diff options
author | csmk <csmk@chaoslab.org> | 2017-06-30 12:59:47 +0900 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2017-07-02 07:13:02 -0400 |
commit | a0b2dce21ad55234948219662cb0a45e0c310c8e (patch) | |
tree | 00177e3f91e3d80c261a4edd6e89dc7a372fc5b0 /net-dns | |
parent | travis.yml: bump to portage 2.3.6 (diff) | |
download | libressl-a0b2dce21ad55234948219662cb0a45e0c310c8e.tar.gz libressl-a0b2dce21ad55234948219662cb0a45e0c310c8e.tar.bz2 libressl-a0b2dce21ad55234948219662cb0a45e0c310c8e.zip |
net-dns/unbound: drop all; the stable version in main tree already support libressl
Diffstat (limited to 'net-dns')
-rw-r--r-- | net-dns/unbound/Manifest | 1 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch | 108 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch | 12 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound-anchor.service | 13 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound.confd | 4 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound.initd | 56 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound.service | 12 | ||||
-rw-r--r-- | net-dns/unbound/files/unbound_at.service | 13 | ||||
-rw-r--r-- | net-dns/unbound/metadata.xml | 33 | ||||
-rw-r--r-- | net-dns/unbound/unbound-1.5.7.ebuild | 128 |
10 files changed, 0 insertions, 380 deletions
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest deleted file mode 100644 index 3e15943..0000000 --- a/net-dns/unbound/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST unbound-1.5.7.tar.gz 4859573 SHA256 4b2088e5aa81a2d48f6337c30c1cf7e99b2e2dc4f92e463b3bee626eee731ca8 SHA512 7fc000364139519ed837ef9883f2e8a684b5ac19f2d3343626ab0a4c3459a7c3ccf2c79e9d992d82b123c6a38245fc286994365b427145d218e0b3c645c4dc4f WHIRLPOOL 9b2d18f09f46bed5da9818f5df0acbcc6d4a166943bbdb617494081614aa9b75a03ed0425679f40265f70e34ed66e01302182ec4050f0bb1f034fa5db28340f3 diff --git a/net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch b/net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch deleted file mode 100644 index 6416a41..0000000 --- a/net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch +++ /dev/null @@ -1,108 +0,0 @@ ---- a/daemon/remote.c 2015-10-29 17:32:58.000000000 +0000 -+++ b/daemon/remote.c 2015-12-31 11:09:50.433457006 +0000 -@@ -208,18 +208,22 @@ - return NULL; - } - /* no SSLv2, SSLv3 because has defects */ -+#ifndef OPENSSL_NO_SSL2 - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - daemon_remote_delete(rc); - return NULL; - } -+#endif -+#ifndef OPENSSL_NO_SSL3 - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - daemon_remote_delete(rc); - return NULL; - } -+#endif - - if (cfg->remote_control_use_cert == 0) { - /* No certificates are requested */ ---- a/smallapp/unbound-control.c 2015-12-08 17:15:55.000000000 +0000 -+++ b/smallapp/unbound-control.c 2015-12-31 11:14:04.887942219 +0000 -@@ -156,13 +156,17 @@ - ctx = SSL_CTX_new(SSLv23_client_method()); - if(!ctx) - ssl_err("could not allocate SSL_CTX pointer"); -+#ifndef OPENSSL_NO_SSL2 - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2) - ssl_err("could not set SSL_OP_NO_SSLv2"); -+#endif - if(cfg->remote_control_use_cert) { -+#ifndef OPENSSL_NO_SSL3 - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3) - ssl_err("could not set SSL_OP_NO_SSLv3"); -+#endif - if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) || - !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) - || !SSL_CTX_check_private_key(ctx)) ---- a/testcode/petal.c 2015-07-21 23:37:15.000000000 +0000 -+++ b/testcode/petal.c 2015-12-31 11:16:42.451194022 +0000 -@@ -234,8 +234,12 @@ - { - SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); - if(!ctx) print_exit("out of memory"); -+#ifndef OPENSSL_NO_SSL2 - (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); -+#endif -+#ifndef OPENSSL_NO_SSL3 - (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); -+#endif - if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) - print_exit("cannot read cert"); - if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) ---- a/util/net_help.c 2015-10-29 17:32:58.000000000 +0000 -+++ b/util/net_help.c 2015-12-31 11:21:47.057925619 +0000 -@@ -619,18 +619,22 @@ - return NULL; - } - /* no SSLv2, SSLv3 because has defects */ -+#ifndef OPENSSL_NO_SSL2 - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - SSL_CTX_free(ctx); - return NULL; - } -+#endif -+#ifndef OPENSSL_NO_SSL3 - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - SSL_CTX_free(ctx); - return NULL; - } -+#endif - if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { - log_err("error for cert file: %s", pem); - log_crypto_err("error in SSL_CTX use_certificate_chain_file"); -@@ -692,18 +696,22 @@ - log_crypto_err("could not allocate SSL_CTX pointer"); - return NULL; - } -+#ifndef OPENSSL_NO_SSL2 - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2) { - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - SSL_CTX_free(ctx); - return NULL; - } -+#endif -+#ifndef OPENSSL_NO_SSL3 - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3) { - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - SSL_CTX_free(ctx); - return NULL; - } -+#endif - if(key && key[0]) { - if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { - log_err("error in client certificate %s", pem); diff --git a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch deleted file mode 100644 index c4c0ffa..0000000 --- a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in ---- unbound-1.5.7.orig/doc/example.conf.in 2015-12-10 08:59:18.000000000 +0100 -+++ unbound-1.5.7/doc/example.conf.in 2016-01-05 04:08:01.666760015 +0100 -@@ -378,7 +378,7 @@ - # with several entries, one file per entry. - # Zone file format, with DS and DNSKEY entries. - # Note this gets out of date, use auto-trust-anchor-file please. -- # trust-anchor-file: "" -+ # trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" - - # Trusted key for validation. DS or DNSKEY. specify the RR on a - # single line, surrounded by "". TTL is ignored. class is IN default. diff --git a/net-dns/unbound/files/unbound-anchor.service b/net-dns/unbound/files/unbound-anchor.service deleted file mode 100644 index f55cf9d..0000000 --- a/net-dns/unbound/files/unbound-anchor.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Update of the root trust anchor for DNSSEC validation -After=network.target -Before=nss-lookup.target -Wants=nss-lookup.target -Before=unbound.service - -[Service] -Type=oneshot -ExecStart=/usr/sbin/unbound-anchor - -[Install] -WantedBy=multi-user.target diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd deleted file mode 100644 index b4de7cf..0000000 --- a/net-dns/unbound/files/unbound.confd +++ /dev/null @@ -1,4 +0,0 @@ -# Settings should normally not need any changes. - -# Location of the unbound configuration file. Leave empty for the default. -#UNBOUND_CONFFILE="/etc/unbound/unbound.conf" diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd deleted file mode 100644 index f17d072..0000000 --- a/net-dns/unbound/files/unbound.initd +++ /dev/null @@ -1,56 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -name="unbound daemon" -extra_commands="configtest" -extra_started_commands="reload" -description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address." -description_configtest="Run syntax tests for configuration files only." -description_reload="Kills all children and reloads the configuration." - - -UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound} -UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf} -UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf} - -depend() { - need net - use logger - provide dns - after auth-dns -} - -checkconfig() { - UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}") - return $? -} - -configtest() { - ebegin "Checking ${SVCNAME} configuration" - checkconfig - eend $? -} - -start() { - checkconfig || return $? - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \ - --exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}" - eend $? -} - -stop() { - checkconfig || return $? - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --pidfile "${UNBOUND_PIDFILE}" - eend $? -} - -reload() { - checkconfig || return $? - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP --pidfile "${UNBOUND_PIDFILE}" - eend $? -} diff --git a/net-dns/unbound/files/unbound.service b/net-dns/unbound/files/unbound.service deleted file mode 100644 index 41dd6fa..0000000 --- a/net-dns/unbound/files/unbound.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Unbound recursive Domain Name Server -After=network.target -Before=nss-lookup.target -Wants=nss-lookup.target - -[Service] -ExecStartPre=/usr/sbin/unbound-checkconf -ExecStart=/usr/sbin/unbound -d - -[Install] -WantedBy=multi-user.target diff --git a/net-dns/unbound/files/unbound_at.service b/net-dns/unbound/files/unbound_at.service deleted file mode 100644 index 84b34af..0000000 --- a/net-dns/unbound/files/unbound_at.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Unbound recursive Domain Name Server -After=network.target -Before=nss-lookup.target -Wants=nss-lookup.target - -[Service] -Type=simple -ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf -ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf - -[Install] -WantedBy=multi-user.target diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml deleted file mode 100644 index 272bb98..0000000 --- a/net-dns/unbound/metadata.xml +++ /dev/null @@ -1,33 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>mschiff@gentoo.org</email> - <name>Marc Schiffbauer</name> - </maintainer> - <maintainer type="person"> - <email>nabeken@tknetworks.org</email> - <description>Proxied developer. Please CC on bugs.</description> - <name>TANABE Ken-ichi</name> - </maintainer> - <maintainer type="project"> - <email>proxy-maint@gentoo.org</email> - <name>Proxy Maintainers</name> - </maintainer> - <longdescription lang="en"> - Unbound is a validating, recursive, and caching DNS resolver. - - The C implementation of Unbound is developed and maintained by NLnet - Labs. It is based on ideas and algorithms taken from a java prototype - developed by Verisign labs, Nominet, Kirei and ep.net. - - Unbound is designed as a set of modular components, so that also - DNSSEC (secure DNS) validation and stub-resolvers (that do not run - as a server, but are linked into an application) are easily possible. - </longdescription> - <use> - <flag name="dnstap">Enable dnstap support</flag> - <flag name="ecdsa">Enable ECDSA support</flag> - <flag name="gost">Enable GOST support</flag> - </use> -</pkgmetadata> diff --git a/net-dns/unbound/unbound-1.5.7.ebuild b/net-dns/unbound/unbound-1.5.7.ebuild deleted file mode 100644 index ca2646e..0000000 --- a/net-dns/unbound/unbound-1.5.7.ebuild +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user - -MY_P=${PN}-${PV/_/} -DESCRIPTION="A validating, recursive and caching DNS resolver" -HOMEPAGE="http://unbound.net/" -SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" -IUSE="debug dnstap +ecdsa gost libressl python selinux static-libs test threads" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -# Note: expat is needed by executable only but the Makefile is custom -# and doesn't make it possible to easily install the library without -# the executables. MULTILIB_USEDEP may be dropped once build system -# is fixed. - -CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] - >=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}] - libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) - !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) - dnstap? ( - dev-libs/fstrm[${MULTILIB_USEDEP}] - >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] - ) - ecdsa? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - ) - python? ( ${PYTHON_DEPS} )" - -DEPEND="${CDEPEND} - python? ( dev-lang/swig ) - test? ( - net-dns/ldns-utils[examples] - dev-util/splint - app-text/wdiff - )" - -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-bind )" - -# bug #347415 -RDEPEND="${RDEPEND} - net-dns/dnssec-root" - -S=${WORKDIR}/${MY_P} - -pkg_setup() { - enewgroup unbound - enewuser unbound -1 -1 /etc/unbound unbound - - use python && python-single-r1_pkg_setup -} - -src_prepare() { - # Fix for LibreSSL >= 2.3.0 - epatch "${FILESDIR}"/${P}-no-ssl3.patch - - # To avoid below error messages, set 'trust-anchor-file' to same value in - # 'auto-trust-anchor-file'. - # [23109:0] error: Could not open autotrust file for writing, - # /etc/dnssec/root-anchors.txt: Permission denied - epatch "${FILESDIR}"/${P}-trust-anchor-file.patch - - # required for the python part - multilib_copy_sources -} - -src_configure() { - [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack - multilib-minimal_src_configure -} - -multilib_src_configure() { - econf \ - $(use_enable debug) \ - $(use_enable gost) \ - $(use_enable dnstap) \ - $(use_enable ecdsa) \ - $(use_enable static-libs static) \ - $(multilib_native_use_with python pythonmodule) \ - $(multilib_native_use_with python pyunbound) \ - $(use_with threads pthreads) \ - --disable-flto \ - --disable-rpath \ - --with-libevent="${EPREFIX}"/usr \ - --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ - --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ - --with-ssl="${EPREFIX}"/usr \ - --with-libexpat="${EPREFIX}"/usr - - # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html - # $(use_enable debug lock-checks) \ - # $(use_enable debug alloc-checks) \ - # $(use_enable debug alloc-lite) \ - # $(use_enable debug alloc-nonregional) \ -} - -multilib_src_install_all() { - prune_libtool_files --modules - use python && python_optimize - - newinitd "${FILESDIR}"/unbound.initd unbound - newconfd "${FILESDIR}"/unbound.confd unbound - - systemd_dounit "${FILESDIR}"/unbound.service - systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" - systemd_dounit "${FILESDIR}"/unbound-anchor.service - - dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} - - # bug #315519 - dodoc contrib/unbound_munin_ - - docinto selinux - dodoc contrib/selinux/* - - exeinto /usr/share/${PN} - doexe contrib/update-anchor.sh -} |