--- /dev/null
+# ChangeLog for net-dns/unbound
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+ 02 Sep 2008; Tom Hendrikx (whyscream) <tom@whyscream.net>
+ +unbound-1.0.2.ebuild, +files/chroot_howto.txt, +files/unbound.confd,
+ +files/unbound.initd, +metadata.xml:
+ New ebuild for unbound, see bug #223103
+
--- /dev/null
+AUX chroot_howto.txt 1692 RMD160 e4939da926078f3982f6b5391e5c900f7008e93e SHA1 f911f11f214125d994e338573c8710dfe6f43674 SHA256 9824f29c59b869820e4bd28906d01aaba451af05dd83bcb9f961eac63155a491
+AUX unbound.confd 284 RMD160 01960d51a873ed30beac29ce20e3dde43dca20aa SHA1 195c31dd2edf4a887f667520ddf70a1bed8a3d65 SHA256 27d73752ae2a0f6c7ae4a3d894357bba1a2fdaf9f3cd0415be03bed2c0211537
+AUX unbound.initd 1028 RMD160 b7c4ad74dbd3ed255c2b4575ca528199731ff655 SHA1 40c55f0a62ed531a34dfa5b3a28d2fa789a305ce SHA256 f491b07b0adc60a56a907283782ed86d073d397a98f40a5413444522d5eaf215
+DIST unbound-1.0.2.tar.gz 3597275 RMD160 1e942505468f6ae4061b208914e9b7feed6ecff1 SHA1 93faa7b76cf7681b8c7b0c5187aaf84c36b6670b SHA256 e6bbc4bb850c211e97ee7b5bc1827f59eb5222d295b715bda4551775766240ac
+EBUILD unbound-1.0.2.ebuild 1695 RMD160 15bc34360da92e9fd331d99d2b573f04703a6a00 SHA1 2159228064f06802e724b714c4250c3f999d3b39 SHA256 4ebb57c6c26ad76015c73a19b1f57e672085e170a25381a8308a10a958c2ba9f
+MISC ChangeLog 330 RMD160 3904b8c5c15947922ba54ba008ff25ce29fa63a3 SHA1 61b79fdfa5dd447510899d714a4531f1af0cdcb8 SHA256 7c72c3bc84f339ad55e8a472cc3d1afb57ca07fba9d989afddd1a95293a797d5
+MISC metadata.xml 245 RMD160 d8ace88cdc93cb9ddd4a28cb445e7b8d61cc5127 SHA1 6fe67339cb588812f2973ef6f5eee3d0c1d79b1c SHA256 136f25009219cb8b085d8885f5d68ccdc2836705577688e7587755e9736aba9d
--- /dev/null
+Chroot jail howto for unbound
+
+* Rationale
+
+I had no experience whatsoever with chroot jails for daemons, and when making an
+ebuild for unbound, someone suggested that I should just check it out.
+Unfortunately, my ebuild skills are not that great, so making the ebuild handle
+the rootjail support transparantly was out of my league. Getting unbound
+running within a rootjail was no problem however. Below are my experiences.
+
+* Assumptions
+
+- You know your way around a linux machine on the console
+- You have root access
+
+* Setting it up
+
+1. Emerge unbound, switching USE flags has no effect to the steps in this guide.
+
+2. Decide where you want your rootjail. I choose /var/lib/unbound
+ throughout this manual. Then create the directory:
+ # mkdir /var/lib/unbound
+ # chown unbound:unbound /var/lib/unbound
+ # chmod 700 /var/lib/unbound
+
+3. Inside the chroot you'll need access to /dev/random, and possibly /dev/log
+ (when using syslog, the default). Simplest way is to bind-mount /dev:
+ # mkdir /var/lib/unbound/dev
+ # mount -o bind /dev /var/lib/unbound/dev
+
+ Hint: add a line to /etc/fstab to keep this persistent between reboots.
+
+4. Move the config file into the chroot and change some settings:
+ # mv /etc/unbound/unbound.conf /var/lib/unbound
+ # nano /var/lib/unbound/unbound.conf
+
+ Change following options (or copy/paste these lines near
+ the end of the file):
+
+ chroot: "/var/lib/unbound"
+ directory: "/var/lib/unbound"
+ pidfile: "/var/lib/unbound/unbound.pid"
+
+5. Change /etc/conf.d/unbound to reflect the new locations of
+ the config and the pid file.
+
+ config_file="/var/lib/unbound/unbound.conf"
+ pid_file="/var/lib/unbound/unbound.conf"
--- /dev/null
+# Settings should normally only be changed when using a chroot jail.
+
+# Location of the unbound configuration file. Leave empty for the default.
+#config_file="/etc/unbound/unbound.conf"
+
+# Location of the unbound pidfile. Leave empty for the default.
+#pid_file="/var/run/unbound.pid"
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+opts="start stop configtest"
+description="Unbound is a validating, recursive and caching DNS resolver"
+description_start="Start the server"
+description_stop="Stop the server"
+description_configtest="Check the syntax of the configuration file"
+
+config_file=${config_file:-/etc/unbound/unbound.conf}
+pid_file=${pid_file:-/var/run/unbound.pid}
+
+depend() {
+ provide dns
+ need net
+ after auth-dns
+}
+
+start() {
+ configtest || return 1
+
+ ebegin "Starting unbound"
+ touch "${pid_file}"
+ chown unbound:unbound "${pid_file}"
+ unbound -c "${config_file}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping unbound"
+ start-stop-daemon --stop --pidfile="${pid_file}"
+ eend $?
+}
+
+configtest() {
+ ebegin "Checking config"
+ unbound-checkconf "${config_file}" > /dev/null 2>&1
+ local RESULT=$?
+ if test "$RESULT" != 0; then
+ eerror "`unbound-checkconf "${config_file}" 2>&1`"
+ eend 1
+ fi
+ eend "$RESULT"
+}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>maintainer-wanted</herd>
+ <use>
+ <flag name='libevent'>Enable support for libevent</flag>
+ </use>
+</pkgmetadata>
--- /dev/null
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils
+
+DESCRIPTION="Unbound is a validating, recursive and caching DNS resolver."
+HOMEPAGE="http://unbound.net"
+SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug libevent static threads"
+
+RDEPEND="dev-libs/openssl
+ net-libs/ldns
+ libevent? ( dev-libs/libevent )"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+ enewgroup unbound
+ enewuser unbound -1 -1 -1 unbound
+}
+
+src_compile() {
+ econf \
+ --with-conf-file=/etc/unbound/unbound.conf \
+ --with-pidfile=/var/run/unbound.pid \
+ --with-run-dir=/etc/unbound \
+ --with-username=unbound \
+ $(use_enable debug) \
+ $(use_enable debug lock-checks) \
+ $(use_enable debug alloc-checks) \
+ $(use_enable static static-exe) \
+ $(use_with libevent) \
+ $(use_with threads pthreads)
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+ newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed"
+ newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed"
+
+ dodoc doc/README doc/CREDITS doc/TODO doc/Changelog doc/FEATURES || die "dodoc failed"
+ dodoc "${FILESDIR}/chroot_howto.txt" || die "dodoc failed"
+
+ # adapt config file to disable the chroot
+ sed -i '/^\t# chroot:/a\\tchroot: ""' "$D/etc/unbound/unbound.conf" || die "sed failed"
+}
+
+pkg_postinst() {
+ elog "The gentoo configuration does not enable a chroot environment,"
+ elog "this differs from the default upstream configuration."
+ elog "To use a chroot enviroment, please read:"
+ elog "/usr/share/doc/${PF}/chroot_howto.txt.bz2"
+}
projects / ~andy / sunrise / commitdiff