summaryrefslogtreecommitdiff
blob: f5a5afde9b70dcca8fb2102571502bd9d61eaa3e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8
inherit flag-o-matic readme.gentoo-r1 toolchain-funcs

DESCRIPTION="Collection of DNS client/server software"
HOMEPAGE="https://cr.yp.to/djbdns.html"
IPV6_PATCH="test32"

SRC_URI="https://cr.yp.to/djbdns/${P}.tar.gz
	https://smarden.org/pape/djb/manpages/${P}-man.tar.gz
	ipv6? ( https://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )"

LICENSE="public-domain"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
IUSE="ipv6 selinux"

RDEPEND="
	acct-user/dnscache
	acct-user/dnslog
	acct-user/tinydns
	sys-apps/ucspi-tcp
	virtual/daemontools
	selinux? ( sec-policy/selinux-djbdns )"

src_unpack() {
	# Unpack both djbdns and its man pages to separate directories.
	default

	# Now move the man pages under ${S} so that user patches can be
	# applied to them as well in src_prepare().
	mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
}

PATCHES=(
	"${FILESDIR}/dnsroots.patch"
	"${FILESDIR}/dnstracesort.patch"
	"${FILESDIR}/string_length_255.patch"
	"${FILESDIR}/srv_record_support.patch"
	"${FILESDIR}/increase-cname-recustion-depth.patch"
	"${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
	"${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch"
	"${FILESDIR}/AR-and-RANLIB-support.patch"
	"${FILESDIR}/tinydns-softlimit.patch"
	"${FILESDIR}/${PN}-dnscache-configurable-truncate-manpages.patch"
)

src_prepare() {
	if use ipv6; then
		PATCHES=(${PATCHES[@]}
			# The big ipv6 patch.
			"${WORKDIR}/${P}-${IPV6_PATCH}.diff"
			# Fix CVE2008-4392 (ipv6)
			"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test32.patch"
			"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch"
			"${FILESDIR}/${PN}-dnscache-configurable-truncate-size-v6.patch"
			"${FILESDIR}/${PN}-udp-overflow-response-buffer-truncate-v6.patch"
		)
	else
		PATCHES=(${PATCHES[@]}
			"${FILESDIR}/implicit-declarations-nov6.patch"
			# Fix CVE2008-4392 (no ipv6)
			"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch"
			"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
			# Later versions of the ipv6 patch include this
			"${FILESDIR}/${PV}-errno-r1.patch"
			"${FILESDIR}/${PN}-dnscache-configurable-truncate-size-nov6.patch"
			"${FILESDIR}/${PN}-udp-overflow-response-buffer-truncate-nov6.patch"
		)
	fi

	default

	# Change "head -X" to the posix-compatible "head -nX" within the
	# Makefile. We do this with sed instead of a patch because the ipv6
	# patch uses some of the surrounding lines; we'd need two versions
	# of the patch.
	sed -i Makefile \
		-e 's/head[[:space:]]\{1,\}\-\([0-9]\{1,\}\)/head -n\1/g' \
		|| die 'failed to sed head in the Makefile'
}

src_compile() {
	# Bug 927539. This is beyond our ability to realistically fix due
	# to patch conflicts.
	append-cflags $(test-flags-CC -Wno-error=incompatible-pointer-types)

	echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
	echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
	echo "/usr" > conf-home || die
	emake AR=$(tc-getAR) RANLIB=$(tc-getRANLIB)
}

src_install() {
	insinto /etc
	doins dnsroots.global

	into /usr
	dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
		*-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
		dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort

	if use ipv6; then
		dobin dnsip6 dnsip6q
	fi

	dodoc CHANGES README

	doman man/*.[158]

	readme.gentoo_create_doc
}

DISABLE_AUTOFORMATTING=1
DOC_CONTENTS='
To configure djbdns, please follow the instructions at,

	http://cr.yp.to/djbdns.html

Of particular interest are,

	axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
	dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
	tinydns : http://cr.yp.to/djbdns/run-server.html

Portage has created users for axfrdns, dnscache, and tinydns; the
commands to configure these programs are,

	1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
	2. dnscache-conf dnscache dnslog /var/dnscache $ip
	3. tinydns-conf tinydns dnslog /var/tinydns $ip

(replace $ip with the ip address on which the server will run).

If you wish to configure rbldns or walldns, you will need to create
those users yourself (although you should still use the "dnslog"
user for the logs):

	4. rbldns-conf $username dnslog /var/rbldns $ip $base
	5. walldns-conf $username dnslog /var/walldns $ip
'