commit: 0795ed82642d14ebb9e975db7bfd98fbca25c770 Author: Eray Aslan <eras <AT> gentoo <DOT> org> AuthorDate: Fri Jan 28 14:53:08 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Aug 31 07:10:11 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0795ed82
net-dns/bind: bump to 9.18.0 - punted CHROOT stuff to simplify the ebuild and scripts - bind-tools binaries (dig, delv etc) are not stand alone binaries anymore but link to bind libraries, i.e. net-dns/bind and net-dns/bind-tools by neccesity produce the same libraries resulting in file collisions. soft blocked each other for now - net-dns/bind now produces everything, including binaries produced by net-dns/bind-tools - old style dlz drivers have been removed upstream. prefer dumping from datastore (database, ldap etc) to a file on a regular basis/on demand instead anyway - licensing: bind is mozilla-2.0 - dev-libs/jemalloc is the preferred allocator for bind-9.18. made it obligatory and dropped sparc keyword - json and zlib USE flags dropped and made obligatory. zlib is more or less necessary because of doh stuff. json requirement is a small library. xml is still behind a USE flag as it has the potential to bring in big libraries (icu etc) - python is optional and only used for testing - upstream dropped berkdb support - unified geoip and geoip2 USE flags - build system now uses a more traditional autotools stack. punted old stuff from the ebuild - do not install a zone file for loopback addresses. they are already built in - no need for named.cache as well - install named.conf.auth as a sample config file for authoratative named server. recursive server do not need one to function - openrc init script and confd revized, mostly because of punting chroot Bug: https://bugs.gentoo.org/832218 Bug: https://bugs.gentoo.org/930348 Bug: https://bugs.gentoo.org/936568 Bug: https://bugs.gentoo.org/937907 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras <AT> gentoo.org> Signed-off-by: Sam James <sam <AT> gentoo.org> net-dns/bind/Manifest | 1 + net-dns/bind/bind-9.18.0.ebuild | 151 ++++++++++++++++++++++++++++++++++++++ net-dns/bind/files/named.conf-r9 | 21 ++++++ net-dns/bind/files/named.confd-r8 | 18 +++++ net-dns/bind/files/named.init-r15 | 99 +++++++++++++++++++++++++ net-dns/bind/metadata.xml | 2 + 6 files changed, 292 insertions(+) diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest index 56161e2f3eed..8e14a31310ce 100644 --- a/net-dns/bind/Manifest +++ b/net-dns/bind/Manifest @@ -1,3 +1,4 @@ DIST bind-9.16.48.tar.xz 5131176 BLAKE2B 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 SHA512 83829a5045e2a29dd2b491d3ab72b545f5664023fcd4aa205a44dbb7bcc5c737b4466c0d73f124b8d88fd33c56776871a07dde1ba0530d43eec8e7304a08d353 DIST bind-9.16.48.tar.xz.asc 833 BLAKE2B 740ed58863ed3a7dee6ada4edd03cad5378ea0aa53cd6f071ca1911bb2d6b285ed292f32846790d42b97e8d9bb72588f1cd30c4e10557ac1e9f1df545923a9b1 SHA512 7bd813b5ab6f9677fc4ef21e0c3930f6319fa6c49d6869570794bc28212fe8935b72f9f217cfce692a2dec9ec29994f345d1b1145cef1ca976c5361f6ce0f75d +DIST bind-9.18.0.tar.xz 5292320 BLAKE2B 3ed32880bcaf47d3a56a59cf35506c6f28acdfa52365615a3cd9671bbbc6437a1aab8cebb3ed6dec61af25b71357f8924ae8aae8779cdd422e8a3ff6ee3ef4e5 SHA512 941fe32499e1e7b08c2554f2e68a4886160d239ae23c9810f0cc0565636b5ce218dad5d332c1f4d101ce15f85b6cc2cd877fbf9ebdafb693a83ae57f999cab12 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac diff --git a/net-dns/bind/bind-9.18.0.ebuild b/net-dns/bind/bind-9.18.0.ebuild new file mode 100644 index 000000000000..7499493af4f4 --- /dev/null +++ b/net-dns/bind/bind-9.18.0.ebuild @@ -0,0 +1,151 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{8..10} ) + +inherit python-any-r1 systemd tmpfiles + +MY_PV="${PV/_p/-P}" +MY_PV="${MY_PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +RRL_PV="${MY_PV}" + +DESCRIPTION="Berkeley Internet Name Domain - Name Server" +HOMEPAGE="https://www.isc.org/software/bind"; +SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz"; + +LICENSE="MPL-2.0" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux" +IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn geoip gssapi lmdb selinux static-libs test-extra xml" + +DEPEND=" + acct-group/named + acct-user/named + dev-libs/jemalloc + dev-libs/json-c:= + dev-libs/libuv:= + sys-libs/zlib + dev-libs/openssl:=[-bindist(-)] + caps? ( >=sys-libs/libcap-2.1.0 ) + dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) + doh? ( net-libs/nghttp2 ) + geoip? ( dev-libs/libmaxminddb ) + gssapi? ( virtual/krb5 ) + idn? ( net-dns/libidn2 ) + lmdb? ( dev-db/lmdb ) + xml? ( dev-libs/libxml2 ) +" +BDEPEND=" + test-extra? ( + ${PYTHON_DEPS} + dev-python/pytest + dev-perl/Net-DNS-SEC + dev-util/cmocka + ) +" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bind ) + sys-process/psmisc + !net-dns/bind-tools +" + +S="${WORKDIR}/${MY_P}" + +src_configure() { + local myeconfargs=( + --prefix="${EPREFIX}"/usr + --sysconfdir=/etc/bind + --localstatedir=/var + --enable-full-report + --without-readline + --with-openssl="${ESYSROOT}"/usr + --with-jemalloc + --with-json-c + --with-zlib + $(use_enable caps linux-caps) + $(use_enable dnsrps) + $(use_enable dnstap) + $(use_enable doh) + $(use_with doh libnghttp2) + $(use_enable fixed-rrset) + $(use_enable static-libs static) + $(use_enable geoip) + $(use_with geoip maxminddb) + $(use_with gssapi) + $(use_with idn libidn2) + $(use_with lmdb) + $(use_with xml libxml2) + "${@}" + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # "${WORKDIR}/${P}"/bin/tests/system/README + # ifconfig.sh up and then down as root + #default + + # just run the tests that dont mock around with IPs + emake -C lib/ check +} + +src_install() { + default + + dodoc CHANGES README.md + + if use doc; then + docinto misc + dodoc -r doc/misc/ + + docinto html + dodoc -r doc/arm/ + + docinto dnssec-guide + dodoc -r doc/dnssec-guide/ + + docinto contrib + dodoc contrib/scripts/nanny.pl + fi + + insinto /etc/bind + newins "${FILESDIR}"/named.conf-r9 named.conf.auth + + newinitd "${FILESDIR}"/named.init-r15 named + newconfd "${FILESDIR}"/named.confd-r8 named + + newenvd "${FILESDIR}"/10bind.env 10bind + + use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete + + dosym ../../var/bind/pri /etc/bind/pri + dosym ../../var/bind/sec /etc/bind/sec + dosym ../../var/bind/dyn /etc/bind/dyn + keepdir /var/bind/{pri,sec,dyn} /var/log/named + + fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} + fowners root:named /etc/bind/{bind.keys,named.conf.auth} + fperms 0640 /etc/bind/{bind.keys,named.conf.auth} + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/log/named /var/bind/{,sec,dyn} + + systemd_newunit "${FILESDIR}/named.service-r1" named.service + dotmpfiles "${FILESDIR}"/named.conf + exeinto /usr/libexec + doexe "${FILESDIR}/generate-rndc-key.sh" +} + +pkg_postinst() { + tmpfiles_process named.conf + + if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then + einfo "Using /dev/urandom for generating rndc.key" + /usr/sbin/rndc-confgen -a + chown root:named /etc/bind/rndc.key || die + chmod 0640 /etc/bind/rndc.key || die + fi +} diff --git a/net-dns/bind/files/named.conf-r9 b/net-dns/bind/files/named.conf-r9 new file mode 100644 index 000000000000..e14996561731 --- /dev/null +++ b/net-dns/bind/files/named.conf-r9 @@ -0,0 +1,21 @@ +options { + directory "/var/cache/bind"; + pid-file "/run/named/named.pid"; + listen-on { 127.0.0.1; }; + listen-on-v6 { ::1; }; + allow-recursion { + none; + }; + allow-transfer { + none; + }; + allow-update { + none; + }; +}; + +zone "example.com." { + type primary; + file "/var/lib/bind/db.example.com"; + notify explicit; +}; diff --git a/net-dns/bind/files/named.confd-r8 b/net-dns/bind/files/named.confd-r8 new file mode 100644 index 000000000000..915c51d4f19f --- /dev/null +++ b/net-dns/bind/files/named.confd-r8 @@ -0,0 +1,18 @@ +# Set various named options here. +# +#OPTIONS="" + +# config file path +NAMED_CONF="/etc/bind/named.conf" + +# Set this to the number of processors you want bind to use. +# Leave this unchanged if you want bind to automatically detect the number +#CPU="1" + +# Default pid file location +# use named.conf to specify pid-file location + +# Scheduling priority: 19 is the lowest and -20 is the highest. +# Default: 0 +#NAMED_NICELEVEL="0" + diff --git a/net-dns/bind/files/named.init-r15 b/net-dns/bind/files/named.init-r15 new file mode 100644 index 000000000000..d5539d9aa854 --- /dev/null +++ b/net-dns/bind/files/named.init-r15 @@ -0,0 +1,99 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="checkconfig checkzones" +extra_started_commands="reload" + +depend() { + need net + use logger + provide dns +} + +NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf} + +_get_pidfile() { + # as suggested in bug #107724, bug 335398#c17 + [ -n "${PIDFILE}" ] || PIDFILE=$(\ + /usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2) + [ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid" +} + +checkconfig() { + ebegin "Checking named configuration" + + if [ ! -f "${NAMED_CONF}" ] ; then + eerror "No ${NAMED_CONF} file exists!" + return 1 + fi + /usr/bin/named-checkconf ${NAMED_CONF} || { + eerror "named-checkconf failed! Please fix your config first." + return 1 + } + eend 0 +} + +checkzones() { + ebegin "Checking named configuration and zones" + /usr/bin/named-checkconf -z ${NAMED_CONF} + eend $? +} + +start() { + local piddir + + ebegin "Starting named" + checkconfig || { eend 1; return 1; } + + # create piddir (usually /run/named) if necessary, bug 334535 + _get_pidfile + piddir="${PIDFILE%/*}" + checkpath -q -d -o root:named -m 0770 "${piddir}" || { + eerror "Failed to create PID directory at $piddir" + eend 1 + return 1 + } + + # In case someone have $CPU set in /etc/conf.d/named + if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then + CPU="-n ${CPU}" + fi + + start-stop-daemon --start --pidfile ${PIDFILE} \ + --nicelevel ${NAMED_NICELEVEL:-0} \ + --exec /usr/sbin/named \ + -- -u named ${CPU} ${OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping named" + # -R 10, bug 335398 + _get_pidfile + start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \ + --exec /usr/sbin/named + eend $? +} + +reload() { + local ret + + ebegin "Reloading named.conf and zone files" + + checkconfig || { eend 1; return 1; } + + _get_pidfile + if [ -n "${PIDFILE}" ]; then + start-stop-daemon --pidfile $PIDFILE --signal HUP + ret=$? + else + ewarn "Unable to determine the pidfile... this is" + ewarn "a fallback mode. Please check your installation!" + + $RC_SERVICE restart + ret=$? + fi + + eend $ret +} diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml index ec13f291d0cd..49012f10c364 100644 --- a/net-dns/bind/metadata.xml +++ b/net-dns/bind/metadata.xml @@ -9,10 +9,12 @@ <flag name="dnstap">Enables dnstap packet logging</flag> <flag name="dnsrps">Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an external response policy provider</flag> <flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag> + <flag name="doh">Enables dns-over-https</flag> <flag name="fixed-rrset">Enables fixed rrset-order option</flag> <flag name="geoip2">Enable GeoIP2 API from MaxMind</flag> <flag name="gssapi">Enable gssapi support</flag> <flag name="json">Enable JSON statistics channel</flag> <flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag> + <flag name="test-extra">Pulls in extra dependencies for additional testing</flag> </use> </pkgmetadata>
