Date: Sunday, January 11, 2015 @ 22:40:36 Author: bisson Revision: 125776
archrelease: copy trunk to community-testing-i686, community-testing-x86_64 Added: unbound/repos/community-testing-i686/ unbound/repos/community-testing-i686/PKGBUILD (from rev 125775, unbound/trunk/PKGBUILD) unbound/repos/community-testing-i686/conf (from rev 125775, unbound/trunk/conf) unbound/repos/community-testing-i686/install (from rev 125775, unbound/trunk/install) unbound/repos/community-testing-i686/lts.patch (from rev 125775, unbound/trunk/lts.patch) unbound/repos/community-testing-i686/service (from rev 125775, unbound/trunk/service) unbound/repos/community-testing-x86_64/ unbound/repos/community-testing-x86_64/PKGBUILD (from rev 125775, unbound/trunk/PKGBUILD) unbound/repos/community-testing-x86_64/conf (from rev 125775, unbound/trunk/conf) unbound/repos/community-testing-x86_64/install (from rev 125775, unbound/trunk/install) unbound/repos/community-testing-x86_64/lts.patch (from rev 125775, unbound/trunk/lts.patch) unbound/repos/community-testing-x86_64/service (from rev 125775, unbound/trunk/service) ------------------------------------+ community-testing-i686/PKGBUILD | 55 ++++++++++++++++++++++++++++ community-testing-i686/conf | 5 ++ community-testing-i686/install | 10 +++++ community-testing-i686/lts.patch | 67 +++++++++++++++++++++++++++++++++++ community-testing-i686/service | 13 ++++++ community-testing-x86_64/PKGBUILD | 55 ++++++++++++++++++++++++++++ community-testing-x86_64/conf | 5 ++ community-testing-x86_64/install | 10 +++++ community-testing-x86_64/lts.patch | 67 +++++++++++++++++++++++++++++++++++ community-testing-x86_64/service | 13 ++++++ 10 files changed, 300 insertions(+) Copied: unbound/repos/community-testing-i686/PKGBUILD (from rev 125775, unbound/trunk/PKGBUILD) =================================================================== --- community-testing-i686/PKGBUILD (rev 0) +++ community-testing-i686/PKGBUILD 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,55 @@ +# $Id$ +# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Hisato Tatekura <hisato_tatek...@excentrics.net> +# Contributor: Massimiliano Torromeo <massimiliano DOT torromeo AT google mail service> + +pkgname=unbound +pkgver=1.5.1 +pkgrel=4 +pkgdesc='Validating, recursive, and caching DNS resolver' +url='http://unbound.net/' +license=('custom:BSD') +arch=('i686' 'x86_64') +makedepends=('expat') +optdepends=('expat: unbound-anchor') +depends=('openssl' 'ldns' 'libevent' 'dnssec-anchors') +backup=('etc/unbound/unbound.conf') +source=("http://unbound.net/downloads/${pkgname}-${pkgver}.tar.gz" + 'lts.patch' + 'service' + 'conf') +sha1sums=('5606c2246e7394bce88cc4f16edbd6b964237ea2' + '456c91a253f9102e00e4a46a2f1b936aa2e3ed7c' + '63fcc187cec6f262d81600e66c6747285c72ad15' + '98515708441cb831890a0b6d1986fd40649646c0') + +install=install + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -l -i ../lts.patch +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --sbindir=/usr/bin \ + --disable-rpath \ + --with-libevent \ + --with-rootkey-file=/etc/trusted-key.key \ + --with-conf-file=/etc/unbound/unbound.conf \ + --with-pidfile=/run/unbound.pid + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + install -Dm644 doc/example.conf.in "${pkgdir}/etc/unbound/unbound.conf.example" + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -Dm644 ../service "${pkgdir}/usr/lib/systemd/system/unbound.service" + install -Dm644 ../conf "${pkgdir}/etc/unbound/unbound.conf" +} Copied: unbound/repos/community-testing-i686/conf (from rev 125775, unbound/trunk/conf) =================================================================== --- community-testing-i686/conf (rev 0) +++ community-testing-i686/conf 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,5 @@ +server: + use-syslog: yes + username: "unbound" + directory: "/etc/unbound" + trust-anchor-file: trusted-key.key Copied: unbound/repos/community-testing-i686/install (from rev 125775, unbound/trunk/install) =================================================================== --- community-testing-i686/install (rev 0) +++ community-testing-i686/install 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,10 @@ +post_install() { + getent group unbound &>/dev/null || groupadd -r unbound >/dev/null + getent passwd unbound &>/dev/null || useradd -r -g unbound -d /etc/unbound -s /bin/false -c unbound unbound >/dev/null +} + +post_remove() { + getent passwd unbound &>/dev/null && userdel unbound >/dev/null + getent group unbound &>/dev/null && groupdel unbound >/dev/null + return 0 +} Copied: unbound/repos/community-testing-i686/lts.patch (from rev 125775, unbound/trunk/lts.patch) =================================================================== --- community-testing-i686/lts.patch (rev 0) +++ community-testing-i686/lts.patch 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,67 @@ +diff -ru unbound-1.5.1/services/listen_dnsport.c unbound-1.5.1-rga/services/listen_dnsport.c +--- unbound-1.5.1/services/listen_dnsport.c 2014-12-10 10:59:31.726514857 +0100 ++++ unbound-1.5.1-rga/services/listen_dnsport.c 2014-12-10 11:08:45.009071300 +0100 +@@ -368,30 +368,47 @@ + * (and also uses the interface mtu to determine the size of the packets). + * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. + * FreeBSD already has same semantics without setting the option. */ +-# if defined(IP_PMTUDISC_OMIT) ++ int omit_set = 0; ++# if defined(IP_PMTUDISC_OMIT) + int action = IP_PMTUDISC_OMIT; +-# else +- int action = IP_PMTUDISC_DONT; +-# endif + if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, + &action, (socklen_t)sizeof(action)) < 0) { +- log_err("setsockopt(..., IP_MTU_DISCOVER, " +-# if defined(IP_PMTUDISC_OMIT) +- "IP_PMTUDISC_OMIT" ++ ++ if (errno != EINVAL) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", ++ strerror(errno)); ++ ++# ifndef USE_WINSOCK ++ close(s); + # else +- "IP_PMTUDISC_DONT" ++ closesocket(s); + # endif +- "...) failed: %s", +- strerror(errno)); ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } ++ } ++ else ++ { ++ omit_set = 1; ++ } ++# endif ++ if (omit_set == 0) { ++ int action = IP_PMTUDISC_DONT; ++ if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, ++ &action, (socklen_t)sizeof(action)) < 0) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", ++ strerror(errno)); + # ifndef USE_WINSOCK +- close(s); ++ close(s); + # else +- closesocket(s); ++ closesocket(s); + # endif +- *noproto = 0; +- *inuse = 0; +- return -1; +- } ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } ++ } + # elif defined(IP_DONTFRAG) + int off = 0; + if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, Copied: unbound/repos/community-testing-i686/service (from rev 125775, unbound/trunk/service) =================================================================== --- community-testing-i686/service (rev 0) +++ community-testing-i686/service 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,13 @@ +[Unit] +Description=Unbound DNS Resolver +After=network.target + +[Service] +ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/ +PIDFile=/run/unbound.pid +ExecStart=/usr/bin/unbound -d +ExecReload=/bin/kill -HUP $MAINPID +Restart=always + +[Install] +WantedBy=multi-user.target Copied: unbound/repos/community-testing-x86_64/PKGBUILD (from rev 125775, unbound/trunk/PKGBUILD) =================================================================== --- community-testing-x86_64/PKGBUILD (rev 0) +++ community-testing-x86_64/PKGBUILD 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,55 @@ +# $Id$ +# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Hisato Tatekura <hisato_tatek...@excentrics.net> +# Contributor: Massimiliano Torromeo <massimiliano DOT torromeo AT google mail service> + +pkgname=unbound +pkgver=1.5.1 +pkgrel=4 +pkgdesc='Validating, recursive, and caching DNS resolver' +url='http://unbound.net/' +license=('custom:BSD') +arch=('i686' 'x86_64') +makedepends=('expat') +optdepends=('expat: unbound-anchor') +depends=('openssl' 'ldns' 'libevent' 'dnssec-anchors') +backup=('etc/unbound/unbound.conf') +source=("http://unbound.net/downloads/${pkgname}-${pkgver}.tar.gz" + 'lts.patch' + 'service' + 'conf') +sha1sums=('5606c2246e7394bce88cc4f16edbd6b964237ea2' + '456c91a253f9102e00e4a46a2f1b936aa2e3ed7c' + '63fcc187cec6f262d81600e66c6747285c72ad15' + '98515708441cb831890a0b6d1986fd40649646c0') + +install=install + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -l -i ../lts.patch +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --sbindir=/usr/bin \ + --disable-rpath \ + --with-libevent \ + --with-rootkey-file=/etc/trusted-key.key \ + --with-conf-file=/etc/unbound/unbound.conf \ + --with-pidfile=/run/unbound.pid + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + install -Dm644 doc/example.conf.in "${pkgdir}/etc/unbound/unbound.conf.example" + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -Dm644 ../service "${pkgdir}/usr/lib/systemd/system/unbound.service" + install -Dm644 ../conf "${pkgdir}/etc/unbound/unbound.conf" +} Copied: unbound/repos/community-testing-x86_64/conf (from rev 125775, unbound/trunk/conf) =================================================================== --- community-testing-x86_64/conf (rev 0) +++ community-testing-x86_64/conf 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,5 @@ +server: + use-syslog: yes + username: "unbound" + directory: "/etc/unbound" + trust-anchor-file: trusted-key.key Copied: unbound/repos/community-testing-x86_64/install (from rev 125775, unbound/trunk/install) =================================================================== --- community-testing-x86_64/install (rev 0) +++ community-testing-x86_64/install 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,10 @@ +post_install() { + getent group unbound &>/dev/null || groupadd -r unbound >/dev/null + getent passwd unbound &>/dev/null || useradd -r -g unbound -d /etc/unbound -s /bin/false -c unbound unbound >/dev/null +} + +post_remove() { + getent passwd unbound &>/dev/null && userdel unbound >/dev/null + getent group unbound &>/dev/null && groupdel unbound >/dev/null + return 0 +} Copied: unbound/repos/community-testing-x86_64/lts.patch (from rev 125775, unbound/trunk/lts.patch) =================================================================== --- community-testing-x86_64/lts.patch (rev 0) +++ community-testing-x86_64/lts.patch 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,67 @@ +diff -ru unbound-1.5.1/services/listen_dnsport.c unbound-1.5.1-rga/services/listen_dnsport.c +--- unbound-1.5.1/services/listen_dnsport.c 2014-12-10 10:59:31.726514857 +0100 ++++ unbound-1.5.1-rga/services/listen_dnsport.c 2014-12-10 11:08:45.009071300 +0100 +@@ -368,30 +368,47 @@ + * (and also uses the interface mtu to determine the size of the packets). + * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. + * FreeBSD already has same semantics without setting the option. */ +-# if defined(IP_PMTUDISC_OMIT) ++ int omit_set = 0; ++# if defined(IP_PMTUDISC_OMIT) + int action = IP_PMTUDISC_OMIT; +-# else +- int action = IP_PMTUDISC_DONT; +-# endif + if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, + &action, (socklen_t)sizeof(action)) < 0) { +- log_err("setsockopt(..., IP_MTU_DISCOVER, " +-# if defined(IP_PMTUDISC_OMIT) +- "IP_PMTUDISC_OMIT" ++ ++ if (errno != EINVAL) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", ++ strerror(errno)); ++ ++# ifndef USE_WINSOCK ++ close(s); + # else +- "IP_PMTUDISC_DONT" ++ closesocket(s); + # endif +- "...) failed: %s", +- strerror(errno)); ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } ++ } ++ else ++ { ++ omit_set = 1; ++ } ++# endif ++ if (omit_set == 0) { ++ int action = IP_PMTUDISC_DONT; ++ if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, ++ &action, (socklen_t)sizeof(action)) < 0) { ++ log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", ++ strerror(errno)); + # ifndef USE_WINSOCK +- close(s); ++ close(s); + # else +- closesocket(s); ++ closesocket(s); + # endif +- *noproto = 0; +- *inuse = 0; +- return -1; +- } ++ *noproto = 0; ++ *inuse = 0; ++ return -1; ++ } ++ } + # elif defined(IP_DONTFRAG) + int off = 0; + if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, Copied: unbound/repos/community-testing-x86_64/service (from rev 125775, unbound/trunk/service) =================================================================== --- community-testing-x86_64/service (rev 0) +++ community-testing-x86_64/service 2015-01-11 21:40:36 UTC (rev 125776) @@ -0,0 +1,13 @@ +[Unit] +Description=Unbound DNS Resolver +After=network.target + +[Service] +ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/ +PIDFile=/run/unbound.pid +ExecStart=/usr/bin/unbound -d +ExecReload=/bin/kill -HUP $MAINPID +Restart=always + +[Install] +WantedBy=multi-user.target