calculate
/
calculate-overlay
6
1
Fork 2
Code Issues Pull Requests 1 Releases Wiki Activity

Возвращен ebuild bind

Browse Source
atratsevskiy
Alexander Tratsevskiy 8 years ago
parent fe2a32b2b6
commit a04da1ebb6
14 changed files with 2392 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
net-dns/bind/Manifest
Unescape View File

@ -0,0 +1,2 @@
DIST bind-9.10.3-P4.tar.gz 8529535 SHA256 2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e SHA512 9c7b710054cd1230e7e470541a13850def56b2247c404a1800e0d0dad6aba20b3c3c09b1a17cd6017435525e84fa2f7cde40ae13feeeb7747efb26c66961aadd WHIRLPOOL 9e0384ac8c8b97720c29ed0014613acdde4d7f5a24353dc3f1712d73c37ac8ff00660f80c45c66fab8045afbbf41c7e26b9692b93040fa1db59a2724031ad129
DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2

413
net-dns/bind/bind-9.10.3_p4-r1.ebuild
Unescape View File

@ -0,0 +1,413 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
# Re dlz/mysql and threads, needs to be verified..
# MySQL uses thread local storage in its C api. Thus MySQL
# requires that each thread of an application execute a MySQL
# thread initialization to setup the thread local storage.
# This is impossible to do safely while staying within the DLZ
# driver API. This is a limitation caused by MySQL, and not the DLZ API.
# Because of this BIND MUST only run with a single thread when
# using the MySQL driver.
EAPI="5"
PYTHON_COMPAT=( python2_7 python3_3 python3_4 )
inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
MY_PV="${PV/_p/-P}"
MY_PV="${MY_PV/_rc/rc}"
MY_P="${PN}-${MY_PV}"
SDB_LDAP_VER="1.1.0-fc14"
RRL_PV="${MY_PV}"
NSLINT_DIR="contrib/nslint-3.0a2/"
# SDB-LDAP: http://bind9-ldap.bayour.com/
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
HOMEPAGE="http://www.isc.org/software/bind"
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
SLOT="0"
KEYWORDS="~alpha amd64 arm hppa ~ia64 ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="berkdb +caps dlz doc fetchlimit filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
json ldap libressl mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs
+threads urandom xml sdb-ldap"
# sdb-ldap - patch broken
# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
REQUIRED_USE="postgres? ( dlz )
berkdb? ( dlz )
mysql? ( dlz !threads )
odbc? ( dlz )
ldap? ( dlz )
gost? ( !libressl ssl )
threads? ( caps )
sdb-ldap? ( dlz )"
DEPEND="
ssl? (
!libressl? ( dev-libs/openssl:0[-bindist] )
libressl? ( dev-libs/libressl )
)
mysql? ( >=virtual/mysql-4.0 )
odbc? ( >=dev-db/unixODBC-2.2.6 )
ldap? ( net-nds/openldap )
idn? ( net-dns/idnkit )
postgres? ( dev-db/postgresql:= )
caps? ( >=sys-libs/libcap-2.1.0 )
xml? ( dev-libs/libxml2 )
geoip? ( >=dev-libs/geoip-1.4.6 )
gssapi? ( virtual/krb5 )
gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
seccomp? ( sys-libs/libseccomp )
json? ( dev-libs/json-c )
sdb-ldap? ( net-nds/openldap )"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-bind )
|| ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
S="${WORKDIR}/${MY_P}"
# bug 479092, requires networking
RESTRICT="test"
pkg_setup() {
ebegin "Creating named group and user"
enewgroup named 40
enewuser named 40 -1 /etc/bind named
eend ${?}
}
src_prepare() {
epatch "${FILESDIR}"/${PN}-9.10.3_p2-libressl.patch #563362
# Adjusting PATHs in manpages
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
sed -i \
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
"${i}" || die "sed failed, ${i} doesn't exist"
done
if use dlz; then
# sdb-ldap patch as per bug #160567
# Upstream URL: http://bind9-ldap.bayour.com/
# New patch take from bug 302735
if use sdb-ldap; then
epatch "${FILESDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
fi
fi
# should be installed by bind-tools
sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
# Disable tests for now, bug 406399
sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
if use nslint; then
sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
fi
# bug #220361
rm aclocal.m4
rm -rf libtool.m4/
eautoreconf
}
src_configure() {
local myconf=""
if use urandom; then
myconf="${myconf} --with-randomdev=/dev/urandom"
else
myconf="${myconf} --with-randomdev=/dev/random"
fi
use geoip && myconf="${myconf} --with-geoip"
# bug #158664
# gcc-specs-ssp && replace-flags -O[23s] -O
# To include db.h from proper path
use berkdb && append-flags "-I$(db_includedir)"
export BUILD_CC=$(tc-getBUILD_CC)
econf \
--sysconfdir=/etc/bind \
--localstatedir=/var \
--with-libtool \
--enable-full-report \
--without-readline \
$(use_enable caps linux-caps) \
$(use_enable fetchlimit) \
$(use_enable filter-aaaa) \
$(use_enable fixed-rrset) \
$(use_enable ipv6) \
$(use_enable rpz rpz-nsdname) \
$(use_enable rpz rpz-nsip) \
$(use_enable seccomp) \
$(use_enable sit) \
$(use_enable threads) \
$(use_with berkdb dlz-bdb) \
$(use_with dlz dlopen) \
$(use_with dlz dlz-filesystem) \
$(use_with dlz dlz-stub) \
$(use_with gost) \
$(use_with gssapi) \
$(use_with idn) \
$(use_with json libjson) \
$(use_with ldap dlz-ldap) \
$(use_with mysql dlz-mysql) \
$(use_with odbc dlz-odbc) \
$(use_with postgres dlz-postgres) \
$(use_with python) \
$(use_with ssl ecdsa) \
$(use_with ssl openssl "${EPREFIX}"/usr) \
$(use_with xml libxml2) \
${myconf}
# $(use_enable static-libs static) \
# bug #151839
echo '#undef SO_BSDCOMPAT' >> config.h
if use nslint; then
cd $NSLINT_DIR
econf
fi
}
src_compile() {
emake
if use nslint; then
emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
fi
}
src_install() {
emake DESTDIR="${D}" install
if use nslint; then
cd $NSLINT_DIR
dobin nslint
doman nslint.8
cd "${S}"
fi
dodoc CHANGES FAQ README
if use idn; then
dodoc contrib/idn/README.idnkit
fi
if use doc; then
dodoc doc/arm/Bv9ARM.pdf
docinto misc
dodoc doc/misc/*
# might a 'html' useflag make sense?
docinto html
dohtml -r doc/arm/*
docinto contrib
dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
# some handy-dandy dynamic dns examples
pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
popd 1>/dev/null
fi
insinto /etc/bind
newins "${FILESDIR}"/named.conf-r8 named.conf
# ftp://ftp.rs.internic.net/domain/named.cache:
insinto /var/bind
newins "${FILESDIR}"/named.cache-r2 named.cache
insinto /var/bind/pri
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
newinitd "${FILESDIR}"/named.init-r13 named
newconfd "${FILESDIR}"/named.confd-r7 named
if use gost; then
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
else
sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
fi
newenvd "${FILESDIR}"/10bind.env 10bind
# Let's get rid of those tools and their manpages since they're provided by bind-tools
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
rm -f "${D}"/usr/share/man/man8/nsupdate.8*
rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
for tool in dsfromkey importkey keyfromlabel keygen \
revoke settime signzone verify; do
rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
done
# bug 405251, library archives aren't properly handled by --enable/disable-static
if ! use static-libs; then
find "${D}" -type f -name '*.a' -delete || die
fi
# bug 405251
find "${D}" -type f -name '*.la' -delete || die
if use python; then
install_python_tools() {
dosbin bin/python/dnssec-{checkds,coverage}
}
python_foreach_impl install_python_tools
python_replicate_script "${D}usr/sbin/dnssec-checkds"
python_replicate_script "${D}usr/sbin/dnssec-coverage"
fi
# bug 450406
dosym named.cache /var/bind/root.cache
dosym /var/bind/pri /etc/bind/pri
dosym /var/bind/sec /etc/bind/sec
dosym /var/bind/dyn /etc/bind/dyn
keepdir /var/bind/{pri,sec,dyn}
dodir /var/log/named
fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
fperms 0750 /etc/bind /var/bind/pri
fperms 0770 /var/log/named /var/bind/{,sec,dyn}
systemd_newunit "${FILESDIR}/named.service-r1" named.service
systemd_dotmpfilesd "${FILESDIR}"/named.conf
exeinto /usr/libexec
doexe "${FILESDIR}/generate-rndc-key.sh"
}
pkg_postinst() {
if [ ! -f '/etc/bind/rndc.key' ]; then
if use urandom; then
einfo "Using /dev/urandom for generating rndc.key"
/usr/sbin/rndc-confgen -r /dev/urandom -a
echo
else
einfo "Using /dev/random for generating rndc.key"
/usr/sbin/rndc-confgen -a
echo
fi
chown root:named /etc/bind/rndc.key
chmod 0640 /etc/bind/rndc.key
fi
einfo
einfo "You can edit /etc/conf.d/named to customize named settings"
einfo
use mysql || use postgres || use ldap && {
elog "If your named depends on MySQL/PostgreSQL or LDAP,"
elog "uncomment the specified rc_named_* lines in your"
elog "/etc/conf.d/named config to ensure they'll start before bind"
einfo
}
einfo "If you'd like to run bind in a chroot AND this is a new"
einfo "install OR your bind doesn't already run in a chroot:"
einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
einfo
CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
if [[ -n ${CHROOT} ]]; then
elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
elog "To enable the old behaviour (without using mount) uncomment the"
elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
elog "If you decide to use the new/default method, ensure to make backup"
elog "first and merge your existing configs/zones to /etc/bind and"
elog "/var/bind because bind will now mount the needed directories into"
elog "the chroot dir."
fi
}
pkg_config() {
CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
if [[ -z "${CHROOT}" ]]; then
eerror "This config script is designed to automate setting up"
eerror "a chrooted bind/named. To do so, please first uncomment"
eerror "and set the CHROOT variable in '/etc/conf.d/named'."
die "Unset CHROOT"
fi
if [[ -d "${CHROOT}" ]]; then
ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
ewarn "To enable the old behaviour (without using mount) uncomment the"
ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
ewarn
ewarn "${CHROOT} already exists... some things might become overridden"
ewarn "press CTRL+C if you don't want to continue"
sleep 10
fi
echo; einfo "Setting up the chroot directory..."
mkdir -m 0750 -p ${CHROOT}
mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
mkdir -m 0750 -p ${CHROOT}/etc/bind
mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
# As of bind 9.8.0
if has_version net-dns/bind[gost]; then
if [ "$(get_libdir)" = "lib64" ]; then
mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
ln -s lib64 ${CHROOT}/usr/lib
else
mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
fi
fi
chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
mknod ${CHROOT}/dev/null c 1 3
chmod 0666 ${CHROOT}/dev/null
mknod ${CHROOT}/dev/zero c 1 5
chmod 0666 ${CHROOT}/dev/zero
if use urandom; then
mknod ${CHROOT}/dev/urandom c 1 9
chmod 0666 ${CHROOT}/dev/urandom
else
mknod ${CHROOT}/dev/random c 1 8
chmod 0666 ${CHROOT}/dev/random
fi
if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
cp -a /etc/bind ${CHROOT}/etc/
cp -a /var/bind ${CHROOT}/var/
fi
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
fi
elog "You may need to add the following line to your syslog-ng.conf:"
elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
}

1
net-dns/bind/files/10bind.env
Unescape View File

@ -0,0 +1 @@
CONFIG_PROTECT="/var/bind"

110
net-dns/bind/files/bind-9.10.3_p2-libressl.patch
Unescape View File

@ -0,0 +1,110 @@
Fix LibreSSL compatibility, patches from OpenBSD
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain
--- lib/dns/dst_openssl.h.orig Wed Sep 16 14:00:47 2015
+++ lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015
@@ -36,7 +36,7 @@
#define USE_ENGINE 1
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/*
* These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in
* the function like this before the BN_GENCB_new call:
--- lib/dns/openssl_link.c.orig Wed Sep 16 14:01:23 2015
+++ lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015
@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
return (result == ISC_R_SUCCESS ? 1 : -1);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
entropy_add(const void *buf, int num, double entropy) {
/*
@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in
UNLOCK(&locks[type]);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static unsigned long
id_callback(void) {
return ((unsigned long)isc_thread_self());
@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_id_callback(id_callback);
#endif
@@ -287,7 +287,7 @@ dst__openssl_destroy(void) {
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_state(0);
#endif
ERR_free_strings();
--- lib/dns/openssldh_link.c.orig Wed Sep 16 14:01:23 2015
+++ lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015
@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void
DH *dh = NULL;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
union {
@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
DH_free(dh);
return (dst__openssl_toresult(ISC_R_NOMEMORY));
--- lib/dns/openssldsa_link.c.orig Wed Sep 16 14:01:23 2015
+++ lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015
@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
union {
@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
--- lib/dns/opensslrsa_link.c.orig Wed Sep 16 14:01:23 2015
+++ lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015
@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca
} u;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
BN_GENCB *cb = BN_GENCB_new();

1189
net-dns/bind/files/bind-sdb-ldap-1.1.0-fc14.patch
View File

File diff suppressed because it is too large Load Diff

7
net-dns/bind/files/generate-rndc-key.sh
Unescape View File

@ -0,0 +1,7 @@
#!/bin/bash
if [ ! -s /etc/bind/rndc.key ]; then
/usr/sbin/rndc-confgen -a > /dev/null 2>&1 || exit 1
chmod 640 /etc/bind/rndc.key
chown root.named /etc/bind/rndc.key
fi

11
net-dns/bind/files/localhost.zone-r3
Unescape View File

@ -0,0 +1,11 @@
$TTL 1W
@ IN SOA localhost. root.localhost. (
2008122601 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1

88
net-dns/bind/files/named.cache
Unescape View File

@ -0,0 +1,88 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 3, 2013
; related version of root zone: 2013010300
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File

90
net-dns/bind/files/named.cache-r2
Unescape View File

@ -0,0 +1,90 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: December 01, 2015
; related version of root zone: 2015120100
;
; formerly NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file

1
net-dns/bind/files/named.conf
Unescape View File

@ -0,0 +1 @@
d /run/named 0750 named named -

166
net-dns/bind/files/named.conf-r8
Unescape View File

@ -0,0 +1,166 @@
/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-* for more details.
* Online versions of the documentation can be found here:
* https://kb.isc.org/article/AA-01031
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/
acl "xfer" {
/* Deny transfers by default except for the listed hosts.
* If we have other name servers, place them here.
*/
none;
};
/*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
//bindkeys-file "/etc/bind/bind.keys";
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-query {
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
trusted;
};
allow-query-cache {
/* Use the cache for the "trusted" ACL. */
trusted;
};
allow-recursion {
/* Only trusted addresses are allowed to use recursion. */
trusted;
};
allow-transfer {
/* Zone tranfers are denied by default. */
none;
};
allow-update {
/* Don't allow updates, e.g. via nsupdate. */
none;
};
/*
* If you've got a DNS server around at your upstream provider, enter its
* IP address here, and enable the line below. This will make you benefit
* from its cache, thus reduce overall DNS traffic in the Internet.
*
* Uncomment the following lines to turn on DNS forwarding, and change
* and/or update the forwarding ip address(es):
*/
/*
forward first;
forwarders {
// 123.123.123.123; // Your ISP NS
// 124.124.124.124; // Your ISP NS
// 4.2.2.1; // Level3 Public DNS
// 4.2.2.2; // Level3 Public DNS
8.8.8.8; // Google Open DNS
8.8.4.4; // Google Open DNS
};
*/
dnssec-enable yes;
//dnssec-validation yes;
/*
* As of bind 9.8.0:
* "If the root key provided has expired,
* named will log the expiration and validation will not work."
*/
dnssec-validation auto;
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
};
/*
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
*/
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
zone "." in {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
/*
* Briefly, a zone which has been declared delegation-only will be effectively
* limited to containing NS RRs for subdomains, but no actual data beyond its
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
* filter out "wildcard" or "synthesized" data from NAT boxes or from
* authoritative name servers whose undelegated (in-zone) data is of no
* interest.
* See http://www.isc.org/software/bind/delegation-only for more info
*/
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
//zone "YOUR-DOMAIN.TLD" {
// type master;
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
// allow-query { any; };
// allow-transfer { xfer; };
//};
//zone "YOUR-SLAVE.TLD" {
// type slave;
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
// masters { <MASTER>; };
/* Anybody is allowed to query but transfer should be controlled by the master. */
// allow-query { any; };
// allow-transfer { none; };
/* The master should be the only one who notifies the slaves, shouldn't it? */
// allow-notify { <MASTER>; };
// notify no;
//};

48
net-dns/bind/files/named.confd-r7
Unescape View File

@ -0,0 +1,48 @@
# Set various named options here.
#
#OPTIONS=""
# Set this to the number of processors you want bind to use.
# Leave this unchanged if you want bind to automatically detect the number
#CPU="1"
# If you wish to run bind in a chroot:
# 1) un-comment the CHROOT= assignment, below. You may use
# a different chroot directory but MAKE SURE it's empty.
# 2) run: emerge --config =<bind-version>
#
#CHROOT="/chroot/dns"
# Uncomment to enable binmount of /usr/share/GeoIP
#CHROOT_GEOIP="1"
# Uncomment the line below to avoid that the init script mounts the needed paths
# into the chroot directory.
# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
#CHROOT_NOMOUNT="1"
# Uncomment this option if you have setup your own chroot environment and you
# don't want/need the chroot consistency check
#CHROOT_NOCHECK=1
# Default pid file location
PIDFILE="${CHROOT}/run/named/named.pid"
# Scheduling priority: 19 is the lowest and -20 is the highest.
# Default: 0
#NAMED_NICELEVEL="0"
# Uncomment rc_named_use/rc_named_after for the database you need.
# Its necessary to ensure the database backend will be started before named.
# MySQL
#rc_named_use="mysql"
#rc_named_after="mysql"
# PostgreSQL
#rc_named_use="pg_autovacuum postgresql"
#rc_named_after="pg_autovacuum postgresql"
# LDAP
#rc_named_use="ldap"
#rc_named_after="ldap"

253
net-dns/bind/files/named.init-r13
Unescape View File

@ -0,0 +1,253 @@
#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
extra_commands="checkconfig checkzones"
extra_started_commands="reload"
depend() {
need net
use logger
provide dns
}
NAMED_CONF=${CHROOT}/etc/bind/named.conf
OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
_mount() {
local from
local to
local opts
local ret=0
if [ "${#}" -lt 3 ]; then
eerror "_mount(): to few arguments"
return 1
fi
from=$1
to=$2
shift 2
opts="${*}"
shift $#
if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
einfo "mounting ${from} to ${to}"
mount ${from} ${to} ${opts}
ret=$?
eend $ret
return $ret
fi
return 0
}
_umount() {
local dir=$1
local ret=0
if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
ebegin "umounting ${dir}"
umount ${dir}
ret=$?
eend $ret
return $ret
fi
return 0
}
_get_pidfile() {
# as suggested in bug #107724, bug 335398#c17
[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
/usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
}
check_chroot() {
if [ -n "${CHROOT}" ]; then
[ ! -d "${CHROOT}" ] && return 1
[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
[ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
[ ! -d "${CHROOT}/var/log/named" ] && return 1
[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
[ ! -c "${CHROOT}/dev/random" ] && [ ! -c "${CHROOT}/dev/urandom" ] && return 1
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
if [ -d "/usr/lib64" ]; then
[ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
elif [ -d "/usr/lib" ]; then
[ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
fi
fi
fi
return 0
}
checkconfig() {
ebegin "Checking named configuration"
if [ ! -f "${NAMED_CONF}" ] ; then
eerror "No ${NAMED_CONF} file exists!"
return 1
fi
/usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
eerror "named-checkconf failed! Please fix your config first."
return 1
}
eend 0
return 0
}
checkzones() {
ebegin "Checking named configuration and zones"
/usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
eend $?
}
start() {
local piddir
ebegin "Starting ${CHROOT:+chrooted }named"
if [ -n "${CHROOT}" ]; then
if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
check_chroot || {
eend 1
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
return 1
}
fi
if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
if [ ! -e /usr/lib/engines/libgost.so ]; then
eend 1
eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
return 1
fi
cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
eend 1
eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
return 1
}
fi
cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
einfo "Mounting chroot dirs"
_mount /etc/bind ${CHROOT}/etc/bind -o bind
_mount /var/bind ${CHROOT}/var/bind -o bind
_mount /var/log/named ${CHROOT}/var/log/named -o bind
if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
fi
fi
# On initial startup, if piddir inside the chroot /var/run/named
# Then the .../var/run part might not exist yet
checkpath -q -d -o root:root -m 0755 "${piddir}/.."
fi
checkconfig || { eend 1; return 1; }
# create piddir (usually /run/named) if necessary, bug 334535
_get_pidfile
piddir="${PIDFILE%/*}"
checkpath -q -d -o root:named -m 0770 "${piddir}" || {
eerror "Failed to create PID directory at $piddir"
eend 1
return 1
}
# In case someone have $CPU set in /etc/conf.d/named
if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
CPU="-n ${CPU}"
fi
start-stop-daemon --start --pidfile ${PIDFILE} \
--nicelevel ${NAMED_NICELEVEL:-0} \
--exec /usr/sbin/named \
-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
eend $?
}
stop() {
local reported=0
ebegin "Stopping ${CHROOT:+chrooted }named"
# Workaround for now, until openrc's restart has been fixed.
# openrc doesn't care about a restart() function in init scripts.
if [ "${RC_CMD}" = "restart" ]; then
if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
check_chroot || {
eend 1
eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
return 1
}
fi
checkconfig || { eend 1; return 1; }
fi
# -R 10, bug 335398
_get_pidfile
start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
--exec /usr/sbin/named
if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
ebegin "Umounting chroot dirs"
# just to be sure everything gets clean
while fuser -s ${CHROOT} 2>/dev/null; do
if [ "${reported}" -eq 0 ]; then
einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
eerror "Waiting until all named processes are stopped failed!"
eend 1
break
fi
sleep 1
reported=$((reported+1))
done
[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
_umount ${CHROOT}/etc/bind
_umount ${CHROOT}/var/log/named
_umount ${CHROOT}/var/bind
fi
eend $?
}
reload() {
local ret
ebegin "Reloading named.conf and zone files"
checkconfig || { eend 1; return 1; }
_get_pidfile
if [ -n "${PIDFILE}" ]; then
start-stop-daemon --pidfile $PIDFILE --signal HUP
ret=$?
else
ewarn "Unable to determine the pidfile... this is"
ewarn "a fallback mode. Please check your installation!"
$RC_SERVICE restart
ret=$?
fi
eend $ret
}

13
net-dns/bind/files/named.service-r1
Unescape View File

@ -0,0 +1,13 @@
[Unit]
Description=Internet domain name server
After=network.target
[Service]
ExecStartPre=/usr/libexec/generate-rndc-key.sh
ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf
ExecStart=/usr/sbin/named -f -u named
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop
[Install]
WantedBy=multi-user.target
Write Preview
Loading…
Cancel
Save