mirror of
https://github.com/gentoo-mirror/gentoo.git
synced 2026-01-06 00:05:54 +03:00
net-dns/unbound: add 1.24.1
Bug: https://bugs.gentoo.org/965149 Signed-off-by: Marc Schiffbauer <mschiff@gentoo.org>
This commit is contained in:
Marc Schiffbauer
@@ -4,3 +4,5 @@ DIST unbound-1.22.0.tar.gz 6682466 BLAKE2B 28cf5c6c5e29d4026beb33e8a17b012d1185a
|
||||
DIST unbound-1.22.0.tar.gz.asc 833 BLAKE2B 02e582f5c77d8aee1a19ebb67ab081972461c298983f407d3e1d4daf6d771f087b95a19c93b7368cb3d76c350e40c3b886088d5772d5c259d0f2672a8f009153 SHA512 afbf5a125f104a25576b1c416b32f68d715b41a025fc3a61e6ee3bc28f9988b4277c7f0dd188c51cbe5641f51ade20f740ea131d1a7b5db38e2d1462a9edbb69
|
||||
DIST unbound-1.23.0.tar.gz 6770860 BLAKE2B 160bb2bee5450313a68ac81b73fd4bb21b14f8d25172d314644a34309dc75f28802126533f3ac1cb8d48599af8cb7caca83b866c9193286396f81c5fabc29651 SHA512 9b5ca48f4f5189f168f76396f5895f39262a4333e589f8c64bb9298a55c6266f626a4a4399370c68edd9f6318215a401146bf9e16a101c54decf623668a398af
|
||||
DIST unbound-1.23.0.tar.gz.asc 833 BLAKE2B 40904bc924b11515ac58897fcf1cb990a01df2e4ee5262e4cfb6136157befbb13edcd3e572f8d89b8a827ca9966d25d15b6987038ac8b3c2386394f306de212c SHA512 f69db33fe13813fbbeb7c6bfe9158d1475f6e1ba4014e11c33f18e276f6f9fa903318d2718d7864b8af1dd5e4c90ac59b8d31579600c7e08eedf71b07301a10c
|
||||
DIST unbound-1.24.1.tar.gz 6902613 BLAKE2B e80c9e80139140a1de50bf4d8c6ee42917ce615e6b9d4297d1f29d940d1701c6da59200163025fa7870e41402021a878459c0a5c0d947f5ce718a16939311daa SHA512 0332053ff6b2a2b6743fe33460950780a26e2cad236d21a9219e7b1a04576a9887342d59bc244c02c405e93812168175bc3dbe5481a201296899e77cbd201ea5
|
||||
DIST unbound-1.24.1.tar.gz.asc 862 BLAKE2B 882061a310a0774520ac791e39d6c4b4fb0601b5e5fac9b03452a2cf8a7f11dac9b36f56f56530fca69eb2301e35b04513f4939936e0470306b049523d683dd3 SHA512 64f7baa0af069093f2d2a52d00fa41c26dd3a4a8eb39fbf90ae7355725121583f7dcd79257c064fa13d05f7bb0c602fe30104859a41164a81664cd4c1e275f30
|
||||
|
||||
213
net-dns/unbound/unbound-1.24.1.ebuild
Normal file
213
net-dns/unbound/unbound-1.24.1.ebuild
Normal file
@@ -0,0 +1,213 @@
|
||||
# Copyright 1999-2025 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=8
|
||||
|
||||
PYTHON_COMPAT=( python3_{11..14} )
|
||||
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/unbound.net.asc
|
||||
inherit autotools flag-o-matic python-single-r1 systemd verify-sig multilib-minimal
|
||||
|
||||
MY_P=${PN}-${PV/_/}
|
||||
DESCRIPTION="A validating, recursive and caching DNS resolver"
|
||||
HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"
|
||||
SRC_URI="
|
||||
https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz
|
||||
verify-sig? ( https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz.asc )
|
||||
"
|
||||
S="${WORKDIR}"/${MY_P}
|
||||
|
||||
LICENSE="BSD GPL-2"
|
||||
SLOT="0/8" # ABI version of libunbound.so
|
||||
if [[ ${PV} != *_rc* ]] ; then
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
|
||||
fi
|
||||
IUSE="debug dnscrypt dnstap +ecdsa ecs gost +http2 python redis selinux static-libs systemd test +tfo threads"
|
||||
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
|
||||
RESTRICT="!test? ( test )"
|
||||
|
||||
# Note: expat is needed by executable only but the Makefile is custom
|
||||
# and doesn't make it possible to easily install the library without
|
||||
# the executables. MULTILIB_USEDEP may be dropped once build system
|
||||
# is fixed.
|
||||
DEPEND="
|
||||
acct-group/unbound
|
||||
acct-user/unbound
|
||||
>=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
|
||||
>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]
|
||||
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
|
||||
dnscrypt? ( dev-libs/libsodium:=[${MULTILIB_USEDEP}] )
|
||||
dnstap? (
|
||||
dev-libs/fstrm[${MULTILIB_USEDEP}]
|
||||
>=dev-libs/protobuf-c-1.0.2-r1:=[${MULTILIB_USEDEP}]
|
||||
)
|
||||
ecdsa? (
|
||||
dev-libs/openssl:0[-bindist(-)]
|
||||
)
|
||||
http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
|
||||
python? ( ${PYTHON_DEPS} )
|
||||
redis? ( dev-libs/hiredis:= )
|
||||
systemd? ( sys-apps/systemd )
|
||||
"
|
||||
BDEPEND="
|
||||
virtual/pkgconfig
|
||||
python? ( dev-lang/swig )
|
||||
test? (
|
||||
net-libs/ldns[examples(-)]
|
||||
dev-util/splint
|
||||
app-text/wdiff
|
||||
)
|
||||
verify-sig? ( >=sec-keys/openpgp-keys-unbound-20250515 )
|
||||
"
|
||||
RDEPEND="
|
||||
${DEPEND}
|
||||
net-dns/dnssec-root
|
||||
selinux? ( sec-policy/selinux-bind )
|
||||
"
|
||||
|
||||
QA_CONFIG_IMPL_DECL_SKIP=(
|
||||
ioctlsocket # not on Linux (bug #900060)
|
||||
)
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch
|
||||
"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch
|
||||
"${FILESDIR}"/${PN}-1.10.1-find-ar.patch
|
||||
)
|
||||
|
||||
pkg_setup() {
|
||||
use python && python-single-r1_pkg_setup
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
default
|
||||
|
||||
eautoreconf
|
||||
|
||||
# Required for the python part
|
||||
multilib_copy_sources
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
|
||||
multilib-minimal_src_configure
|
||||
}
|
||||
|
||||
multilib_src_configure() {
|
||||
local myeconfargs=(
|
||||
$(multilib_native_use_enable debug)
|
||||
$(multilib_native_use_enable gost)
|
||||
$(multilib_native_use_enable dnscrypt)
|
||||
$(multilib_native_use_enable dnstap)
|
||||
$(multilib_native_use_enable ecdsa)
|
||||
$(multilib_native_use_enable ecs subnet)
|
||||
$(multilib_native_use_enable redis cachedb)
|
||||
$(multilib_native_use_enable static-libs static)
|
||||
$(multilib_native_use_enable systemd)
|
||||
$(multilib_native_use_with python pythonmodule)
|
||||
$(multilib_native_use_with python pyunbound)
|
||||
$(multilib_native_use_with threads pthreads)
|
||||
$(multilib_native_use_with http2 libnghttp2)
|
||||
$(multilib_native_use_enable tfo tfo-client)
|
||||
$(multilib_native_use_enable tfo tfo-server)
|
||||
|
||||
--disable-flto
|
||||
--disable-rpath
|
||||
--enable-event-api
|
||||
--enable-ipsecmod
|
||||
|
||||
--with-libevent="${ESYSROOT}"/usr
|
||||
$(multilib_native_usex redis --with-libhiredis="${ESYSROOT}/usr" --without-libhiredis)
|
||||
|
||||
--with-pidfile="${EPREFIX}"/run/unbound.pid
|
||||
--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
|
||||
--with-ssl="${ESYSROOT}"/usr
|
||||
--with-libexpat="${ESYSROOT}"/usr
|
||||
|
||||
# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
|
||||
# $(use_enable debug lock-checks)
|
||||
# $(use_enable debug alloc-checks)
|
||||
# $(use_enable debug alloc-lite)
|
||||
# $(use_enable debug alloc-nonregional)
|
||||
)
|
||||
|
||||
econf "${myeconfargs[@]}"
|
||||
}
|
||||
|
||||
multilib_src_install() {
|
||||
emake DESTDIR="${D}" install
|
||||
systemd_dounit contrib/unbound.service
|
||||
systemd_dounit contrib/unbound.socket
|
||||
systemd_dounit contrib/unbound_portable.service
|
||||
}
|
||||
|
||||
multilib_src_install_all() {
|
||||
use python && python_optimize
|
||||
|
||||
newinitd "${FILESDIR}"/unbound-r1.initd unbound
|
||||
newconfd "${FILESDIR}"/unbound-r1.confd unbound
|
||||
|
||||
systemd_newunit "${FILESDIR}"/unbound-anchor-r1.service unbound-anchor.service
|
||||
|
||||
dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
|
||||
dodoc contrib/{unbound_munin_,metrics.awk}
|
||||
|
||||
docinto selinux
|
||||
dodoc contrib/selinux/*
|
||||
|
||||
exeinto /usr/share/${PN}
|
||||
doexe contrib/{update-anchor.sh,unbound_cache.sh}
|
||||
|
||||
# Create space for auto-trust-anchor-file eventually
|
||||
# downloaded by unbound-anchor
|
||||
keepdir /etc/unbound/var
|
||||
fowners root:unbound /etc/unbound/var
|
||||
fperms 0770 /etc/unbound/var
|
||||
|
||||
# Used to store cache data
|
||||
keepdir /var/lib/${PN}
|
||||
fowners root:unbound /var/lib/${PN}
|
||||
fperms 0770 /var/lib/${PN}
|
||||
|
||||
find "${ED}" -name '*.la' -delete || die
|
||||
if ! use static-libs ; then
|
||||
find "${ED}" -name "*.a" -delete || die
|
||||
fi
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]]; then
|
||||
einfo "Trying to create unbound control key ..."
|
||||
if ! unbound-control-setup &>/dev/null ; then
|
||||
ewarn "Failed to create unbound control key!"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]]; then
|
||||
einfo ""
|
||||
einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
|
||||
einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf"
|
||||
einfo "and run"
|
||||
einfo ""
|
||||
einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound"
|
||||
einfo ""
|
||||
einfo "as root to create it initially before starting unbound for the first time after enabling this."
|
||||
einfo ""
|
||||
einfo "If using systemd you may also enable the unbound-anchor.service"
|
||||
fi
|
||||
|
||||
# Our user is not available on prefix
|
||||
use prefix && return
|
||||
|
||||
local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX)
|
||||
su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!"
|
||||
ewarn "Run the following commands to restore default permission:"
|
||||
ewarn ""
|
||||
ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var"
|
||||
ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var"
|
||||
else
|
||||
# Cleanup -- no reason to die here!
|
||||
rm -f "${_perm_check_testfile}"
|
||||
fi
|
||||
}
|
||||
Reference in New Issue
Block a user