mirrors/gentoo-ebuilds
3
0
Fork 0
mirror of https://anongit.gentoo.org/git/repo/gentoo.git synced 2025-12-13 21:47:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
gentoo-ebuilds/net-dns/unbound/unbound-1.23.0-r1.ebuild
Arthur Zamarin fb134a9e0d
 net-dns/unbound: Stabilize 1.23.0-r1 arm, #958691 
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
2025-07-04 15:04:32 +03:00

213 lines
6.3 KiB
Bash
Raw Permalink Blame History

# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
PYTHON_COMPAT=( python3_{11..14} )
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/unbound.net.asc
inherit autotools flag-o-matic python-single-r1 systemd verify-sig multilib-minimal
MY_P=${PN}-${PV/_/}
DESCRIPTION="A validating, recursive and caching DNS resolver"
HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"
SRC_URI="
https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz
verify-sig? ( https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz.asc )
"
S="${WORKDIR}"/${MY_P}
LICENSE="BSD GPL-2"
SLOT="0/8" # ABI version of libunbound.so
if [[ ${PV} != *_rc* ]] ; then
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86"
fi
IUSE="debug dnscrypt dnstap +ecdsa ecs gost +http2 python redis selinux static-libs systemd test +tfo threads"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RESTRICT="!test? ( test )"
# Note: expat is needed by executable only but the Makefile is custom
# and doesn't make it possible to easily install the library without
# the executables. MULTILIB_USEDEP may be dropped once build system
# is fixed.
DEPEND="
acct-group/unbound
acct-user/unbound
>=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]
>=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}]
dnscrypt? ( dev-libs/libsodium:=[${MULTILIB_USEDEP}] )
dnstap? (
dev-libs/fstrm[${MULTILIB_USEDEP}]
>=dev-libs/protobuf-c-1.0.2-r1:=[${MULTILIB_USEDEP}]
)
ecdsa? (
dev-libs/openssl:0[-bindist(-)]
)
http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
redis? ( dev-libs/hiredis:= )
systemd? ( sys-apps/systemd )
"
BDEPEND="
virtual/pkgconfig
python? ( dev-lang/swig )
test? (
net-libs/ldns[examples(-)]
dev-util/splint
app-text/wdiff
)
verify-sig? ( >=sec-keys/openpgp-keys-unbound-20250515 )
"
RDEPEND="
${DEPEND}
net-dns/dnssec-root
selinux? ( sec-policy/selinux-bind )
"
QA_CONFIG_IMPL_DECL_SKIP=(
ioctlsocket # not on Linux (bug #900060)
)
PATCHES=(
"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch
"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch
"${FILESDIR}"/${PN}-1.10.1-find-ar.patch
)
pkg_setup() {
use python && python-single-r1_pkg_setup
}
src_prepare() {
default
eautoreconf
# Required for the python part
multilib_copy_sources
}
src_configure() {
[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
multilib-minimal_src_configure
}
multilib_src_configure() {
local myeconfargs=(
$(multilib_native_use_enable debug)
$(multilib_native_use_enable gost)
$(multilib_native_use_enable dnscrypt)
$(multilib_native_use_enable dnstap)
$(multilib_native_use_enable ecdsa)
$(multilib_native_use_enable ecs subnet)
$(multilib_native_use_enable redis cachedb)
$(multilib_native_use_enable static-libs static)
$(multilib_native_use_enable systemd)
$(multilib_native_use_with python pythonmodule)
$(multilib_native_use_with python pyunbound)
$(multilib_native_use_with threads pthreads)
$(multilib_native_use_with http2 libnghttp2)
$(multilib_native_use_enable tfo tfo-client)
$(multilib_native_use_enable tfo tfo-server)
--disable-flto
--disable-rpath
--enable-event-api
--enable-ipsecmod
--with-libevent="${ESYSROOT}"/usr
$(multilib_native_usex redis --with-libhiredis="${ESYSROOT}/usr" --without-libhiredis)
--with-pidfile="${EPREFIX}"/run/unbound.pid
--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
--with-ssl="${ESYSROOT}"/usr
--with-libexpat="${ESYSROOT}"/usr
# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
# $(use_enable debug lock-checks)
# $(use_enable debug alloc-checks)
# $(use_enable debug alloc-lite)
# $(use_enable debug alloc-nonregional)
)
econf "${myeconfargs[@]}"
}
multilib_src_install() {
emake DESTDIR="${D}" install
systemd_dounit contrib/unbound.service
systemd_dounit contrib/unbound.socket
systemd_dounit contrib/unbound_portable.service
}
multilib_src_install_all() {
use python && python_optimize
newinitd "${FILESDIR}"/unbound-r1.initd unbound
newconfd "${FILESDIR}"/unbound-r1.confd unbound
systemd_newunit "${FILESDIR}"/unbound-anchor-r1.service unbound-anchor.service
dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
dodoc contrib/{unbound_munin_,metrics.awk}
docinto selinux
dodoc contrib/selinux/*
exeinto /usr/share/${PN}
doexe contrib/{update-anchor.sh,unbound_cache.sh}
# Create space for auto-trust-anchor-file eventually
# downloaded by unbound-anchor
keepdir /etc/unbound/var
fowners root:unbound /etc/unbound/var
fperms 0770 /etc/unbound/var
# Used to store cache data
keepdir /var/lib/${PN}
fowners root:unbound /var/lib/${PN}
fperms 0770 /var/lib/${PN}
find "${ED}" -name '*.la' -delete || die
if ! use static-libs ; then
find "${ED}" -name "*.a" -delete || die
fi
}
pkg_postinst() {
if [[ ! -f "${EROOT}/etc/unbound/unbound_control.key" ]]; then
einfo "Trying to create unbound control key ..."
if ! unbound-control-setup &>/dev/null ; then
ewarn "Failed to create unbound control key!"
fi
fi
if [[ ! -f "${EROOT}/etc/unbound/var/root-anchors.txt" ]]; then
einfo ""
einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
einfo "set 'auto-trust-anchor-file: ${EROOT}/etc/unbound/var/root-anchors.txt' in ${EROOT}/etc/unbound/unbound.conf"
einfo "and run"
einfo ""
einfo " su -s /bin/sh -c '${EROOT}/usr/sbin/unbound-anchor -a ${EROOT}/etc/unbound/var/root-anchors.txt' unbound"
einfo ""
einfo "as root to create it initially before starting unbound for the first time after enabling this."
einfo ""
einfo "If using systemd you may also enable the unbound-anchor.service"
fi
# Our user is not available on prefix
use prefix && return
local _perm_check_testfile=$(mktemp --dry-run "${EPREFIX}"/etc/unbound/var/.pkg_postinst-perm-check.XXXXXXXXX)
su -s /bin/sh -c "touch ${_perm_check_testfile}" unbound &>/dev/null
if [[ $? -ne 0 ]]; then
ewarn "WARNING: unbound user cannot write to \"${EPREFIX}/etc/unbound/var\"!"
ewarn "Run the following commands to restore default permission:"
ewarn ""
ewarn " chown root:unbound ${EPREFIX}/etc/unbound/var"
ewarn " chmod 0770 ${EPREFIX}/etc/unbound/var"
else
# Cleanup -- no reason to die here!
rm -f "${_perm_check_testfile}"
fi
}
Reference in a new issue View git blame Copy permalink