diff options
| -rw-r--r-- | net-dns/unbound/ChangeLog | 5 | ||||
| -rw-r--r-- | net-dns/unbound/Manifest | 13 | ||||
| -rw-r--r-- | net-dns/unbound/files/chroot_howto.txt | 51 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.confd | 5 | ||||
| -rw-r--r-- | net-dns/unbound/files/unbound.initd | 42 | ||||
| -rw-r--r-- | net-dns/unbound/metadata.xml | 1 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.2.1.ebuild | 64 | ||||
| -rw-r--r-- | net-dns/unbound/unbound-1.3.0.ebuild | 92 |
8 files changed, 131 insertions, 142 deletions
diff --git a/net-dns/unbound/ChangeLog b/net-dns/unbound/ChangeLog index db1625df5..836859a0e 100644 --- a/net-dns/unbound/ChangeLog +++ b/net-dns/unbound/ChangeLog @@ -2,6 +2,11 @@ # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 # $Header: $ + 14 Jun 2009; Tom Hendrikx (whyscream) <tom@whyscream.net> + -unbound-1.2.1.ebuild, +unbound-1.3.0.ebuild, -files/chroot_howto.txt, + files/unbound.confd, files/unbound.initd, metadata.xml: + Version bump, including new init script + 06 May 2009; Tom Hendrikx (whyscream) <tom@whyscream.net> unbound-1.2.1.ebuild: Disable test suite since it does not work diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest index 9389432cf..78580693e 100644 --- a/net-dns/unbound/Manifest +++ b/net-dns/unbound/Manifest @@ -1,7 +1,6 @@ -AUX chroot_howto.txt 1780 RMD160 39c115816f87cf4ec1a17fbfd313fee771a64226 SHA1 3522189d64e92fb64251587db1559e5d0110e540 SHA256 650b4d838ba09d1c94b34ae712102d3b29b84744c4980c5bafe8eaa552a657a5 -AUX unbound.confd 284 RMD160 01960d51a873ed30beac29ce20e3dde43dca20aa SHA1 195c31dd2edf4a887f667520ddf70a1bed8a3d65 SHA256 27d73752ae2a0f6c7ae4a3d894357bba1a2fdaf9f3cd0415be03bed2c0211537 -AUX unbound.initd 985 RMD160 1cd1fe6a195def58fda8be0e3067b2751773be21 SHA1 569ad8abab363e10f03cc9e2d4fb11395fc9b18b SHA256 d8752a4f8ba549ef2822368b86c1a0931284b4e057e236d19f88857a2c43be67 -DIST unbound-1.2.1.tar.gz 3795258 RMD160 c26d82d92e3342fe860d342a0717824b07d1c38d SHA1 996aea210b24f8c4bd1aa7a9584bc5b70b989b1b SHA256 1f95ca2904dfb813bf52f15156a8c769b365deb92fa7b995344062dea966dc29 -EBUILD unbound-1.2.1.ebuild 1829 RMD160 19e439e8993bc577dcf878517b62cf25c1cb3efc SHA1 b480abe267fb06f87a9a2eef48a697b61fa2f91a SHA256 e743c7c2129b1a29fd096d6476e2e5c30b3e14000a2205d820bbe38e88aa40c5 -MISC ChangeLog 1221 RMD160 4280b11d5a41aa844c3aa7c93c1ad21f677bf276 SHA1 320bc10e7bc18b82c867aafa8e98045289dd900a SHA256 746850cb1d7a183bfcadd2e65f9a634337e2aa36b5edbc3923647f3f685b0822 -MISC metadata.xml 245 RMD160 d8ace88cdc93cb9ddd4a28cb445e7b8d61cc5127 SHA1 6fe67339cb588812f2973ef6f5eee3d0c1d79b1c SHA256 136f25009219cb8b085d8885f5d68ccdc2836705577688e7587755e9736aba9d +AUX unbound.confd 166 RMD160 ad5324b396d0ceb53c5dcf142b106a8fa114e30d SHA1 7db818eda9240ecebd166ce85eb6490b374b4f18 SHA256 6e804cf2a450a06ebb390b267d353a892e987d2bf0c4909909507ab277df86b4 +AUX unbound.initd 1219 RMD160 636c7a022a4bded04675ce0b5676443442e4712c SHA1 b7bda8a6fa2404c0bb8024a8cf1e6c9c6d9dd038 SHA256 8a9dface7c74819336ea7da97cf561397ebd3d5110ba2dfe732883695be79b67 +DIST unbound-1.3.0.tar.gz 4059848 RMD160 f4c57ff90f84c25bec93b5d61655b326602b5e14 SHA1 67fe06f087083fd24b0175b68e624efc375a3e0f SHA256 ebaed25422a32a7f13386982485d9d01b65cf3aefbebdcf4add6a4d7c71a4610 +EBUILD unbound-1.3.0.ebuild 2654 RMD160 c247e612a93208cc0b5d1b535c199c697f93ad1e SHA1 75cb32325298265cfe13dd0b7a7fde354799b40b SHA256 fa74437ec8565c67592164ec897130837327b003caacf147f770e4e63452beed +MISC ChangeLog 1455 RMD160 53fc49ae1f04e899cbc31843a3fc1cea2773ab32 SHA1 fc212bdea320e12fa69455cf497dac9c0b6dd775 SHA256 872e8a2d185a9b555cbfce8ca4d36f8f2e22b09ae59749640e33016746561e10 +MISC metadata.xml 313 RMD160 55eab80cc0d3313ab6abbd819c97624c5b6deaf6 SHA1 58b71600454480ba1779092e323083e3c8303445 SHA256 6ea4770fe59e75a6dde41e4ba616bf3219c76a55cd70d6563f46178564551a94 diff --git a/net-dns/unbound/files/chroot_howto.txt b/net-dns/unbound/files/chroot_howto.txt deleted file mode 100644 index 0d51536c8..000000000 --- a/net-dns/unbound/files/chroot_howto.txt +++ /dev/null @@ -1,51 +0,0 @@ -Chroot jail howto for unbound - -* Rationale - -I had no experience whatsoever with chroot jails for daemons, and when making an -ebuild for unbound, someone suggested that I should just check it out. -After lots of playing around with automating a chroot jail setup from within -the ebuild, everything got way too unstable and far from fool-proof. - -Getting unbound running within a rootjail by hand was no problem however. -Below are my experiences. - -* Assumptions - -- You know your way around a linux machine on the console -- You have root access - -* Setting it up - -1. Emerge unbound, switching USE flags has no effect to the steps in this guide. - -2. Decide where you want your rootjail. I choose /var/lib/unbound - throughout this manual. Then create the directory: - # mkdir /var/lib/unbound - # chown unbound:unbound /var/lib/unbound - # chmod 700 /var/lib/unbound - -3. Inside the chroot you'll need access to /dev/random, and possibly /dev/log - (when using syslog, the default). Simplest way is to bind-mount /dev: - # mkdir /var/lib/unbound/dev - # mount -o bind /dev /var/lib/unbound/dev - - Hint: add a line to /etc/fstab to keep this persistent between reboots, f.i.: - /dev /var/lib/unbound/dev auto defauls,bind 0 0 - -4. Move the config file into the chroot and change some settings: - # mv /etc/unbound/unbound.conf /var/lib/unbound - # nano /var/lib/unbound/unbound.conf - - Change following options (or copy/paste these lines near - the end of the file): - - chroot: "/var/lib/unbound" - directory: "/var/lib/unbound" - pidfile: "/var/lib/unbound/unbound.pid" - -5. Change /etc/conf.d/unbound to reflect the new locations of - the config and the pid file. - - config_file="/var/lib/unbound/unbound.conf" - pid_file="/var/lib/unbound/unbound.pid" diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd index 709724ec5..9febdb8c0 100644 --- a/net-dns/unbound/files/unbound.confd +++ b/net-dns/unbound/files/unbound.confd @@ -1,7 +1,4 @@ -# Settings should normally only be changed when using a chroot jail. +# Settings should normally not need any changes. # Location of the unbound configuration file. Leave empty for the default. #config_file="/etc/unbound/unbound.conf" - -# Location of the unbound pidfile. Leave empty for the default. -#pid_file="/var/run/unbound.pid" diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd index 70750723c..244f8f3c6 100644 --- a/net-dns/unbound/files/unbound.initd +++ b/net-dns/unbound/files/unbound.initd @@ -1,16 +1,18 @@ #!/sbin/runscript -# Copyright 1999-2008 Gentoo Foundation +# Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ -opts="start stop configtest" +opts="start stop reload" description="Unbound is a validating, recursive and caching DNS resolver" description_start="Start the server" description_stop="Stop the server" -description_configtest="Check the syntax of the configuration file" +description_reload="Reload the server" config_file=${config_file:-/etc/unbound/unbound.conf} -pid_file=${pid_file:-/var/run/unbound.pid} +my_unbound_checkconf=/usr/sbin/unbound-checkconf +my_unbound_control=/usr/sbin/unbound-control +my_unbound_control_setup=/usr/sbin/unbound-control-setup depend() { provide dns @@ -18,27 +20,35 @@ depend() { after auth-dns } +_checkconf() { + if ! ${my_unbound_checkconf} "${config_file}" > /dev/null; then + eerror "You have errors in your configfile (${config_file})" + return 1 + fi + return 0 +} + +_running() { + ${my_unbound_control} -c ${config_file} status > /dev/null 2>&1 +} + start() { - configtest || return 1 + _checkconf || return 1 ebegin "Starting unbound" - unbound -c "${config_file}" + ${my_unbound_control} -c ${config_file} start > /dev/null + _running eend $? } stop() { ebegin "Stopping unbound" - start-stop-daemon --stop --pidfile="${pid_file}" + ${my_unbound_control} -c ${config_file} stop > /dev/null eend $? } -configtest() { - ebegin "Checking config (${config_file})" - unbound-checkconf "${config_file}" > /dev/null 2>&1 - local RESULT=$? - if test "$RESULT" != 0; then - eerror "`unbound-checkconf "${config_file}" 2>&1`" - eend 1 - fi - eend "$RESULT" +reload() { + ebegin "Reloading unbound" + ${my_unbound_control} -c ${config_file} reload > dev/null + eend $? } diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml index ff26c878e..8f70d9e95 100644 --- a/net-dns/unbound/metadata.xml +++ b/net-dns/unbound/metadata.xml @@ -3,6 +3,7 @@ <pkgmetadata> <herd>maintainer-wanted</herd> <use> + <flag name='chroot'>Enable chroot by default (recommended)</flag> <flag name='libevent'>Enable support for libevent</flag> </use> </pkgmetadata> diff --git a/net-dns/unbound/unbound-1.2.1.ebuild b/net-dns/unbound/unbound-1.2.1.ebuild deleted file mode 100644 index 4dcd49151..000000000 --- a/net-dns/unbound/unbound-1.2.1.ebuild +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -inherit eutils - -DESCRIPTION="Unbound is a validating, recursive and caching DNS resolver." -HOMEPAGE="http://unbound.net" -SRC_URI="http://unbound.net/downloads/${P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="debug libevent static threads" - -DEPEND="dev-libs/openssl - >=net-libs/ldns-1.5.0 - libevent? ( dev-libs/libevent )" -RDEPEND=${DEPEND} - -pkg_setup() { - enewgroup unbound - enewuser unbound -1 -1 -1 unbound -} - -src_compile() { - econf \ - --with-conf-file=/etc/unbound/unbound.conf \ - --with-pidfile=/var/run/unbound.pid \ - --with-run-dir=/etc/unbound \ - --with-username=unbound \ - $(use_enable debug) \ - $(use_enable debug lock-checks) \ - $(use_enable debug alloc-checks) \ - $(use_enable static static-exe) \ - $(use_with libevent) \ - $(use_with threads pthreads) - - emake || die "emake failed" -} - -src_test() { - # upstream reports that the included test suite needs a networked test environment - true -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed" - newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed" - - dodoc doc/README doc/CREDITS doc/TODO doc/Changelog doc/FEATURES || die "dodoc failed" - dodoc "${FILESDIR}/chroot_howto.txt" || die "dodoc failed" - - # adapt config file to disable the chroot - sed -i '/^\t# chroot:/a\\tchroot: ""' "${D}/etc/unbound/unbound.conf" || die "sed failed" -} - -pkg_postinst() { - elog "The gentoo configuration does not enable a chroot environment," - elog "this differs from the default upstream configuration." - elog "To use a chroot enviroment which is recommended, please read" - elog "the chroot_howto.txt in /usr/share/doc/${PF}" -} diff --git a/net-dns/unbound/unbound-1.3.0.ebuild b/net-dns/unbound/unbound-1.3.0.ebuild new file mode 100644 index 000000000..2d3d40a0c --- /dev/null +++ b/net-dns/unbound/unbound-1.3.0.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI="1" + +inherit eutils + +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net" +SRC_URI="http://unbound.net/downloads/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+chroot debug libevent python static threads" + +DEPEND="dev-libs/openssl + >=net-libs/ldns-1.5.1 + libevent? ( dev-libs/libevent )" +RDEPEND=${RDEPEND} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 -1 unbound +} + +src_compile() { + econf \ + --with-conf-file=/etc/unbound/unbound.conf \ + --with-pidfile=/var/run/unbound.pid \ + --with-run-dir=/etc/unbound \ + --with-username=unbound \ + $(use_enable debug) \ + $(use_enable debug lock-checks) \ + $(use_enable debug alloc-checks) \ + $(use_enable static static-exe) \ + $(use_with libevent) \ + $(use_with threads pthreads) \ + $(use_with python pyunbound) \ + $(use_with python pythonmodule) + + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed" + newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed" + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} || die "dodoc failed" + + insinto /usr/share/${PN} + insopts -m755 + doins contrib/{update-anchor.sh,update-itar.sh} || die "doins failed" + + # enable remote control for our rc script + sed -i 's:^\t# control-enable\: no:\tcontrol-enable\: yes:g' "${D}/etc/unbound/unbound.conf" || die "sed failed" + + # disable chroot when requested + if ! use chroot; then + sed -i 's:^\t# chroot\: "/etc/unbound":\tchroot\: "":g' "${D}/etc/unbound/unbound.conf" || die "sed failed" + fi +} + +pkg_postinst() { + local key_dir="${ROOT}etc/unbound" + + # unbound-control-setup tests for *.key existance, so copy that behaviour + if ! test -f ${key_dir}/unbound_server.key && ! test -f ${key_dir}/unbound_control.key; then + ewarn "With unbound-1.3.0, we use a new initd script based on unbound-contol." + ewarn "The initd script needs SSL keys. To generate these, please run the" + ewarn "following command before (re)starting Unbound:" + ewarn "emerge --config =${PF}" + fi +} + + +pkg_config() { + local key_dir="${ROOT}etc/unbound" + local key_files="unbound_control.key unbound_control.pem unbound_server.key unbound_server.pem" + + ebegin "Generating SSL keys for unbound-control" + /usr/sbin/unbound-control-setup -d ${key_dir} + eend $? + + ebegin "Adjusting file permissions" + local username=`/usr/sbin/unbound-checkconf -o username` + cd ${key_dir} + chown ${username} ${key_files} + eend $? +} |