diff options
author | Tom Hendrikx (whyscream) <tom@whyscream.net> | 2011-06-02 13:58:26 +0000 |
---|---|---|
committer | Tom Hendrikx (whyscream) <tom@whyscream.net> | 2011-06-02 13:58:26 +0000 |
commit | 35ae6d55c78043cc114f90b757c65e585e4c83f1 (patch) | |
tree | 5ef5369f08004f9fb098a6c6612eba0dc0dad6b4 /net-dns | |
parent | dev-ruby/ dnsruby: dnsruby moved to main portage tree, resolves bug 303803 (diff) | |
download | sunrise-reviewed-35ae6d55c78043cc114f90b757c65e585e4c83f1.tar.gz sunrise-reviewed-35ae6d55c78043cc114f90b757c65e585e4c83f1.tar.bz2 sunrise-reviewed-35ae6d55c78043cc114f90b757c65e585e4c83f1.zip |
net-dns/ opendnssec: opendnssec moved to main portage tree, resolves bug 304733
svn path=/sunrise/; revision=12128
Diffstat (limited to 'net-dns')
-rw-r--r-- | net-dns/opendnssec/ChangeLog | 36 | ||||
-rw-r--r-- | net-dns/opendnssec/Manifest | 6 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-drop-privileges.patch | 43 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec.initd | 98 | ||||
-rw-r--r-- | net-dns/opendnssec/metadata.xml | 14 | ||||
-rw-r--r-- | net-dns/opendnssec/opendnssec-1.2.1.ebuild | 170 |
6 files changed, 0 insertions, 367 deletions
diff --git a/net-dns/opendnssec/ChangeLog b/net-dns/opendnssec/ChangeLog deleted file mode 100644 index 37478cbbf..000000000 --- a/net-dns/opendnssec/ChangeLog +++ /dev/null @@ -1,36 +0,0 @@ -# ChangeLog for net-dns/opendnssec -# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: $ - - 26 Mar 2011; Tom Hendrikx (whyscream) <tom@whyscream.net> - -opendnssec-1.2.0.ebuild, +opendnssec-1.2.1.ebuild: - version bump - - 26 Jan 2011; Tom Hendrikx (whyscream) <tom@whyscream.net> - -opendnssec-1.1.3.ebuild, +opendnssec-1.2.0.ebuild, - files/opendnssec.initd, metadata.xml: - version bump - - 15 Oct 2010; Tom Hendrikx (whyscream) <tom@whyscream.net> - files/opendnssec.initd: - minor change to initd file - - 10 Sep 2010; Tom Hendrikx (whyscream) <tom@whyscream.net> - -opendnssec-1.1.1.ebuild, -files/opendnssec-1.1.1-drop-privileges.patch, - +opendnssec-1.1.3.ebuild, +files/opendnssec-drop-privileges.patch: - version bump to 1.1.3 (despite the package.mask w.r.t. dev-python/4suite - dependency still releasing new version) - - 15 Jul 2010; Tom Hendrikx (whyscream) <tom@whyscream.net> - -opendnssec-1.1.0.ebuild, -files/opendnssec-1.1.0-drop-privileges.patch, - +opendnssec-1.1.1.ebuild, +files/opendnssec-1.1.1-drop-privileges.patch: - version bump - - 28 May 2010; Justin Lecher <jlec@gentoo.org> metadata.xml: - Synced metadata.xml w/ sunrise's skel.metadata.xml - - 27 May 2010; Tom Hendrikx (whyscream) <tom@whyscream.net> - +opendnssec-1.1.0.ebuild, +files/opendnssec-1.1.0-drop-privileges.patch, - +files/opendnssec.initd, +metadata.xml: - Initial import of opendnssec for sunrise, for bug 304733 - diff --git a/net-dns/opendnssec/Manifest b/net-dns/opendnssec/Manifest deleted file mode 100644 index e72136137..000000000 --- a/net-dns/opendnssec/Manifest +++ /dev/null @@ -1,6 +0,0 @@ -AUX opendnssec-drop-privileges.patch 906 RMD160 c7e5f09d08c7431fbe0d5496e980f1468de5185a SHA1 875529fd365e9168f4a34334c884e01b670974d3 SHA256 faecb049748efab2652b890020106748039dbe7022d943393ac50b71b429b340 -AUX opendnssec.initd 2110 RMD160 81362fd5e399e90e4b61ccb85d0d22b619db7c18 SHA1 776ff0b5495b6570088dd9aff6e66f816c7432fe SHA256 dca460b1732917695543ece1dd7ce5c1e6547e259d2c4119967621dbef26aa6c -DIST opendnssec-1.2.1.tar.gz 1649465 RMD160 5cc50ee68bf4e531b400f70a0a07cbe6d2047b43 SHA1 e9fd9a4e33dc6d02f08ebf7454183fb53b4818a2 SHA256 3463edd1bed103d7fa68493b3008259da0c950d8f1e45d4b90ab0e1106d29502 -EBUILD opendnssec-1.2.1.ebuild 6152 RMD160 3daade9d9ab6cd93246b17eb77724761ffb58557 SHA1 7d56069af104c28042a7073a61ba385ad909bd4e SHA256 942b00d6191aac75e28140388213ab2b89deab5c29fada1f1aa84333c5865f49 -MISC ChangeLog 1435 RMD160 f22af5d0a2ed0ce53dad403ac8fd4deda8c35442 SHA1 184616136ecd484265f2783ff1083c60c850af46 SHA256 d38f4598b82f2384c6d628a68d4c85d1578ed7096ad3c046dbe0bdb90aa4a594 -MISC metadata.xml 909 RMD160 ce76bb8d238ade156005656c28924ab215d5e473 SHA1 58de6a2400597a2972071e49cc56d4c39efef919 SHA256 a39476165120bc973f2c918d0ec2ed92dd1297823aa64a1142e6b256643903bc diff --git a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch deleted file mode 100644 index 7c9f72355..000000000 --- a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch +++ /dev/null @@ -1,43 +0,0 @@ -Index: conf/conf.xml.in -=================================================================== ---- conf/conf.xml.in (revision 3022) -+++ conf/conf.xml.in (working copy) -@@ -38,12 +38,10 @@ - </Common> - - <Enforcer> --<!-- - <Privileges> - <User>opendnssec</User> - <Group>opendnssec</Group> - </Privileges> ----> - - <Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore> - <Interval>PT3600S</Interval> -@@ -56,12 +54,10 @@ - </Enforcer> - - <Signer> --<!-- - <Privileges> - <User>opendnssec</User> - <Group>opendnssec</Group> - </Privileges> ----> - - <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> - <WorkerThreads>8</WorkerThreads> -@@ -80,12 +76,10 @@ - </Signer> - - <Auditor> --<!-- - <Privileges> - <User>opendnssec</User> - <Group>opendnssec</Group> - </Privileges> ----> - - <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> - </Auditor> diff --git a/net-dns/opendnssec/files/opendnssec.initd b/net-dns/opendnssec/files/opendnssec.initd deleted file mode 100644 index ff9461773..000000000 --- a/net-dns/opendnssec/files/opendnssec.initd +++ /dev/null @@ -1,98 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -# for openrc -description="An open-source turn-key solution for DNSSEC" - -checkconf_bin=/usr/bin/ods-kaspcheck -control_bin=/usr/sbin/ods-control -enforcer_bin=/usr/sbin/ods-enforcerd -eppclient_bin=/usr/sbin/eppclientd -eppclient_pidfile=/var/lib/run/opendnssec/eppclientd.pid -signer_bin=/usr/sbin/ods-signerd - -depend() { - need net - use logger -} - -checkconfig() { - if [ -x "${checkconf_bin}" ]; then - output=$(${checkconf_bin} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates") - if [ -n "$output" ]; then - echo $output - fi - - errors=$(echo $output | grep ERROR | wc -l) - if [ $errors -gt 0 ]; then - ewarn "$errors error(s) found in OpenDNSSEC configuration." - fi - return $errors - fi - return -} - - -start_enforcer() { - if [ -x "${enforcer_bin}" ]; then - ebegin "Starting OpenDNSSEC Enforcer" - ${control_bin} enforcer start > /dev/null - eend $? - fi -} - -stop_enforcer() { - if [ -x "${enforcer_bin}" ]; then - ebegin "Stopping OpenDNSSEC Enforcer" - ${control_bin} enforcer stop > /dev/null - eend $? - fi -} - -start_signer() { - if [ -x "${signer_bin}" ]; then - ebegin "Starting OpenDNSSEC Signer" - ${control_bin} signer start > /dev/null 2>&1 - eend $? - fi -} - -stop_signer() { - if [ -x "${signer_bin}" ]; then - ebegin "Stopping OpenDNSSEC Signer" - ${control_bin} signer stop > /dev/null 2>&1 - eend $? - fi -} - -start_eppclient() { - if [ -x "${eppclient_bin}" ]; then - ebegin "Starting OpenDNSSEC Eppclient" - start-stop-daemon --start --user opendnssec --group opendnssec --exec "${eppclient_bin}" --pidfile "${eppclient_pidfile}" > /dev/null - eend $? - fi -} - -stop_eppclient() { - if [ -x "${eppclient_bin}" ]; then - ebegin "Stopping OpenDNSSEC Eppclient" - start-stop-daemon --stop --exec "${eppclient_bin}" --pidfile "${eppclient_pidfile}" > /dev/null - eend $? - fi -} - -start() { - checkconfig || return $? - start_enforcer || return $? - start_signer || return $? - start_eppclient || return $? -} - -stop() { - stop_eppclient - stop_signer - stop_enforcer - sleep 1 -} diff --git a/net-dns/opendnssec/metadata.xml b/net-dns/opendnssec/metadata.xml deleted file mode 100644 index 690caa9b4..000000000 --- a/net-dns/opendnssec/metadata.xml +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<herd>no-herd</herd> -<maintainer><email>maintainer-wanted@gentoo.org</email></maintainer> -<use> - <flag name='auditor'>Enables auditing capabilities for OpenDNSSEC</flag> - <flag name='eppclient'>Enables support for automatic submission of DNSSEC keys to an upstream epp server</flag> - <flag name='external-hsm'>Enables support for storing DNSSEC keys through an arbitrary non-portage PKCS#11 interface, specified through an environment variable</flag> - <flag name='opensc'>Enables support for storing DNSSEC keys through a <pkg>dev-libs/opensc</pkg> PKCS#11 interface</flag> - <flag name='signer'>Enables signing capabilities for OpenDNSSEC</flag> - <flag name='softhsm'>Enables support for storing DNSSEC keys in a <pkg>dev-libs/softhsm</pkg> PKCS#11 object</flag> -</use> -</pkgmetadata> diff --git a/net-dns/opendnssec/opendnssec-1.2.1.ebuild b/net-dns/opendnssec/opendnssec-1.2.1.ebuild deleted file mode 100644 index ca2d1dd8f..000000000 --- a/net-dns/opendnssec/opendnssec-1.2.1.ebuild +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -EAPI=2 - -inherit confutils eutils multilib - -DESCRIPTION="An open-source turn-key solution for DNSSEC" -HOMEPAGE="http://www.opendnssec.org/" -SRC_URI="http://www.opendnssec.org/files/source/${P}.tar.gz" -LICENSE="BSD" - -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+auditor debug eppclient external-hsm mysql opensc +signer softhsm sqlite" -# Test suite needs a preconfigured sqlite/mysql database, and a cunit with curses support -RESTRICT="test" - -DEPEND="dev-libs/libxml2 - >=net-libs/ldns-1.6.9 - auditor? ( dev-lang/ruby[ssl] >=dev-ruby/dnsruby-1.52 ) - eppclient? ( net-misc/curl dev-db/sqlite:3 ) - mysql? ( >=virtual/mysql-5.0 ) - opensc? ( dev-libs/opensc ) - softhsm? ( dev-libs/softhsm ) - sqlite? ( dev-db/sqlite:3 )" -RDEPEND="${DEPEND}" - -PKCS11_LIB="" -PKCS11_PATH="" - -check_pkcs11_setup() { - # PKCS#11 HSM's are often only available with proprietary drivers not available in portage. - # The following setup routine allows to build against these drivers. - - if use softhsm; then - PKCS11_LIB=softhsm - PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so - einfo "Building with SoftHSM PKCS#11 library support." - - elif use opensc; then - PKCS11_LIB=opensc - PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so - einfo "Building with OpenSC PKCS#11 library support." - - elif use external-hsm; then - # Use an arbitrary non-portage PKCS#11 library, set by an environment variable - if [ -n "$PKCS11_SOFTHSM" ]; then - # This is for testing, since it's the only actual library I have. Set USE=softhsm instead. - PKCS11_LIB=softhsm - PKCS11_PATH="$PKCS11_SOFTHSM" - - elif [ -n "$PKCS11_SCA6000" ]; then - PKCS11_LIB=sca6000 - PKCS11_PATH="$PKCS11_SCA6000" - - elif [ -n "$PKCS11_ETOKEN" ]; then - PKCS11_LIB=etoken - PKCS11_PATH="$PKCS11_ETOKEN" - - elif [ -n "$PKCS11_NCIPHER" ]; then - PKCS11_LIB=ncipher - PKCS11_PATH="$PKCS11_NCIPHER" - - elif [ -n "$PKCS11_AEPKEYPER" ]; then - PKCS11_LIB=aepkeyper - PKCS11_PATH="$PKCS11_AEPKEYPER" - - else - ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11" - ewarn "library. To set a path, set one of the following environment variables:" - ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>" - ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>" - ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>" - ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>" - ewarn "Example:" - ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec" - ewarn "Note: For SoftHSM or OpenSC support, just enable the appropriate USE flag." - die "USE flag 'external-hsm' set but no PKCS#11 library path specified." - fi - - elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" - else - # Should never happen because of 'confutils_require_one softhsm opensc external-hsm' - die "No PKCS#11 library specified through USE flags." - fi -} - -pkg_setup() { - use eppclient && ewarn "Use of eppclient is still experimental" - use mysql && ewarn "Use of mysql is still experimental" - - confutils_require_one mysql sqlite - confutils_require_one softhsm opensc external-hsm - - check_pkcs11_setup - - enewgroup opendnssec - enewuser opendnssec -1 -1 -1 opendnssec -} - -src_prepare() { - # Patch removes xml comments from config file to enable privilege dropping by default - epatch "${FILESDIR}/${PN}-drop-privileges.patch" -} - -src_configure() { - # Values set by check_pkcs11_setup - local myconf="--with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH}" - - use mysql && myconf="$myconf --with-database-backend=mysql" - use sqlite && myconf="$myconf --with-database-backend=sqlite3" - - econf $myconf \ - $(use_enable auditor) \ - $(use_enable debug timeshift) \ - $(use_enable eppclient) \ - $(use_enable signer) -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - newinitd "${FILESDIR}"/opendnssec.initd opendnssec || die "newinitd failed" - dodoc KNOWN_ISSUES NEWS README || die "dodoc failed" - - # Remove subversion tags from config files to avoid useless config updates - sed -i -e 's/<!-- \$Id:.* \$ -->//g' "${D}"etc/opendnssec/* || die "sed failed for files in /etc/opendnssec" - - # add upgrade script - insinto /usr/share/opendnssec - if use sqlite; then - doins enforcer/utils/migrate_keyshare_sqlite3.pl || die "doins failed for migrate_keyshare_sqlite3.pl" - elif mysql; then - doins enforcer/utils/migrate_keyshare_mysql.pl || die "doins failed for migrate_keyshare_mysql.pl" - fi - - # Set ownership of config files - fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml || die "fowners failed for files in /etc/opendnssec" - if use eppclient; then - fowners root:opendnssec /etc/opendnssec/eppclientd.conf || die "fowners failed for /etc/opendnssec/eppclientd.conf" - fi - - # Set ownership of working directories - fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,signed,tmp} || die "fowners failed for dirs in /var/lib/opendnssec" - fowners opendnssec:opendnssec /var/lib/run/opendnssec || die "fowners failed for /var/lib/run/opendnssec" -} - -pkg_postinst() { - elog "If you are upgrading from a pre-1.2.0 install, you'll need to update your" - elog "key (KASP) database. Please run the following command to do so:" - if use sqlite; then - elog " perl /usr/share/opendnssec/migrate_keyshare_sqlite3.pl -d /var/lib/opendnssec/kasp.db" - elog "You'll need to emerge 'dev-perl/DBD-SQLite' if it is not installed yet." - elif use mysql; then - elog " perl /usr/share/opendnssec/migrate_keyshare_mysql.pl -d <database> -u <username> -p <password>" - elog "You'll need to emerge 'dev-perl/DBD-mysql' if it is not installed yet." - fi - elog "" - - if use softhsm; then - elog "Please make sure that you create your softhsm database in a location writeable" - elog "by the opendnssec user. You can set its location in /etc/softhsm.conf." - elog "Suggested configuration is:" - elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf" - elog " softhsm --init-token --slot 0 --label OpenDNSSEC" - elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db" - fi -} |