* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/
@ 2016-10-14 21:17 Christian Ruppert
0 siblings, 0 replies; 6+ messages in thread
From: Christian Ruppert @ 2016-10-14 21:17 UTC (permalink / raw
To: gentoo-commits
commit: 5635e834ea0fdbb0cf6ffa47fa766ab168a1661b
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 14 21:12:31 2016 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Fri Oct 14 21:12:31 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5635e834
net-dns/bind: Version bump. Also fixes bug #596148
Package-Manager: portage-2.3.2
net-dns/bind/Manifest | 1 +
net-dns/bind/bind-9.11.0.ebuild | 418 ++++++++++++++++++++++++++++++++++++++
net-dns/bind/files/named.cache-r3 | 91 +++++++++
net-dns/bind/metadata.xml | 2 +
4 files changed, 512 insertions(+)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index b1be883..2b7f5f4 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,4 @@
DIST bind-9.10.3-P4.tar.gz 8529535 SHA256 2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e SHA512 9c7b710054cd1230e7e470541a13850def56b2247c404a1800e0d0dad6aba20b3c3c09b1a17cd6017435525e84fa2f7cde40ae13feeeb7747efb26c66961aadd WHIRLPOOL 9e0384ac8c8b97720c29ed0014613acdde4d7f5a24353dc3f1712d73c37ac8ff00660f80c45c66fab8045afbbf41c7e26b9692b93040fa1db59a2724031ad129
DIST bind-9.10.4-P3.tar.gz 9299078 SHA256 a075e5ce89fddccb0e64d1777d59161387dd5151cf4e7d1a93875a487812baef SHA512 6ffe0b488a5e5c4547723b1570b5b71287fbcb93b54a89d79c43ddd661bbf5c575edc8b4dae275a34916d3951907c2c6a4e58aee1ee9c87a4c3075de4671c124 WHIRLPOOL 3ec3ff7be4bd9fc8be5c57319b8e510ae8298007256ac149f6eb92901e9fb074eccd7616284c7aa846741fa807971f156f92c254213d0dfbf4f723faf584fd79
+DIST bind-9.11.0.tar.gz 9789272 SHA256 6f0b403036e0281b272a0fbdd0dc3417f3050b625cb059c5409432611418058b SHA512 50a203ed584260a6e71881ce24d69258af72e6762b7b3fad378e5fe492bcbfe0d3548270cf037dca313d37f4dccf82c0e5f13927782a20b992f72850274954f8 WHIRLPOOL 6748d94a55e4edc2367b4996c4f529e696a3e267336c61753dec600eff0513d116dea966cc3ad923989d3eda879e63bece07ea91b1e63682b06313c096e09abc
DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2
diff --git a/net-dns/bind/bind-9.11.0.ebuild b/net-dns/bind/bind-9.11.0.ebuild
new file mode 100644
index 00000000..f81e861
--- /dev/null
+++ b/net-dns/bind/bind-9.11.0.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI="5"
+
+PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
+
+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+NSLINT_DIR="contrib/nslint-3.0a2/"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
+# sdb-ldap? (
+# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
+# )"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
+json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
++threads urandom xml +zlib"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="postgres? ( dlz )
+ berkdb? ( dlz )
+ mysql? ( dlz !threads )
+ odbc? ( dlz )
+ ldap? ( dlz )
+ gost? ( !libressl ssl )
+ threads? ( caps )
+ dnstap? ( threads )"
+# sdb-ldap? ( dlz )
+
+DEPEND="
+ ssl? (
+ !libressl? ( dev-libs/openssl:0[-bindist] )
+ libressl? ( dev-libs/libressl )
+ )
+ mysql? ( >=virtual/mysql-4.0 )
+ odbc? ( >=dev-db/unixODBC-2.2.6 )
+ ldap? ( net-nds/openldap )
+ idn? ( net-dns/idnkit )
+ postgres? ( dev-db/postgresql:= )
+ caps? ( >=sys-libs/libcap-2.1.0 )
+ xml? ( dev-libs/libxml2 )
+ geoip? ( >=dev-libs/geoip-1.4.6 )
+ gssapi? ( virtual/krb5 )
+ gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
+ seccomp? ( sys-libs/libseccomp )
+ json? ( dev-libs/json-c )
+ lmdb? ( dev-db/lmdb )
+ zlib? ( sys-libs/zlib )
+ dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )"
+# sdb-ldap? ( net-nds/openldap )
+
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-bind )
+ || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+pkg_setup() {
+ ebegin "Creating named group and user"
+ enewgroup named 40
+ enewuser named 40 -1 /etc/bind named
+ eend ${?}
+}
+
+src_prepare() {
+ # Adjusting PATHs in manpages
+ for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
+ sed -i \
+ -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
+ -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
+ -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
+ "${i}" || die "sed failed, ${i} doesn't exist"
+ done
+
+# if use dlz; then
+# # sdb-ldap patch as per bug #160567
+# # Upstream URL: http://bind9-ldap.bayour.com/
+# # New patch take from bug 302735
+# if use sdb-ldap; then
+# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
+# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
+# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
+# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
+# fi
+# fi
+
+ # should be installed by bind-tools
+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+ # Disable tests for now, bug 406399
+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+ if use nslint; then
+ sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
+ fi
+
+ # bug #220361
+ rm aclocal.m4
+ rm -rf libtool.m4/
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+
+ if use urandom; then
+ myconf="${myconf} --with-randomdev=/dev/urandom"
+ else
+ myconf="${myconf} --with-randomdev=/dev/random"
+ fi
+
+ use geoip && myconf="${myconf} --with-geoip"
+
+ # bug #158664
+# gcc-specs-ssp && replace-flags -O[23s] -O
+
+ # To include db.h from proper path
+ use berkdb && append-flags "-I$(db_includedir)"
+
+ export BUILD_CC=$(tc-getBUILD_CC)
+ econf \
+ --sysconfdir=/etc/bind \
+ --localstatedir=/var \
+ --with-libtool \
+ --enable-full-report \
+ --without-readline \
+ $(use_enable caps linux-caps) \
+ $(use_enable filter-aaaa) \
+ $(use_enable fixed-rrset) \
+ $(use_enable ipv6) \
+ $(use_enable rpz rpz-nsdname) \
+ $(use_enable rpz rpz-nsip) \
+ $(use_enable seccomp) \
+ $(use_enable threads) \
+ $(use_with berkdb dlz-bdb) \
+ $(use_with dlz dlopen) \
+ $(use_with dlz dlz-filesystem) \
+ $(use_with dlz dlz-stub) \
+ $(use_with gost) \
+ $(use_with gssapi) \
+ $(use_with idn) \
+ $(use_with json libjson) \
+ $(use_with ldap dlz-ldap) \
+ $(use_with mysql dlz-mysql) \
+ $(use_with odbc dlz-odbc) \
+ $(use_with postgres dlz-postgres) \
+ $(use_with lmdb) \
+ $(use_with python) \
+ $(use_with ssl ecdsa) \
+ $(use_with ssl openssl "${EPREFIX}"/usr) \
+ $(use_with xml libxml2) \
+ $(use_with zlib) \
+ ${myconf}
+
+ # $(use_enable static-libs static) \
+
+ # bug #151839
+ echo '#undef SO_BSDCOMPAT' >> config.h
+
+ if use nslint; then
+ cd $NSLINT_DIR
+ econf
+ fi
+}
+
+src_compile() {
+ emake
+
+ if use nslint; then
+ emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ if use nslint; then
+ cd $NSLINT_DIR
+ dobin nslint
+ doman nslint.8
+ cd "${S}"
+ fi
+
+ dodoc CHANGES FAQ README
+
+ if use idn; then
+ dodoc contrib/idn/README.idnkit
+ fi
+
+ if use doc; then
+ dodoc doc/arm/Bv9ARM.pdf
+
+ docinto misc
+ dodoc doc/misc/*
+
+ # might a 'html' useflag make sense?
+ docinto html
+ dohtml -r doc/arm/*
+
+ docinto contrib
+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+ # some handy-dandy dynamic dns examples
+ pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+ popd 1>/dev/null
+ fi
+
+ insinto /etc/bind
+ newins "${FILESDIR}"/named.conf-r8 named.conf
+
+ # ftp://ftp.rs.internic.net/domain/named.cache:
+ insinto /var/bind
+ newins "${FILESDIR}"/named.cache-r3 named.cache
+
+ insinto /var/bind/pri
+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+ newinitd "${FILESDIR}"/named.init-r13 named
+ newconfd "${FILESDIR}"/named.confd-r7 named
+
+ if use gost; then
+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
+ else
+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
+ fi
+
+ newenvd "${FILESDIR}"/10bind.env 10bind
+
+ # Let's get rid of those tools and their manpages since they're provided by bind-tools
+ rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
+ rm -f "${D}"/usr/share/man/man8/nsupdate.8*
+ rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
+ rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
+ for tool in dsfromkey importkey keyfromlabel keygen \
+ revoke settime signzone verify; do
+ rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
+ rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
+ done
+
+ # bug 405251, library archives aren't properly handled by --enable/disable-static
+ if ! use static-libs; then
+ find "${D}" -type f -name '*.a' -delete || die
+ fi
+
+ # bug 405251
+ find "${D}" -type f -name '*.la' -delete || die
+
+ if use python; then
+ install_python_tools() {
+ dosbin bin/python/dnssec-{checkds,coverage}
+ }
+ python_foreach_impl install_python_tools
+
+ python_replicate_script "${D}usr/sbin/dnssec-checkds"
+ python_replicate_script "${D}usr/sbin/dnssec-coverage"
+ fi
+
+ # bug 450406
+ dosym named.cache /var/bind/root.cache
+
+ dosym /var/bind/pri /etc/bind/pri
+ dosym /var/bind/sec /etc/bind/sec
+ dosym /var/bind/dyn /etc/bind/dyn
+ keepdir /var/bind/{pri,sec,dyn}
+
+ dodir /var/log/named
+
+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+ fperms 0750 /etc/bind /var/bind/pri
+ fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+ systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ systemd_dotmpfilesd "${FILESDIR}"/named.conf
+ exeinto /usr/libexec
+ doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+ if [ ! -f '/etc/bind/rndc.key' ]; then
+ if use urandom; then
+ einfo "Using /dev/urandom for generating rndc.key"
+ /usr/sbin/rndc-confgen -r /dev/urandom -a
+ echo
+ else
+ einfo "Using /dev/random for generating rndc.key"
+ /usr/sbin/rndc-confgen -a
+ echo
+ fi
+ chown root:named /etc/bind/rndc.key
+ chmod 0640 /etc/bind/rndc.key
+ fi
+
+ einfo
+ einfo "You can edit /etc/conf.d/named to customize named settings"
+ einfo
+ use mysql || use postgres || use ldap && {
+ elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+ elog "uncomment the specified rc_named_* lines in your"
+ elog "/etc/conf.d/named config to ensure they'll start before bind"
+ einfo
+ }
+ einfo "If you'd like to run bind in a chroot AND this is a new"
+ einfo "install OR your bind doesn't already run in a chroot:"
+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+ einfo
+
+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+ if [[ -n ${CHROOT} ]]; then
+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ elog "To enable the old behaviour (without using mount) uncomment the"
+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ elog "If you decide to use the new/default method, ensure to make backup"
+ elog "first and merge your existing configs/zones to /etc/bind and"
+ elog "/var/bind because bind will now mount the needed directories into"
+ elog "the chroot dir."
+ fi
+}
+
+pkg_config() {
+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+ if [[ -z "${CHROOT}" ]]; then
+ eerror "This config script is designed to automate setting up"
+ eerror "a chrooted bind/named. To do so, please first uncomment"
+ eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+ die "Unset CHROOT"
+ fi
+ if [[ -d "${CHROOT}" ]]; then
+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+ ewarn "To enable the old behaviour (without using mount) uncomment the"
+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+ ewarn
+ ewarn "${CHROOT} already exists... some things might become overridden"
+ ewarn "press CTRL+C if you don't want to continue"
+ sleep 10
+ fi
+
+ echo; einfo "Setting up the chroot directory..."
+
+ mkdir -m 0750 -p ${CHROOT}
+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
+ mkdir -m 0750 -p ${CHROOT}/etc/bind
+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
+ # As of bind 9.8.0
+ if has_version net-dns/bind[gost]; then
+ if [ "$(get_libdir)" = "lib64" ]; then
+ mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
+ ln -s lib64 ${CHROOT}/usr/lib
+ else
+ mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
+ fi
+ fi
+ chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
+
+ mknod ${CHROOT}/dev/null c 1 3
+ chmod 0666 ${CHROOT}/dev/null
+
+ mknod ${CHROOT}/dev/zero c 1 5
+ chmod 0666 ${CHROOT}/dev/zero
+
+ if use urandom; then
+ mknod ${CHROOT}/dev/urandom c 1 9
+ chmod 0666 ${CHROOT}/dev/urandom
+ else
+ mknod ${CHROOT}/dev/random c 1 8
+ chmod 0666 ${CHROOT}/dev/random
+ fi
+
+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+ cp -a /etc/bind ${CHROOT}/etc/
+ cp -a /var/bind ${CHROOT}/var/
+ fi
+
+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
+ fi
+
+ elog "You may need to add the following line to your syslog-ng.conf:"
+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}
diff --git a/net-dns/bind/files/named.cache-r3 b/net-dns/bind/files/named.cache-r3
new file mode 100644
index 00000000..805aded
--- /dev/null
+++ b/net-dns/bind/files/named.cache-r3
@@ -0,0 +1,91 @@
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: August 25, 2016
+; related version of root zone: 2016082500
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file
diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml
index 26a7363..f8bf546 100644
--- a/net-dns/bind/metadata.xml
+++ b/net-dns/bind/metadata.xml
@@ -7,6 +7,7 @@
</maintainer>
<longdescription>ISC's bind dns server, used the world 'round.</longdescription>
<use>
+ <flag name="dnstap">Enables dnstap packet logging</flag>
<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
<flag name="fetchlimit">Recursive fetch limits for DoS attack mitigation</flag>
<flag name="filter-aaaa">Enable filtering of AAAA records over IPv4</flag>
@@ -14,6 +15,7 @@
<flag name="gost">Enables gost OpenSSL engine support</flag>
<flag name="gssapi">Enable gssapi support</flag>
<flag name="json">Enable JSON statistics channel</flag>
+ <flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag>
<flag name="nslint">Build and install the nslint util</flag>
<flag name="rpz">Enable response policy rewriting (rpz)</flag>
<flag name="sit">Source Identity Token support (sit)</flag>
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/
@ 2017-09-21 7:45 Christian Ruppert
0 siblings, 0 replies; 6+ messages in thread
From: Christian Ruppert @ 2017-09-21 7:45 UTC (permalink / raw
To: gentoo-commits
commit: 1b03657c89ce1ba6cd869620ab3a9951fe5c9aae
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 21 07:39:59 2017 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Thu Sep 21 07:39:59 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b03657c
net-dns/bind: Remove old. Version bump to 9.11.2. Minor named.cache update
Package-Manager: Portage-2.3.10, Repoman-2.3.3
net-dns/bind/Manifest | 2 +-
.../{bind-9.11.0_p5.ebuild => bind-9.11.2.ebuild} | 7 +--
net-dns/bind/files/named.cache-r3 | 52 +++++++++++-----------
3 files changed, 29 insertions(+), 32 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index b74af14272d..6da81ec329c 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,4 +1,4 @@
-DIST bind-9.11.0-P5.tar.gz 9698446 SHA256 1e283f0567b484687dfd7b936e26c9af4f64043daf73cbd8f3eb1122c9fb71f5 SHA512 142407db35a7bba6e676f2b3dc726a3a6ece9df8a27722f108ec309e24c4614da097b6cd31675c4925e68ff147896bc0a16dd71aa74dd73753ba86a2dbd7d3bd WHIRLPOOL a2aba3a52ad3610891733a3c8d93c0f5b263f706e36178a6f642b18e607a665ad0b15bdf679b9a5d149e9262eb5f718e23a09e989b63a418ee8fdfcb7f435186
DIST bind-9.11.1-P1.tar.gz 9745364 SHA256 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638 SHA512 5683ae7be264e11b5b2a843d216e3ca4959b7de109863d5435090b2e033d6c405689e4ce57385ca787b1c948f4437aea39b8d5164a1d347c167f87337e9fc760 WHIRLPOOL a9dd3cabfe04f16a60ce9d55d3bfdd57d05bddd9fb86996e952756bf40b63dda78d269903d1ae951b499cea899e154e2936117ad2bc6de0e30c0937c8292e45b
DIST bind-9.11.1-P3.tar.gz 9749095 SHA256 52426e75432e46996dc90f24fca027805a341c38fbbb022b60dc9acd2677ccf4 SHA512 bf92ce1e07e5c84cc42b413bdbd3ad97f37712a6dc330dc10182992d948b7a393d5446efa188379b39020c34d810cebe2a7acccc9b8aa6bb564e1f3e6be42e96 WHIRLPOOL 93c139c979a60f9f3d8e54cf9f23e25a6d64180f7c2be6ba8c41488e9eec985c0bd67ab28e7f502c155c57b643b47b4c12d1ee5877077be37e07138adbd93a56
+DIST bind-9.11.2.tar.gz 9782180 SHA256 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a SHA512 c837c0a360049b0077b155eede9b6a71f63d1caca2ddf20a8ab7860a1033a3750e49cd2804dcf8c43b0aef04bcea99422d1302b4eae1646eb69a5ae6d64625b9 WHIRLPOOL e77846ffbe8f70b295f4aeeb110946ba98a3d4a2fd79b059728226d0916429e8a5657b1dea0f545581588153f3f00ba7c99e326359be4bad3f1ed637a75d52ed
DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2
diff --git a/net-dns/bind/bind-9.11.0_p5.ebuild b/net-dns/bind/bind-9.11.2.ebuild
similarity index 97%
rename from net-dns/bind/bind-9.11.0_p5.ebuild
rename to net-dns/bind/bind-9.11.2.ebuild
index 678d7c97043..f7482be23e5 100644
--- a/net-dns/bind/bind-9.11.0_p5.ebuild
+++ b/net-dns/bind/bind-9.11.2.ebuild
@@ -38,7 +38,7 @@ SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
SLOT="0"
-KEYWORDS="alpha amd64 arm ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
# -berkdb by default re bug 602682
IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
@@ -100,9 +100,6 @@ pkg_setup() {
}
src_prepare() {
- # bug 600212
- epatch "${FILESDIR}"/${P}-dyndb-dlopen.patch
-
# Adjusting PATHs in manpages
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
sed -i \
@@ -221,7 +218,7 @@ src_install() {
cd "${S}"
fi
- dodoc CHANGES FAQ README
+ dodoc CHANGES README
if use idn; then
dodoc contrib/idn/README.idnkit
diff --git a/net-dns/bind/files/named.cache-r3 b/net-dns/bind/files/named.cache-r3
index 231cb2a169c..198d1b39b9b 100644
--- a/net-dns/bind/files/named.cache-r3
+++ b/net-dns/bind/files/named.cache-r3
@@ -1,92 +1,92 @@
-; This file holds the information on root name servers needed to
+; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
+; configuration file of BIND domain name servers).
+;
; This file is made available by InterNIC
; under anonymous FTP as
-; file /domain/named.cache
+; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
-;
-; last update: October 20, 2016
-; related version of root zone: 2016102001
-;
-; formerly NS.INTERNIC.NET
+;
+; last update: August 29, 2017
+; related version of root zone: 2017082901
+;
+; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
-;
-; FORMERLY NS1.ISI.EDU
+;
+; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
-B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
-;
-; FORMERLY C.PSI.NET
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
+;
+; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
-;
-; FORMERLY TERP.UMD.EDU
+;
+; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
-;
+;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
-;
+;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
-;
+;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
-;
+;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
-;
+;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
-;
+;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
-;
+;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
-;
+;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
-;
+;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
-; End of file
+; End of file
\ No newline at end of file
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/
@ 2018-06-19 8:03 Christian Ruppert
0 siblings, 0 replies; 6+ messages in thread
From: Christian Ruppert @ 2018-06-19 8:03 UTC (permalink / raw
To: gentoo-commits
commit: ed0e614b9f561112b74c28c0f4ce9343164861ac
Author: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 19 08:03:14 2018 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Tue Jun 19 08:03:27 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed0e614b
net-dns/bind: Revbumps re bug 657654 / CVE-2018-5738
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../{bind-9.11.3.ebuild => bind-9.11.3-r1.ebuild} | 3 +
...d-9.12.1_p2.ebuild => bind-9.12.1_p2-r1.ebuild} | 3 +
net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch | 110 +++++++++++++++++++++
.../bind/files/bind-9.12.1_p2-CVE-2018-5738.patch | 95 ++++++++++++++++++
4 files changed, 211 insertions(+)
diff --git a/net-dns/bind/bind-9.11.3.ebuild b/net-dns/bind/bind-9.11.3-r1.ebuild
similarity index 99%
rename from net-dns/bind/bind-9.11.3.ebuild
rename to net-dns/bind/bind-9.11.3-r1.ebuild
index 4da95bc7613..74e4fcd1fc1 100644
--- a/net-dns/bind/bind-9.11.3.ebuild
+++ b/net-dns/bind/bind-9.11.3-r1.ebuild
@@ -109,6 +109,9 @@ src_prepare() {
"${i}" || die "sed failed, ${i} doesn't exist"
done
+ # bug 657654 / CVE-2018-5738
+ epatch "${FILESDIR}/${P}-CVE-2018-5738.patch"
+
# if use dlz; then
# # sdb-ldap patch as per bug #160567
# # Upstream URL: http://bind9-ldap.bayour.com/
diff --git a/net-dns/bind/bind-9.12.1_p2.ebuild b/net-dns/bind/bind-9.12.1_p2-r1.ebuild
similarity index 99%
rename from net-dns/bind/bind-9.12.1_p2.ebuild
rename to net-dns/bind/bind-9.12.1_p2-r1.ebuild
index a8a7a130b53..3e1a46c7bf0 100644
--- a/net-dns/bind/bind-9.12.1_p2.ebuild
+++ b/net-dns/bind/bind-9.12.1_p2-r1.ebuild
@@ -107,6 +107,9 @@ src_prepare() {
"${i}" || die "sed failed, ${i} doesn't exist"
done
+ # bug 657654 / CVE-2018-5738
+ epatch "${FILESDIR}/${P}-CVE-2018-5738.patch"
+
# if use dlz; then
# # sdb-ldap patch as per bug #160567
# # Upstream URL: http://bind9-ldap.bayour.com/
diff --git a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch
new file mode 100644
index 00000000000..4a2c7832ebf
--- /dev/null
+++ b/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch
@@ -0,0 +1,110 @@
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 64a5180..41a1826 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -3376,10 +3376,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ dns_acache_setcachesize(view->acache, max_acache_size);
+ }
+
+- CHECK(configure_view_acl(vconfig, config, ns_g_config,
+- "allow-query", NULL, actx,
+- ns_g_mctx, &view->queryacl));
+-
+ /*
+ * Make the list of response policy zone names for a view that
+ * is used for real lookups and so cares about hints.
+@@ -4258,9 +4254,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ INSIST(result == ISC_R_SUCCESS);
+ view->trust_anchor_telemetry = cfg_obj_asboolean(obj);
+
+- CHECK(configure_view_acl(vconfig, config, ns_g_config,
+- "allow-query-cache-on", NULL, actx,
+- ns_g_mctx, &view->cacheonacl));
+ /*
+ * Set sources where additional data and CNAME/DNAME
+ * targets for authoritative answers may be found.
+@@ -4287,22 +4280,40 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ view->additionalfromcache = ISC_TRUE;
+ }
+
++ CHECK(configure_view_acl(vconfig, config, ns_g_config,
++ "allow-query-cache-on", NULL, actx,
++ ns_g_mctx, &view->cacheonacl));
++
+ /*
+- * Set "allow-query-cache", "allow-recursion", and
+- * "allow-recursion-on" acls if configured in named.conf.
+- * (Ignore the global defaults for now, because these ACLs
+- * can inherit from each other when only some of them set at
+- * the options/view level.)
++ * Set the "allow-query", "allow-query-cache", "allow-recursion",
++ * and "allow-recursion-on" ACLs if configured in named.conf, but
++ * NOT from the global defaults. This is done by leaving the third
++ * argument to configure_view_acl() NULL.
++ *
++ * We ignore the global defaults here because these ACLs
++ * can inherit from each other. If any are still unset after
++ * applying the inheritance rules, we'll look up the defaults at
++ * that time.
+ */
+- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache",
+- NULL, actx, ns_g_mctx, &view->cacheacl));
++
++ /* named.conf only */
++ CHECK(configure_view_acl(vconfig, config, NULL,
++ "allow-query", NULL, actx,
++ ns_g_mctx, &view->queryacl));
++
++ /* named.conf only */
++ CHECK(configure_view_acl(vconfig, config, NULL,
++ "allow-query-cache", NULL, actx,
++ ns_g_mctx, &view->cacheacl));
+
+ if (strcmp(view->name, "_bind") != 0 &&
+ view->rdclass != dns_rdataclass_chaos)
+ {
++ /* named.conf only */
+ CHECK(configure_view_acl(vconfig, config, NULL,
+ "allow-recursion", NULL, actx,
+ ns_g_mctx, &view->recursionacl));
++ /* named.conf only */
+ CHECK(configure_view_acl(vconfig, config, NULL,
+ "allow-recursion-on", NULL, actx,
+ ns_g_mctx, &view->recursiononacl));
+@@ -4340,18 +4351,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ * the global config.
+ */
+ if (view->recursionacl == NULL) {
++ /* global default only */
+ CHECK(configure_view_acl(NULL, NULL, ns_g_config,
+ "allow-recursion", NULL,
+ actx, ns_g_mctx,
+ &view->recursionacl));
+ }
+ if (view->recursiononacl == NULL) {
++ /* global default only */
+ CHECK(configure_view_acl(NULL, NULL, ns_g_config,
+ "allow-recursion-on", NULL,
+ actx, ns_g_mctx,
+ &view->recursiononacl));
+ }
+ if (view->cacheacl == NULL) {
++ /* global default only */
+ CHECK(configure_view_acl(NULL, NULL, ns_g_config,
+ "allow-query-cache", NULL,
+ actx, ns_g_mctx,
+@@ -4365,6 +4379,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ CHECK(dns_acl_none(mctx, &view->cacheacl));
+ }
+
++ if (view->queryacl == NULL) {
++ /* global default only */
++ CHECK(configure_view_acl(NULL, NULL, ns_g_config,
++ "allow-query", NULL,
++ actx, ns_g_mctx,
++ &view->queryacl));
++ }
++
+ /*
+ * Ignore case when compressing responses to the specified
+ * clients. This causes case not always to be preserved,
diff --git a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch
new file mode 100644
index 00000000000..75c98d4f175
--- /dev/null
+++ b/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch
@@ -0,0 +1,95 @@
+diff --git a/bin/named/server.c b/bin/named/server.c
+index f63554e..847c4ff 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ CHECKM(named_config_getport(config, &port), "port");
+ dns_view_setdstport(view, port);
+
+- CHECK(configure_view_acl(vconfig, config, named_g_config,
+- "allow-query", NULL, actx,
+- named_g_mctx, &view->queryacl));
+-
+ /*
+ * Make the list of response policy zone names for a view that
+ * is used for real lookups and so cares about hints.
+@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ "allow-query-cache-on", NULL, actx,
+ named_g_mctx, &view->cacheonacl));
+ /*
+- * Set "allow-query-cache", "allow-recursion", and
+- * "allow-recursion-on" acls if configured in named.conf.
+- * (Ignore the global defaults for now, because these ACLs
+- * can inherit from each other when only some of them set at
+- * the options/view level.)
++ * Set the "allow-query", "allow-query-cache", "allow-recursion",
++ * and "allow-recursion-on" ACLs if configured in named.conf, but
++ * NOT from the global defaults. This is done by leaving the third
++ * argument to configure_view_acl() NULL.
++ *
++ * We ignore the global defaults here because these ACLs
++ * can inherit from each other. If any are still unset after
++ * applying the inheritance rules, we'll look up the defaults at
++ * that time.
+ */
+- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache",
+- NULL, actx, named_g_mctx, &view->cacheacl));
++
++ /* named.conf only */
++ CHECK(configure_view_acl(vconfig, config, NULL,
++ "allow-query", NULL, actx,
++ named_g_mctx, &view->queryacl));
++
++ /* named.conf only */
++ CHECK(configure_view_acl(vconfig, config, NULL,
++ "allow-query-cache", NULL, actx,
++ named_g_mctx, &view->cacheacl));
+
+ if (strcmp(view->name, "_bind") != 0 &&
+ view->rdclass != dns_rdataclass_chaos)
+ {
++ /* named.conf only */
+ CHECK(configure_view_acl(vconfig, config, NULL,
+ "allow-recursion", NULL, actx,
+ named_g_mctx, &view->recursionacl));
++ /* named.conf only */
+ CHECK(configure_view_acl(vconfig, config, NULL,
+ "allow-recursion-on", NULL, actx,
+ named_g_mctx, &view->recursiononacl));
+@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ * the global config.
+ */
+ if (view->recursionacl == NULL) {
++ /* global default only */
+ CHECK(configure_view_acl(NULL, NULL, named_g_config,
+ "allow-recursion", NULL,
+ actx, named_g_mctx,
+ &view->recursionacl));
+ }
+ if (view->recursiononacl == NULL) {
++ /* global default only */
+ CHECK(configure_view_acl(NULL, NULL, named_g_config,
+ "allow-recursion-on", NULL,
+ actx, named_g_mctx,
+ &view->recursiononacl));
+ }
+ if (view->cacheacl == NULL) {
++ /* global default only */
+ CHECK(configure_view_acl(NULL, NULL, named_g_config,
+ "allow-query-cache", NULL,
+ actx, named_g_mctx,
+@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ CHECK(dns_acl_none(mctx, &view->cacheacl));
+ }
+
++ if (view->queryacl == NULL) {
++ /* global default only */
++ CHECK(configure_view_acl(NULL, NULL, named_g_config,
++ "allow-query", NULL,
++ actx, named_g_mctx,
++ &view->queryacl));
++ }
++
+ /*
+ * Ignore case when compressing responses to the specified
+ * clients. This causes case not always to be preserved,
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/
@ 2020-08-29 8:30 Mikle Kolyada
0 siblings, 0 replies; 6+ messages in thread
From: Mikle Kolyada @ 2020-08-29 8:30 UTC (permalink / raw
To: gentoo-commits
commit: e34a9205e956575cd2e4d15a6d6e1be569bd345c
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 29 08:30:06 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Aug 29 08:30:17 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e34a9205
net-dns/bind: Drop old
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
net-dns/bind/Manifest | 3 -
net-dns/bind/bind-9.14.12.ebuild | 376 -----------------------
net-dns/bind/bind-9.16.4.ebuild | 349 ---------------------
net-dns/bind/bind-9.16.5.ebuild | 349 ---------------------
net-dns/bind/files/bind-9.14.8-mysql8-bool.patch | 15 -
5 files changed, 1092 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index f949ca434af..fdb61a4a258 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,5 +1,2 @@
-DIST bind-9.14.12.tar.gz 6318913 BLAKE2B 38cad65923666afa5d83434c43a1b5577fe9555ca637489f780996a1b439955169c859c690f6fb96b003976eca482fe57c9226797cda5b124dc2073a90ef0515 SHA512 f4e6c50cbe8fdb44cdd8e30b4560b6fe2fccd0fd5bde527a897a66e85065265da0d0aceb95af42d5568dea95d59e68574e5a486bbb7e6c5d0af275538c353ddf
-DIST bind-9.16.4.tar.xz 3465172 BLAKE2B 0787920793798ecc5d3197e1e51d41c14170f25608077af8275fd60502e2a6f5365670ca9e611a94a53517b6a0bd55cbb37ac37a4f01063fc409def4e34c39a8 SHA512 b1cf0607b0d7569ea594e02848eed601b8faf31c527fc17d379cfff3cd45c0c8b849364af0312e9b65bc14875aad87de379281603c150a07bf021ec740e92860
-DIST bind-9.16.5.tar.xz 3474044 BLAKE2B 6908ba2d86049bc684b4876d09fe799313f0f44cc1f2ed89f0143523b9fd2a863fd8791b650f7001a5be14acde9306b70dee8c0d25b3d0676aea1a4d2878958f SHA512 789fc19f60e81f67ef13ebacd030ea5d8f8cc42cf5f06a01ee2eefe9b7c6d3b10603a3a6a3df85b0e5d770fcf462ce8dddc3a7e5f7f2dab27aa5879ee5380eb7
DIST bind-9.16.6.tar.xz 3228368 BLAKE2B 0c2265fe0e006679733a4f7610b0c33bb8e2bd32caf26dca8cfedbea0e08df9e7665cbbbf5321199bd2e30b97ad5b0146ae4e8a9a78abadbe6d067bbd1ad8a3a SHA512 37f57db6d1633cc85a4d954a69bbb3372c65ac43fef965df5aee8dcdd32153bb5b0c6d0d5f00f353dd4464c71d74dc8e801937b930e2b8f6799fa77af5f243e0
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.14.12.ebuild b/net-dns/bind/bind-9.14.12.ebuild
deleted file mode 100644
index 1027fa4133c..00000000000
--- a/net-dns/bind/bind-9.14.12.ebuild
+++ /dev/null
@@ -1,376 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_7 )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.gz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-# sdb-ldap? (
-# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
-# )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap libressl lmdb mysql odbc postgres python selinux static-libs
-urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="
- ?? ( geoip geoip2 )
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )"
-# sdb-ldap? ( dlz )
-
-DEPEND="!libressl? ( dev-libs/openssl:=[-bindist] )
- libressl? ( dev-libs/libressl:= )
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- geoip2? ( dev-libs/libmaxminddb )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )"
-# sdb-ldap? ( net-nds/openldap )
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-PATCHES=(
- "${FILESDIR}"/bind-9.14.8-mysql8-bool.patch
-)
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- default
-
- # Adjusting PATHs in manpages
- for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
- sed -i \
- -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
- -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
- -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
- "${i}" || die "sed failed, ${i} doesn't exist"
- done
-
-# if use dlz; then
-# # sdb-ldap patch as per bug #160567
-# # Upstream URL: http://bind9-ldap.bayour.com/
-# # New patch take from bug 302735
-# if use sdb-ldap; then
-# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
-# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
-# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
-# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
-# fi
-# fi
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${EPREFIX}"/usr
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- # $(use_enable static-libs static)
- $(use_with berkdb dlz-bdb)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json libjson)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with python)
- $(use_with xml libxml2)
- $(use_with zlib)
- )
-
- use geoip && myeconfargs+=( --with-geoip )
- use geoip2 && myeconfargs+=( --with-geoip2 )
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- dodoc doc/arm/Bv9ARM.pdf
-
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${ED}/usr/sbin/dnssec-checkds"
- python_replicate_script "${ED}/usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
- else
- mknod ${CHROOT}/dev/random c 1 8 || die
- chmod 0666 ${CHROOT}/dev/random || die
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.4.ebuild b/net-dns/bind/bind-9.16.4.ebuild
deleted file mode 100644
index 4514f38987a..00000000000
--- a/net-dns/bind/bind-9.16.4.ebuild
+++ /dev/null
@@ -1,349 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_7 )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap libressl lmdb mysql odbc postgres python selinux static-libs
-urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="
- ?? ( geoip geoip2 )
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )"
-
-DEPEND="!libressl? ( dev-libs/openssl:=[-bindist] )
- libressl? ( dev-libs/libressl:= )
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- geoip2? ( dev-libs/libmaxminddb )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:="
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- default
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${EPREFIX}"/usr
- --without-cmocka
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- # $(use_enable static-libs static)
- $(use_with berkdb dlz-bdb)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with python)
- $(use_with xml libxml2)
- $(use_with zlib)
- )
-
- use geoip && myeconfargs+=( --enable-geoip )
- use geoip2 && myeconfargs+=( --with-maxminddb )
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${ED}/usr/sbin/dnssec-checkds"
- python_replicate_script "${ED}/usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
- else
- mknod ${CHROOT}/dev/random c 1 8 || die
- chmod 0666 ${CHROOT}/dev/random || die
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.5.ebuild b/net-dns/bind/bind-9.16.5.ebuild
deleted file mode 100644
index 0399c16a154..00000000000
--- a/net-dns/bind/bind-9.16.5.ebuild
+++ /dev/null
@@ -1,349 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_7 )
-
-inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap libressl lmdb mysql odbc postgres python selinux static-libs
-urandom xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="
- ?? ( geoip geoip2 )
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )"
-
-DEPEND="!libressl? ( dev-libs/openssl:=[-bindist] )
- libressl? ( dev-libs/libressl:= )
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( >=dev-libs/geoip-1.4.6 )
- geoip2? ( dev-libs/libmaxminddb )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:="
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
-RESTRICT="test"
-
-pkg_setup() {
- ebegin "Creating named group and user"
- enewgroup named 40
- enewuser named 40 -1 /etc/bind named
- eend ${?}
-}
-
-src_prepare() {
- default
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${EPREFIX}"/usr
- --without-cmocka
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- # $(use_enable static-libs static)
- $(use_with berkdb dlz-bdb)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with python)
- $(use_with xml libxml2)
- $(use_with zlib)
- )
-
- use geoip && myeconfargs+=( --enable-geoip )
- use geoip2 && myeconfargs+=( --with-maxminddb )
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r13 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- if use python; then
- install_python_tools() {
- dosbin bin/python/dnssec-{checkds,coverage}
- }
- python_foreach_impl install_python_tools
-
- python_replicate_script "${ED}/usr/sbin/dnssec-checkds"
- python_replicate_script "${ED}/usr/sbin/dnssec-coverage"
- fi
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn}
-
- dodir /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- systemd_dotmpfilesd "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-pkg_postinst() {
- if [ ! -f '/etc/bind/rndc.key' ]; then
- if use urandom; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -r /dev/urandom -a
- echo
- else
- einfo "Using /dev/random for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- echo
- fi
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- if use urandom; then
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
- else
- mknod ${CHROOT}/dev/random c 1 8 || die
- chmod 0666 ${CHROOT}/dev/random || die
- fi
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/files/bind-9.14.8-mysql8-bool.patch b/net-dns/bind/files/bind-9.14.8-mysql8-bool.patch
deleted file mode 100644
index 8546edc1521..00000000000
--- a/net-dns/bind/files/bind-9.14.8-mysql8-bool.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/contrib/dlz/drivers/dlz_mysql_driver.c
-+++ b/contrib/dlz/drivers/dlz_mysql_driver.c
-@@ -789,8 +789,11 @@ mysql_create(const char *dlzname, unsigned int argc, char *argv[],
- char *endp;
- int j;
- unsigned int flags = 0;
-+#if MYSQL_VERSION_ID >= 80000
-+ typedef bool my_bool; // Workaround to make library work with MySQL client 8.0 as well as earlier versions
-+#endif
- #if MYSQL_VERSION_ID >= 50000
-- my_bool auto_reconnect = 1;
-+ my_bool auto_reconnect = 1;
- #endif
-
- UNUSED(driverarg);
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/
@ 2022-10-31 1:21 John Helmert III
0 siblings, 0 replies; 6+ messages in thread
From: John Helmert III @ 2022-10-31 1:21 UTC (permalink / raw
To: gentoo-commits
commit: 8bdc575dae63f16d44b926f18271d15d3173fc5f
Author: John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 31 01:19:33 2022 +0000
Commit: John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Mon Oct 31 01:20:11 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bdc575d
net-dns/bind: security cleanup
Bug: https://bugs.gentoo.org/820563
Bug: https://bugs.gentoo.org/835439
Bug: https://bugs.gentoo.org/872206
Acked-by: Patrick McLean <chutzpah <AT> gentoo.org>
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>
net-dns/bind/Manifest | 5 -
net-dns/bind/bind-9.16.27-r1.ebuild | 375 --------------------
net-dns/bind/bind-9.16.29-r1.ebuild | 376 --------------------
net-dns/bind/bind-9.16.29.ebuild | 375 --------------------
net-dns/bind/bind-9.16.30.ebuild | 381 --------------------
net-dns/bind/bind-9.16.31.ebuild | 382 ---------------------
net-dns/bind/bind-9.16.32.ebuild | 382 ---------------------
.../bind/files/bind-9.16.29-fortify-source-3.patch | 35 --
8 files changed, 2311 deletions(-)
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index e59b6e5dfe71..487c2e679e07 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,7 +1,2 @@
-DIST bind-9.16.27.tar.xz 5084340 BLAKE2B 37b49ce81aa5122493a4feb2bb7be53c5d46ff2ce28456aec31ce1332520a09c10bb2293c736bffe7badbc2bc3d156c05f83367678bd101e17b99ca3ff69bebf SHA512 5c71f228db83aa8cc9e65466d6e5afca4a9f80c693358111a003fe09e1a14522175eb2b6a0f11e2a2cd4fdba01f2ae315de52e394a441b3861ca2a011e02af62
-DIST bind-9.16.29.tar.xz 5088348 BLAKE2B 17ee1443926327c30f1d5820110b01a193c53eb24e23385b713217a4e49d9c2b5ddb6e1c49cb80d2c9083c71ce7872a26fe3597209f2e3215e6cc7e930e68004 SHA512 b4acbafed370438ac53e73468ccb5ea5745a1c8f764dd96f9c9a027594a3b7ce0d486e7f01138b39795b456265e0e6116cd76e44f5a3329687cd718550ca79fb
-DIST bind-9.16.30.tar.xz 5086288 BLAKE2B 35fe14b58a018df25563e58a9632b4431f740bc7a708eb823117541548d23b1855e43058cf7323361ca904d5e59d687e282abb73dc8b617e4eb25ef113168e93 SHA512 cc9bcbedf63c2efe0a23f14db3e57fdae46f0509aac58e5840a6805ce4fbd76cad5bfde4d461442adb88c4d947f8d79bf979aeb24aeb9303b6adc8d169b7118c
-DIST bind-9.16.31.tar.xz 5087424 BLAKE2B 75c9038c00fe289161a15a8e4fdadaef5a6a7f3ca03068ec24e82aa9f30ac82d0ded9cf73df83219058cd81b198ea8f561211a323e31b41407294f6932dc61d3 SHA512 8577b4d021a5a763b8669d59ef6c3499238e87657ca94ccfc530cb9a7a215ee3682002aa6141f5731154cbc43e0e6094372961468811a68bbd2a37e20e287c7e
-DIST bind-9.16.32.tar.xz 5091860 BLAKE2B df6f2c878138015da580dfaf0e16b5a97b11ead9f99c1425a09da8484954196ea3dafb828ac3ab386200ce2b180646c7eb1e0e62a84c153162270a4a1e19a5fc SHA512 99abedf055901b43e1a85c448ee4c2dd731b7ab77de1454b73c8f9df816aa32262e70e23a8112959d94be990fd4f1c48c36611657ba745670141a7447fd53316
DIST bind-9.16.33.tar.xz 5092516 BLAKE2B 4246b61ce91af3d494ace4b8065b4c0043b2cfaf28c6de326691a969837e7d1cfbc0dac6b1e1a5182fc32af68048abcfa1202d00022951f3caa13afb03ebeb69 SHA512 43fd2cea52dfd1115a4cca83830ab5b93208be401cdbbdff2bbf204b8f0d99fb434ad3156d3a21649488cc904ae09f145feba97b9b6918b0cf063ff5e2b10af5
DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.16.27-r1.ebuild b/net-dns/bind/bind-9.16.27-r1.ebuild
deleted file mode 100644
index dfbad3bc56ac..000000000000
--- a/net-dns/bind/bind-9.16.27-r1.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-r1 autotools toolchain-funcs flag-o-matic db-use systemd tmpfiles
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap lmdb mysql odbc postgres python selinux static-libs xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-# Upstream dropped the old geoip library, but the BIND configuration for using
-# GeoIP remained the same.
-REQUIRED_USE="
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
- acct-group/named
- acct-user/named
- berkdb? ( sys-libs/db:= )
- dev-libs/openssl:=[-bindist(-)]
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( dev-libs/libmaxminddb:= )
- geoip2? ( dev-libs/libmaxminddb:= )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb:= )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:=
-"
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
-)
-
-# bug 479092, requires networking
-# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
-#RESTRICT="test"
-
-src_prepare() {
- default
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-
- use python && python_copy_sources
-}
-
-src_configure() {
- bind_configure --without-python
- use python && python_foreach_impl python_configure
-}
-
-bind_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${ESYSROOT}"/usr
- --without-cmocka
- # Removed in 9.17, drags in libunwind dependency too
- --disable-backtrace
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- # $(use_enable static-libs static)
- $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with xml libxml2)
- $(use_with zlib)
- "${@}"
- )
- # This is for users to start to migrate back to USE=geoip, rather than
- # USE=geoip2
- if use geoip ; then
- myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
- elif use geoip2 ; then
- # Added 2020/09/30
- # Remove USE=geoip2 support after 2020/03/01
- ewarn "USE=geoip2 is deprecated; update your USE flags!"
- myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
- else
- myeconfargs+=( --without-maxminddb --disable-geoip )
- fi
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-python_configure() {
- pushd "${BUILD_DIR}" >/dev/null || die
- bind_configure --with-python
- popd >/dev/null || die
-}
-
-src_compile() {
- default
- use python && python_foreach_impl python_compile
-}
-
-python_compile() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake
- popd >/dev/null || die
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r14 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- use python && python_foreach_impl python_install
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn} /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- dotmpfiles "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-python_install() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake DESTDIR="${D}" install
- python_scriptinto /usr/sbin
- python_doscript dnssec-{checkds,coverage}
- python_optimize
- popd >/dev/null || die
-}
-
-pkg_postinst() {
- tmpfiles_process named.conf
-
- if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.29-r1.ebuild b/net-dns/bind/bind-9.16.29-r1.ebuild
deleted file mode 100644
index ab9d7f6ac2ec..000000000000
--- a/net-dns/bind/bind-9.16.29-r1.ebuild
+++ /dev/null
@@ -1,376 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-r1 autotools toolchain-funcs flag-o-matic db-use systemd tmpfiles
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap lmdb mysql odbc postgres python selinux static-libs xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-# Upstream dropped the old geoip library, but the BIND configuration for using
-# GeoIP remained the same.
-REQUIRED_USE="
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
- acct-group/named
- acct-user/named
- berkdb? ( sys-libs/db:= )
- dev-libs/openssl:=[-bindist(-)]
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( dev-libs/libmaxminddb:= )
- geoip2? ( dev-libs/libmaxminddb:= )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb:= )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:=
-"
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
- "${FILESDIR}/${P}-fortify-source-3.patch"
-)
-
-# bug 479092, requires networking
-# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
-#RESTRICT="test"
-
-src_prepare() {
- default
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-
- use python && python_copy_sources
-}
-
-src_configure() {
- bind_configure --without-python
- use python && python_foreach_impl python_configure
-}
-
-bind_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${ESYSROOT}"/usr
- --without-cmocka
- # Removed in 9.17, drags in libunwind dependency too
- --disable-backtrace
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- # $(use_enable static-libs static)
- $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with xml libxml2)
- $(use_with zlib)
- "${@}"
- )
- # This is for users to start to migrate back to USE=geoip, rather than
- # USE=geoip2
- if use geoip ; then
- myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
- elif use geoip2 ; then
- # Added 2020/09/30
- # Remove USE=geoip2 support after 2020/03/01
- ewarn "USE=geoip2 is deprecated; update your USE flags!"
- myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
- else
- myeconfargs+=( --without-maxminddb --disable-geoip )
- fi
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-python_configure() {
- pushd "${BUILD_DIR}" >/dev/null || die
- bind_configure --with-python
- popd >/dev/null || die
-}
-
-src_compile() {
- default
- use python && python_foreach_impl python_compile
-}
-
-python_compile() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake
- popd >/dev/null || die
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r14 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- use python && python_foreach_impl python_install
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn} /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- dotmpfiles "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-python_install() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake DESTDIR="${D}" install
- python_scriptinto /usr/sbin
- python_doscript dnssec-{checkds,coverage}
- python_optimize
- popd >/dev/null || die
-}
-
-pkg_postinst() {
- tmpfiles_process named.conf
-
- if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.29.ebuild b/net-dns/bind/bind-9.16.29.ebuild
deleted file mode 100644
index fce1301fbdf3..000000000000
--- a/net-dns/bind/bind-9.16.29.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-r1 autotools toolchain-funcs flag-o-matic db-use systemd tmpfiles
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap lmdb mysql odbc postgres python selinux static-libs xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-# Upstream dropped the old geoip library, but the BIND configuration for using
-# GeoIP remained the same.
-REQUIRED_USE="
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
- acct-group/named
- acct-user/named
- berkdb? ( sys-libs/db:= )
- dev-libs/openssl:=[-bindist(-)]
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( dev-libs/libmaxminddb:= )
- geoip2? ( dev-libs/libmaxminddb:= )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb:= )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:=
-"
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
-)
-
-# bug 479092, requires networking
-# bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
-#RESTRICT="test"
-
-src_prepare() {
- default
-
- # should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # Disable tests for now, bug 406399
- sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-
- use python && python_copy_sources
-}
-
-src_configure() {
- bind_configure --without-python
- use python && python_foreach_impl python_configure
-}
-
-bind_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${ESYSROOT}"/usr
- --without-cmocka
- # Removed in 9.17, drags in libunwind dependency too
- --disable-backtrace
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- # $(use_enable static-libs static)
- $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with xml libxml2)
- $(use_with zlib)
- "${@}"
- )
- # This is for users to start to migrate back to USE=geoip, rather than
- # USE=geoip2
- if use geoip ; then
- myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
- elif use geoip2 ; then
- # Added 2020/09/30
- # Remove USE=geoip2 support after 2020/03/01
- ewarn "USE=geoip2 is deprecated; update your USE flags!"
- myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
- else
- myeconfargs+=( --without-maxminddb --disable-geoip )
- fi
-
- # bug #158664
-# gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-python_configure() {
- pushd "${BUILD_DIR}" >/dev/null || die
- bind_configure --with-python
- popd >/dev/null || die
-}
-
-src_compile() {
- default
- use python && python_foreach_impl python_compile
-}
-
-python_compile() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake
- popd >/dev/null || die
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r14 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- use python && python_foreach_impl python_install
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn} /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- dotmpfiles "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-python_install() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake DESTDIR="${D}" install
- python_scriptinto /usr/sbin
- python_doscript dnssec-{checkds,coverage}
- python_optimize
- popd >/dev/null || die
-}
-
-pkg_postinst() {
- tmpfiles_process named.conf
-
- if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.30.ebuild b/net-dns/bind/bind-9.16.30.ebuild
deleted file mode 100644
index e4a306d6239e..000000000000
--- a/net-dns/bind/bind-9.16.30.ebuild
+++ /dev/null
@@ -1,381 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-r1 autotools multiprocessing toolchain-funcs flag-o-matic db-use systemd tmpfiles
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug 602682
-IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap lmdb mysql odbc postgres python selinux static-libs test xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-RESTRICT="!test? ( test )"
-
-# Upstream dropped the old geoip library, but the BIND configuration for using
-# GeoIP remained the same.
-REQUIRED_USE="
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
- acct-group/named
- acct-user/named
- berkdb? ( sys-libs/db:= )
- dev-libs/openssl:=[-bindist(-)]
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( dev-libs/libmaxminddb:= )
- geoip2? ( dev-libs/libmaxminddb:= )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb:= )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:=
-"
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-BDEPEND="
- test? (
- dev-util/cmocka
- dev-util/kyua
- )
-"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
-)
-
-src_prepare() {
- default
-
- # Should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-
- use python && python_copy_sources
-}
-
-src_configure() {
- bind_configure --without-python
- use python && python_foreach_impl python_configure
-}
-
-bind_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${ESYSROOT}"/usr
- $(use_with test cmocka)
- # Removed in 9.17, drags in libunwind dependency too
- --disable-backtrace
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with xml libxml2)
- $(use_with zlib)
- "${@}"
- )
-
- # This is for users to start to migrate back to USE=geoip, rather than
- # USE=geoip2
- if use geoip ; then
- myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
- elif use geoip2 ; then
- # Added 2020/09/30
- # Remove USE=geoip2 support after 2020/03/01
- ewarn "USE=geoip2 is deprecated; update your USE flags!"
- myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
- else
- myeconfargs+=( --without-maxminddb --disable-geoip )
- fi
-
- # bug #158664
- #gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h || die
-}
-
-python_configure() {
- pushd "${BUILD_DIR}" >/dev/null || die
- bind_configure --with-python
- popd >/dev/null || die
-}
-
-src_compile() {
- default
- use python && python_foreach_impl python_compile
-}
-
-python_compile() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake
- popd >/dev/null || die
-}
-
-src_test() {
- # system tests ('emake test') require network configuration for IPs etc
- TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r14 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- use python && python_foreach_impl python_install
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn} /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- dotmpfiles "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-python_install() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake DESTDIR="${D}" install
- python_scriptinto /usr/sbin
- python_doscript dnssec-{checkds,coverage}
- python_optimize
- popd >/dev/null || die
-}
-
-pkg_postinst() {
- tmpfiles_process named.conf
-
- if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.31.ebuild b/net-dns/bind/bind-9.16.31.ebuild
deleted file mode 100644
index 010d5b56b5d2..000000000000
--- a/net-dns/bind/bind-9.16.31.ebuild
+++ /dev/null
@@ -1,382 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-r1 autotools multiprocessing toolchain-funcs flag-o-matic db-use systemd tmpfiles
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug #602682
-IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap lmdb mysql odbc postgres python selinux static-libs test xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-RESTRICT="!test? ( test )"
-
-# Upstream dropped the old geoip library, but the BIND configuration for using
-# GeoIP remained the same.
-REQUIRED_USE="
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
- acct-group/named
- acct-user/named
- berkdb? ( sys-libs/db:= )
- dev-libs/openssl:=[-bindist(-)]
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( dev-libs/libmaxminddb:= )
- geoip2? ( dev-libs/libmaxminddb:= )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb:= )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:=
-"
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-BDEPEND="
- test? (
- dev-util/cmocka
- dev-util/kyua
- )
-"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
-)
-
-src_prepare() {
- default
-
- # Should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-
- use python && python_copy_sources
-}
-
-src_configure() {
- bind_configure --without-python
- use python && python_foreach_impl python_configure
-}
-
-bind_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${ESYSROOT}"/usr
- $(use_with test cmocka)
- # Removed in 9.17, drags in libunwind dependency too
- --disable-backtrace
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with xml libxml2)
- $(use_with zlib)
- "${@}"
- )
-
- # This is for users to start to migrate back to USE=geoip, rather than
- # USE=geoip2
- if use geoip ; then
- myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
- elif use geoip2 ; then
- # Added 2020/09/30
- # Remove USE=geoip2 support after 2020/03/01
- ewarn "USE=geoip2 is deprecated; update your USE flags!"
- myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
- else
- myeconfargs+=( --without-maxminddb --disable-geoip )
- fi
-
- # bug #158664
- #gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h || die
-}
-
-python_configure() {
- pushd "${BUILD_DIR}" >/dev/null || die
- bind_configure --with-python
- popd >/dev/null || die
-}
-
-src_compile() {
- default
- use python && python_foreach_impl python_compile
-}
-
-python_compile() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake
- popd >/dev/null || die
-}
-
-src_test() {
- # system tests ('emake test') require network configuration for IPs etc
- # so we run the unit tests instead.
- TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r14 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- use python && python_foreach_impl python_install
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn} /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- dotmpfiles "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-python_install() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake DESTDIR="${D}" install
- python_scriptinto /usr/sbin
- python_doscript dnssec-{checkds,coverage}
- python_optimize
- popd >/dev/null || die
-}
-
-pkg_postinst() {
- tmpfiles_process named.conf
-
- if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/bind-9.16.32.ebuild b/net-dns/bind/bind-9.16.32.ebuild
deleted file mode 100644
index 010d5b56b5d2..000000000000
--- a/net-dns/bind/bind-9.16.32.ebuild
+++ /dev/null
@@ -1,382 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Re dlz/mysql and threads, needs to be verified..
-# MySQL uses thread local storage in its C api. Thus MySQL
-# requires that each thread of an application execute a MySQL
-# thread initialization to setup the thread local storage.
-# This is impossible to do safely while staying within the DLZ
-# driver API. This is a limitation caused by MySQL, and not the DLZ API.
-# Because of this BIND MUST only run with a single thread when
-# using the MySQL driver.
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-r1 autotools multiprocessing toolchain-funcs flag-o-matic db-use systemd tmpfiles
-
-MY_PV="${PV/_p/-P}"
-MY_PV="${MY_PV/_rc/rc}"
-MY_P="${PN}-${MY_PV}"
-
-SDB_LDAP_VER="1.1.0-fc14"
-
-RRL_PV="${MY_PV}"
-
-# SDB-LDAP: http://bind9-ldap.bayour.com/
-
-DESCRIPTION="Berkeley Internet Name Domain - Name Server"
-HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
-SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
- doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
-
-LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
-# -berkdb by default re bug #602682
-IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi
-json ldap lmdb mysql odbc postgres python selinux static-libs test xml +zlib"
-# sdb-ldap - patch broken
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-RESTRICT="!test? ( test )"
-
-# Upstream dropped the old geoip library, but the BIND configuration for using
-# GeoIP remained the same.
-REQUIRED_USE="
- postgres? ( dlz )
- berkdb? ( dlz )
- mysql? ( dlz )
- odbc? ( dlz )
- ldap? ( dlz )
- dnsrps? ( dlz )
- python? ( ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
- acct-group/named
- acct-user/named
- berkdb? ( sys-libs/db:= )
- dev-libs/openssl:=[-bindist(-)]
- mysql? ( dev-db/mysql-connector-c:0= )
- odbc? ( >=dev-db/unixODBC-2.2.6 )
- ldap? ( net-nds/openldap:= )
- postgres? ( dev-db/postgresql:= )
- caps? ( >=sys-libs/libcap-2.1.0 )
- xml? ( dev-libs/libxml2 )
- geoip? ( dev-libs/libmaxminddb:= )
- geoip2? ( dev-libs/libmaxminddb:= )
- gssapi? ( virtual/krb5 )
- json? ( dev-libs/json-c:= )
- lmdb? ( dev-db/lmdb:= )
- zlib? ( sys-libs/zlib )
- dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
- python? (
- ${PYTHON_DEPS}
- dev-python/ply[${PYTHON_USEDEP}]
- )
- dev-libs/libuv:=
-"
-
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-bind )
- sys-process/psmisc"
-
-BDEPEND="
- test? (
- dev-util/cmocka
- dev-util/kyua
- )
-"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
-)
-
-src_prepare() {
- default
-
- # Should be installed by bind-tools
- sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
-
- # bug #220361
- rm aclocal.m4 || die
- rm -rf libtool.m4/ || die
- eautoreconf
-
- use python && python_copy_sources
-}
-
-src_configure() {
- bind_configure --without-python
- use python && python_foreach_impl python_configure
-}
-
-bind_configure() {
- local myeconfargs=(
- AR="$(type -P $(tc-getAR))"
- --prefix="${EPREFIX}"/usr
- --sysconfdir=/etc/bind
- --localstatedir=/var
- --with-libtool
- --enable-full-report
- --without-readline
- --with-openssl="${ESYSROOT}"/usr
- $(use_with test cmocka)
- # Removed in 9.17, drags in libunwind dependency too
- --disable-backtrace
- $(use_enable caps linux-caps)
- $(use_enable dnsrps)
- $(use_enable dnstap)
- $(use_enable fixed-rrset)
- $(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
- $(use_with dlz dlopen)
- $(use_with dlz dlz-filesystem)
- $(use_with dlz dlz-stub)
- $(use_with gssapi)
- $(use_with json json-c)
- $(use_with ldap dlz-ldap)
- $(use_with mysql dlz-mysql)
- $(use_with odbc dlz-odbc)
- $(use_with postgres dlz-postgres)
- $(use_with lmdb)
- $(use_with xml libxml2)
- $(use_with zlib)
- "${@}"
- )
-
- # This is for users to start to migrate back to USE=geoip, rather than
- # USE=geoip2
- if use geoip ; then
- myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
- elif use geoip2 ; then
- # Added 2020/09/30
- # Remove USE=geoip2 support after 2020/03/01
- ewarn "USE=geoip2 is deprecated; update your USE flags!"
- myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
- else
- myeconfargs+=( --without-maxminddb --disable-geoip )
- fi
-
- # bug #158664
- #gcc-specs-ssp && replace-flags -O[23s] -O
-
- # To include db.h from proper path
- use berkdb && append-flags "-I$(db_includedir)"
-
- export BUILD_CC=$(tc-getBUILD_CC)
- econf "${myeconfargs[@]}"
-
- # bug #151839
- echo '#undef SO_BSDCOMPAT' >> config.h || die
-}
-
-python_configure() {
- pushd "${BUILD_DIR}" >/dev/null || die
- bind_configure --with-python
- popd >/dev/null || die
-}
-
-src_compile() {
- default
- use python && python_foreach_impl python_compile
-}
-
-python_compile() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake
- popd >/dev/null || die
-}
-
-src_test() {
- # system tests ('emake test') require network configuration for IPs etc
- # so we run the unit tests instead.
- TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake unit
-}
-
-src_install() {
- default
-
- dodoc CHANGES README
-
- if use doc; then
- docinto misc
- dodoc -r doc/misc/
-
- # might a 'html' useflag make sense?
- docinto html
- dodoc -r doc/arm/
-
- docinto contrib
- dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
-
- # some handy-dandy dynamic dns examples
- pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
- tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
- popd 1>/dev/null || die
- fi
-
- insinto /etc/bind
- newins "${FILESDIR}"/named.conf-r8 named.conf
-
- # ftp://ftp.rs.internic.net/domain/named.cache:
- insinto /var/bind
- newins "${FILESDIR}"/named.cache-r3 named.cache
-
- insinto /var/bind/pri
- newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
-
- newinitd "${FILESDIR}"/named.init-r14 named
- newconfd "${FILESDIR}"/named.confd-r7 named
-
- newenvd "${FILESDIR}"/10bind.env 10bind
-
- # Let's get rid of those tools and their manpages since they're provided by bind-tools
- rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
- rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
- rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
- rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
- for tool in dsfromkey importkey keyfromlabel keygen \
- revoke settime signzone verify; do
- rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
- rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
- done
-
- # bug 405251, library archives aren't properly handled by --enable/disable-static
- if ! use static-libs; then
- find "${ED}" -type f -name '*.a' -delete || die
- fi
-
- # bug 405251
- find "${ED}" -type f -name '*.la' -delete || die
-
- use python && python_foreach_impl python_install
-
- # bug 450406
- dosym named.cache /var/bind/root.cache
-
- dosym ../../var/bind/pri /etc/bind/pri
- dosym ../../var/bind/sec /etc/bind/sec
- dosym ../../var/bind/dyn /etc/bind/dyn
- keepdir /var/bind/{pri,sec,dyn} /var/log/named
-
- fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
- fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
- fperms 0750 /etc/bind /var/bind/pri
- fperms 0770 /var/log/named /var/bind/{,sec,dyn}
-
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
- dotmpfiles "${FILESDIR}"/named.conf
- exeinto /usr/libexec
- doexe "${FILESDIR}/generate-rndc-key.sh"
-}
-
-python_install() {
- pushd "${BUILD_DIR}"/bin/python >/dev/null || die
- emake DESTDIR="${D}" install
- python_scriptinto /usr/sbin
- python_doscript dnssec-{checkds,coverage}
- python_optimize
- popd >/dev/null || die
-}
-
-pkg_postinst() {
- tmpfiles_process named.conf
-
- if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
- einfo "Using /dev/urandom for generating rndc.key"
- /usr/sbin/rndc-confgen -a
- chown root:named /etc/bind/rndc.key || die
- chmod 0640 /etc/bind/rndc.key || die
- fi
-
- einfo
- einfo "You can edit /etc/conf.d/named to customize named settings"
- einfo
- use mysql || use postgres || use ldap && {
- elog "If your named depends on MySQL/PostgreSQL or LDAP,"
- elog "uncomment the specified rc_named_* lines in your"
- elog "/etc/conf.d/named config to ensure they'll start before bind"
- einfo
- }
- einfo "If you'd like to run bind in a chroot AND this is a new"
- einfo "install OR your bind doesn't already run in a chroot:"
- einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
- einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
- einfo
-
- CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
- if [[ -n ${CHROOT} ]]; then
- elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- elog "To enable the old behaviour (without using mount) uncomment the"
- elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- elog "If you decide to use the new/default method, ensure to make backup"
- elog "first and merge your existing configs/zones to /etc/bind and"
- elog "/var/bind because bind will now mount the needed directories into"
- elog "the chroot dir."
- fi
-}
-
-pkg_config() {
- CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
- CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
- CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
-
- if [[ -z "${CHROOT}" ]]; then
- eerror "This config script is designed to automate setting up"
- eerror "a chrooted bind/named. To do so, please first uncomment"
- eerror "and set the CHROOT variable in '/etc/conf.d/named'."
- die "Unset CHROOT"
- fi
- if [[ -d "${CHROOT}" ]]; then
- ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
- ewarn "To enable the old behaviour (without using mount) uncomment the"
- ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
- ewarn
- ewarn "${CHROOT} already exists... some things might become overridden"
- ewarn "press CTRL+C if you don't want to continue"
- sleep 10
- fi
-
- echo; einfo "Setting up the chroot directory..."
-
- mkdir -m 0750 -p ${CHROOT} || die
- mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
- mkdir -m 0750 -p ${CHROOT}/etc/bind || die
- mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
-
- chown root:named \
- ${CHROOT} \
- ${CHROOT}/var/{bind,log/named} \
- ${CHROOT}/run/named/ \
- ${CHROOT}/etc/bind \
- || die
-
- mknod ${CHROOT}/dev/null c 1 3 || die
- chmod 0666 ${CHROOT}/dev/null || die
-
- mknod ${CHROOT}/dev/zero c 1 5 || die
- chmod 0666 ${CHROOT}/dev/zero || die
-
- mknod ${CHROOT}/dev/urandom c 1 9 || die
- chmod 0666 ${CHROOT}/dev/urandom || die
-
- if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
- cp -a /etc/bind ${CHROOT}/etc/ || die
- cp -a /var/bind ${CHROOT}/var/ || die
- fi
-
- if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
- if use geoip; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
- elif use geoip2; then
- mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
- fi
- fi
-
- elog "You may need to add the following line to your syslog-ng.conf:"
- elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
-}
diff --git a/net-dns/bind/files/bind-9.16.29-fortify-source-3.patch b/net-dns/bind/files/bind-9.16.29-fortify-source-3.patch
deleted file mode 100644
index d084d6e62ce8..000000000000
--- a/net-dns/bind/files/bind-9.16.29-fortify-source-3.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://gitlab.isc.org/isc-projects/bind9/-/commit/b6670787d25743ddf39dfe8e615828efc928f50d
-https://gitlab.isc.org/isc-projects/bind9/-/issues/3351
-https://bugs.gentoo.org/847295
-
-From: Evan Hunt <each@isc.org>
-Date: Fri, 13 May 2022 19:59:58 -0700
-Subject: [PATCH] prevent a possible buffer overflow in configuration check
-
-corrected code that could have allowed a buffer overfow while
-parsing named.conf.
-
-(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472)
---- a/lib/bind9/check.c
-+++ b/lib/bind9/check.c
-@@ -2500,8 +2500,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
- } else if (dns_name_isula(zname)) {
- ula = true;
- }
-- tmp += strlen(tmp);
- len -= strlen(tmp);
-+ tmp += strlen(tmp);
- (void)snprintf(tmp, len, "%u/%s", zclass,
- (ztype == CFG_ZONE_INVIEW) ? target
- : (viewname != NULL) ? viewname
-@@ -3247,8 +3247,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
- char *tmp = keydirbuf;
- size_t len = sizeof(keydirbuf);
- dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
-- tmp += strlen(tmp);
- len -= strlen(tmp);
-+ tmp += strlen(tmp);
- (void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
- tresult = keydirexist(zconfig, (const char *)keydirbuf,
- kaspname, keydirs, logctx, mctx);
-GitLab
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/
@ 2024-09-03 6:43 Sam James
0 siblings, 0 replies; 6+ messages in thread
From: Sam James @ 2024-09-03 6:43 UTC (permalink / raw
To: gentoo-commits
commit: 8fd3348bf2b450370cd42764c7d9fab4ef1732a8
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 3 06:37:21 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Sep 3 06:38:43 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8fd3348b
net-dns/bind: fix init script for non-merged-usr
named-checkconf is in /usr/bin, not /usr/sbin, now.
See upstream commit https://gitlab.isc.org/isc-projects/bind9/-/commit/4419606c9d2a52536a6dd0882ac0c7068ac27f30.
Reported at https://github.com/gentoo/gentoo/pull/25220#issuecomment-2325665084.
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../bind/{bind-9.18.29-r1.ebuild => bind-9.18.29-r2.ebuild} | 2 +-
net-dns/bind/files/named.init-r15 | 6 +++---
net-dns/bind/files/named.service-r2 | 13 +++++++++++++
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/net-dns/bind/bind-9.18.29-r1.ebuild b/net-dns/bind/bind-9.18.29-r2.ebuild
similarity index 99%
rename from net-dns/bind/bind-9.18.29-r1.ebuild
rename to net-dns/bind/bind-9.18.29-r2.ebuild
index 268786e54053..56fb07aa3d91 100644
--- a/net-dns/bind/bind-9.18.29-r1.ebuild
+++ b/net-dns/bind/bind-9.18.29-r2.ebuild
@@ -149,7 +149,7 @@ src_install() {
fperms 0750 /etc/bind /var/bind/pri
fperms 0770 /var/log/named /var/bind/{,sec,dyn}
- systemd_newunit "${FILESDIR}/named.service-r1" named.service
+ systemd_newunit "${FILESDIR}/named.service-r2" named.service
dotmpfiles "${FILESDIR}"/named.conf
exeinto /usr/libexec
doexe "${FILESDIR}/generate-rndc-key.sh"
diff --git a/net-dns/bind/files/named.init-r15 b/net-dns/bind/files/named.init-r15
index bdee10cc61e8..2bd52a773200 100644
--- a/net-dns/bind/files/named.init-r15
+++ b/net-dns/bind/files/named.init-r15
@@ -65,7 +65,7 @@ _umount() {
_get_pidfile() {
# as suggested in bug #107724, bug 335398#c17
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
- /usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+ /usr/bin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
}
@@ -98,7 +98,7 @@ checkconfig() {
return 1
fi
- /usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
+ /usr/bin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
eerror "named-checkconf failed! Please fix your config first."
return 1
}
@@ -109,7 +109,7 @@ checkconfig() {
checkzones() {
ebegin "Checking named configuration and zones"
- /usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
+ /usr/bin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
eend $?
}
diff --git a/net-dns/bind/files/named.service-r2 b/net-dns/bind/files/named.service-r2
new file mode 100644
index 000000000000..4ca34544fe61
--- /dev/null
+++ b/net-dns/bind/files/named.service-r2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Internet domain name server
+After=network.target
+
+[Service]
+ExecStartPre=/usr/libexec/generate-rndc-key.sh
+ExecStartPre=/usr/bin/named-checkconf -z /etc/bind/named.conf
+ExecStart=/usr/sbin/named -f -u named
+ExecReload=/usr/sbin/rndc reload
+ExecStop=/usr/sbin/rndc stop
+
+[Install]
+WantedBy=multi-user.target
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-09-03 6:43 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-06-19 8:03 [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/, net-dns/bind/files/ Christian Ruppert
-- strict thread matches above, loose matches on Subject: below --
2024-09-03 6:43 Sam James
2022-10-31 1:21 John Helmert III
2020-08-29 8:30 Mikle Kolyada
2017-09-21 7:45 Christian Ruppert
2016-10-14 21:17 Christian Ruppert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox