[Midnightbsd-cvs] mports [20612] trunk/dns: update bind 9.10 and make a bind tools port
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Oct 31 20:28:43 EDT 2015
Revision: 20612
http://svnweb.midnightbsd.org/mports/?rev=20612
Author: laffer1
Date: 2015-10-31 20:28:42 -0400 (Sat, 31 Oct 2015)
Log Message:
-----------
update bind 9.10 and make a bind tools port
Modified Paths:
--------------
trunk/dns/Makefile
trunk/dns/bind910/Makefile
trunk/dns/bind910/distinfo
trunk/dns/bind910/files/named.in
trunk/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in
trunk/dns/bind910/files/patch-configure
trunk/dns/bind910/files/pkg-message.in
trunk/dns/bind910/pkg-help
trunk/dns/bind910/pkg-install
Added Paths:
-----------
trunk/dns/bind-tools/
trunk/dns/bind-tools/Makefile
trunk/dns/bind-tools/pkg-descr
trunk/dns/bind-tools/pkg-plist
trunk/dns/bind910/files/BIND.chroot.dist
trunk/dns/bind910/files/BIND.chroot.local.dist
trunk/dns/bind910/files/extrapatch-bind-min-override-ttl
Modified: trunk/dns/Makefile
===================================================================
--- trunk/dns/Makefile 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/Makefile 2015-11-01 00:28:42 UTC (rev 20612)
@@ -4,6 +4,7 @@
SUBDIR += ares
SUBDIR += autotrust
+SUBDIR += bind-tools
SUBDIR += bind910
SUBDIR += bind99
SUBDIR += bindgraph
Added: trunk/dns/bind-tools/Makefile
===================================================================
--- trunk/dns/bind-tools/Makefile (rev 0)
+++ trunk/dns/bind-tools/Makefile 2015-11-01 00:28:42 UTC (rev 20612)
@@ -0,0 +1,15 @@
+# $MidnightBSD$
+# $FreeBSD: head/dns/bind-tools/Makefile 397807 2015-09-25 10:05:48Z mat $
+
+# Define PORTREVISION in ${MASTERDIR}
+MASTERDIR= ${.CURDIR}/../../dns/bind910
+
+DESCR= ${.CURDIR}/pkg-descr
+PLIST= ${.CURDIR}/pkg-plist
+PKGINSTALL= /nonexistent
+
+BIND_TOOLS_SLAVE= YES
+
+INSTALL_WRKSRC= ${WRKSRC}/bin
+
+.include "${MASTERDIR}/Makefile"
Property changes on: trunk/dns/bind-tools/Makefile
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/dns/bind-tools/pkg-descr
===================================================================
--- trunk/dns/bind-tools/pkg-descr (rev 0)
+++ trunk/dns/bind-tools/pkg-descr 2015-11-01 00:28:42 UTC (rev 20612)
@@ -0,0 +1,8 @@
+The user space command line tools from the latest version of BIND:
+ delv, dig, host, nslookup, nsupdate
+
+It also includes various dnssec related tools:
+ dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
+ dnssec-revoke, dnssec-settime, dnssec-signzone, dnssec-verify
+
+WWW: https://www.isc.org/software/bind
Property changes on: trunk/dns/bind-tools/pkg-descr
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/dns/bind-tools/pkg-plist
===================================================================
--- trunk/dns/bind-tools/pkg-plist (rev 0)
+++ trunk/dns/bind-tools/pkg-plist 2015-11-01 00:28:42 UTC (rev 20612)
@@ -0,0 +1,30 @@
+bin/delv
+bin/dig
+bin/host
+bin/nslookup
+bin/nsupdate
+man/man1/delv.1.gz
+man/man1/dig.1.gz
+man/man1/host.1.gz
+man/man1/nslookup.1.gz
+man/man1/nsupdate.1.gz
+%%PYTHON%%man/man8/dnssec-checkds.8.gz
+%%PYTHON%%man/man8/dnssec-coverage.8.gz
+man/man8/dnssec-dsfromkey.8.gz
+man/man8/dnssec-importkey.8.gz
+man/man8/dnssec-keyfromlabel.8.gz
+man/man8/dnssec-keygen.8.gz
+man/man8/dnssec-revoke.8.gz
+man/man8/dnssec-settime.8.gz
+man/man8/dnssec-signzone.8.gz
+man/man8/dnssec-verify.8.gz
+%%PYTHON%%sbin/dnssec-checkds
+%%PYTHON%%sbin/dnssec-coverage
+sbin/dnssec-dsfromkey
+sbin/dnssec-importkey
+sbin/dnssec-keyfromlabel
+sbin/dnssec-keygen
+sbin/dnssec-revoke
+sbin/dnssec-settime
+sbin/dnssec-signzone
+sbin/dnssec-verify
Property changes on: trunk/dns/bind-tools/pkg-plist
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Modified: trunk/dns/bind910/Makefile
===================================================================
--- trunk/dns/bind910/Makefile 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/Makefile 2015-11-01 00:28:42 UTC (rev 20612)
@@ -3,22 +3,37 @@
PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/}
+.if defined(BIND_TOOLS_SLAVE)
+# dns/bind-tools here
+PORTREVISION= 1
+.else
+# dns/bind910 here
+PORTREVISION= 1
+.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
-PKGNAMESUFFIX?= 910
+.if defined(BIND_TOOLS_SLAVE)
+PKGNAMESUFFIX= -tools
+.else
+PKGNAMESUFFIX= 910
+.endif
DISTNAME= ${PORTNAME}-${ISCVERSION}
MAINTAINER= ports at MidnightBSD.org
-COMMENT?= BIND DNS suite with updated DNSSEC and DNS64
+.if defined(BIND_TOOLS_SLAVE)
+COMMENT= Command line tools from BIND: delv, dig, host, nslookup...
+.else
+COMMENT= BIND DNS suite with updated DNSSEC and DNS64
+.endif
LICENSE= iscl
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.10.2-P3
+ISCVERSION= 9.10.3
MAKE_JOBS_UNSAFE= yes
-USES= cpe
+USES= cpe libedit
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -29,32 +44,40 @@
LIB_DEPENDS= libxml2.so:${PORTSDIR}/textproc/libxml2
GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
+CONFIGURE_ARGS+= --localstatedir=/var --disable-linux-caps \
--disable-symtable \
--with-randomdev=/dev/random \
- --with-libxml2=${LOCALBASE}
+ --with-libxml2=${LOCALBASE} \
+ --with-readline=-ledit \
+ --sysconfdir=${ETCDIR}
+.if defined(BIND_TOOLS_SLAVE)
+CONFIGURE_ARGS+= --disable-shared
+.endif
ETCDIR= ${PREFIX}/etc/namedb
CONFLICTS+= bind9*-9.[456789].* bind9*-sdb-9.[456789].*
+.if !defined(BIND_TOOLS_SLAVE)
SUB_FILES= pkg-message
+.endif
-OPTIONS_SUB= yes
OPTIONS_DEFAULT= IPV6 SSL THREADS SIGCHASE IDN GSSAPI_NONE
-OPTIONS_DEFINE= IDN LARGE_FILE GOST PYTHON \
+OPTIONS_DEFINE= IDN LARGE_FILE PYTHON START_LATE \
FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA
-OPTIONS_RADIO= CRYPTO
+OPTIONS_RADIO= CRYPTO GOSTDEF
OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11
+OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1
-OPTIONS_SINGLE= GSSAPI
-OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
.if !defined(BIND_TOOLS_SLAVE)
OPTIONS_DEFAULT+= RRL
-OPTIONS_DEFINE+= LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS GEOIP
+OPTIONS_DEFINE+= LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS GEOIP \
+ MINCACHE PORTREVISION FETCHLIMIT QUERYTRACE
OPTIONS_GROUP= DLZ
OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
.endif # BIND_TOOLS_SLAVE
+OPTIONS_SINGLE= GSSAPI
+OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
OPTIONS_SUB= yes
@@ -66,8 +89,15 @@
CRYPTO_DESC= Choose which crypto engine to use
NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**)
GEOIP_DESC= Allow geographically based ACL.
-GOST_DESC= Enable GOST ciphers, needs SSL (see help)
+GOSTDEF_DESC= Enable GOST ciphers, needs SSL (see help on 8 and 9)
+GOST_DESC= GOST raw keys (new default)
+GOST_ASN1_DESC= GOST using ASN.1
PYTHON_DESC= Build with Python utilities
+START_LATE_DESC= Start BIND late in the boot process
+MINCACHE_DESC= Use the mincachettl patch
+PORTREVISION_DESC= Show PORTREVISION in the version string
+FETCHLIMIT_DESC= Enable the query quotas for resolvers
+QUERYTRACE_DESC= Enable the very verbose query tracelogging
LINKS_DESC= Create conf file symlinks in ${PREFIX}
NEWSTATS_DESC= Enable alternate xml statistics channel format
@@ -81,12 +111,17 @@
DLZ_LDAP_DESC= DLZ LDAP driver
DLZ_FILESYSTEM_DESC= DLZ filesystem driver
DLZ_STUB_DESC= DLZ stub driver
-GSSAPI_BASE_DESC= ${GSSAPI_DESC} (Heimdal in base)
-GSSAPI_HEIMDAL_DESC= ${GSSAPI_DESC} (security/heimdal)
-GSSAPI_MIT_DESC= ${GSSAPI_DESC} (security/krb5)
-GSSAPI_NONE_DESC= No ${GSSAPI_DESC}
+GSSAPI_BASE_DESC= Using Heimdal in base
+GSSAPI_HEIMDAL_DESC= Using security/heimdal
+GSSAPI_MIT_DESC= Using security/krb5
+GSSAPI_NONE_DESC= Disable
+MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl
+FETCHLIMIT_CONFIGURE_ENABLE= fetchlimit
+QUERYTRACE_CONFIGURE_ENABLE= querytrace
-.if !defined(BIND_TOOLS_SLAVE)
+.if defined(BIND_TOOLS_SLAVE)
+CONFLICTS+= bind910-9.10.*
+.else
CONFLICTS+= bind-tools-9.*
.endif # BIND_TOOLS_SLAVE
@@ -114,13 +149,14 @@
GEOIP_CONFIGURE_WITH= geoip
GEOIP_LIB_DEPENDS= libGeoIP.so:${PORTSDIR}/net/GeoIP
-GOST_CONFIGURE_WITH= gost
+GOST_CONFIGURE_ON= --with-gost
+GOST_ASN1_CONFIGURE_ON= --with-gost=asn1
PYTHON_CONFIGURE_WITH= python
PYTHON_USES= python
DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes
-DLZ_POSTGRESQL_USE= pgsql=yes
+DLZ_POSTGRESQL_USES= pgsql
FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset
@@ -143,19 +179,28 @@
DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes
+START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \
+ NAMED_BEFORE="LOGIN"
+START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
+ NAMED_BEFORE="SERVERS"
+
GSSAPI_BASE_USES= gssapi
GSSAPI_BASE_CONFIGURE_ON= \
- --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_HEIMDAL_CONFIGURE_ON= \
- --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= \
- --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
GSSAPI_NONE_CONFIGURE_ON= --without-gssapi
.include <bsd.mport.options.mk>
+.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
+CONFIGURE_ARGS+= --without-gost
+.endif
+
.if !${PORT_OPTIONS:MLINKS}
PKGINSTALL=${NONEXISTENT}
.endif
@@ -166,7 +211,7 @@
CONFIGURE_ARGS+= --disable-threads
.endif
-.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100
+.if ${OPSYS} == DragonFly || (${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100)
PKGINSTALL= ${NONEXISTENT}
PLIST_SUB+= NOBASE="" BASE="@comment "
SUB_LIST+= NOBASE="" BASE="@comment "
@@ -174,11 +219,10 @@
USE_RC_SUBR+= named
SUB_FILES+= named.conf
.endif # !defined(BIND_TOOLS_SLAVE)
-.if ${PORT_OPTIONS:MGOST}
+.if ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1}
WITH_OPENSSL_PORT=yes
.endif
.else
-ETCDIR= ${PREFIX}/etc
PLIST_SUB+= NOBASE="@comment " BASE=""
SUB_LIST+= NOBASE="@comment " BASE=""
.if ${PORT_OPTIONS:MSSL}
@@ -188,21 +232,39 @@
PKGDEINSTALL= ${PKGINSTALL}
-CONFIGURE_ARGS+= --prefix=${PREFIX} \
- --sysconfdir=${ETCDIR}
PORTDOCS= *
-.if !defined(BIND_TOOLS_SLAVE)
post-patch:
-.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
+ @${REINPLACE_CMD} -e 's|readline/readline.h|editline/readline.h|; \
+ s|readline/history.h|histedit.h|' \
+ ${WRKSRC}/bin/dig/nslookup.c ${WRKSRC}/bin/nsupdate/nsupdate.c
+.if defined(BIND_TOOLS_SLAVE)
+ @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \
+ -e 's#isc-config.sh installdirs#installdirs#' \
+ -e 's#.*INSTALL.*isc-config.*##' \
+ -e 's#.*INSTALL.*bind.keys.*##' \
+ ${WRKSRC}/Makefile.in
+ @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec nsupdate \\#' \
+ -e 's#^ .*check confgen ##' \
+ ${WRKSRC}/bin/Makefile.in
+.else
+. for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
rndc/rndc.8
@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
-e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
-e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
${WRKSRC}/bin/${FILE}
-.endfor
+. endfor
+.endif
+.if !defined(BIND_TOOLS_SLAVE)
+.if ${PORTREVISION:N0}
+post-patch-PORTREVISION-on:
+ @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
+ ${WRKSRC}/version
+.endif
+
post-install:
.if ${PORT_OPTIONS:MDOCS}
${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
@@ -212,7 +274,8 @@
${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
.endif
-.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100
+.if ${OPSYS} == DragonFly || (${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100)
+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
${MKDIR} ${STAGEDIR}${ETCDIR}
.for i in dynamic master slave working
@${MKDIR} ${STAGEDIR}${ETCDIR}/$i
@@ -222,6 +285,8 @@
${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master
${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
+ ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
+ ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
.endif
${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
${STAGEDIR}${ETCDIR}/rndc.conf.sample
Modified: trunk/dns/bind910/distinfo
===================================================================
--- trunk/dns/bind910/distinfo 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/distinfo 2015-11-01 00:28:42 UTC (rev 20612)
@@ -1,2 +1,2 @@
-SHA256 (bind-9.10.2-P3.tar.gz) = 78079a66dda455ffecfe93ef72d1ffc947f17b1c453d55ec06b860b49a5e1d4a
-SIZE (bind-9.10.2-P3.tar.gz) = 8469831
+SHA256 (bind-9.10.3.tar.gz) = 9ac33bd8754ab4b6ee449b1b2aa88e09f51cda088486f4ab1585acd920b98ff0
+SIZE (bind-9.10.3.tar.gz) = 8552545
Added: trunk/dns/bind910/files/BIND.chroot.dist
===================================================================
--- trunk/dns/bind910/files/BIND.chroot.dist (rev 0)
+++ trunk/dns/bind910/files/BIND.chroot.dist 2015-11-01 00:28:42 UTC (rev 20612)
@@ -0,0 +1,24 @@
+# $FreeBSD: head/dns/bind910/files/BIND.chroot.dist 382109 2015-03-24 15:22:51Z mat $
+#
+# mtree -deU -f files/BIND.chroot.dist -p tmp
+# mtree -cjnb -k uname,gname,mode -p tmp
+
+/set type=file uname=root gname=wheel mode=0755
+. type=dir
+ dev type=dir mode=0555
+ ..
+ etc type=dir
+ ..
+/set type=file uname=bind gname=bind mode=0755
+ var type=dir uname=root gname=wheel
+ dump type=dir
+ ..
+ log type=dir
+ ..
+ run type=dir
+ named type=dir
+ ..
+ ..
+ stats type=dir
+ ..
+ ..
Property changes on: trunk/dns/bind910/files/BIND.chroot.dist
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/dns/bind910/files/BIND.chroot.local.dist
===================================================================
--- trunk/dns/bind910/files/BIND.chroot.local.dist (rev 0)
+++ trunk/dns/bind910/files/BIND.chroot.local.dist 2015-11-01 00:28:42 UTC (rev 20612)
@@ -0,0 +1,20 @@
+# $FreeBSD: head/dns/bind910/files/BIND.chroot.local.dist 382109 2015-03-24 15:22:51Z mat $
+#
+# mtree -deU -f files/BIND.etc.dist -p tmp
+# mtree -cjnb -k uname,gname,mode -p tmp
+
+/set type=file uname=root gname=wheel mode=0755
+. type=dir
+ etc type=dir
+/set type=file uname=bind gname=wheel mode=0755
+ namedb type=dir uname=root
+ dynamic type=dir
+ ..
+ master type=dir uname=root
+ ..
+ slave type=dir
+ ..
+ working type=dir
+ ..
+ ..
+ ..
Property changes on: trunk/dns/bind910/files/BIND.chroot.local.dist
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/dns/bind910/files/extrapatch-bind-min-override-ttl
===================================================================
--- trunk/dns/bind910/files/extrapatch-bind-min-override-ttl (rev 0)
+++ trunk/dns/bind910/files/extrapatch-bind-min-override-ttl 2015-11-01 00:28:42 UTC (rev 20612)
@@ -0,0 +1,78 @@
+diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/config.c
+--- bin/named/config.c 2009-05-22 12:24:49.000000000 +0400
++++ bin/named/config.c 2009-05-22 12:31:35.000000000 +0400
+@@ -129,6 +129,8 @@
+ min-roots 2;\n\
+ lame-ttl 600;\n\
+ max-ncache-ttl 10800; /* 3 hours */\n\
++ override-cache-ttl 0; /* do not override */\n\
++ min-cache-ttl 0; /* no minimal, zero is allowed */\n\
+ max-cache-ttl 604800; /* 1 week */\n\
+ transfer-format many-answers;\n\
+ max-cache-size 0;\n\
+diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/server.c
+--- bin/named/server.c 2009-05-22 12:24:49.000000000 +0400
++++ bin/named/server.c 2009-05-22 12:32:18.000000000 +0400
+@@ -1727,6 +1727,16 @@
+ CHECK(mustbesecure(obj, view->resolver));
+
+ obj = NULL;
++ result = ns_config_get(maps, "override-cache-ttl", &obj);
++ INSIST(result == ISC_R_SUCCESS);
++ view->overridecachettl = cfg_obj_asuint32(obj);
++
++ obj = NULL;
++ result = ns_config_get(maps, "min-cache-ttl", &obj);
++ INSIST(result == ISC_R_SUCCESS);
++ view->mincachettl = cfg_obj_asuint32(obj);
++
++ obj = NULL;
+ result = ns_config_get(maps, "max-cache-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->maxcachettl = cfg_obj_asuint32(obj);
+diff -Nabdur bind-9.6.0-P1.orig/lib/dns/include/dns/view.h bind-9.6.0-P1/lib/dns/include/dns/view.h
+--- lib/dns/include/dns/view.h 2009-05-22 12:24:49.000000000 +0400
++++ lib/dns/include/dns/view.h 2009-05-22 12:29:03.000000000 +0400
+@@ -131,6 +131,8 @@
+ isc_boolean_t provideixfr;
+ isc_boolean_t requestnsid;
+ dns_ttl_t maxcachettl;
++ dns_ttl_t mincachettl;
++ dns_ttl_t overridecachettl;
+ dns_ttl_t maxncachettl;
+ in_port_t dstport;
+ dns_aclenv_t aclenv;
+diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolver.c
+--- lib/dns/resolver.c 2009-05-22 12:24:49.000000000 +0400
++++ lib/dns/resolver.c 2009-05-22 12:30:41.000000000 +0400
+@@ -4054,6 +4054,18 @@
+ }
+
+ /*
++ * Enforce the configure cache TTL override.
++ */
++ if (res->view->overridecachettl)
++ rdataset->ttl = res->view->overridecachettl;
++
++ /*
++ * Enforce the configure minimum cache TTL.
++ */
++ if (rdataset->ttl < res->view->mincachettl)
++ rdataset->ttl = res->view->mincachettl;
++
++ /*
+ * Enforce the configure maximum cache TTL.
+ */
+ if (rdataset->ttl > res->view->maxcachettl)
+diff -Nabdur bind-9.6.0-P1.orig/lib/isccfg/namedconf.c bind-9.6.0-P1/lib/isccfg/namedconf.c
+--- lib/isccfg/namedconf.c 2009-05-22 12:24:49.000000000 +0400
++++ lib/isccfg/namedconf.c 2009-05-22 12:31:21.000000000 +0400
+@@ -821,6 +821,8 @@
+ { "lame-ttl", &cfg_type_uint32, 0 },
+ { "max-acache-size", &cfg_type_sizenodefault, 0 },
+ { "max-cache-size", &cfg_type_sizenodefault, 0 },
++ { "override-cache-ttl", &cfg_type_uint32, 0 },
++ { "min-cache-ttl", &cfg_type_uint32, 0 },
+ { "max-cache-ttl", &cfg_type_uint32, 0 },
+ { "max-clients-per-query", &cfg_type_uint32, 0 },
+ { "max-ncache-ttl", &cfg_type_uint32, 0 },
Property changes on: trunk/dns/bind910/files/extrapatch-bind-min-override-ttl
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Modified: trunk/dns/bind910/files/named.in
===================================================================
--- trunk/dns/bind910/files/named.in 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/files/named.in 2015-11-01 00:28:42 UTC (rev 20612)
@@ -1,19 +1,39 @@
#!/bin/sh
#
-# $FreeBSD: head/dns/bind910/files/named.in 352512 2014-04-28 15:42:06Z mat $
+# $FreeBSD: head/dns/bind910/files/named.in 395660 2015-08-31 10:06:27Z mat $
#
# PROVIDE: named
-# REQUIRE: FILESYSTEMS defaultroute ldconfig
-# BEFORE: NETWORKING
+# REQUIRE: %%NAMED_REQUIRE%%
+# BEFORE: %%NAMED_BEFORE%%
# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable BIND:
+# named_enable (bool): Run named, the DNS server (or NO).
+# named_program (str): Path to named, if you want a different one.
+# named_conf (str): Path to the configuration file
+# named_flags (str): Use this for flags OTHER than -u and -c
+# named_uid (str): User to run named as
+# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it)
+# Historically, was /var/named
+# named_chroot_autoupdate (bool): Automatically install/update chrooted
+# components of named.
+# named_symlink_enable (bool): Symlink the chrooted pid file
+# named_wait (bool): Wait for working name service before exiting
+# named_wait_host (str): Hostname to check if named_wait is enabled
+# named_auto_forward (str): Set up forwarders from /etc/resolv.conf
+# named_auto_forward_only (str): Do "forward only" instead of "forward first"
+%%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use.
+#
+
. /etc/rc.subr
name=named
+desc="named BIND startup script"
rcvar=named_enable
-load_rc_config $name
+load_rc_config ${name}
extra_commands=reload
@@ -21,24 +41,150 @@
start_postcmd=named_poststart
reload_cmd=named_reload
stop_cmd=named_stop
+stop_postcmd=named_poststop
-named_enable=${named_enable:-"NO"} # Run named, the DNS server (or NO).
-named_program=${named_program:-"%%PREFIX%%/sbin/named"} # Path to named, if you want a different one.
-named_conf=${named_conf:-"%%ETCDIR%%/named.conf"} # Path to the configuration file
-named_flags=${named_flags:-""} # Use this for flags OTHER than -u and -c
-named_uid=${named_uid:-"bind"} # User to run named as
-named_wait=${named_wait:-"NO"} # Wait for working name service before exiting
-named_wait_host=${named_wait_host:-"localhost"} # Hostname to check if named_wait is enabled
-named_auto_forward=${named_auto_forward:-"NO"} # Set up forwarders from /etc/resolv.conf
-named_auto_forward_only=${named_auto_forward_only:-"NO"} # Do "forward only" instead of "forward first"
-%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""} # Path to the PKCS#11 library to use.
-named_confdir="${named_conf%/*}" # Not a configuration directive but makes rclint happy.
+named_enable=${named_enable:-"NO"}
+named_program=${named_program:-"%%PREFIX%%/sbin/named"}
+named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
+named_flags=${named_flags:-""}
+named_uid=${named_uid:-"bind"}
+named_chrootdir=${named_chrootdir:-""}
+named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"}
+named_symlink_enable=${named_symlink_enable:-"YES"}
+named_wait=${named_wait:-"NO"}
+named_wait_host=${named_wait_host:-"localhost"}
+named_auto_forward=${named_auto_forward:-"NO"}
+named_auto_forward_only=${named_auto_forward_only:-"NO"}
+%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""}
+# Not configuration variables but having them here keeps rclint happy
+required_dirs="${named_chrootdir}"
+_named_confdirroot="${named_conf%/*}"
+_named_confdir="${named_chrootdir}${_named_confdirroot}"
+_named_program_root="${named_program%/sbin/named}"
+_openssl_engines="%%LOCALBASE%%/lib/engines"
+
+# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
+rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
+rndc_key=${rndc_key:-"$_named_confdir/rndc.key"}
+
+# If running in a chroot cage, ensure that the appropriate files
+# exist inside the cage, as well as helper symlinks into the cage
+# from outside.
+#
+# As this is called after the is_running and required_dir checks
+# are made in run_rc_command(), we can safely assume ${named_chrootdir}
+# exists and named isn't running at this point (unless forcestart
+# is used).
+#
+chroot_autoupdate()
+{
+ local file
+
+ # If it's the first time around, fiddle with things and move the
+ # current configuration to the chroot.
+ if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then
+ warn "named chroot: Moving current configuration in the chroot!"
+ install -d ${_named_confdir%/*}
+ mv ${_named_confdirroot} ${_named_confdir}
+ fi
+
+ # Create (or update) the chroot directory structure
+ #
+ if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then
+ mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \
+ -p ${named_chrootdir}
+ else
+ warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing,"
+ warn "${named_chrootdir} directory structure not updated"
+ fi
+ if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then
+ mkdir -p ${named_chrootdir}%%PREFIX%%
+ mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \
+ -p ${named_chrootdir}%%PREFIX%%
+ else
+ warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing,"
+ warn "${named_chrootdir}%%PREFIX%% directory structure not updated"
+ fi
+
+ # Create (or update) the configuration directory symlink
+ #
+ if [ ! -L "${_named_confdirroot}" ]; then
+ if [ -d "${_named_confdirroot}" ]; then
+ warn "named chroot: ${_named_confdirroot} is a directory!"
+ elif [ -e "${_named_confdirroot}" ]; then
+ warn "named chroot: ${_named_confdirroot} exists!"
+ else
+ ln -s ${_named_confdir} ${_named_confdirroot}
+ fi
+ else
+ # Make sure it points to the right place.
+ ln -shf ${_named_confdir} ${_named_confdirroot}
+ fi
+
+ # Mount a devfs in the chroot directory if needed
+ #
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null
+ devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
+ devfs -m ${named_chrootdir}/dev rule apply path null unhide
+ devfs -m ${named_chrootdir}/dev rule apply path random unhide
+ else
+ if [ -c ${named_chrootdir}/dev/null -a \
+ -c ${named_chrootdir}/dev/random ]; then
+ info "named chroot: using pre-mounted devfs."
+ else
+ err 1 "named chroot: devfs cannot be mounted from " \
+ "within a jail. Thus a chrooted named cannot " \
+ "be run from within a jail. Either mount the " \
+ "devfs with null and random from the host, or " \
+ "run named without chrooting it, set " \
+ "named_chrootdir=\"\" in /etc/rc.conf."
+ fi
+ fi
+
+ # If OpenSSL from ports, then the engines should be present in the
+ # chroot, named loads them after chrooting.
+ if [ -d ${_openssl_engines} ]; then
+ # FIXME when 8.4 is gone see if
+ # security.jail.param.allow.mount.nullfs can be used.
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
+ else
+ warn "named chroot: cannot nullfs mount OpenSSL" \
+ "engines into the chroot, will copy the shared" \
+ "libraries instead."
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
+ fi
+ fi
+
+ # Copy and/or update key files to the chroot /etc
+ #
+ for file in localtime protocols services; do
+ if [ -r /etc/${file} ] && \
+ ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then
+ cp -p /etc/${file} "${named_chrootdir}/etc/${file}"
+ fi
+ done
+}
+
+# Make symlinks to the correct pid file
+#
+make_symlinks()
+{
+ checkyesno named_symlink_enable &&
+ ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
+}
+
named_poststart()
{
+ make_symlinks
+
if checkyesno named_wait; then
- until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
- echo " Waiting for nameserver to resolve $named_wait_host"
+ until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do
+ echo " Waiting for nameserver to resolve ${named_wait_host}"
sleep 1
done
fi
@@ -46,15 +192,15 @@
named_reload()
{
- # This is a one line function, but ${command} is not defined early
+ # This is a one line function, but ${named_program} is not defined early
# enough to be there when the reload_cmd variable is defined up there.
- ${command%/named}/rndc reload
+ ${_named_program_root}/sbin/rndc ${rndc_flags} reload
}
find_pidfile()
{
- if get_pidfile_from_conf pid-file $named_conf; then
- pidfile="$_pidfile_from_conf"
+ if get_pidfile_from_conf pid-file ${named_conf}; then
+ pidfile="${_pidfile_from_conf}"
else
pidfile="/var/run/named/pid"
fi
@@ -67,22 +213,40 @@
# This duplicates an undesirably large amount of code from the stop
# routine in rc.subr in order to use rndc to shut down the process,
# and to give it a second chance in case rndc fails.
- rc_pid=$(check_pidfile $pidfile $command)
- if [ -z "$rc_pid" ]; then
- [ -n "$rc_fast" ] && return 0
+ rc_pid=$(check_pidfile ${pidfile} ${command})
+ if [ -z "${rc_pid}" ]; then
+ [ -n "${rc_fast}" ] && return 0
_run_rc_notrunning
return 1
fi
echo 'Stopping named.'
- if ${command%/named}/rndc stop 2>/dev/null; then
- wait_for_pids $rc_pid
+ if ${_named_program_root}/sbin/rndc ${rndc_flags} stop 2>/dev/null; then
+ wait_for_pids ${rc_pid}
else
echo -n 'rndc failed, trying kill: '
- kill -TERM $rc_pid
- wait_for_pids $rc_pid
- fi
+ kill -TERM ${rc_pid}
+ wait_for_pids ${rc_pid}
+ fi
}
+named_poststop()
+{
+ if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ # if using OpenSSL from ports, unmount OpenSSL engines, if they
+ # were not mounted but only copied, do nothing.
+ if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
+ fi
+}
+
create_file()
{
if [ -e "$1" ]; then
@@ -95,7 +259,7 @@
{
find_pidfile
- if [ -n "$named_pidfile" ]; then
+ if [ -n "${named_pidfile}" ]; then
warn 'named_pidfile: now determined from the conf file'
fi
@@ -104,37 +268,61 @@
install -d -o ${named_uid} -g ${named_uid} ${piddir}
fi
- command_args="-u ${named_uid:=root} -c $named_conf $command_args"
+ command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"
-%%NATIVE_PKCS11%% if [ -z "$named_pkcs11_engine"]; then
-%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use"
-%%NATIVE_PKCS11%% elif [ ! -f $named_pkcs11_engine ]; then
-%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist"
+ if [ -z "${rndc_flags}" ]; then
+ if [ -s ${rndc_conf} ] ; then
+ rndc_flags="-c ${rndc_conf}"
+ elif [ -s ${rndc_key} ] ; then
+ rndc_flags="-k ${rndc_key}"
+ else
+ rndc_flags=""
+ fi
+ fi
+
+%%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then
+%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use"
+%%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then
+%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist"
%%NATIVE_PKCS11%% else
-%%NATIVE_PKCS11%% command_args="-E $named_pkcs11_engine $command_args"
+%%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*}
+%%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine}
+%%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}"
%%NATIVE_PKCS11%% fi
-%%NATIVE_PKCS11%%
+
local line nsip firstns
+ # Is the user using a sandbox?
+ #
+ if [ -n "${named_chrootdir}" ]; then
+ rc_flags="${rc_flags} -t ${named_chrootdir}"
+ checkyesno named_chroot_autoupdate && chroot_autoupdate
+ else
+ named_symlink_enable=NO
+ fi
+
# Create an rndc.key file for the user if none exists
#
- confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
- -c ${named_confdir}/rndc.key"
- if [ -s "${named_confdir}/rndc.conf" ]; then
+ confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \
+ -c ${_named_confdir}/rndc.key"
+ if [ -s "${_named_confdir}/rndc.conf" ]; then
unset confgen_command
fi
- if [ -s "${named_confdir}/rndc.key" ]; then
- case `stat -f%Su ${named_confdir}/rndc.key` in
- root|$named_uid) ;;
- *) $confgen_command ;;
+ if [ -s "${_named_confdir}/rndc.key" ]; then
+ case `stat -f%Su ${_named_confdir}/rndc.key` in
+ root|${named_uid}) ;;
+ *) ${confgen_command} ;;
esac
else
- $confgen_command
+ ${confgen_command}
fi
local checkconf
- checkconf="${command%/named}/named-checkconf"
+ checkconf="${_named_program_root}/sbin/named-checkconf"
+ if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then
+ checkconf="${checkconf} -t ${named_chrootdir}"
+ fi
# Create a forwarder configuration based on /etc/resolv.conf
if checkyesno named_auto_forward; then
@@ -142,11 +330,11 @@
warn "named_auto_forward enabled, but no /etc/resolv.conf"
# Empty the file in case it is included in named.conf
- [ -s "${named_confdir}/auto_forward.conf" ] &&
- create_file ${named_confdir}/auto_forward.conf
+ [ -s "${_named_confdir}/auto_forward.conf" ] &&
+ create_file ${_named_confdir}/auto_forward.conf
- $checkconf $named_conf ||
- err 3 'named-checkconf for $named_conf failed'
+ ${checkconf} ${named_conf} ||
+ err 3 'named-checkconf for ${named_conf} failed'
return
fi
@@ -156,12 +344,12 @@
echo ' forwarders {' > /var/run/auto_forward.conf
while read line; do
- case "$line" in
+ case "${line}" in
'nameserver '*|'nameserver '*)
nsip=${line##nameserver[ ]}
- if [ -z "$firstns" ]; then
- if [ ! "$nsip" = '127.0.0.1' ]; then
+ if [ -z "${firstns}" ]; then
+ if [ ! "${nsip}" = '127.0.0.1' ]; then
echo 'nameserver 127.0.0.1'
echo " ${nsip};" >> /var/run/auto_forward.conf
fi
@@ -168,13 +356,13 @@
firstns=1
else
- [ "$nsip" = '127.0.0.1' ] && continue
+ [ "${nsip}" = '127.0.0.1' ] && continue
echo " ${nsip};" >> /var/run/auto_forward.conf
fi
;;
esac
- echo $line
+ echo ${line}
done < /etc/resolv.conf > /var/run/naf-resolv.conf
echo ' };' >> /var/run/auto_forward.conf
@@ -192,22 +380,22 @@
mv /var/run/naf-resolv.conf /etc/resolv.conf
fi
- if cmp -s ${named_confdir}/auto_forward.conf \
+ if cmp -s ${_named_confdir}/auto_forward.conf \
/var/run/auto_forward.conf; then
unlink /var/run/auto_forward.conf
else
- [ -e "${named_confdir}/auto_forward.conf" ] &&
- unlink ${named_confdir}/auto_forward.conf
+ [ -e "${_named_confdir}/auto_forward.conf" ] &&
+ unlink ${_named_confdir}/auto_forward.conf
mv /var/run/auto_forward.conf \
- ${named_confdir}/auto_forward.conf
+ ${_named_confdir}/auto_forward.conf
fi
else
# Empty the file in case it is included in named.conf
- [ -s "${named_confdir}/auto_forward.conf" ] &&
- create_file ${named_confdir}/auto_forward.conf
+ [ -s "${_named_confdir}/auto_forward.conf" ] &&
+ create_file ${_named_confdir}/auto_forward.conf
fi
- $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
+ ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed"
}
run_rc_command "$1"
Modified: trunk/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in
===================================================================
--- trunk/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in 2015-11-01 00:28:42 UTC (rev 20612)
@@ -1,6 +1,6 @@
---- ./bin/tests/system/dlzexternal/Makefile.in.orig 2014-04-08 00:02:19.000000000 +0200
-+++ ./bin/tests/system/dlzexternal/Makefile.in 2014-04-10 15:49:49.000000000 +0200
-@@ -43,7 +43,7 @@
+--- bin/tests/system/dlzexternal/Makefile.in.orig 2015-09-09 02:23:40 UTC
++++ bin/tests/system/dlzexternal/Makefile.in
+@@ -43,7 +43,7 @@ OBJS = ${DLOPENOBJS}
@BIND9_MAKE_RULES@
CFLAGS = @CFLAGS@ @SO_CFLAGS@
Modified: trunk/dns/bind910/files/patch-configure
===================================================================
--- trunk/dns/bind910/files/patch-configure 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/files/patch-configure 2015-11-01 00:28:42 UTC (rev 20612)
@@ -1,10 +1,90 @@
---- ./configure.orig 2014-05-27 06:45:53.000000000 +0200
-+++ ./configure 2014-06-16 13:05:38.000000000 +0200
-@@ -13899,6 +13899,7 @@
- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \
- "-lgssapi" \
- "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
-+ "-lkrb5 -lgssapi_krb5 -lkrb5support -lk5crypto -lcom_err" \
- "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
- "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
- "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
+--- configure.orig 2015-09-09 02:23:40 UTC
++++ configure
+@@ -14100,27 +14100,9 @@ done
+ # problems start to show up.
+ saved_libs="$LIBS"
+ for TRY_LIBS in \
+- "-lgssapi_krb5" \
+- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \
+- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \
+- "-lgssapi" \
+- "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
+- "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
+- "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
+- "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
+- "-lgss -lkrb5"
++ "$($KRB5CONFIG gssapi --libs)"; \
+ do
+- # Note that this does not include $saved_libs, because
+- # on FreeBSD machines this configure script has added
+- # -L/usr/local/lib to LIBS, which can make the
+- # -lgssapi_krb5 test succeed with shared libraries even
+- # when you are trying to build with KTH in /usr/lib.
+- if test "$use_gssapi" = "/usr"
+- then
+- LIBS="$TRY_LIBS"
+- else
+- LIBS="-L$use_gssapi/lib $TRY_LIBS"
+- fi
++ LIBS="$TRY_LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
+ $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+@@ -14163,47 +14145,7 @@ $as_echo "no" >&6; } ;;
+ no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
+ esac
+
+- #
+- # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib
+- # but MIT in /usr/local/lib and trying to build with KTH.
+- # /usr/local/lib can end up earlier on the link lines.
+- # Like most kludges, this one is not only inelegant it
+- # is also likely to be the wrong thing to do at least as
+- # many times as it is the right thing. Something better
+- # needs to be done.
+- #
+- if test "$use_gssapi" = "/usr" -a \
+- -f /usr/local/lib/libkrb5.a; then
+- FIX_KTH_VS_MIT=yes
+- fi
+-
+- case "$FIX_KTH_VS_MIT" in
+- yes)
+- case "$enable_static_linking" in
+- yes) gssapi_lib_suffix=".a" ;;
+- *) gssapi_lib_suffix=".so" ;;
+- esac
+-
+- for lib in $LIBS; do
+- case $lib in
+- -L*)
+- ;;
+- -l*)
+- new_lib=`echo $lib |
+- sed -e s%^-l%$use_gssapi/lib/lib% \
+- -e s%$%$gssapi_lib_suffix%`
+- NEW_LIBS="$NEW_LIBS $new_lib"
+- ;;
+- *)
+- as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5
+- ;;
+- esac
+- done
+- LIBS="$NEW_LIBS"
+- ;;
+- esac
+-
+- DST_GSSAPI_INC="-I$use_gssapi/include"
++ DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)"
+ DNS_GSSAPI_LIBS="$LIBS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
+@@ -21451,7 +21393,7 @@ $as_echo "" >&6; }
+ # Check other locations for includes.
+ # Order is important (sigh).
+
+- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db"
++ bdb_incdirs="/db6 /db5 /db48"
+ # include a blank element first
+ for d in "" $bdb_incdirs
+ do
Modified: trunk/dns/bind910/files/pkg-message.in
===================================================================
--- trunk/dns/bind910/files/pkg-message.in 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/files/pkg-message.in 2015-11-01 00:28:42 UTC (rev 20612)
@@ -10,7 +10,13 @@
* 'rndc-confgen -a' to generate the proper conf file, with a new *
* random key, and appropriate file permissions. *
* *
+%%NOBASE%%* The %%PREFIX%%/etc/rc.d/named script will do that for you. *
%%BASE%%* The /etc/rc.d/named script in the base will do that for you. *
-%%NOBASE%%* The %%PREFIX%%/etc/rc.d/named script will do that for you. *
+%%BASE%%* *
+%%BASE%%* You will need to make sure that you have the following line *
+%%BASE%%* in your /etc/rc.conf in order to have the startup script *
+%%BASE%%* run the named version from the port: *
+%%BASE%%* *
+%%BASE%%* named_program="%%PREFIX%%/sbin/named" *
* *
**********************************************************************
Modified: trunk/dns/bind910/pkg-help
===================================================================
--- trunk/dns/bind910/pkg-help 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/pkg-help 2015-11-01 00:28:42 UTC (rev 20612)
@@ -1,3 +1,4 @@
+ NATIVE_PKCS11
When using the NATIVE_PKCS11 option, BIND will use the PKCS#11
engine specified by the named_pkcss11_engine variable in
/etc/rc.conf for *all* crypto operations.
@@ -5,19 +6,25 @@
This is primarily intended to be used in an authoritative
case.
-If BIND will also be operating as a validating resolver,
+If BIND is also operating as a validating resolver,
NATIVE_PKCS11 should not be used, because the HSM will be
-used for DNSSEC validations, and the HSM is likely to be
-slower than the CPU for this purpose. Additionally, the HSM
-might not support all of the PKCS#11 API functions needed
-for signature verification.
+used for all crypto, including DNSSEC validations, and the
+HSM is likely to be slower than the CPU for this purpose.
+Additionally, the HSM might not support all of the PKCS#11
+API functions needed for signature verification.
- GOST
-If using a chrooted instance of BIND, the OpenSSL engines
-need to be accessible from within the chroot. If BIND
-is chrooted in /var/named, this can be achieved by either
-copying content of /usr/local/lib/engines into
-/var/named/usr/local/lib/engines, or by creating that
-directory and adding this line to /etc/fstab:
+ GOST
+If using a chrooted instance of BIND on FreeBSD 8.x and 9.x,
+the OpenSSL engines MUST be accessible from within the chroot.
+If BIND is chrooted in /var/named, this can be achieved by
+either copying content of /usr/local/lib/engines into
+/var/named/usr/local/lib/engines, or by creating that directory
+and adding this line to /etc/fstab:
/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0
+
+
+ START_LATE
+Most of the time, BIND needs to start early in the boot
+process. Enable this if BIND starts too early for you and
+you need it to start later.
Modified: trunk/dns/bind910/pkg-install
===================================================================
--- trunk/dns/bind910/pkg-install 2015-11-01 00:18:43 UTC (rev 20611)
+++ trunk/dns/bind910/pkg-install 2015-11-01 00:28:42 UTC (rev 20612)
@@ -1,15 +1,21 @@
#!/bin/sh
+# ex:sw=8 sts=8
if [ "$2" = 'POST-INSTALL' ]
then
- /bin/mkdir -p /var/named${PKG_PREFIX}/etc
+ /bin/mkdir -p /var/named${PKG_PREFIX}/etc/namedb
fi
-for DIR in ${PKG_PREFIX}/etc /var/named${PKG_PREFIX}/etc; do
- for FILE in named.conf rndc.key; do
+for DIR in ${PKG_PREFIX}/etc/namedb /var/named${PKG_PREFIX}/etc/namedb; do
+ for FILE in named.conf rndc.conf rndc.key; do
if [ "$2" = 'POST-INSTALL' ]
then
- /bin/ln -sf /etc/namedb/${FILE} ${DIR}/${FILE}
+ if [ -e ${PKG_PREFIX}/etc/${FILE} ]
+ then
+ /bin/cp -a ${PKG_PREFIX}/etc/${FILE} ${DIR}/${FILE}
+ else
+ /bin/ln -sf /etc/namedb/${FILE} ${DIR}/${FILE}
+ fi
fi
if [ "$2" = 'POST-DEINSTALL' ]
then
@@ -20,7 +26,7 @@
if [ "$2" = 'POST-DEINSTALL' ]
then
- cd /var/named && /bin/rmdir -p ./${PKG_PREFIX}/etc > /dev/null 2>&1 || :
+ cd /var/named && /bin/rmdir -p ./${PKG_PREFIX}/etc/namedb > /dev/null 2>&1 || :
fi
exit 0
More information about the Midnightbsd-cvs
mailing list