net-dns/unbound: drop all; the stable version in main tree already support libressl

10 files changed, 0 insertions, 380 deletions

diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
deleted file mode 100644
index 3e15943..0000000
--- a/net-dns/unbound/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST unbound-1.5.7.tar.gz 4859573 SHA256 4b2088e5aa81a2d48f6337c30c1cf7e99b2e2dc4f92e463b3bee626eee731ca8 SHA512 7fc000364139519ed837ef9883f2e8a684b5ac19f2d3343626ab0a4c3459a7c3ccf2c79e9d992d82b123c6a38245fc286994365b427145d218e0b3c645c4dc4f WHIRLPOOL 9b2d18f09f46bed5da9818f5df0acbcc6d4a166943bbdb617494081614aa9b75a03ed0425679f40265f70e34ed66e01302182ec4050f0bb1f034fa5db28340f3
diff --git a/net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch b/net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch
deleted file mode 100644
index 6416a41..0000000
--- a/net-dns/unbound/files/unbound-1.5.7-no-ssl3.patch
+++ /dev/null
@@ -1,108 +0,0 @@
---- a/daemon/remote.c	2015-10-29 17:32:58.000000000 +0000
-+++ b/daemon/remote.c	2015-12-31 11:09:50.433457006 +0000
-@@ -208,18 +208,22 @@
- 		return NULL;
- 	}
- 	/* no SSLv2, SSLv3 because has defects */
-+#ifndef OPENSSL_NO_SSL2
- 	if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
- 		!= SSL_OP_NO_SSLv2){
- 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
- 		daemon_remote_delete(rc);
- 		return NULL;
- 	}
-+#endif
-+#ifndef OPENSSL_NO_SSL3
- 	if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
- 		!= SSL_OP_NO_SSLv3){
- 		log_crypto_err("could not set SSL_OP_NO_SSLv3");
- 		daemon_remote_delete(rc);
- 		return NULL;
- 	}
-+#endif
- 
- 	if (cfg->remote_control_use_cert == 0) {
- 		/* No certificates are requested */
---- a/smallapp/unbound-control.c	2015-12-08 17:15:55.000000000 +0000
-+++ b/smallapp/unbound-control.c	2015-12-31 11:14:04.887942219 +0000
-@@ -156,13 +156,17 @@
-         ctx = SSL_CTX_new(SSLv23_client_method());
- 	if(!ctx)
- 		ssl_err("could not allocate SSL_CTX pointer");
-+#ifndef OPENSSL_NO_SSL2
-         if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
- 		!= SSL_OP_NO_SSLv2)
- 		ssl_err("could not set SSL_OP_NO_SSLv2");
-+#endif
-         if(cfg->remote_control_use_cert) {
-+#ifndef OPENSSL_NO_SSL3
- 		if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
- 			!= SSL_OP_NO_SSLv3)
- 			ssl_err("could not set SSL_OP_NO_SSLv3");
-+#endif
- 		if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
- 		    !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
- 		    || !SSL_CTX_check_private_key(ctx))
---- a/testcode/petal.c	2015-07-21 23:37:15.000000000 +0000
-+++ b/testcode/petal.c	2015-12-31 11:16:42.451194022 +0000
-@@ -234,8 +234,12 @@
- {
- 	SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
- 	if(!ctx) print_exit("out of memory");
-+#ifndef OPENSSL_NO_SSL2
- 	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-+#endif
-+#ifndef OPENSSL_NO_SSL3
- 	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-+#endif
- 	if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
- 		print_exit("cannot read cert");
- 	if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
---- a/util/net_help.c	2015-10-29 17:32:58.000000000 +0000
-+++ b/util/net_help.c	2015-12-31 11:21:47.057925619 +0000
-@@ -619,18 +619,22 @@
- 		return NULL;
- 	}
- 	/* no SSLv2, SSLv3 because has defects */
-+#ifndef OPENSSL_NO_SSL2
- 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
- 		!= SSL_OP_NO_SSLv2){
- 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
- 		SSL_CTX_free(ctx);
- 		return NULL;
- 	}
-+#endif
-+#ifndef OPENSSL_NO_SSL3
- 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
- 		!= SSL_OP_NO_SSLv3){
- 		log_crypto_err("could not set SSL_OP_NO_SSLv3");
- 		SSL_CTX_free(ctx);
- 		return NULL;
- 	}
-+#endif
- 	if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) {
- 		log_err("error for cert file: %s", pem);
- 		log_crypto_err("error in SSL_CTX use_certificate_chain_file");
-@@ -692,18 +696,22 @@
- 		log_crypto_err("could not allocate SSL_CTX pointer");
- 		return NULL;
- 	}
-+#ifndef OPENSSL_NO_SSL2
- 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
- 		!= SSL_OP_NO_SSLv2) {
- 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
- 		SSL_CTX_free(ctx);
- 		return NULL;
- 	}
-+#endif
-+#ifndef OPENSSL_NO_SSL3
- 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
- 		!= SSL_OP_NO_SSLv3) {
- 		log_crypto_err("could not set SSL_OP_NO_SSLv3");
- 		SSL_CTX_free(ctx);
- 		return NULL;
- 	}
-+#endif
- 	if(key && key[0]) {
- 		if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) {
- 			log_err("error in client certificate %s", pem);
diff --git a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
deleted file mode 100644
index c4c0ffa..0000000
--- a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in
---- unbound-1.5.7.orig/doc/example.conf.in	2015-12-10 08:59:18.000000000 +0100
-+++ unbound-1.5.7/doc/example.conf.in	2016-01-05 04:08:01.666760015 +0100
-@@ -378,7 +378,7 @@
- 	# with several entries, one file per entry.
- 	# Zone file format, with DS and DNSKEY entries.
- 	# Note this gets out of date, use auto-trust-anchor-file please.
--	# trust-anchor-file: ""
-+	# trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
- 
- 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
- 	# single line, surrounded by "". TTL is ignored. class is IN default.
diff --git a/net-dns/unbound/files/unbound-anchor.service b/net-dns/unbound/files/unbound-anchor.service
deleted file mode 100644
index f55cf9d..0000000
--- a/net-dns/unbound/files/unbound-anchor.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Update of the root trust anchor for DNSSEC validation
-After=network.target
-Before=nss-lookup.target
-Wants=nss-lookup.target
-Before=unbound.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/sbin/unbound-anchor
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd
deleted file mode 100644
index b4de7cf..0000000
--- a/net-dns/unbound/files/unbound.confd
+++ /dev/null
@@ -1,4 +0,0 @@
-# Settings should normally not need any changes.
-
-# Location of the unbound configuration file. Leave empty for the default.
-#UNBOUND_CONFFILE="/etc/unbound/unbound.conf"
diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd
deleted file mode 100644
index f17d072..0000000
--- a/net-dns/unbound/files/unbound.initd
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-name="unbound daemon"
-extra_commands="configtest"
-extra_started_commands="reload"
-description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address."
-description_configtest="Run syntax tests for configuration files only."
-description_reload="Kills all children and reloads the configuration."
-
-
-UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound}
-UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf}
-UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf}
-
-depend() {
-	need net
-	use logger
-	provide dns
-	after auth-dns
-}
-
-checkconfig() {
-	UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}")
-	return $?
-}
-
-configtest() {
-	ebegin "Checking ${SVCNAME} configuration"
-	checkconfig
-	eend $?
-}
-
-start() {
-	checkconfig || return $?
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \
-		--exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}"
-	eend $?
-}
-
-stop() {
-	checkconfig || return $?
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop --pidfile "${UNBOUND_PIDFILE}"
-	eend $?
-}
-
-reload() {
-	checkconfig || return $?
-	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP --pidfile "${UNBOUND_PIDFILE}"
-	eend $?
-}
diff --git a/net-dns/unbound/files/unbound.service b/net-dns/unbound/files/unbound.service
deleted file mode 100644
index 41dd6fa..0000000
--- a/net-dns/unbound/files/unbound.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Unbound recursive Domain Name Server
-After=network.target
-Before=nss-lookup.target
-Wants=nss-lookup.target
-
-[Service]
-ExecStartPre=/usr/sbin/unbound-checkconf
-ExecStart=/usr/sbin/unbound -d
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-dns/unbound/files/unbound_at.service b/net-dns/unbound/files/unbound_at.service
deleted file mode 100644
index 84b34af..0000000
--- a/net-dns/unbound/files/unbound_at.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Unbound recursive Domain Name Server
-After=network.target
-Before=nss-lookup.target
-Wants=nss-lookup.target
-
-[Service]
-Type=simple
-ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf
-ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
deleted file mode 100644
index 272bb98..0000000
--- a/net-dns/unbound/metadata.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-  <maintainer type="person">
-    <email>mschiff@gentoo.org</email>
-    <name>Marc Schiffbauer</name>
-  </maintainer>
-  <maintainer type="person">
-    <email>nabeken@tknetworks.org</email>
-    <description>Proxied developer. Please CC on bugs.</description>
-    <name>TANABE Ken-ichi</name>
-  </maintainer>
-  <maintainer type="project">
-    <email>proxy-maint@gentoo.org</email>
-    <name>Proxy Maintainers</name>
-  </maintainer>
-  <longdescription lang="en">
-  Unbound is a validating, recursive, and caching DNS resolver.
-
-  The C implementation of Unbound is developed and maintained by NLnet
-  Labs. It is based on ideas and algorithms taken from a java prototype
-  developed by Verisign labs, Nominet, Kirei and ep.net.
-
-  Unbound is designed as a set of modular components, so that also
-  DNSSEC (secure DNS) validation and stub-resolvers (that do not run
-  as a server, but are linked into an application) are easily possible.
-  </longdescription>
-  <use>
-    <flag name="dnstap">Enable dnstap support</flag>
-	<flag name="ecdsa">Enable ECDSA support</flag>
-    <flag name="gost">Enable GOST support</flag>
-  </use>
-</pkgmetadata>
diff --git a/net-dns/unbound/unbound-1.5.7.ebuild b/net-dns/unbound/unbound-1.5.7.ebuild
deleted file mode 100644
index ca2646e..0000000
--- a/net-dns/unbound/unbound-1.5.7.ebuild
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user
-
-MY_P=${PN}-${PV/_/}
-DESCRIPTION="A validating, recursive and caching DNS resolver"
-HOMEPAGE="http://unbound.net/"
-SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
-IUSE="debug dnstap +ecdsa gost libressl python selinux static-libs test threads"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# Note: expat is needed by executable only but the Makefile is custom
-# and doesn't make it possible to easily install the library without
-# the executables. MULTILIB_USEDEP may be dropped once build system
-# is fixed.
-
-CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
-	>=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}]
-	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )
-	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
-	dnstap? (
-		dev-libs/fstrm[${MULTILIB_USEDEP}]
-		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]
-	)
-	ecdsa? (
-		!libressl? ( dev-libs/openssl:0[-bindist] )
-	)
-	python? ( ${PYTHON_DEPS} )"
-
-DEPEND="${CDEPEND}
-	python? ( dev-lang/swig )
-	test? (
-		net-dns/ldns-utils[examples]
-		dev-util/splint
-		app-text/wdiff
-	)"
-
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-bind )"
-
-# bug #347415
-RDEPEND="${RDEPEND}
-	net-dns/dnssec-root"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
-	enewgroup unbound
-	enewuser unbound -1 -1 /etc/unbound unbound
-
-	use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
-	# Fix for LibreSSL >= 2.3.0
-	epatch "${FILESDIR}"/${P}-no-ssl3.patch
-
-	# To avoid below error messages, set 'trust-anchor-file' to same value in
-	# 'auto-trust-anchor-file'.
-	# [23109:0] error: Could not open autotrust file for writing,
-	# /etc/dnssec/root-anchors.txt: Permission denied
-	epatch "${FILESDIR}"/${P}-trust-anchor-file.patch
-
-	# required for the python part
-	multilib_copy_sources
-}
-
-src_configure() {
-	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	econf \
-		$(use_enable debug) \
-		$(use_enable gost) \
-		$(use_enable dnstap) \
-		$(use_enable ecdsa) \
-		$(use_enable static-libs static) \
-		$(multilib_native_use_with python pythonmodule) \
-		$(multilib_native_use_with python pyunbound) \
-		$(use_with threads pthreads) \
-		--disable-flto \
-		--disable-rpath \
-		--with-libevent="${EPREFIX}"/usr \
-		--with-pidfile="${EPREFIX}"/var/run/unbound.pid \
-		--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \
-		--with-ssl="${EPREFIX}"/usr \
-		--with-libexpat="${EPREFIX}"/usr
-
-		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
-		# $(use_enable debug lock-checks) \
-		# $(use_enable debug alloc-checks) \
-		# $(use_enable debug alloc-lite) \
-		# $(use_enable debug alloc-nonregional) \
-}
-
-multilib_src_install_all() {
-	prune_libtool_files --modules
-	use python && python_optimize
-
-	newinitd "${FILESDIR}"/unbound.initd unbound
-	newconfd "${FILESDIR}"/unbound.confd unbound
-
-	systemd_dounit "${FILESDIR}"/unbound.service
-	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
-	systemd_dounit "${FILESDIR}"/unbound-anchor.service
-
-	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
-
-	# bug #315519
-	dodoc contrib/unbound_munin_
-
-	docinto selinux
-	dodoc contrib/selinux/*
-
-	exeinto /usr/share/${PN}
-	doexe contrib/update-anchor.sh
-}