From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1696933-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 051A41581D8
	for <garchives@archives.gentoo.org>; Wed,  4 Dec 2024 12:58:22 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 312E1E0815;
	Wed,  4 Dec 2024 12:58:20 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 32A9CE0805
	for <gentoo-commits@lists.gentoo.org>; Wed,  4 Dec 2024 12:58:18 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id EE3C333C1EB
	for <gentoo-commits@lists.gentoo.org>; Wed,  4 Dec 2024 12:58:16 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 40210E96
	for <gentoo-commits@lists.gentoo.org>; Wed,  4 Dec 2024 12:58:15 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1733317027.76953cdb865f54195a77df8a48899b59db54049e.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/knot/files/, net-dns/knot/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-dns/knot/files/knot-2.init net-dns/knot/files/knot.confd net-dns/knot/knot-3.4.2-r1.ebuild
X-VCS-Directories: net-dns/knot/ net-dns/knot/files/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 76953cdb865f54195a77df8a48899b59db54049e
X-VCS-Branch: master
Date: Wed,  4 Dec 2024 12:58:15 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: c8a38aff-b92f-432e-82d7-0bd77e06e682
X-Archives-Hash: e2fde7ecfbce9f3976261c86a9b6f268

commit:     76953cdb865f54195a77df8a48899b59db54049e
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Wed Dec  4 10:45:20 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec  4 12:57:07 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76953cdb

net-dns/knot: setcap for OpenRC init script. Add confd

Set capabilities by default in init, as systemd service.
No dep for openrc[caps] as it will be forced soon.
Bug: https://bugs.gentoo.org/945837

Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Closes: https://github.com/gentoo/gentoo/pull/39588
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-dns/knot/files/knot-2.init    |  44 ++++++++++
 net-dns/knot/files/knot.confd     |   7 ++
 net-dns/knot/knot-3.4.2-r1.ebuild | 167 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 218 insertions(+)

diff --git a/net-dns/knot/files/knot-2.init b/net-dns/knot/files/knot-2.init
new file mode 100644
index 000000000000..746681496c53
--- /dev/null
+++ b/net-dns/knot/files/knot-2.init
@@ -0,0 +1,44 @@
+#!/sbin/openrc-run
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KNOT_USER:=knot}
+: ${KNOT_GROUP:=knot}
+: ${KNOT_PIDFILE:=/run/knot.pid}
+: ${KNOT_CONFIG:=/etc/knot/knot.conf}
+
+name="knot"
+description="High-performance authoritative-only DNS server"
+command="/usr/sbin/knotd"
+command_args="-c ${KNOT_CONFIG}"
+command_user="${KNOT_USER}:${KNOT_GROUP}"
+command_background=true
+pidfile="${KNOT_PIDFILE}"
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+capabilities="^cap_net_bind_service,^cap_setpcap"
+
+checkconfig() {
+	/usr/bin/knotc conf-check 1>/dev/null || return 1
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile $pidfile
+	eend $?
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkconfig || return 1
+	fi
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkconfig || return 1
+	fi
+}

diff --git a/net-dns/knot/files/knot.confd b/net-dns/knot/files/knot.confd
new file mode 100644
index 000000000000..f4821e9d725d
--- /dev/null
+++ b/net-dns/knot/files/knot.confd
@@ -0,0 +1,7 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+#KNOT_USER=knot
+#KNOT_GROUP=knot
+#KNOT_PIDFILE=/run/knot.pid
+#KNOT_CONFIG=/etc/knot/knot.conf

diff --git a/net-dns/knot/knot-3.4.2-r1.ebuild b/net-dns/knot/knot-3.4.2-r1.ebuild
new file mode 100644
index 000000000000..f15285db8abe
--- /dev/null
+++ b/net-dns/knot/knot-3.4.2-r1.ebuild
@@ -0,0 +1,167 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic systemd tmpfiles
+
+# subslot: libknot major.libdnssec major.libzscanner major
+KNOT_SUBSLOT="15.9.4"
+
+DESCRIPTION="High-performance authoritative-only DNS server"
+HOMEPAGE="https://www.knot-dns.cz/ https://gitlab.nic.cz/knot/knot-dns"
+SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz"
+
+S="${WORKDIR}/${P/_/-}"
+
+LICENSE="GPL-3+"
+SLOT="0/${KNOT_SUBSLOT}"
+KEYWORDS="~amd64 ~riscv ~x86"
+
+KNOT_MODULES=(
+	"+authsignal"
+	"+cookies"
+	"+dnsproxy"
+	"dnstap"
+	"geoip"
+	"+noudp"
+	"+onlinesign"
+	"+queryacl"
+	"+rrl"
+	"+stats"
+	"+synthrecord"
+	"+whoami"
+)
+
+IUSE="caps +daemon dbus +doc doh +fastparser +idn pkcs11 quic systemd test +utils xdp ${KNOT_MODULES[@]}"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	dev-libs/libedit
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	quic? ( net-libs/ngtcp2[gnutls] )
+"
+RDEPEND="
+	dev-db/lmdb:=
+	net-libs/gnutls:=[pkcs11?]
+	daemon? (
+		${COMMON_DEPEND}
+		acct-group/knot
+		acct-user/knot
+		dev-libs/userspace-rcu:=
+		caps? ( sys-libs/libcap-ng )
+		dbus? ( sys-apps/dbus )
+		geoip? ( dev-libs/libmaxminddb:= )
+		systemd? ( sys-apps/systemd:= )
+		)
+	utils? (
+		${COMMON_DEPEND}
+		doh? ( net-libs/nghttp2:= )
+		idn? ( net-dns/libidn2:= )
+	)
+	xdp? (
+		>=dev-libs/libbpf-1.0:=
+		net-libs/xdp-tools
+		utils? ( net-libs/libmnl:= )
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	test? (
+		pkcs11? ( dev-libs/softhsm )
+	)
+"
+
+src_prepare() {
+	default
+
+	# these tests call this daemon file knot/server/dthreads.h
+	if use test && use !daemon; then
+		sed -i \
+		-e '/test_atomic/d' \
+		-e '/test_spinlock/d' \
+		tests/Makefile.am || die
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	local u
+	local my_conf=(
+		--with-storage="${EPREFIX}/var/lib/${PN}"
+		--with-rundir="${EPREFIX}/var/run/${PN}"
+		$(use_enable caps cap_ng)
+		$(use_enable daemon)
+		$(use_enable fastparser)
+		$(use_enable dnstap)
+		$(use_enable doc documentation)
+		$(use_with doh libnghttp2)
+		$(use_enable geoip maxminddb)
+		$(use_with idn libidn)
+		$(use_enable quic)
+		$(use_enable systemd)
+		$(use_enable utils utilities)
+		$(use_enable xdp)
+	)
+
+	# modules (except dnstap forced by use_enable if set with utils) are only used by daemon
+	if use daemon; then
+		for u in "${KNOT_MODULES[@]#+}"; do
+			my_conf+=("$(use_with ${u} module-${u})")
+		done
+	else
+			my_conf+=("--disable-modules")
+	fi
+
+	if use !daemon; then
+		my_conf+=("--enable-dbus=no")
+	elif use dbus; then
+		my_conf+=("--enable-dbus=libdbus")
+	elif use !dbus && use !systemd; then
+		my_conf+=("--enable-dbus=no")
+	elif use !dbus && use systemd; then
+		my_conf+=("--enable-dbus=systemd")
+	fi
+
+	if use riscv; then
+		append-libs -latomic
+	fi
+
+	econf "${my_conf[@]}"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	use doc && local HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} )
+
+	default
+
+	if use daemon; then
+		rmdir "${D}/var/run/${PN}" "${D}/var/run/" || die
+
+		newinitd "${FILESDIR}"/knot-2.init knot
+		newconfd "${FILESDIR}"/knot.confd knot
+
+		newtmpfiles "${FILESDIR}"/${PN}.tmpfile ${PN}.conf
+
+		use systemd && systemd_newunit distro/common/knot.service knot.service
+	fi
+
+	find "${D}" -name '*.la' -delete || die
+
+	keepdir /var/lib/knot
+}
+
+pkg_postinst() {
+	use daemon && tmpfiles_process ${PN}.conf
+}