app-crypt/onak: add 0.6.4

Use github tarball which includes debian files (service and logrotate).
Provide init scrips for OpenRC and systemd.

add onak user/group

Useflags reworked :
remove dynamic, shared-libs backends is now forced to make all backends
enabled available. Thus test and REQUIRED_USE are removed.
add daemon to handle the key daemon (was default)
add systemd for sd-bus

sed-op :
use a subdir for log and socket (permissions are easier)
make systemd conditional

Install all files which can be useful: logrotate, cgi-conf

Bugs fixed by upstream in this release.

Closes: https://bugs.gentoo.org/945057
Closes: https://bugs.gentoo.org/957412
Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
Part-of: https://github.com/gentoo/gentoo/pull/44065
Signed-off-by: Sam James <sam@gentoo.org>

app-crypt/onak/Manifest

@@ -1 +1,2 @@
 DIST onak-0.6.3.tar.xz 717040 BLAKE2B bae6c5b6022b42f59d6cf978d5e79df7b8bb71692bc11cfd162563f8afacb07c81505e070a7f6154b409db78449cd3b2182a1232e6ff3dacb4588cd977482f44 SHA512 3952b2ca8dfc32236dc6fc92a35d0d8223ae03be343fef4fcda49875d9d2b6ceb042c1c2cd63c035c467ee2773a103a36c7407c201f23de176e2121559ea1bff
+DIST onak-0.6.4.tar.gz 826490 BLAKE2B 1f313a43aa72d6d4e03fc792b9c49c3273698d1d389a4b9feeef528651fd314ccc502ca602758f4ca0dafc7e11980c2ccf9d51a65ee1af02fabde1288f8f0293 SHA512 b8623d014d0f87d6370bf26014c92c9746ebb39a8e4a8fcf33e216703b85b85620eef62cb3bcf95d07985bc81a206c6cc141ef294356fa8afbbb60319f85af5a

app-crypt/onak/files/onak.init

@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${ONAK_CONFIG:=/etc/onak.ini}
+: ${ONAK_GROUP:=onak}
+: ${ONAK_USER:=onak}
+
+name="onak"
+description="Backend caching key daemon for onak OpenPGP keyserver"
+command=/usr/sbin/onak-keyd
+command_args="-f -c ${ONAK_CONFIG}"
+command_user="${ONAK_USER}:${ONAK_GROUP}"
+command_background=true
+pidfile="/run/onak.pid"
+
+start_pre() {
+	if ! grep -q -E '^use_keyd=*(true|yes|1)$' ${ONAK_CONFIG}; then
+		eerror "You must enable the keyd backend in ${ONAK_CONFIG} with 'use_keyd=true'"
+		return 1
+	fi
+	# only for socket
+	checkpath -d -q -o ${ONAK_USER}:${ONAK_GROUP} /var/run/onak
+}
+
+stop() {
+	ebegin "Stopping ${name}"
+	/usr/bin/onak-keydctl quit
+	eend $? "Failed to stop ${name}"
+}
+
+status() {
+	default_status
+	if [ $? = 0 ]; then
+		ebegin "Showing ${name} status"
+		/usr/bin/onak-keydctl status
+	fi
+}

app-crypt/onak/metadata.xml

@@ -3,6 +3,7 @@
 <pkgmetadata>
 	<!-- maintainer-needed -->
 	<use>
+		<flag name="daemon">Enable the backend caching key daemon</flag>
 		<flag name="dynamic">Support for dynamic loading of backends</flag>
 		<flag name="hkp">Proxying backend support</flag>
 	</use>

app-crypt/onak/onak-0.6.4.ebuild

@@ -0,0 +1,120 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake eapi9-ver systemd
+
+DESCRIPTION="onak is an OpenPGP keyserver"
+HOMEPAGE="
+	https://www.earth.li/projectpurple/progs/onak.html
+	https://github.com/u1f35c/onak
+"
+SRC_URI="https://github.com/u1f35c/onak/archive/${P}.tar.gz"
+S="${WORKDIR}/${PN}-${P}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+berkdb +daemon hkp postgres systemd"
+
+RDEPEND="
+	acct-group/onak
+	acct-user/onak
+	dev-libs/nettle:=
+	dev-libs/gmp:=
+	berkdb? ( sys-libs/db:= )
+	daemon? (
+		systemd? ( sys-apps/systemd:= )
+	)
+	hkp? ( net-misc/curl )
+	postgres? ( dev-db/postgresql:= )
+"
+DEPEND="${RDEPEND}"
+
+DOCS=(
+	README.md onak.sql
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.5.0-musl-strtouq-fix.patch"
+	"${FILESDIR}/${PN}-0.6.3-cmake.patch"
+)
+
+src_prepare() {
+	cmake_src_prepare
+
+	# use a subdir to handle permissions
+	sed -e 's:log/onak.log:log/onak/onak.log:' \
+		-i onak.ini.in || die
+	sed -e "s:/var/log/onak.log:${EPREFIX}/var/log/onak/onak.log:" \
+		-i debian/onak.logrotate || die
+
+	if ! use systemd; then
+		sed -e 's:^pkg_check_modules.*libsystemd:#&:' \
+			-i CMakeLists.txt || die
+	fi
+}
+
+src_configure() {
+	# The GENTOO_BACKENDS variable is controlled from the ebuild, therefore
+	# it can be synchronised with users USE preference, unlike the BACKENDS
+	# which is filled automagically based on detected libraries.
+	# Initialize backends with default values.
+	local backends=( file fs keyring stacked )
+	use berkdb && backends+=( db4 )
+	use daemon && backends+=( keyd )
+	use hkp && backends+=( hkp )
+	use postgres && backends+=( pg )
+	local mycmakeargs=(
+		-DCMAKE_DISABLE_FIND_PACKAGE_Git="ON"
+		-DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}/etc"
+		# force shared libs backends or only one backend will be available.
+		-DDBTYPE=dynamic
+		-DGENTOO_BACKENDS=$(IFS=';'; echo "${backends[*]}")
+		-DKEYD=$(usex daemon ON OFF)
+	)
+	cmake_src_configure
+}
+
+src_install() {
+	cmake_src_install
+
+	if use daemon; then
+		newinitd "${FILESDIR}"/onak.init onak
+		systemd_dounit debian/onak.service
+		systemd_dounit debian/onak.socket
+	fi
+
+	insinto /etc/logrotate.d
+	newins debian/onak.logrotate onak
+
+	keepdir /var/{lib,log}/${PN}
+	fowners -R onak:onak /var/{lib,log}/${PN}
+
+	insinto /usr/$(get_libdir)/cgi-bin/pks
+	doins "${BUILD_DIR}"/cgi/{add,gpgwww,hashquery,lookup}
+
+	docinto examples
+	dodoc doc/{apache2,mathopd.conf}
+}
+
+pkg_postinst() {
+	if ver_replacing -lt 0.6.4; then
+		ewarn "The key daemon is now handled by the useflag 'daemon'."
+		ewarn "This package provides the init scripts for both OpenRC and systemd."
+		if use daemon; then
+			ewarn " "
+			ewarn "The binaries for the key daemon has been renamed:"
+			ewarn "keyd -> onak-keyd"
+			ewarn "keydctl -> onak-keydctl"
+			ewarn "Consider adapt your scripts!"
+		fi
+		if [[ $(get_libdir) != "lib" ]]; then
+			ewarn " "
+			ewarn "The binaries for cgi has been moved:"
+			ewarn "${EPREFIX}/usr/lib/cgi-bin/ -> ${EPREFIX}/usr/$(get_libdir)/cgi-bin/"
+			ewarn "Consider adapt your scripts!"
+		fi
+	fi
+}