||||
|
doexe contrib/update-anchor.sh
|
||||||
|
|
||||||
|
# Create space for auto-trust-anchor-file...
|
||||||
|
keepdir /etc/unbound/var
|
||||||
|
fowners root:unbound /etc/unbound/var
|
||||||
|
fperms 0770 /etc/unbound/var
|
||||||
|
# ... and point example config to it
|
||||||
|
sed -i \
|
||||||
|
-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \
|
||||||
|
"${ED}/etc/unbound/unbound.conf" \
|
||||||
|
|| die
|
||||||
|
|
||||||
|
# Used to store cache data
|
||||||
|
keepdir /var/lib/${PN}
|
||||||
|
fowners root:unbound /var/lib/${PN}
|
||||||
|
fperms 0770 /var/lib/${PN}
|
||||||
|
|
||||||
|
find "${ED}" -name '*.la' -delete || die
|
||||||
|
if ! use static-libs ; then
|
||||||
|
find "${ED}" -name "*.a" -delete || die
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_postinst() {
|
||||||
|
if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]]; then
|
||||||
|
einfo "Trying to create unbound control key ..."
|
||||||
|
if ! unbound-control-setup &>/dev/null ; then
|
||||||
|
ewarn "Failed to create unbound control key!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]]; then
|
||||||
|
einfo ""
|
||||||
|
einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
|
||||||
|
einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf"
|
||||||
|
einfo "and run"
|
||||||
|
einfo ""
|
||||||
|
einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound"
|
||||||
|
einfo ""
|
||||||
|
einfo "as root to create it initially before starting unbound for the first time after enabling this."
|
||||||
|
einfo ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Our user is not available on prefix
|
||||||
|
use prefix && return
|
||||||
|
|
||||||
|
local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX)
|
||||||
|
su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null
|
||||||
|
if [[ $? -ne 0 ]]; then
|
||||||
|
ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!"
|
||||||
|
ewarn "Run the following commands to restore default permission:"
|
||||||
|
ewarn ""
|
||||||
|
ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var"
|
||||||
|
ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var"
|
||||||
|
else
|
||||||
|
# Cleanup -- no reason to die here!
|
||||||
|
rm -f "${_perm_check_testfile}"
|
||||||
|
fi
|
||||||
|
}
|
Loading…
Reference in New Issue