From: Tom Hendrikx (whyscream) <tom@whyscream.net>
Date: Tue, 2 Sep 2008 21:14:56 +0000 (+0000)
Subject: net-dns/unbound: New ebuild for unbound, see bug #223103
X-Git-Url: http://pileus.org/git/?a=commitdiff_plain;h=203da429ecb70a329e2f1e1bae769c34eaa46d05;p=~andy%2Fsunrise

net-dns/unbound: New ebuild for unbound, see bug #223103

svn path=/sunrise/; revision=6967
---

diff --git a/net-dns/unbound/ChangeLog b/net-dns/unbound/ChangeLog
new file mode 100644
index 000000000..f45025068
--- /dev/null
+++ b/net-dns/unbound/ChangeLog
@@ -0,0 +1,9 @@
+# ChangeLog for net-dns/unbound
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+  02 Sep 2008; Tom Hendrikx (whyscream) <tom@whyscream.net>
+  +unbound-1.0.2.ebuild, +files/chroot_howto.txt, +files/unbound.confd,
+  +files/unbound.initd, +metadata.xml:
+  New ebuild for unbound, see bug #223103
+
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
new file mode 100644
index 000000000..5cc53ecae
--- /dev/null
+++ b/net-dns/unbound/Manifest
@@ -0,0 +1,7 @@
+AUX chroot_howto.txt 1692 RMD160 e4939da926078f3982f6b5391e5c900f7008e93e SHA1 f911f11f214125d994e338573c8710dfe6f43674 SHA256 9824f29c59b869820e4bd28906d01aaba451af05dd83bcb9f961eac63155a491
+AUX unbound.confd 284 RMD160 01960d51a873ed30beac29ce20e3dde43dca20aa SHA1 195c31dd2edf4a887f667520ddf70a1bed8a3d65 SHA256 27d73752ae2a0f6c7ae4a3d894357bba1a2fdaf9f3cd0415be03bed2c0211537
+AUX unbound.initd 1028 RMD160 b7c4ad74dbd3ed255c2b4575ca528199731ff655 SHA1 40c55f0a62ed531a34dfa5b3a28d2fa789a305ce SHA256 f491b07b0adc60a56a907283782ed86d073d397a98f40a5413444522d5eaf215
+DIST unbound-1.0.2.tar.gz 3597275 RMD160 1e942505468f6ae4061b208914e9b7feed6ecff1 SHA1 93faa7b76cf7681b8c7b0c5187aaf84c36b6670b SHA256 e6bbc4bb850c211e97ee7b5bc1827f59eb5222d295b715bda4551775766240ac
+EBUILD unbound-1.0.2.ebuild 1695 RMD160 15bc34360da92e9fd331d99d2b573f04703a6a00 SHA1 2159228064f06802e724b714c4250c3f999d3b39 SHA256 4ebb57c6c26ad76015c73a19b1f57e672085e170a25381a8308a10a958c2ba9f
+MISC ChangeLog 330 RMD160 3904b8c5c15947922ba54ba008ff25ce29fa63a3 SHA1 61b79fdfa5dd447510899d714a4531f1af0cdcb8 SHA256 7c72c3bc84f339ad55e8a472cc3d1afb57ca07fba9d989afddd1a95293a797d5
+MISC metadata.xml 245 RMD160 d8ace88cdc93cb9ddd4a28cb445e7b8d61cc5127 SHA1 6fe67339cb588812f2973ef6f5eee3d0c1d79b1c SHA256 136f25009219cb8b085d8885f5d68ccdc2836705577688e7587755e9736aba9d
diff --git a/net-dns/unbound/files/chroot_howto.txt b/net-dns/unbound/files/chroot_howto.txt
new file mode 100644
index 000000000..5699d00cb
--- /dev/null
+++ b/net-dns/unbound/files/chroot_howto.txt
@@ -0,0 +1,48 @@
+Chroot jail howto for unbound
+
+* Rationale
+
+I had no experience whatsoever with chroot jails for daemons, and when making an
+ebuild for unbound, someone suggested that I should just check it out.
+Unfortunately, my ebuild skills are not that great, so making the ebuild handle
+the rootjail support transparantly was out of my league. Getting unbound 
+running within a rootjail was no problem however. Below are my experiences.
+
+* Assumptions
+
+- You know your way around a linux machine on the console
+- You have root access
+
+* Setting it up
+
+1. Emerge unbound, switching USE flags has no effect to the steps in this guide.
+
+2. Decide where you want your rootjail. I choose /var/lib/unbound 
+   throughout this manual. Then create the directory:
+	 # mkdir /var/lib/unbound
+   # chown unbound:unbound /var/lib/unbound
+   # chmod 700 /var/lib/unbound
+
+3. Inside the chroot you'll need access to /dev/random, and possibly /dev/log 
+	 (when using syslog, the default). Simplest way is to bind-mount /dev:
+   # mkdir /var/lib/unbound/dev
+   # mount -o bind /dev /var/lib/unbound/dev
+
+   Hint: add a line to /etc/fstab to keep this persistent between reboots.
+
+4. Move the config file into the chroot and change some settings:
+   # mv /etc/unbound/unbound.conf /var/lib/unbound
+   # nano /var/lib/unbound/unbound.conf
+
+   Change following options (or copy/paste these lines near 
+   the end of the file):
+
+   chroot: "/var/lib/unbound"
+   directory: "/var/lib/unbound"
+   pidfile: "/var/lib/unbound/unbound.pid"
+
+5. Change /etc/conf.d/unbound to reflect the new locations of 
+   the config and the pid file.
+
+   config_file="/var/lib/unbound/unbound.conf"
+   pid_file="/var/lib/unbound/unbound.conf"
diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd
new file mode 100644
index 000000000..709724ec5
--- /dev/null
+++ b/net-dns/unbound/files/unbound.confd
@@ -0,0 +1,7 @@
+# Settings should normally only be changed when using a chroot jail.
+
+# Location of the unbound configuration file. Leave empty for the default.
+#config_file="/etc/unbound/unbound.conf"
+
+# Location of the unbound pidfile. Leave empty for the default.
+#pid_file="/var/run/unbound.pid"
diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd
new file mode 100644
index 000000000..525020c39
--- /dev/null
+++ b/net-dns/unbound/files/unbound.initd
@@ -0,0 +1,46 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+opts="start stop configtest"
+description="Unbound is a validating, recursive and caching DNS resolver"
+description_start="Start the server"
+description_stop="Stop the server"
+description_configtest="Check the syntax of the configuration file"
+
+config_file=${config_file:-/etc/unbound/unbound.conf}
+pid_file=${pid_file:-/var/run/unbound.pid}
+
+depend() {
+	provide dns
+	need net
+	after auth-dns
+}
+
+start() {
+	configtest || return 1
+
+	ebegin "Starting unbound"
+		touch "${pid_file}"
+		chown unbound:unbound "${pid_file}"
+		unbound -c "${config_file}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping unbound"
+		start-stop-daemon --stop --pidfile="${pid_file}"
+	eend $?
+}
+
+configtest() {
+	ebegin "Checking config"
+		unbound-checkconf "${config_file}" > /dev/null 2>&1
+		local RESULT=$?
+		if test "$RESULT" != 0; then
+			eerror "`unbound-checkconf "${config_file}" 2>&1`"
+			eend 1
+		fi
+	eend "$RESULT"
+}
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
new file mode 100644
index 000000000..ff26c878e
--- /dev/null
+++ b/net-dns/unbound/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>maintainer-wanted</herd>
+	<use>
+		<flag name='libevent'>Enable support for libevent</flag>
+	</use>
+</pkgmetadata>
diff --git a/net-dns/unbound/unbound-1.0.2.ebuild b/net-dns/unbound/unbound-1.0.2.ebuild
new file mode 100644
index 000000000..a59f72e99
--- /dev/null
+++ b/net-dns/unbound/unbound-1.0.2.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils
+
+DESCRIPTION="Unbound is a validating, recursive and caching DNS resolver."
+HOMEPAGE="http://unbound.net"
+SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug libevent static threads"
+
+RDEPEND="dev-libs/openssl
+		net-libs/ldns
+		libevent? ( dev-libs/libevent )"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 -1 unbound
+}
+
+src_compile() {
+	econf \
+		--with-conf-file=/etc/unbound/unbound.conf \
+		--with-pidfile=/var/run/unbound.pid \
+		--with-run-dir=/etc/unbound \
+		--with-username=unbound \
+		$(use_enable debug) \
+		$(use_enable debug lock-checks) \
+		$(use_enable debug alloc-checks) \
+		$(use_enable static static-exe) \
+		$(use_with libevent) \
+		$(use_with threads pthreads)
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed"
+	newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed"
+
+	dodoc doc/README doc/CREDITS doc/TODO doc/Changelog doc/FEATURES || die "dodoc failed"
+	dodoc "${FILESDIR}/chroot_howto.txt" || die "dodoc failed"
+
+	# adapt config file to disable the chroot
+	sed -i '/^\t# chroot:/a\\tchroot: ""' "$D/etc/unbound/unbound.conf" || die "sed failed"
+}
+
+pkg_postinst() {
+	elog "The gentoo configuration does not enable a chroot environment,"
+	elog "this differs from the default upstream configuration."
+	elog "To use a chroot enviroment, please read:"
+	elog "/usr/share/doc/${PF}/chroot_howto.txt.bz2"
+}