# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
# $Header: $
+ 14 Jun 2009; Tom Hendrikx (whyscream) <tom@whyscream.net>
+ -unbound-1.2.1.ebuild, +unbound-1.3.0.ebuild, -files/chroot_howto.txt,
+ files/unbound.confd, files/unbound.initd, metadata.xml:
+ Version bump, including new init script
+
06 May 2009; Tom Hendrikx (whyscream) <tom@whyscream.net>
unbound-1.2.1.ebuild:
Disable test suite since it does not work
-AUX chroot_howto.txt 1780 RMD160 39c115816f87cf4ec1a17fbfd313fee771a64226 SHA1 3522189d64e92fb64251587db1559e5d0110e540 SHA256 650b4d838ba09d1c94b34ae712102d3b29b84744c4980c5bafe8eaa552a657a5
-AUX unbound.confd 284 RMD160 01960d51a873ed30beac29ce20e3dde43dca20aa SHA1 195c31dd2edf4a887f667520ddf70a1bed8a3d65 SHA256 27d73752ae2a0f6c7ae4a3d894357bba1a2fdaf9f3cd0415be03bed2c0211537
-AUX unbound.initd 985 RMD160 1cd1fe6a195def58fda8be0e3067b2751773be21 SHA1 569ad8abab363e10f03cc9e2d4fb11395fc9b18b SHA256 d8752a4f8ba549ef2822368b86c1a0931284b4e057e236d19f88857a2c43be67
-DIST unbound-1.2.1.tar.gz 3795258 RMD160 c26d82d92e3342fe860d342a0717824b07d1c38d SHA1 996aea210b24f8c4bd1aa7a9584bc5b70b989b1b SHA256 1f95ca2904dfb813bf52f15156a8c769b365deb92fa7b995344062dea966dc29
-EBUILD unbound-1.2.1.ebuild 1829 RMD160 19e439e8993bc577dcf878517b62cf25c1cb3efc SHA1 b480abe267fb06f87a9a2eef48a697b61fa2f91a SHA256 e743c7c2129b1a29fd096d6476e2e5c30b3e14000a2205d820bbe38e88aa40c5
-MISC ChangeLog 1221 RMD160 4280b11d5a41aa844c3aa7c93c1ad21f677bf276 SHA1 320bc10e7bc18b82c867aafa8e98045289dd900a SHA256 746850cb1d7a183bfcadd2e65f9a634337e2aa36b5edbc3923647f3f685b0822
-MISC metadata.xml 245 RMD160 d8ace88cdc93cb9ddd4a28cb445e7b8d61cc5127 SHA1 6fe67339cb588812f2973ef6f5eee3d0c1d79b1c SHA256 136f25009219cb8b085d8885f5d68ccdc2836705577688e7587755e9736aba9d
+AUX unbound.confd 166 RMD160 ad5324b396d0ceb53c5dcf142b106a8fa114e30d SHA1 7db818eda9240ecebd166ce85eb6490b374b4f18 SHA256 6e804cf2a450a06ebb390b267d353a892e987d2bf0c4909909507ab277df86b4
+AUX unbound.initd 1219 RMD160 636c7a022a4bded04675ce0b5676443442e4712c SHA1 b7bda8a6fa2404c0bb8024a8cf1e6c9c6d9dd038 SHA256 8a9dface7c74819336ea7da97cf561397ebd3d5110ba2dfe732883695be79b67
+DIST unbound-1.3.0.tar.gz 4059848 RMD160 f4c57ff90f84c25bec93b5d61655b326602b5e14 SHA1 67fe06f087083fd24b0175b68e624efc375a3e0f SHA256 ebaed25422a32a7f13386982485d9d01b65cf3aefbebdcf4add6a4d7c71a4610
+EBUILD unbound-1.3.0.ebuild 2654 RMD160 c247e612a93208cc0b5d1b535c199c697f93ad1e SHA1 75cb32325298265cfe13dd0b7a7fde354799b40b SHA256 fa74437ec8565c67592164ec897130837327b003caacf147f770e4e63452beed
+MISC ChangeLog 1455 RMD160 53fc49ae1f04e899cbc31843a3fc1cea2773ab32 SHA1 fc212bdea320e12fa69455cf497dac9c0b6dd775 SHA256 872e8a2d185a9b555cbfce8ca4d36f8f2e22b09ae59749640e33016746561e10
+MISC metadata.xml 313 RMD160 55eab80cc0d3313ab6abbd819c97624c5b6deaf6 SHA1 58b71600454480ba1779092e323083e3c8303445 SHA256 6ea4770fe59e75a6dde41e4ba616bf3219c76a55cd70d6563f46178564551a94
+++ /dev/null
-Chroot jail howto for unbound
-
-* Rationale
-
-I had no experience whatsoever with chroot jails for daemons, and when making an
-ebuild for unbound, someone suggested that I should just check it out.
-After lots of playing around with automating a chroot jail setup from within
-the ebuild, everything got way too unstable and far from fool-proof.
-
-Getting unbound running within a rootjail by hand was no problem however.
-Below are my experiences.
-
-* Assumptions
-
-- You know your way around a linux machine on the console
-- You have root access
-
-* Setting it up
-
-1. Emerge unbound, switching USE flags has no effect to the steps in this guide.
-
-2. Decide where you want your rootjail. I choose /var/lib/unbound
- throughout this manual. Then create the directory:
- # mkdir /var/lib/unbound
- # chown unbound:unbound /var/lib/unbound
- # chmod 700 /var/lib/unbound
-
-3. Inside the chroot you'll need access to /dev/random, and possibly /dev/log
- (when using syslog, the default). Simplest way is to bind-mount /dev:
- # mkdir /var/lib/unbound/dev
- # mount -o bind /dev /var/lib/unbound/dev
-
- Hint: add a line to /etc/fstab to keep this persistent between reboots, f.i.:
- /dev /var/lib/unbound/dev auto defauls,bind 0 0
-
-4. Move the config file into the chroot and change some settings:
- # mv /etc/unbound/unbound.conf /var/lib/unbound
- # nano /var/lib/unbound/unbound.conf
-
- Change following options (or copy/paste these lines near
- the end of the file):
-
- chroot: "/var/lib/unbound"
- directory: "/var/lib/unbound"
- pidfile: "/var/lib/unbound/unbound.pid"
-
-5. Change /etc/conf.d/unbound to reflect the new locations of
- the config and the pid file.
-
- config_file="/var/lib/unbound/unbound.conf"
- pid_file="/var/lib/unbound/unbound.pid"
-# Settings should normally only be changed when using a chroot jail.
+# Settings should normally not need any changes.
# Location of the unbound configuration file. Leave empty for the default.
#config_file="/etc/unbound/unbound.conf"
-
-# Location of the unbound pidfile. Leave empty for the default.
-#pid_file="/var/run/unbound.pid"
#!/sbin/runscript
-# Copyright 1999-2008 Gentoo Foundation
+# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
-opts="start stop configtest"
+opts="start stop reload"
description="Unbound is a validating, recursive and caching DNS resolver"
description_start="Start the server"
description_stop="Stop the server"
-description_configtest="Check the syntax of the configuration file"
+description_reload="Reload the server"
config_file=${config_file:-/etc/unbound/unbound.conf}
-pid_file=${pid_file:-/var/run/unbound.pid}
+my_unbound_checkconf=/usr/sbin/unbound-checkconf
+my_unbound_control=/usr/sbin/unbound-control
+my_unbound_control_setup=/usr/sbin/unbound-control-setup
depend() {
provide dns
after auth-dns
}
+_checkconf() {
+ if ! ${my_unbound_checkconf} "${config_file}" > /dev/null; then
+ eerror "You have errors in your configfile (${config_file})"
+ return 1
+ fi
+ return 0
+}
+
+_running() {
+ ${my_unbound_control} -c ${config_file} status > /dev/null 2>&1
+}
+
start() {
- configtest || return 1
+ _checkconf || return 1
ebegin "Starting unbound"
- unbound -c "${config_file}"
+ ${my_unbound_control} -c ${config_file} start > /dev/null
+ _running
eend $?
}
stop() {
ebegin "Stopping unbound"
- start-stop-daemon --stop --pidfile="${pid_file}"
+ ${my_unbound_control} -c ${config_file} stop > /dev/null
eend $?
}
-configtest() {
- ebegin "Checking config (${config_file})"
- unbound-checkconf "${config_file}" > /dev/null 2>&1
- local RESULT=$?
- if test "$RESULT" != 0; then
- eerror "`unbound-checkconf "${config_file}" 2>&1`"
- eend 1
- fi
- eend "$RESULT"
+reload() {
+ ebegin "Reloading unbound"
+ ${my_unbound_control} -c ${config_file} reload > dev/null
+ eend $?
}
<pkgmetadata>
<herd>maintainer-wanted</herd>
<use>
+ <flag name='chroot'>Enable chroot by default (recommended)</flag>
<flag name='libevent'>Enable support for libevent</flag>
</use>
</pkgmetadata>
+++ /dev/null
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: $
-
-inherit eutils
-
-DESCRIPTION="Unbound is a validating, recursive and caching DNS resolver."
-HOMEPAGE="http://unbound.net"
-SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="debug libevent static threads"
-
-DEPEND="dev-libs/openssl
- >=net-libs/ldns-1.5.0
- libevent? ( dev-libs/libevent )"
-RDEPEND=${DEPEND}
-
-pkg_setup() {
- enewgroup unbound
- enewuser unbound -1 -1 -1 unbound
-}
-
-src_compile() {
- econf \
- --with-conf-file=/etc/unbound/unbound.conf \
- --with-pidfile=/var/run/unbound.pid \
- --with-run-dir=/etc/unbound \
- --with-username=unbound \
- $(use_enable debug) \
- $(use_enable debug lock-checks) \
- $(use_enable debug alloc-checks) \
- $(use_enable static static-exe) \
- $(use_with libevent) \
- $(use_with threads pthreads)
-
- emake || die "emake failed"
-}
-
-src_test() {
- # upstream reports that the included test suite needs a networked test environment
- true
-}
-
-src_install() {
- emake DESTDIR="${D}" install || die "emake install failed"
- newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed"
- newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed"
-
- dodoc doc/README doc/CREDITS doc/TODO doc/Changelog doc/FEATURES || die "dodoc failed"
- dodoc "${FILESDIR}/chroot_howto.txt" || die "dodoc failed"
-
- # adapt config file to disable the chroot
- sed -i '/^\t# chroot:/a\\tchroot: ""' "${D}/etc/unbound/unbound.conf" || die "sed failed"
-}
-
-pkg_postinst() {
- elog "The gentoo configuration does not enable a chroot environment,"
- elog "this differs from the default upstream configuration."
- elog "To use a chroot enviroment which is recommended, please read"
- elog "the chroot_howto.txt in /usr/share/doc/${PF}"
-}
--- /dev/null
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="1"
+
+inherit eutils
+
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="http://unbound.net"
+SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+chroot debug libevent python static threads"
+
+DEPEND="dev-libs/openssl
+ >=net-libs/ldns-1.5.1
+ libevent? ( dev-libs/libevent )"
+RDEPEND=${RDEPEND}
+
+pkg_setup() {
+ enewgroup unbound
+ enewuser unbound -1 -1 -1 unbound
+}
+
+src_compile() {
+ econf \
+ --with-conf-file=/etc/unbound/unbound.conf \
+ --with-pidfile=/var/run/unbound.pid \
+ --with-run-dir=/etc/unbound \
+ --with-username=unbound \
+ $(use_enable debug) \
+ $(use_enable debug lock-checks) \
+ $(use_enable debug alloc-checks) \
+ $(use_enable static static-exe) \
+ $(use_with libevent) \
+ $(use_with threads pthreads) \
+ $(use_with python pyunbound) \
+ $(use_with python pythonmodule)
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+ newinitd "${FILESDIR}/unbound.initd" unbound || die "newinitd failed"
+ newconfd "${FILESDIR}/unbound.confd" unbound || die "newconfd failed"
+
+ dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} || die "dodoc failed"
+
+ insinto /usr/share/${PN}
+ insopts -m755
+ doins contrib/{update-anchor.sh,update-itar.sh} || die "doins failed"
+
+ # enable remote control for our rc script
+ sed -i 's:^\t# control-enable\: no:\tcontrol-enable\: yes:g' "${D}/etc/unbound/unbound.conf" || die "sed failed"
+
+ # disable chroot when requested
+ if ! use chroot; then
+ sed -i 's:^\t# chroot\: "/etc/unbound":\tchroot\: "":g' "${D}/etc/unbound/unbound.conf" || die "sed failed"
+ fi
+}
+
+pkg_postinst() {
+ local key_dir="${ROOT}etc/unbound"
+
+ # unbound-control-setup tests for *.key existance, so copy that behaviour
+ if ! test -f ${key_dir}/unbound_server.key && ! test -f ${key_dir}/unbound_control.key; then
+ ewarn "With unbound-1.3.0, we use a new initd script based on unbound-contol."
+ ewarn "The initd script needs SSL keys. To generate these, please run the"
+ ewarn "following command before (re)starting Unbound:"
+ ewarn "emerge --config =${PF}"
+ fi
+}
+
+
+pkg_config() {
+ local key_dir="${ROOT}etc/unbound"
+ local key_files="unbound_control.key unbound_control.pem unbound_server.key unbound_server.pem"
+
+ ebegin "Generating SSL keys for unbound-control"
+ /usr/sbin/unbound-control-setup -d ${key_dir}
+ eend $?
+
+ ebegin "Adjusting file permissions"
+ local username=`/usr/sbin/unbound-checkconf -o username`
+ cd ${key_dir}
+ chown ${username} ${key_files}
+ eend $?
+}
projects / ~andy / sunrise / commitdiff