net-dns/bind/bind-9.7.5.ebuild

# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.4_p1.ebuild,v 1.8 2011/12/22 22:33:28 halcy0n Exp $

# Re dlz/mysql and threads, needs to be verified..
# MySQL uses thread local storage in its C api. Thus MySQL
# requires that each thread of an application execute a MySQL
# thread initialization to setup the thread local storage.
# This is impossible to do safely while staying within the DLZ
# driver API. This is a limitation caused by MySQL, and not the DLZ API.
# Because of this BIND MUST only run with a single thread when
# using the MySQL driver.

EAPI="4"

inherit eutils autotools toolchain-funcs flag-o-matic db-use

MY_PV="${PV/_p/-P}"
MY_P="${PN}-${MY_PV}"

SDB_LDAP_VER="1.1.0-fc14"

GEOIP_PV=1.3
GEOIP_PV_AGAINST="9.7.2-P2"
GEOIP_P="bind-geoip-${GEOIP_PV}-${GEOIP_PV_AGAINST}"
GEOIP_PATCH_A="${GEOIP_P}.patch"
GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"

DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
HOMEPAGE="http://www.isc.org/software/bind"
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
        doc? ( mirror://gentoo/dyndns-samples.tbz2 )
        geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
                         ${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
        sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )"

LICENSE="as-is"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="berkdb caps dlz doc geoip gssapi idn ipv6 ldap mysql odbc pkcs11
postgres sdb-ldap selinux ssl static-libs threads urandom xml"

REQUIRED_USE="postgres? ( dlz )
        berkdb? ( dlz )
        mysql? ( dlz !threads )
        odbc? ( dlz )
        ldap? ( dlz )
        sdb-ldap? ( dlz )
        threads? ( caps )"

DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
        mysql? ( >=virtual/mysql-4.0 )
        odbc? ( >=dev-db/unixODBC-2.2.6 )
        ldap? ( net-nds/openldap )
        idn? ( net-dns/idnkit )
        postgres? ( dev-db/postgresql-base )
        caps? ( >=sys-libs/libcap-2.1.0 )
        xml? ( dev-libs/libxml2 )
        geoip? ( >=dev-libs/geoip-1.4.6 )
        gssapi? ( virtual/krb5 )
        sdb-ldap? ( net-nds/openldap )"

RDEPEND="${DEPEND}
        selinux? ( sec-policy/selinux-bind )
        || ( sys-process/psmisc sys-process/fuser-bsd )"

S="${WORKDIR}/${MY_P}"

pkg_setup() {
        ebegin "Creating named group and user"
        enewgroup named 40
        enewuser named 40 -1 /etc/bind named
        eend ${?}
}

src_prepare() {
        # Adjusting PATHs in manpages
        for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
                sed -i \
                        -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
                        -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
                        -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
                        "${i}" || die "sed failed, ${i} doesn't exist"
        done

        if use dlz; then
                # bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
                # (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
                if use mysql && has_version ">=dev-db/mysql-5"; then
                        epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
                fi

                if use odbc; then
                        epatch "${FILESDIR}/bind-9.7.3-odbc-dlz-detect.patch"
                fi

                # sdb-ldap patch as per  bug #160567
                # Upstream URL: http://bind9-ldap.bayour.com/
                # New patch take from bug 302735
                if use sdb-ldap; then
                        epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
                        cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
                        cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
                        cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
                fi
        fi

        # should be installed by bind-tools
        sed -i -r -e "s:(nsupdate|dig) ::g" bin/Makefile.in || die

        if use geoip; then
                cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" || die
                sed -i -e 's:^ RELEASETYPE=-P: RELEASETYPE=:' \
                        -e 's:RELEASEVER=2:RELEASEVER=:' \
                        ${GEOIP_PATCH_A} || die
                epatch ${GEOIP_PATCH_A}
        fi

        # bug #220361
        rm {aclocal,libtool}.m4
        eautoreconf
}

src_configure() {
        local myconf=""

        if use urandom; then
                myconf="${myconf} --with-randomdev=/dev/urandom"
        else
                myconf="${myconf} --with-randomdev=/dev/random"
        fi

        use geoip && myconf="${myconf} --with-geoip"

        # bug #158664
#       gcc-specs-ssp && replace-flags -O[23s] -O

        # To include db.h from proper path
        use berkdb && append-flags "-I$(db_includedir)"

        export BUILD_CC=$(tc-getBUILD_CC)
        econf \
                --sysconfdir=/etc/bind \
                --localstatedir=/var \
                --with-libtool \
                $(use_enable threads) \
                $(use_with dlz dlz-filesystem) \
                $(use_with dlz dlz-stub) \
                $(use_with postgres dlz-postgres) \
                $(use_with mysql dlz-mysql) \
                $(use_with berkdb dlz-bdb) \
                $(use_with ldap dlz-ldap) \
                $(use_with odbc dlz-odbc) \
                $(use_with ssl openssl) \
                $(use_with idn) \
                $(use_enable ipv6) \
                $(use_with xml libxml2) \
                $(use_with gssapi) \
                $(use_with pkcs11) \
                $(use_enable caps linux-caps) \
                ${myconf}

        # bug #151839
        echo '#undef SO_BSDCOMPAT' >> config.h
}

src_install() {
        emake DESTDIR="${D}" install

        dodoc CHANGES FAQ README

        if use idn; then
                dodoc contrib/idn/README.idnkit
        fi

        if use doc; then
                dodoc doc/arm/Bv9ARM.pdf

                docinto misc
                dodoc doc/misc/*

                # might a 'html' useflag make sense?
                docinto html
                dohtml -r doc/arm/*

                docinto contrib
                dodoc contrib/named-bootconf/named-bootconf.sh \
                        contrib/nanny/nanny.pl

                # some handy-dandy dynamic dns examples
                cd "${D}"/usr/share/doc/${PF}
                tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
        fi

        use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}

        insinto /etc/bind
        newins "${FILESDIR}"/named.conf-r5 named.conf

        # ftp://ftp.rs.internic.net/domain/named.cache:
        insinto /var/bind
        doins "${FILESDIR}"/named.cache

        insinto /var/bind/pri
        newins "${FILESDIR}"/127.zone-r1 127.zone
        newins "${FILESDIR}"/localhost.zone-r3 localhost.zone

        newinitd "${FILESDIR}"/named.init-r11 named
        newconfd "${FILESDIR}"/named.confd-r6 named

        newenvd "${FILESDIR}"/10bind.env 10bind

        # Let's get rid of those tools and their manpages since they're provided by bind-tools
        rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
        rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
        rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
        rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}

        # bug 405251, library archives aren't properly handled by --enable/disable-static
        if ! use static-libs; then
                find "${D}" -type f -name '*.la' -delete || die
        fi

        dosym /var/bind/named.cache /var/bind/root.cache
        dosym /var/bind/pri /etc/bind/pri
        dosym /var/bind/sec /etc/bind/sec
        dosym /var/bind/dyn /etc/bind/dyn
        keepdir /var/bind/{pri,sec,dyn}

        dodir /var/{run,log}/named

        fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
        fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
        fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
        fperms 0750 /etc/bind /var/bind/pri
        fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
}

pkg_postinst() {
        if [ ! -f '/etc/bind/rndc.key' ]; then
                if use urandom; then
                        einfo "Using /dev/urandom for generating rndc.key"
                        /usr/sbin/rndc-confgen -r /dev/urandom -a
                        echo
                else
                        einfo "Using /dev/random for generating rndc.key"
                        /usr/sbin/rndc-confgen -a
                        echo
                fi
                chown root:named /etc/bind/rndc.key
                chmod 0640 /etc/bind/rndc.key
        fi

        einfo
        einfo "You can edit /etc/conf.d/named to customize named settings"
        einfo
        use mysql || use postgres || use ldap && {
                elog "If your named depends on MySQL/PostgreSQL or LDAP,"
                elog "uncomment the specified rc_named_* lines in your"
                elog "/etc/conf.d/named config to ensure they'll start before bind"
                einfo
        }
        einfo "If you'd like to run bind in a chroot AND this is a new"
        einfo "install OR your bind doesn't already run in a chroot:"
        einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
        einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
        einfo

        CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
        if [[ -n ${CHROOT} ]]; then
                elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
                elog "To enable the old behaviour (without using mount) uncomment the"
                elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
                elog "If you decide to use the new/default method, ensure to make backup"
                elog "first and merge your existing configs/zones to /etc/bind and"
                elog "/var/bind because bind will now mount the needed directories into"
                elog "the chroot dir."
        fi

        ewarn
        ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
        ewarn "you may need to fix your named.conf!"
        ewarn
        ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
        ewarn "To fix the permissions do:"
        ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
        ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
        ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
        ewarn "chmod 0750 /etc/bind /var/bind/pri"
        ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
        ewarn
}

pkg_config() {
        CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
        CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
        CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})

        if [[ -z "${CHROOT}" ]]; then
                eerror "This config script is designed to automate setting up"
                eerror "a chrooted bind/named. To do so, please first uncomment"
                eerror "and set the CHROOT variable in '/etc/conf.d/named'."
                die "Unset CHROOT"
        fi
        if [[ -d "${CHROOT}" ]]; then
                ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
                ewarn "To enable the old behaviour (without using mount) uncomment the"
                ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
                ewarn
                ewarn "${CHROOT} already exists... some things might become overridden"
                ewarn "press CTRL+C if you don't want to continue"
                sleep 10
        fi

        echo; einfo "Setting up the chroot directory..."

        mkdir -m 0750 -p ${CHROOT}
        mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
        mkdir -m 0750 -p ${CHROOT}/etc/bind
        mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
        chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind

        mknod ${CHROOT}/dev/null c 1 3
        chmod 0666 ${CHROOT}/dev/null

        mknod ${CHROOT}/dev/zero c 1 5
        chmod 0666 ${CHROOT}/dev/zero

        if use urandom; then
                mknod ${CHROOT}/dev/urandom c 1 9
                chmod 0666 ${CHROOT}/dev/urandom
        else
                mknod ${CHROOT}/dev/random c 1 8
                chmod 0666 ${CHROOT}/dev/random
        fi

        if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
                cp -a /etc/bind ${CHROOT}/etc/
                cp -a /var/bind ${CHROOT}/var/
        fi

        if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
                mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
        fi

        elog "You may need to add the following line to your syslog-ng.conf:"
        elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
}
1	# Copyright 1999-2012 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.7.4_p1.ebuild,v 1.8 2011/12/22 22:33:28 halcy0n Exp $
4
5	# Re dlz/mysql and threads, needs to be verified..
6	# MySQL uses thread local storage in its C api. Thus MySQL
7	# requires that each thread of an application execute a MySQL
8	# thread initialization to setup the thread local storage.
9	# This is impossible to do safely while staying within the DLZ
10	# driver API. This is a limitation caused by MySQL, and not the DLZ API.
11	# Because of this BIND MUST only run with a single thread when
12	# using the MySQL driver.
13
14	EAPI="4"
15
16	inherit eutils autotools toolchain-funcs flag-o-matic db-use
17
18	MY_PV="${PV/_p/-P}"
19	MY_P="${PN}-${MY_PV}"
20
21	SDB_LDAP_VER="1.1.0-fc14"
22
23	GEOIP_PV=1.3
24	GEOIP_PV_AGAINST="9.7.2-P2"
25	GEOIP_P="bind-geoip-${GEOIP_PV}-${GEOIP_PV_AGAINST}"
26	GEOIP_PATCH_A="${GEOIP_P}.patch"
27	GEOIP_DOC_A="bind-geoip-1.3-readme.txt"
28	GEOIP_SRC_URI_BASE="http://bind-geoip.googlecode.com/"
29
30	DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
31	HOMEPAGE="http://www.isc.org/software/bind"
32	SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
33	doc? ( mirror://gentoo/dyndns-samples.tbz2 )
34	geoip? ( ${GEOIP_SRC_URI_BASE}/files/${GEOIP_DOC_A}
35	${GEOIP_SRC_URI_BASE}/files/${GEOIP_PATCH_A} )
36	sdb-ldap? ( http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 )"
37
38	LICENSE="as-is"
39	SLOT="0"
40	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
41	IUSE="berkdb caps dlz doc geoip gssapi idn ipv6 ldap mysql odbc pkcs11
42	postgres sdb-ldap selinux ssl static-libs threads urandom xml"
43
44	REQUIRED_USE="postgres? ( dlz )
45	berkdb? ( dlz )
46	mysql? ( dlz !threads )
47	odbc? ( dlz )
48	ldap? ( dlz )
49	sdb-ldap? ( dlz )
50	threads? ( caps )"
51
52	DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g )
53	mysql? ( >=virtual/mysql-4.0 )
54	odbc? ( >=dev-db/unixODBC-2.2.6 )
55	ldap? ( net-nds/openldap )
56	idn? ( net-dns/idnkit )
57	postgres? ( dev-db/postgresql-base )
58	caps? ( >=sys-libs/libcap-2.1.0 )
59	xml? ( dev-libs/libxml2 )
60	geoip? ( >=dev-libs/geoip-1.4.6 )
61	gssapi? ( virtual/krb5 )
62	sdb-ldap? ( net-nds/openldap )"
63
64	RDEPEND="${DEPEND}
65	selinux? ( sec-policy/selinux-bind )
66	\|\| ( sys-process/psmisc sys-process/fuser-bsd )"
67
68	S="${WORKDIR}/${MY_P}"
69
70	pkg_setup() {
71	ebegin "Creating named group and user"
72	enewgroup named 40
73	enewuser named 40 -1 /etc/bind named
74	eend ${?}
75	}
76
77	src_prepare() {
78	# Adjusting PATHs in manpages
79	for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
80	sed -i \
81	-e 's:/etc/named.conf:/etc/bind/named.conf:g' \
82	-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
83	-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
84	"${i}" \|\| die "sed failed, ${i} doesn't exist"
85	done
86
87	if use dlz; then
88	# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse
89	# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/)
90	if use mysql && has_version ">=dev-db/mysql-5"; then
91	epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch
92	fi
93
94	if use odbc; then
95	epatch "${FILESDIR}/bind-9.7.3-odbc-dlz-detect.patch"
96	fi
97
98	# sdb-ldap patch as per bug #160567
99	# Upstream URL: http://bind9-ldap.bayour.com/
100	# New patch take from bug 302735
101	if use sdb-ldap; then
102	epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
103	cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
104	cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
105	cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
106	fi
107	fi
108
109	# should be installed by bind-tools
110	sed -i -r -e "s:(nsupdate\|dig) ::g" bin/Makefile.in \|\| die
111
112	if use geoip; then
113	cp "${DISTDIR}"/${GEOIP_PATCH_A} "${S}" \|\| die
114	sed -i -e 's:^ RELEASETYPE=-P: RELEASETYPE=:' \
115	-e 's:RELEASEVER=2:RELEASEVER=:' \
116	${GEOIP_PATCH_A} \|\| die
117	epatch ${GEOIP_PATCH_A}
118	fi
119
120	# bug #220361
121	rm {aclocal,libtool}.m4
122	eautoreconf
123	}
124
125	src_configure() {
126	local myconf=""
127
128	if use urandom; then
129	myconf="${myconf} --with-randomdev=/dev/urandom"
130	else
131	myconf="${myconf} --with-randomdev=/dev/random"
132	fi
133
134	use geoip && myconf="${myconf} --with-geoip"
135
136	# bug #158664
137	# gcc-specs-ssp && replace-flags -O[23s] -O
138
139	# To include db.h from proper path
140	use berkdb && append-flags "-I$(db_includedir)"
141
142	export BUILD_CC=$(tc-getBUILD_CC)
143	econf \
144	--sysconfdir=/etc/bind \
145	--localstatedir=/var \
146	--with-libtool \
147	$(use_enable threads) \
148	$(use_with dlz dlz-filesystem) \
149	$(use_with dlz dlz-stub) \
150	$(use_with postgres dlz-postgres) \
151	$(use_with mysql dlz-mysql) \
152	$(use_with berkdb dlz-bdb) \
153	$(use_with ldap dlz-ldap) \
154	$(use_with odbc dlz-odbc) \
155	$(use_with ssl openssl) \
156	$(use_with idn) \
157	$(use_enable ipv6) \
158	$(use_with xml libxml2) \
159	$(use_with gssapi) \
160	$(use_with pkcs11) \
161	$(use_enable caps linux-caps) \
162	${myconf}
163
164	# bug #151839
165	echo '#undef SO_BSDCOMPAT' >> config.h
166	}
167
168	src_install() {
169	emake DESTDIR="${D}" install
170
171	dodoc CHANGES FAQ README
172
173	if use idn; then
174	dodoc contrib/idn/README.idnkit
175	fi
176
177	if use doc; then
178	dodoc doc/arm/Bv9ARM.pdf
179
180	docinto misc
181	dodoc doc/misc/*
182
183	# might a 'html' useflag make sense?
184	docinto html
185	dohtml -r doc/arm/*
186
187	docinto contrib
188	dodoc contrib/named-bootconf/named-bootconf.sh \
189	contrib/nanny/nanny.pl
190
191	# some handy-dandy dynamic dns examples
192	cd "${D}"/usr/share/doc/${PF}
193	tar xf "${DISTDIR}"/dyndns-samples.tbz2 \|\| die
194	fi
195
196	use geoip && dodoc "${DISTDIR}"/${GEOIP_DOC_A}
197
198	insinto /etc/bind
199	newins "${FILESDIR}"/named.conf-r5 named.conf
200
201	# ftp://ftp.rs.internic.net/domain/named.cache:
202	insinto /var/bind
203	doins "${FILESDIR}"/named.cache
204
205	insinto /var/bind/pri
206	newins "${FILESDIR}"/127.zone-r1 127.zone
207	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
208
209	newinitd "${FILESDIR}"/named.init-r11 named
210	newconfd "${FILESDIR}"/named.confd-r6 named
211
212	newenvd "${FILESDIR}"/10bind.env 10bind
213
214	# Let's get rid of those tools and their manpages since they're provided by bind-tools
215	rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
216	rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8*
217	rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate}
218	rm -f "${D}"/usr/sbin/{dig,host,nslookup,dnssec-keygen,nsupdate}
219
220	# bug 405251, library archives aren't properly handled by --enable/disable-static
221	if ! use static-libs; then
222	find "${D}" -type f -name '*.la' -delete \|\| die
223	fi
224
225	dosym /var/bind/named.cache /var/bind/root.cache
226	dosym /var/bind/pri /etc/bind/pri
227	dosym /var/bind/sec /etc/bind/sec
228	dosym /var/bind/dyn /etc/bind/dyn
229	keepdir /var/bind/{pri,sec,dyn}
230
231	dodir /var/{run,log}/named
232
233	fowners root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}
234	fowners root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
235	fperms 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}
236	fperms 0750 /etc/bind /var/bind/pri
237	fperms 0770 /var/{run,log}/named /var/bind/{,sec,dyn}
238	}
239
240	pkg_postinst() {
241	if [ ! -f '/etc/bind/rndc.key' ]; then
242	if use urandom; then
243	einfo "Using /dev/urandom for generating rndc.key"
244	/usr/sbin/rndc-confgen -r /dev/urandom -a
245	echo
246	else
247	einfo "Using /dev/random for generating rndc.key"
248	/usr/sbin/rndc-confgen -a
249	echo
250	fi
251	chown root:named /etc/bind/rndc.key
252	chmod 0640 /etc/bind/rndc.key
253	fi
254
255	einfo
256	einfo "You can edit /etc/conf.d/named to customize named settings"
257	einfo
258	use mysql \|\| use postgres \|\| use ldap && {
259	elog "If your named depends on MySQL/PostgreSQL or LDAP,"
260	elog "uncomment the specified rc_named_* lines in your"
261	elog "/etc/conf.d/named config to ensure they'll start before bind"
262	einfo
263	}
264	einfo "If you'd like to run bind in a chroot AND this is a new"
265	einfo "install OR your bind doesn't already run in a chroot:"
266	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
267	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
268	einfo
269
270	CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
271	if [[ -n ${CHROOT} ]]; then
272	elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
273	elog "To enable the old behaviour (without using mount) uncomment the"
274	elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
275	elog "If you decide to use the new/default method, ensure to make backup"
276	elog "first and merge your existing configs/zones to /etc/bind and"
277	elog "/var/bind because bind will now mount the needed directories into"
278	elog "the chroot dir."
279	fi
280
281	ewarn
282	ewarn "NOTE: /var/bind/named.ca has been renamed to /var/bind/named.cache"
283	ewarn "you may need to fix your named.conf!"
284	ewarn
285	ewarn "NOTE: If you upgrade from <net-dns/bind-9.4.3_p5-r1, you may encounter permission problems"
286	ewarn "To fix the permissions do:"
287	ewarn "chown root:named /{etc,var}/bind /var/{run,log}/named /var/bind/{sec,pri,dyn}"
288	ewarn "chown root:named /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
289	ewarn "chmod 0640 /var/bind/named.cache /var/bind/pri/{127,localhost}.zone /etc/bind/{bind.keys,named.conf}"
290	ewarn "chmod 0750 /etc/bind /var/bind/pri"
291	ewarn "chmod 0770 /var/{run,log}/named /var/bind/{,sec,dyn}"
292	ewarn
293	}
294
295	pkg_config() {
296	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
297	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
298	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
299
300	if [[ -z "${CHROOT}" ]]; then
301	eerror "This config script is designed to automate setting up"
302	eerror "a chrooted bind/named. To do so, please first uncomment"
303	eerror "and set the CHROOT variable in '/etc/conf.d/named'."
304	die "Unset CHROOT"
305	fi
306	if [[ -d "${CHROOT}" ]]; then
307	ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
308	ewarn "To enable the old behaviour (without using mount) uncomment the"
309	ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
310	ewarn
311	ewarn "${CHROOT} already exists... some things might become overridden"
312	ewarn "press CTRL+C if you don't want to continue"
313	sleep 10
314	fi
315
316	echo; einfo "Setting up the chroot directory..."
317
318	mkdir -m 0750 -p ${CHROOT}
319	mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/{run,log}}
320	mkdir -m 0750 -p ${CHROOT}/etc/bind
321	mkdir -m 0770 -p ${CHROOT}/var/{bind,{run,log}/named}
322	chown root:named ${CHROOT} ${CHROOT}/var/{bind,{run,log}/named} ${CHROOT}/etc/bind
323
324	mknod ${CHROOT}/dev/null c 1 3
325	chmod 0666 ${CHROOT}/dev/null
326
327	mknod ${CHROOT}/dev/zero c 1 5
328	chmod 0666 ${CHROOT}/dev/zero
329
330	if use urandom; then
331	mknod ${CHROOT}/dev/urandom c 1 9
332	chmod 0666 ${CHROOT}/dev/urandom
333	else
334	mknod ${CHROOT}/dev/random c 1 8
335	chmod 0666 ${CHROOT}/dev/random
336	fi
337
338	if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
339	cp -a /etc/bind ${CHROOT}/etc/
340	cp -a /var/bind ${CHROOT}/var/
341	fi
342
343	if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
344	mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
345	fi
346
347	elog "You may need to add the following line to your syslog-ng.conf:"
348	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
349	}