[net-dns/bind] bump from gentoo pr

This commit is contained in:
2022-11-28 13:35:22 +01:00
parent eb8c372ed9
commit c5df2b4b6e
19 changed files with 674 additions and 0 deletions

1
net-dns/bind/Manifest Normal file
View File

@@ -0,0 +1 @@
DIST bind-9.18.9.tar.xz 5281732 BLAKE2B be03b33a7596cb2c2e7059dc65190427037ef13d80e5b22aeb38892b9f2138ff93ecff1e13ccb8260313f5ed84953efd0b4e8adfa4f9ba6dae1f6df9c594b84a SHA512 7d9bca47e29e8634416ab52819d78ce4ec6196c0dcbd9fe95a24687337f71c69b6472cf20bf49ea0ae1751a861944f354f9122acfb01780f51278ad4a3fdd817

View File

@@ -0,0 +1,163 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{8..11} )
inherit python-any-r1 systemd tmpfiles
MY_PV="${PV/_p/-P}"
MY_PV="${MY_PV/_rc/rc}"
MY_P="${PN}-${MY_PV}"
RRL_PV="${MY_PV}"
DESCRIPTION="Berkeley Internet Name Domain - Name Server"
HOMEPAGE="https://www.isc.org/software/bind"
SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz"
LICENSE="MPL-2.0"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn geoip gssapi lmdb selinux static-libs test xml"
RESTRICT="!test? ( test )"
DEPEND="
acct-group/named
acct-user/named
dev-libs/jemalloc
dev-libs/json-c:=
dev-libs/libuv:=
sys-libs/zlib
dev-libs/openssl:=[-bindist(-)]
caps? ( >=sys-libs/libcap-2.1.0 )
dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
doh? ( net-libs/nghttp2 )
geoip? ( dev-libs/libmaxminddb )
gssapi? ( virtual/krb5 )
idn? ( net-dns/libidn2 )
lmdb? ( dev-db/lmdb )
xml? ( dev-libs/libxml2 )
"
BDEPEND="
test? (
${PYTHON_DEPS}
dev-python/pytest
dev-perl/Net-DNS-SEC
dev-util/cmocka
)
"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-bind )
sys-process/psmisc
!net-dns/bind-tools
"
S="${WORKDIR}/${MY_P}"
src_configure() {
local myeconfargs=(
--prefix="${EPREFIX}"/usr
--sysconfdir="${EPREFIX}"/etc/bind
--localstatedir="${EPREFIX}"/var
--enable-full-report
--without-readline
--with-openssl="${ESYSROOT}"/usr
--with-jemalloc
--with-json-c
--with-zlib
$(use_enable caps linux-caps)
$(use_enable dnsrps)
$(use_enable dnstap)
$(use_enable doh)
$(use_with doh libnghttp2)
$(use_enable fixed-rrset)
$(use_enable static-libs static)
$(use_enable geoip)
$(use_with geoip maxminddb)
$(use_with gssapi)
$(use_with idn libidn2)
$(use_with lmdb)
$(use_with xml libxml2)
)
econf "${myeconfargs[@]}"
}
src_test() {
# "${WORKDIR}/${P}"/bin/tests/system/README
# ifconfig.sh up and then down as root
#default
# just run the tests that dont mock around with IPs
emake -C lib/ check
}
src_install() {
default
dodoc CHANGES README.md
if use doc; then
docinto misc
dodoc -r doc/misc/
docinto html
dodoc -r doc/arm/
docinto dnssec-guide
dodoc -r doc/dnssec-guide/
docinto contrib
dodoc contrib/scripts/nanny.pl
fi
insinto /etc/bind
newins "${FILESDIR}"/named.conf-r9 named.conf
newins "${FILESDIR}"/redhat/named.rfc1912.zones named.rfc1912.zones.conf
# ftp://ftp.rs.internic.net/domain/named.cache:
insinto /var/bind
newins "${FILESDIR}"/named.cache-r3 named.cache
insinto /var/bind/pri
doins "${FILESDIR}"/redhat/named.{empty,localhost,loopback}
newinitd "${FILESDIR}"/named.init-r15 named
newconfd "${FILESDIR}"/named.confd-r8 named
newenvd "${FILESDIR}"/10bind.env 10bind
use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
dosym ../../var/bind/pri /etc/bind/pri
dosym ../../var/bind/sec /etc/bind/sec
dosym ../../var/bind/dyn /etc/bind/dyn
keepdir /var/bind/{pri,sec,dyn} /var/log/named
fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
fowners root:named /var/bind/named.cache /var/bind/pri/named.{empty,localhost,loopback} /etc/bind/{bind.keys,named.conf,named.rfc1912.zones.conf}
fperms 0640 /var/bind/named.cache /var/bind/pri/named.{empty,localhost,loopback} /etc/bind/{bind.keys,named.conf,named.rfc1912.zones.conf}
fperms 0750 /etc/bind /var/bind/pri
fperms 0770 /var/log/named /var/bind/{,sec,dyn}
systemd_newunit "${FILESDIR}/named.service-r1" named.service
dotmpfiles "${FILESDIR}"/named.conf
exeinto /usr/libexec
doexe "${FILESDIR}/generate-rndc-key.sh"
}
pkg_postinst() {
tmpfiles_process named.conf
if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
einfo "Using /dev/urandom for generating rndc.key"
/usr/sbin/rndc-confgen -a
chown root:named /etc/bind/rndc.key || die
chmod 0640 /etc/bind/rndc.key || die
fi
einfo
einfo "You can edit /etc/conf.d/named to customize named settings"
einfo
}

View File

@@ -0,0 +1 @@
CONFIG_PROTECT="/var/bind"

View File

@@ -0,0 +1,7 @@
#!/bin/bash
if [ ! -s /etc/bind/rndc.key ]; then
/usr/sbin/rndc-confgen -a > /dev/null 2>&1 || exit 1
chmod 640 /etc/bind/rndc.key
chown root.named /etc/bind/rndc.key
fi

View File

@@ -0,0 +1,13 @@
diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
index f769cf1..721d480 100644
--- a/contrib/dlz/config.dlz.in
+++ b/contrib/dlz/config.dlz.in
@@ -396,7 +396,7 @@ case "$use_dlz_ldap" in
*)
DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
[-I$use_dlz_ldap/include],
- [-L$use_dlz_ldap/lib -lldap -llber])
+ [-lldap -llber])
AC_MSG_RESULT(
[using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])

View File

@@ -0,0 +1,92 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: November 16, 2017
; related version of root zone: 2017111601
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file

View File

@@ -0,0 +1 @@
d /run/named 0750 named named -

View File

@@ -0,0 +1,33 @@
//http local {
// endpoints { "/dns-query"; };
//};
options {
directory "/var/bind";
pid-file "/run/named/named.pid";
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
// dns-over-tls
listen-on port 853 tls ephemeral { 127.0.0.1; };
listen-on-v6 port 853 tls ephemeral { ::1; };
// dns-over-https
//listen-on port 443 tls ephemeral http local { 127.0.0.1; };
//listen-on-v6 port 443 tls ephemeral http local { ::1; };
allow-recursion {
none;
};
allow-transfer {
none;
};
allow-update {
none;
};
};
//zone "example.com." {
// type primary;
// file "/var/bind/pri/db.example.com";
// notify explicit;
//};

View File

@@ -0,0 +1,18 @@
# Set various named options here.
#
#OPTIONS=""
# config file path
NAMED_CONF="/etc/bind/named.conf"
# Set this to the number of processors you want bind to use.
# Leave this unchanged if you want bind to automatically detect the number
#CPU="1"
# Default pid file location
# use named.conf to specify pid-file location
# Scheduling priority: 19 is the lowest and -20 is the highest.
# Default: 0
#NAMED_NICELEVEL="0"

View File

@@ -0,0 +1,99 @@
#!/sbin/openrc-run
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
extra_commands="checkconfig checkzones"
extra_started_commands="reload"
depend() {
need net
use logger
provide dns
}
NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf}
_get_pidfile() {
# as suggested in bug #107724, bug 335398#c17
[ -n "${PIDFILE}" ] || PIDFILE=$(\
/usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
[ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid"
}
checkconfig() {
ebegin "Checking named configuration"
if [ ! -f "${NAMED_CONF}" ] ; then
eerror "No ${NAMED_CONF} file exists!"
return 1
fi
/usr/bin/named-checkconf ${NAMED_CONF} || {
eerror "named-checkconf failed! Please fix your config first."
return 1
}
eend 0
}
checkzones() {
ebegin "Checking named configuration and zones"
/usr/bin/named-checkconf -z ${NAMED_CONF}
eend $?
}
start() {
local piddir
ebegin "Starting named"
checkconfig || { eend 1; return 1; }
# create piddir (usually /run/named) if necessary, bug 334535
_get_pidfile
piddir="${PIDFILE%/*}"
checkpath -q -d -o root:named -m 0770 "${piddir}" || {
eerror "Failed to create PID directory at $piddir"
eend 1
return 1
}
# In case someone have $CPU set in /etc/conf.d/named
if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
CPU="-n ${CPU}"
fi
start-stop-daemon --start --pidfile ${PIDFILE} \
--nicelevel ${NAMED_NICELEVEL:-0} \
--exec /usr/sbin/named \
-- -u named ${CPU} ${OPTIONS}
eend $?
}
stop() {
ebegin "Stopping named"
# -R 10, bug 335398
_get_pidfile
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
--exec /usr/sbin/named
eend $?
}
reload() {
local ret
ebegin "Reloading named.conf and zone files"
checkconfig || { eend 1; return 1; }
_get_pidfile
if [ -n "${PIDFILE}" ]; then
start-stop-daemon --pidfile $PIDFILE --signal HUP
ret=$?
else
ewarn "Unable to determine the pidfile... this is"
ewarn "a fallback mode. Please check your installation!"
$RC_SERVICE restart
ret=$?
fi
eend $ret
}

View File

@@ -0,0 +1,13 @@
[Unit]
Description=Internet domain name server
After=network.target
[Service]
ExecStartPre=/usr/libexec/generate-rndc-key.sh
ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf
ExecStart=/usr/sbin/named -f -u named
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop
[Install]
WantedBy=multi-user.target

View File

@@ -0,0 +1,10 @@
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1

View File

@@ -0,0 +1,10 @@
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1

View File

@@ -0,0 +1,11 @@
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.

View File

@@ -0,0 +1,45 @@
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and https://tools.ietf.org/html/rfc6303
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// Note: empty-zones-enable yes; option is default.
// If private ranges should be forwarded, add
// disable-empty-zone "."; into options
//
zone "localhost.localdomain" IN {
type primary;
file "/var/bind/pri/named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type primary;
file "/var/bind/pri/named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type primary;
file "/var/bind/pri/named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type primary;
file "/var/bind/pri/named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type primary;
file "/var/bind/pri/named.empty";
allow-update { none; };
};

23
net-dns/bind/metadata.xml Normal file
View File

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>zlogene@gentoo.org</email>
<name>Mikle Kolyada</name>
</maintainer>
<maintainer type="person">
<email>chutzpah@gentoo.org</email>
<name>Patrick McLean</name>
</maintainer>
<use>
<flag name="dnstap">Enables dnstap packet logging</flag>
<flag name="dnsrps">Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an external response policy provider</flag>
<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
<flag name="doh">Enables dns-over-https</flag>
<flag name="fixed-rrset">Enables fixed rrset-order option</flag>
<flag name="geoip2">Enable GeoIP2 API from MaxMind</flag>
<flag name="gssapi">Enable gssapi support</flag>
<flag name="json">Enable JSON statistics channel</flag>
<flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag>
</use>
</pkgmetadata>