net-dns/unbound: Version bump, including new init script

svn path=/sunrise/; revision=8655

8 files changed, 131 insertions, 142 deletions

diff --git a/net-dns/unbound/ChangeLog b/net-dns/unbound/ChangeLog
index db1625df5..836859a0e 100644
--- a/net-dns/unbound/ChangeLog
+++ b/net-dns/unbound/ChangeLog
@@ -2,6 +2,11 @@
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+  14 Jun 2009; Tom Hendrikx (whyscream) <tom@whyscream.net>
+  -unbound-1.2.1.ebuild, +unbound-1.3.0.ebuild, -files/chroot_howto.txt,
+  files/unbound.confd, files/unbound.initd, metadata.xml:
+  Version bump, including new init script
+
   06 May 2009; Tom Hendrikx (whyscream) <tom@whyscream.net>
   unbound-1.2.1.ebuild:
   Disable test suite since it does not work
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
index 9389432cf..78580693e 100644
--- a/net-dns/unbound/Manifest
+++ b/net-dns/unbound/Manifest
@@ -1,7 +1,6 @@
-AUX chroot_howto.txt 1780 RMD160 39c115816f87cf4ec1a17fbfd313fee771a64226 SHA1 3522189d64e92fb64251587db1559e5d0110e540 SHA256 650b4d838ba09d1c94b34ae712102d3b29b84744c4980c5bafe8eaa552a657a5
-AUX unbound.confd 284 RMD160 01960d51a873ed30beac29ce20e3dde43dca20aa SHA1 195c31dd2edf4a887f667520ddf70a1bed8a3d65 SHA256 27d73752ae2a0f6c7ae4a3d894357bba1a2fdaf9f3cd0415be03bed2c0211537
-AUX unbound.initd 985 RMD160 1cd1fe6a195def58fda8be0e3067b2751773be21 SHA1 569ad8abab363e10f03cc9e2d4fb11395fc9b18b SHA256 d8752a4f8ba549ef2822368b86c1a0931284b4e057e236d19f88857a2c43be67
-DIST unbound-1.2.1.tar.gz 3795258 RMD160 c26d82d92e3342fe860d342a0717824b07d1c38d SHA1 996aea210b24f8c4bd1aa7a9584bc5b70b989b1b SHA256 1f95ca2904dfb813bf52f15156a8c769b365deb92fa7b995344062dea966dc29
-EBUILD unbound-1.2.1.ebuild 1829 RMD160 19e439e8993bc577dcf878517b62cf25c1cb3efc SHA1 b480abe267fb06f87a9a2eef48a697b61fa2f91a SHA256 e743c7c2129b1a29fd096d6476e2e5c30b3e14000a2205d820bbe38e88aa40c5
-MISC ChangeLog 1221 RMD160 4280b11d5a41aa844c3aa7c93c1ad21f677bf276 SHA1 320bc10e7bc18b82c867aafa8e98045289dd900a SHA256 746850cb1d7a183bfcadd2e65f9a634337e2aa36b5edbc3923647f3f685b0822
-MISC metadata.xml 245 RMD160 d8ace88cdc93cb9ddd4a28cb445e7b8d61cc5127 SHA1 6fe67339cb588812f2973ef6f5eee3d0c1d79b1c SHA256 136f25009219cb8b085d8885f5d68ccdc2836705577688e7587755e9736aba9d
+AUX unbound.confd 166 RMD160 ad5324b396d0ceb53c5dcf142b106a8fa114e30d SHA1 7db818eda9240ecebd166ce85eb6490b374b4f18 SHA256 6e804cf2a450a06ebb390b267d353a892e987d2bf0c4909909507ab277df86b4
+AUX unbound.initd 1219 RMD160 636c7a022a4bded04675ce0b5676443442e4712c SHA1 b7bda8a6fa2404c0bb8024a8cf1e6c9c6d9dd038 SHA256 8a9dface7c74819336ea7da97cf561397ebd3d5110ba2dfe732883695be79b67
+DIST unbound-1.3.0.tar.gz 4059848 RMD160 f4c57ff90f84c25bec93b5d61655b326602b5e14 SHA1 67fe06f087083fd24b0175b68e624efc375a3e0f SHA256 ebaed25422a32a7f13386982485d9d01b65cf3aefbebdcf4add6a4d7c71a4610
+EBUILD unbound-1.3.0.ebuild 2654 RMD160 c247e612a93208cc0b5d1b535c199c697f93ad1e SHA1 75cb32325298265cfe13dd0b7a7fde354799b40b SHA256 fa74437ec8565c67592164ec897130837327b003caacf147f770e4e63452beed
+MISC ChangeLog 1455 RMD160 53fc49ae1f04e899cbc31843a3fc1cea2773ab32 SHA1 fc212bdea320e12fa69455cf497dac9c0b6dd775 SHA256 872e8a2d185a9b555cbfce8ca4d36f8f2e22b09ae59749640e33016746561e10
+MISC metadata.xml 313 RMD160 55eab80cc0d3313ab6abbd819c97624c5b6deaf6 SHA1 58b71600454480ba1779092e323083e3c8303445 SHA256 6ea4770fe59e75a6dde41e4ba616bf3219c76a55cd70d6563f46178564551a94
diff --git a/net-dns/unbound/files/chroot_howto.txt b/net-dns/unbound/files/chroot_howto.txt
deleted file mode 100644
index 0d51536c8..000000000
--- a/net-dns/unbound/files/chroot_howto.txt
+++ /dev/null
@@ -1,51 +0,0 @@
-Chroot jail howto for unbound
-
-* Rationale
-
-I had no experience whatsoever with chroot jails for daemons, and when making an
-ebuild for unbound, someone suggested that I should just check it out.
-After lots of playing around with automating a chroot jail setup from within 
-the ebuild, everything got way too unstable and far from fool-proof. 
-
-Getting unbound running within a rootjail by hand was no problem however. 
-Below are my experiences.
-
-* Assumptions
-
-- You know your way around a linux machine on the console
-- You have root access
-
-* Setting it up
-
-1. Emerge unbound, switching USE flags has no effect to the steps in this guide.
-
-2. Decide where you want your rootjail. I choose /var/lib/unbound 
-   throughout this manual. Then create the directory:
-   # mkdir /var/lib/unbound
-   # chown unbound:unbound /var/lib/unbound
-   # chmod 700 /var/lib/unbound
-
-3. Inside the chroot you'll need access to /dev/random, and possibly /dev/log 
-   (when using syslog, the default). Simplest way is to bind-mount /dev:
-   # mkdir /var/lib/unbound/dev
-   # mount -o bind /dev /var/lib/unbound/dev
-
-   Hint: add a line to /etc/fstab to keep this persistent between reboots, f.i.:
-   /dev   /var/lib/unbound/dev   auto   defauls,bind   0   0
-
-4. Move the config file into the chroot and change some settings:
-   # mv /etc/unbound/unbound.conf /var/lib/unbound
-   # nano /var/lib/unbound/unbound.conf
-
-   Change following options (or copy/paste these lines near 
-   the end of the file):
-
-   chroot: "/var/lib/unbound"
-   directory: "/var/lib/unbound"
-   pidfile: "/var/lib/unbound/unbound.pid"
-
-5. Change /etc/conf.d/unbound to reflect the new locations of 
-   the config and the pid file.
-
-   config_file="/var/lib/unbound/unbound.conf"
-   pid_file="/var/lib/unbound/unbound.pid"
diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd
index 709724ec5..9febdb8c0 100644
--- a/net-dns/unbound/files/unbound.confd
+++ b/net-dns/unbound/files/unbound.confd
@@ -1,7 +1,4 @@
-# Settings should normally only be changed when using a chroot jail.
+# Settings should normally not need any changes.
 
 # Location of the unbound configuration file. Leave empty for the default.
 #config_file="/etc/unbound/unbound.conf"
-
-# Location of the unbound pidfile. Leave empty for the default.
-#pid_file="/var/run/unbound.pid"
diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd
index 70750723c..244f8f3c6 100644
--- a/net-dns/unbound/files/unbound.initd
+++ b/net-dns/unbound/files/unbound.initd
@@ -1,16 +1,18 @@
 #!/sbin/runscript
-# Copyright 1999-2008 Gentoo Foundation
+# Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: $
 
-opts="start stop configtest"
+opts="start stop reload"
 description="Unbound is a validating, recursive and caching DNS resolver"
 description_start="Start the server"
 description_stop="Stop the server"
-description_configtest="Check the syntax of the configuration file"
+description_reload="Reload the server"
 
 config_file=${config_file:-/etc/unbound/unbound.conf}
-pid_file=${pid_file:-/var/run/unbound.pid}
+my_unbound_checkconf=/usr/sbin/unbound-checkconf
+my_unbound_control=/usr/sbin/unbound-control
+my_unbound_control_setup=/usr/sbin/unbound-control-setup
 
 depend() {
 	provide dns
@@ -18,27 +20,35 @@ depend() {
 	after auth-dns
 }
 
+_checkconf() {
+	if ! ${my_unbound_checkconf} "${config_file}" > /dev/null; then
+		eerror "You have errors in your configfile (${config_file})"
+		return 1
+	fi
+	return 0
+}
+
+_running() {
+	${my_unbound_control} -c ${config_file} status > /dev/null 2>&1
+}
+
 start() {
-	configtest || return 1
+	_checkconf || return 1
 
 	ebegin "Starting unbound"
-		unbound -c "${config_file}"
+	${my_unbound_control} -c ${config_file} start > /dev/null
+	_running
 	eend $?
 }
 
 stop() {
 	ebegin "Stopping unbound"
-		start-stop-daemon --stop --pidfile="${pid_file}"
+	${my_unbound_control} -c ${config_file} stop > /dev/null
 	eend $?
 }
 
-configtest() {
-	ebegin "Checking config (${config_file})"
-		unbound-checkconf "${config_file}" > /dev/null 2>&1
-		local RESULT=$?
-		if test "$RESULT" != 0; then
-			eerror "`unbound-checkconf "${config_file}" 2>&1`"
-			eend 1
-		fi
-	eend "$RESULT"
+reload() {
+	ebegin "Reloading unbound"
+	${my_unbound_control} -c ${config_file} reload > dev/null
+	eend $?
 }
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
index ff26c878e..8f70d9e95 100644
--- a/net-dns/unbound/metadata.xml
+++ b/net-dns/unbound/metadata.xml
@@ -3,6 +3,7 @@
 <pkgmetadata>
 	<herd>maintainer-wanted</herd>
 	<use>
+		<flag name='chroot'>Enable chroot by default (recommended)</flag>
 		<flag name='libevent'>Enable support for libevent</flag>
 	</use>
 </pkgmetadata>
diff --git a/net-dns/unbound/unbound-1.2.1.ebuild b/net-dns/unbound/unbound-1.2.1.ebuild
deleted file mode 100644
index 4dcd49151..000000000
--- a/net-dns/unbound/unbound-1.2.1.ebuild
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-inherit eutils
-
-DESCRIPTION="Unbound is a validating, recursive and caching DNS resolver."
-HOMEPAGE="http://unbound.net"
-SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="debug libevent static threads"
-
-DEPEND="dev-libs/openssl
-	>=net-libs/ldns-1.5.0
-	libevent? ( dev-libs/libevent )"
-RDEPEND=${DEPEND}
-
-pkg_setup() {
-	enewgroup unbound
-	enewuser unbound -1 -1 -1 unbound
-}
-
-src_compile() {
-	econf \
-		--with-conf-file=/etc/unbound/unbound.conf \
-		--with-pidfile=/var/run/unbound.pid \
-		--with-run-dir=/etc/unbound \
-		--with-username=unbound \
-		$(use_enable debug) \
-		$(use_enable debug lock-checks) \
-		$(use_enable debug alloc-checks) \
-		$(use_enable static static-exe) \
-		$(use_with libevent) \
-		$(use_with threads pthreads)
-
-	emake || die "emake failed"
-}
-
-src_test() {
-	# upstream reports that the included test suite needs a networked test environment
-	true
-}
-
-src_install() {
-	emake DESTDIR="${D}" install || die "emake install failed"
-	newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed"
-	newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed"
-
-	dodoc doc/README doc/CREDITS doc/TODO doc/Changelog doc/FEATURES || die "dodoc failed"
-	dodoc "${FILESDIR}/chroot_howto.txt" || die "dodoc failed"
-
-	# adapt config file to disable the chroot
-	sed -i '/^\t# chroot:/a\\tchroot: ""' "${D}/etc/unbound/unbound.conf" || die "sed failed"
-}
-
-pkg_postinst() {
-	elog "The gentoo configuration does not enable a chroot environment,"
-	elog "this differs from the default upstream configuration."
-	elog "To use a chroot enviroment which is recommended, please read"
-	elog "the chroot_howto.txt in /usr/share/doc/${PF}"
-}
diff --git a/net-dns/unbound/unbound-1.3.0.ebuild b/net-dns/unbound/unbound-1.3.0.ebuild
new file mode 100644
index 000000000..2d3d40a0c
--- /dev/null
+++ b/net-dns/unbound/unbound-1.3.0.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="1"
+
+inherit eutils
+
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="http://unbound.net"
+SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+chroot debug libevent python static threads"
+
+DEPEND="dev-libs/openssl
+	>=net-libs/ldns-1.5.1
+	libevent? ( dev-libs/libevent )"
+RDEPEND=${RDEPEND}
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 -1 unbound
+}
+
+src_compile() {
+	econf \
+		--with-conf-file=/etc/unbound/unbound.conf \
+		--with-pidfile=/var/run/unbound.pid \
+		--with-run-dir=/etc/unbound \
+		--with-username=unbound \
+		$(use_enable debug) \
+		$(use_enable debug lock-checks) \
+		$(use_enable debug alloc-checks) \
+		$(use_enable static static-exe) \
+		$(use_with libevent) \
+		$(use_with threads pthreads) \
+		$(use_with python pyunbound) \
+		$(use_with python pythonmodule)
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed"
+	newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed"
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} || die "dodoc failed"
+
+	insinto /usr/share/${PN}
+	insopts -m755
+	doins contrib/{update-anchor.sh,update-itar.sh} || die "doins failed"
+
+	# enable remote control for our rc script
+	sed -i 's:^\t# control-enable\: no:\tcontrol-enable\: yes:g' "${D}/etc/unbound/unbound.conf" || die "sed failed"
+
+	# disable chroot when requested
+	if ! use chroot; then
+		sed -i 's:^\t# chroot\: "/etc/unbound":\tchroot\: "":g' "${D}/etc/unbound/unbound.conf" || die "sed failed"
+	fi
+}
+
+pkg_postinst() {
+	local key_dir="${ROOT}etc/unbound"
+
+	# unbound-control-setup tests for *.key existance, so copy that behaviour 
+	if ! test -f ${key_dir}/unbound_server.key && ! test -f ${key_dir}/unbound_control.key; then
+		ewarn "With unbound-1.3.0, we use a new initd script based on unbound-contol."
+		ewarn "The initd script needs SSL keys. To generate these, please run the"
+		ewarn "following command before (re)starting Unbound:"
+		ewarn "emerge --config =${PF}"
+	fi
+}
+
+
+pkg_config() {
+	local key_dir="${ROOT}etc/unbound"
+	local key_files="unbound_control.key unbound_control.pem unbound_server.key unbound_server.pem"
+
+	ebegin "Generating SSL keys for unbound-control"
+	/usr/sbin/unbound-control-setup -d ${key_dir}
+	eend $?
+
+	ebegin "Adjusting file permissions"
+	local username=`/usr/sbin/unbound-checkconf -o username`
+	cd ${key_dir}
+	chown ${username} ${key_files}
+	eend $?
+}