# ChangeLog for net-dns/opendnssec
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: $
+ 26 Jan 2011; Tom Hendrikx (whyscream) <tom@whyscream.net>
+ -opendnssec-1.1.3.ebuild, +opendnssec-1.2.0.ebuild,
+ files/opendnssec.initd, metadata.xml:
+ version bump
+
15 Oct 2010; Tom Hendrikx (whyscream) <tom@whyscream.net>
files/opendnssec.initd:
minor change to initd file
AUX opendnssec-drop-privileges.patch 906 RMD160 c7e5f09d08c7431fbe0d5496e980f1468de5185a SHA1 875529fd365e9168f4a34334c884e01b670974d3 SHA256 faecb049748efab2652b890020106748039dbe7022d943393ac50b71b429b340
-AUX opendnssec.initd 2298 RMD160 3024d31f7a2aa5dd917e7505a9b06efd2fa93d94 SHA1 cabe945d886dbebff08ed6197d0665b9c0071253 SHA256 2328977690492589e8670105986dd5d20fde19944304f68b4abafbc52bb6a919
-DIST opendnssec-1.1.3.tar.gz 2207087 RMD160 2a41bf17553ed02e4654887a81f4665e4acdbf2d SHA1 394640b0cb8bb5afdf3446b4fe15e4942acd0d11 SHA256 bd6616e724fec0b95829b6ccc364b919e460786bd4deda9b80ac005d325c166c
-EBUILD opendnssec-1.1.3.ebuild 5079 RMD160 cb5dad0b8c4b8c34ba8cd0b0a6144d3d119f97e5 SHA1 a9e6690caa1ba33bf163a69796d380aa49543d6a SHA256 85b7c5c1c87ba44e91225231d30248c8efdc94a4e3d89f4df432de2e139acea7
-MISC ChangeLog 1135 RMD160 bd27d1c17e3c59e146caca4d3a80f683ca84f8a4 SHA1 73a4bf87b0563ec06a1c58834b1b7b61eda62117 SHA256 c007c907eef81765e33530a1d78cf43f76cef5b541e3c2091ef6fcef76a5a9da
-MISC metadata.xml 837 RMD160 97d0d9bc90ace43d8ac98e37bfe9c79922c7d3bd SHA1 6d714c285fe7f552b2cb0e761cf267f00ccbd699 SHA256 b428c003671bd6c66a011c7647cdf7a1349a2376073f15c1a97690abed61811f
+AUX opendnssec.initd 2110 RMD160 81362fd5e399e90e4b61ccb85d0d22b619db7c18 SHA1 776ff0b5495b6570088dd9aff6e66f816c7432fe SHA256 dca460b1732917695543ece1dd7ce5c1e6547e259d2c4119967621dbef26aa6c
+DIST opendnssec-1.2.0.tar.gz 1614858 RMD160 b243c9e6edccd15e1ccb8fb8839c931a77e613df SHA1 51e169f283bd1b69892bead8be9b6b7446e607de SHA256 adef63bae6cca53e4144cfe0d555be11a26447c787e2155ce60d11abe979f1be
+EBUILD opendnssec-1.2.0.ebuild 6152 RMD160 387b2b5689182d0f88481dd4d30e54ac616c323b SHA1 9d477d6f868f6a8ce1e31f54db4f51c6b67180f5 SHA256 ab5c4d3254597078cd910d861f4bf38309b75846da2ded9f66c053bae945facf
+MISC ChangeLog 1305 RMD160 84100078f6d74d59ac62b357f8ce24b647956637 SHA1 366e182ec768e6238c79d06aca1e6cd54177958a SHA256 8a548fa9775588913881d9a7f5695ccd046fc9abf2c77f59a4f2f2613e0399d4
+MISC metadata.xml 909 RMD160 ce76bb8d238ade156005656c28924ab215d5e473 SHA1 58de6a2400597a2972071e49cc56d4c39efef919 SHA256 a39476165120bc973f2c918d0ec2ed92dd1297823aa64a1142e6b256643903bc
# for openrc
description="An open-source turn-key solution for DNSSEC"
-checkconf_binary=/usr/bin/ods-kaspcheck
-signerd_binary=/usr/sbin/ods-signer
-signerd_pidfile=/var/lib/run/opendnssec/signerd.pid
-enforcerd_binary=/usr/sbin/ods-enforcerd
-enforcerd_pidfile=/var/lib/run/opendnssec/enforcerd.pid
-eppclientd_binary=/usr/sbin/eppclientd
-eppclientd_pidfile=/var/lib/run/opendnssec/eppclientd.pid
+checkconf_bin=/usr/bin/ods-kaspcheck
+control_bin=/usr/sbin/ods-control
+enforcer_bin=/usr/sbin/ods-enforcerd
+eppclient_bin=/usr/sbin/eppclientd
+eppclient_pidfile=/var/lib/run/opendnssec/eppclientd.pid
+signer_bin=/usr/sbin/ods-signerd
depend() {
need net
}
checkconfig() {
- if [ -x "${checkconf_binary}" ]; then
- output=$(${checkconf_binary})
+ if [ -x "${checkconf_bin}" ]; then
+ output=$(${checkconf_bin} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates")
if [ -n "$output" ]; then
echo $output
fi
return
}
-start_signerd() {
- ebegin "Starting OpenDNSSEC Signer"
- start-stop-daemon --start --exec "${signerd_binary}" --pidfile "${signerd_pidfile}" -- start > /dev/null
- eend $?
+
+start_enforcer() {
+ if [ -x "${enforcer_bin}" ]; then
+ ebegin "Starting OpenDNSSEC Enforcer"
+ ${control_bin} enforcer start > /dev/null
+ eend $?
+ fi
}
-stop_signerd() {
- ebegin "Stopping OpenDNSSEC Signer"
- start-stop-daemon --stop --exec "${signerd_binary}" --pidfile "${signerd_pidfile}" -- stop > /dev/null
- eend $?
+stop_enforcer() {
+ if [ -x "${enforcer_bin}" ]; then
+ ebegin "Stopping OpenDNSSEC Enforcer"
+ ${control_bin} enforcer stop > /dev/null
+ eend $?
+ fi
}
-start_enforcerd() {
- ebegin "Starting OpenDNSSEC Enforcer"
- start-stop-daemon --start --exec "${enforcerd_binary}" --pidfile "${enforcerd_pidfile}" > /dev/null
- eend $?
+start_signer() {
+ if [ -x "${signer_bin}" ]; then
+ ebegin "Starting OpenDNSSEC Signer"
+ ${control_bin} signer start > /dev/null 2>&1
+ eend $?
+ fi
}
-stop_enforcerd() {
- ebegin "Stopping OpenDNSSEC Enforcer"
- start-stop-daemon --stop --exec "${enforcerd_binary}" --pidfile "${enforcerd_pidfile}" > /dev/null
- eend $?
+stop_signer() {
+ if [ -x "${signer_bin}" ]; then
+ ebegin "Stopping OpenDNSSEC Signer"
+ ${control_bin} signer stop > /dev/null 2>&1
+ eend $?
+ fi
}
-start_eppclientd() {
- if [ -x "${eppclientd_binary}" ]; then
+start_eppclient() {
+ if [ -x "${eppclient_bin}" ]; then
ebegin "Starting OpenDNSSEC Eppclient"
- start-stop-daemon --start --exec "${eppclientd_binary}" --pidfile "${eppclientd_pidfile}" > /dev/null
+ start-stop-daemon --start --user opendnssec --group opendnssec --exec "${eppclient_bin}" --pidfile "${eppclient_pidfile}" > /dev/null
eend $?
fi
}
-stop_eppclientd() {
- if [ -x "${eppclientd_binary}" ]; then
+stop_eppclient() {
+ if [ -x "${eppclient_bin}" ]; then
ebegin "Stopping OpenDNSSEC Eppclient"
- start-stop-daemon --stop --exec "${eppclientd_binary}" --pidfile "${eppclientd_pidfile}" > /dev/null
+ start-stop-daemon --stop --exec "${eppclient_bin}" --pidfile "${eppclient_pidfile}" > /dev/null
eend $?
fi
}
start() {
checkconfig || return $?
- start_signerd || return $?
- start_enforcerd || return $?
- start_eppclientd || return $?
+ start_enforcer || return $?
+ start_signer || return $?
+ start_eppclient || return $?
}
stop() {
- stop_enforcerd || return $?
- stop_signerd || return $?
- stop_eppclientd || return $?
-}
-
-restart() {
- checkconfig || return $?
- svc_stop
- svc_start
+ stop_eppclient
+ stop_signer
+ stop_enforcer
+ sleep 1
}
<flag name='eppclient'>Enables support for automatic submission of DNSSEC keys to an upstream epp server</flag>
<flag name='external-hsm'>Enables support for storing DNSSEC keys through an arbitrary non-portage PKCS#11 interface, specified through an environment variable</flag>
<flag name='opensc'>Enables support for storing DNSSEC keys through a <pkg>dev-libs/opensc</pkg> PKCS#11 interface</flag>
+ <flag name='signer'>Enables signing capabilities for OpenDNSSEC</flag>
<flag name='softhsm'>Enables support for storing DNSSEC keys in a <pkg>dev-libs/softhsm</pkg> PKCS#11 object</flag>
</use>
</pkgmetadata>
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
SLOT="0"
KEYWORDS="~amd64 ~x86"
-IUSE="+auditor debug eppclient external-hsm mysql opensc softhsm sqlite"
-# Test suite needs a preconfigured sqlite/mysql database
+IUSE="+auditor debug eppclient external-hsm mysql opensc +signer softhsm sqlite"
+# Test suite needs a preconfigured sqlite/mysql database, and a cunit with curses support
RESTRICT="test"
-DEPEND=">=net-libs/ldns-1.6.6
- dev-libs/libxml2
- dev-python/4suite
- auditor? ( dev-lang/ruby[ssl] >=dev-ruby/dnsruby-1.49 )
- eppclient? ( net-misc/curl )
+DEPEND="dev-libs/libxml2
+ >=net-libs/ldns-1.6.7
+ auditor? ( dev-lang/ruby[ssl] >=dev-ruby/dnsruby-1.51 )
+ eppclient? ( net-misc/curl dev-db/sqlite:3 )
mysql? ( >=virtual/mysql-5.0 )
opensc? ( dev-libs/opensc )
softhsm? ( dev-libs/softhsm )
elif use external-hsm; then
# Use an arbitrary non-portage PKCS#11 library, set by an environment variable
if [ -n "$PKCS11_SOFTHSM" ]; then
- # This is for testing, since it's the only actual library I have, set USE=softhsm instead.
+ # This is for testing, since it's the only actual library I have. Set USE=softhsm instead.
PKCS11_LIB=softhsm
PKCS11_PATH="$PKCS11_SOFTHSM"
die "USE flag 'external-hsm' set but no PKCS#11 library path specified."
fi
- elog "Building with external PKCS#11 library support ($PKCS11_LIB): $PKCS11_PATH ."
+ elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}"
else
# Should never happen because of 'confutils_require_one softhsm opensc external-hsm'
die "No PKCS#11 library specified through USE flags."
}
pkg_setup() {
+ use eppclient && ewarn "Use of eppclient is still experimental"
+ use mysql && ewarn "Use of mysql is still experimental"
+
confutils_require_one mysql sqlite
confutils_require_one softhsm opensc external-hsm
econf $myconf \
$(use_enable auditor) \
$(use_enable debug timeshift) \
- $(use_enable eppclient)
+ $(use_enable eppclient) \
+ $(use_enable signer)
}
src_install() {
newinitd "${FILESDIR}"/opendnssec.initd opendnssec || die "newinitd failed"
dodoc KNOWN_ISSUES NEWS README || die "dodoc failed"
- rm "${D}"/usr/share/opendnssec.spec || die "failed to remove spec file"
# Remove subversion tags from config files to avoid useless config updates
- sed -i -e 's/<!-- \$Id:.* \$ -->//g' "${D}"/etc/opendnssec/* || die "sed failed for files in /etc/opendnssec"
+ sed -i -e 's/<!-- \$Id:.* \$ -->//g' "${D}"etc/opendnssec/* || die "sed failed for files in /etc/opendnssec"
+
+ # add upgrade script
+ insinto /usr/share/opendnssec
+ if use sqlite; then
+ doins enforcer/utils/migrate_keyshare_sqlite3.pl || die "doins failed for migrate_keyshare_sqlite3.pl"
+ elif mysql; then
+ doins enforcer/utils/migrate_keyshare_mysql.pl || die "doins failed for migrate_keyshare_mysql.pl"
+ fi
# Set ownership of config files
fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml || die "fowners failed for files in /etc/opendnssec"
# Set ownership of working directories
fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,signed,tmp} || die "fowners failed for dirs in /var/lib/opendnssec"
+ fowners opendnssec:opendnssec /var/lib/run/opendnssec || die "fowners failed for /var/lib/run/opendnssec"
}
pkg_postinst() {
+ elog "If you are upgrading from a pre-1.2.0 install, you'll need to update your"
+ elog "key (KASP) database. Please run the following command to do so:"
+ if use sqlite; then
+ elog " perl /usr/share/opendnssec/migrate_keyshare_sqlite3.pl -d /var/lib/opendnssec/kasp.db"
+ elog "You'll need to emerge 'dev-perl/DBD-SQLite' if it is not installed yet."
+ elif use mysql; then
+ elog " perl /usr/share/opendnssec/migrate_keyshare_mysql.pl -d <database> -u <username> -p <password>"
+ elog "You'll need to emerge 'dev-perl/DBD-mysql' if it is not installed yet."
+ fi
+ elog ""
+
if use softhsm; then
- elog "Please make sure that you create your softhsm database in a location readable"
- elog "by the opendnssec user. You can set its location in ${ROOT}etc/softhsm.conf."
+ elog "Please make sure that you create your softhsm database in a location writeable"
+ elog "by the opendnssec user. You can set its location in /etc/softhsm.conf."
elog "Suggested configuration is:"
- elog " echo \"0:${ROOT}var/lib/opendnssec/softhsm_slot0.db\" >> ${ROOT}etc/softhsm.conf"
+ elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf"
elog " softhsm --init-token --slot 0 --label OpenDNSSEC"
- elog " chown opendnssec:opendnssec ${ROOT}var/lib/opendnssec/softhsm_slot0.db"
+ elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db"
fi
}
projects / ~andy / sunrise / commitdiff