diff options
author | Aaron Bauman <bman@gentoo.org> | 2020-09-29 09:50:29 -0400 |
---|---|---|
committer | Aaron Bauman <bman@gentoo.org> | 2020-09-29 09:50:40 -0400 |
commit | 81a7a6283ad967bb6610b45ea347a3ff8b43d178 (patch) | |
tree | 1ec3832cda025ffeb2c34b4fba84691489936d02 /net-dns/opendnssec | |
parent | media-video/subtitlecomposer: Update HOMEPAGE (diff) | |
download | gentoo-81a7a6283ad967bb6610b45ea347a3ff8b43d178.tar.gz gentoo-81a7a6283ad967bb6610b45ea347a3ff8b43d178.tar.bz2 gentoo-81a7a6283ad967bb6610b45ea347a3ff8b43d178.zip |
Revert "net-dns/opendnssec: remove unused patches"
This reverts commit ac80ac59b84559e6217bb4047e65918313887d00.
* I dropped LTS releases. Let's restore them
Signed-off-by: Aaron Bauman <bman@gentoo.org>
Diffstat (limited to 'net-dns/opendnssec')
8 files changed, 298 insertions, 0 deletions
diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch new file mode 100644 index 000000000000..7c9f72355d20 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch @@ -0,0 +1,43 @@ +Index: conf/conf.xml.in +=================================================================== +--- conf/conf.xml.in (revision 3022) ++++ conf/conf.xml.in (working copy) +@@ -38,12 +38,10 @@ + </Common> + + <Enforcer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore> + <Interval>PT3600S</Interval> +@@ -56,12 +54,10 @@ + </Enforcer> + + <Signer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> + <WorkerThreads>8</WorkerThreads> +@@ -80,12 +76,10 @@ + </Signer> + + <Auditor> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> + </Auditor> diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch new file mode 100644 index 000000000000..39678408264a --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch @@ -0,0 +1,21 @@ +diff -urN opendnssec-1.3.0rc3.old/conf/Makefile.am opendnssec-1.3.0rc3/conf/Makefile.am +--- opendnssec-1.3.0rc3.old/conf/Makefile.am 2011-07-01 21:15:25.000000000 +0200 ++++ opendnssec-1.3.0rc3/conf/Makefile.am 2011-07-01 21:17:00.000000000 +0200 +@@ -7,7 +7,7 @@ + XML = conf.xml kasp.xml zonelist.xml signconf.xml zonefetch.xml + XSL= kasp2html.xsl + +-TRANG= $(srcdir)/trang/trang.jar ++TRANG= /usr/bin/trang + + sysconfdir = @sysconfdir@/opendnssec + datadir = @datadir@/opendnssec +@@ -25,7 +25,7 @@ + .rnc.rng: + @test -x "${JAVA}" || \ + (echo "java is required for converting RelaxNG Compact to RelaxNG"; false) +- ${JAVA} -jar ${TRANG} $< $@ ++ ${TRANG} $< $@ + + regress: $(RNG) + @test -x "${XMLLINT}" || \ diff --git a/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch b/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch new file mode 100644 index 000000000000..a0676dd091be --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch @@ -0,0 +1,12 @@ +diff -urN opendnssec-1.3.18.orig/plugins/eppclient/src/epp.c opendnssec-1.3.18/plugins/eppclient/src/epp.c +--- opendnssec-1.3.18.orig/plugins/eppclient/src/epp.c 2014-07-21 11:16:10.000000000 +0200 ++++ opendnssec-1.3.18/plugins/eppclient/src/epp.c 2016-03-23 22:25:18.679354984 +0100 +@@ -390,7 +390,7 @@ + curl_easy_setopt(curl, CURLOPT_URL, url); + curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); +- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L); ++ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); + curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL); + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curlerr); + curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L); diff --git a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch new file mode 100644 index 000000000000..c1972bbc3d1b --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch @@ -0,0 +1,28 @@ +--- conf/conf.xml.in.orig 2013-05-12 22:36:47.530988182 +0200 ++++ conf/conf.xml.in 2013-05-12 22:37:56.459817918 +0200 +@@ -38,12 +38,10 @@ + </Common> + + <Enforcer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + <!-- NOTE: Enforcer worker threads are not used; this option is ignored --> + <!-- + <WorkerThreads>4</WorkerThreads> +@@ -60,12 +58,10 @@ + </Enforcer> + + <Signer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> + <WorkerThreads>4</WorkerThreads> diff --git a/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch new file mode 100644 index 000000000000..3958c6c70ccf --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch @@ -0,0 +1,32 @@ +diff -urN opendnssec-1.3.0rc2.old/Makefile.am opendnssec-1.3.0rc2/Makefile.am +--- opendnssec-1.3.0rc2.old/Makefile.am 2011-06-02 13:48:56.000000000 +0200 ++++ opendnssec-1.3.0rc2/Makefile.am 2011-06-02 13:49:19.000000000 +0200 +@@ -31,11 +31,11 @@ + + install-data-hook: + $(INSTALL) -d $(DESTDIR)$(localstatedir) +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/tmp +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signconf +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/unsigned +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signed ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/tmp ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed + $(INSTALL) -d $(DESTDIR)$(localstatedir)/run + $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec + +diff -urN opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 opendnssec-1.3.0rc2/m4/opendnssec_common.m4 +--- opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 2011-06-02 13:48:56.000000000 +0200 ++++ opendnssec-1.3.0rc2/m4/opendnssec_common.m4 2011-06-02 13:49:36.000000000 +0200 +@@ -18,7 +18,7 @@ + OPENDNSSEC_LIBEXEC_DIR=$full_libexecdir/opendnssec + OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec + OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec +-OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/opendnssec" ++OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec" + OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec" + + AC_SUBST([OPENDNSSEC_BIN_DIR]) diff --git a/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch new file mode 100644 index 000000000000..fe5b504344cf --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch @@ -0,0 +1,26 @@ +diff -ur opendnssec-1.3.12.orig/m4/opendnssec_common.m4 opendnssec-1.3.12/m4/opendnssec_common.m4 +--- opendnssec-1.3.12.orig/m4/opendnssec_common.m4 2013-01-31 13:46:01.122201232 +0100 ++++ opendnssec-1.3.12/m4/opendnssec_common.m4 2013-01-31 13:54:47.648861211 +0100 +@@ -19,7 +19,7 @@ + OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec + OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec + OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec" +-OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec" ++OPENDNSSEC_PID_DIR="${destdir}/run/opendnssec" + + AC_SUBST([OPENDNSSEC_BIN_DIR]) + AC_SUBST([OPENDNSSEC_SBIN_DIR]) +diff -ur opendnssec-1.3.12.orig/Makefile.am opendnssec-1.3.12/Makefile.am +--- opendnssec-1.3.12.orig/Makefile.am 2013-01-31 13:46:01.122201232 +0100 ++++ opendnssec-1.3.12/Makefile.am 2013-01-31 13:47:08.569951675 +0100 +@@ -37,8 +37,8 @@ + $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf + $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned + $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec ++ ++ + + docs: + (cd libhsm; $(MAKE) doxygen) diff --git a/net-dns/opendnssec/files/opendnssec.confd-1.3.x b/net-dns/opendnssec/files/opendnssec.confd-1.3.x new file mode 100644 index 000000000000..63121af7f0ca --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec.confd-1.3.x @@ -0,0 +1,13 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Variables containing default binaries used in the opendnssec +# initscript. You can alter them to another applications/paths +# if required. + +CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck +CONTROL_BIN=/usr/sbin/ods-control +ENFORCER_BIN=/usr/sbin/ods-enforcerd +SIGNER_BIN=/usr/sbin/ods-signerd +EPPCLIENT_BIN=/usr/sbin/eppclientd +EPPCLIENT_PIDFILE=/run/opendnssec/eppclientd.pid diff --git a/net-dns/opendnssec/files/opendnssec.initd-1.3.x b/net-dns/opendnssec/files/opendnssec.initd-1.3.x new file mode 100644 index 000000000000..9f4adbd184a9 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec.initd-1.3.x @@ -0,0 +1,123 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="An open-source turn-key solution for DNSSEC" + +depend() { + use logger +} + +checkconfig() { + if [ -z "${CHECKCONFIG_BIN}" ]; then + # no config checker configured, skip config check + return 0 + fi + if [ -x "${CHECKCONFIG_BIN}" ]; then + output=$(${CHECKCONFIG_BIN} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates") + if [ -n "$output" ]; then + echo $output + fi + + errors=$(echo $output | grep ERROR | wc -l) + if [ $errors -gt 0 ]; then + ewarn "$errors error(s) found in OpenDNSSEC configuration." + fi + return $errors + fi + eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}" + # can't validate config, just die + return 1 +} + +start_enforcer() { + if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then + ebegin "Starting OpenDNSSEC Enforcer" + ${CONTROL_BIN} enforcer start > /dev/null + eend $? + else + if [ -n "${ENFORCER_BIN}" ]; then + eerror "OpenDNSSEC Enforcer binary not executable" + return 1 + fi + einfo "OpenDNSSEC Enforcer not used." + fi +} + +stop_enforcer() { + if [ -x "${ENFORCER_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Enforcer" + ${CONTROL_BIN} enforcer stop > /dev/null + eend $? + fi +} + +start_signer() { + if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then + ebegin "Starting OpenDNSSEC Signer" + ${CONTROL_BIN} signer start > /dev/null 2>&1 + eend $? + else + if [ -n "${SIGNER_BIN}" ]; then + eerror "OpenDNSSEC Signer binary not executable" + return 1 + fi + einfo "OpenDNSSEC Signer not used." + fi +} + +stop_signer() { + if [ -x "${SIGNER_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Signer" + ${CONTROL_BIN} signer stop > /dev/null 2>&1 + eend $? + fi +} + +start_eppclient() { + if [ -n "${EPPCLIENT_BIN}" ] && [ -x "${EPPCLIENT_BIN}" ]; then + ebegin "Starting OpenDNSSEC Eppclient" + start-stop-daemon \ + --start \ + --user opendnssec --group opendnssec \ + --exec "${EPPCLIENT_BIN}" \ + --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null + eend $? + else + # eppclient is ofptional so if we use the default binary and it + # is not used we won't die + if [ -n "${EPPCLIENT_BIN}" ] && \ + [ "${EPPCLIENT_BIN}" != "/usr/sbin/eppclientd" ]; then + eerror "OpenDNSSEC Eppclient binary not executable" + return 1 + fi + einfo "OpenDNSSEC Eppclient not used." + fi +} + +stop_eppclient() { + if [ -x "${EPPCLIENT_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Eppclient" + start-stop-daemon \ + --stop \ + --exec "${EPPCLIENT_BIN}" \ + --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null + eend $? + fi +} + +start() { + checkconfig || return $? + test -d /run/opendnssec || mkdir -p /run/opendnssec + chown opendnssec:opendnssec /run/opendnssec + start_enforcer || return $? + start_signer || return $? + start_eppclient || return $? +} + +stop() { + stop_eppclient + stop_signer + stop_enforcer + sleep 5 +} |