diff options
author | Tom Hendrikx (whyscream) <tom@whyscream.net> | 2011-01-26 21:07:26 +0000 |
---|---|---|
committer | Tom Hendrikx (whyscream) <tom@whyscream.net> | 2011-01-26 21:07:26 +0000 |
commit | fb8876ee5acb7117782a4fcbec54131652ccb796 (patch) | |
tree | 9aac002447bfbde5cca02bd4d203e2dbde3e2be9 /net-dns | |
parent | Automatic update to use.local.desc (diff) | |
download | sunrise-reviewed-fb8876ee5acb7117782a4fcbec54131652ccb796.tar.gz sunrise-reviewed-fb8876ee5acb7117782a4fcbec54131652ccb796.tar.bz2 sunrise-reviewed-fb8876ee5acb7117782a4fcbec54131652ccb796.zip |
net-dns/opendnssec: version bump
svn path=/sunrise/; revision=11732
Diffstat (limited to 'net-dns')
-rw-r--r-- | net-dns/opendnssec/ChangeLog | 7 | ||||
-rw-r--r-- | net-dns/opendnssec/Manifest | 10 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec.initd | 89 | ||||
-rw-r--r-- | net-dns/opendnssec/metadata.xml | 1 | ||||
-rw-r--r-- | net-dns/opendnssec/opendnssec-1.2.0.ebuild (renamed from net-dns/opendnssec/opendnssec-1.1.3.ebuild) | 56 |
5 files changed, 97 insertions, 66 deletions
diff --git a/net-dns/opendnssec/ChangeLog b/net-dns/opendnssec/ChangeLog index f6169df55..48e33aa08 100644 --- a/net-dns/opendnssec/ChangeLog +++ b/net-dns/opendnssec/ChangeLog @@ -1,7 +1,12 @@ # ChangeLog for net-dns/opendnssec -# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 # $Header: $ + 26 Jan 2011; Tom Hendrikx (whyscream) <tom@whyscream.net> + -opendnssec-1.1.3.ebuild, +opendnssec-1.2.0.ebuild, + files/opendnssec.initd, metadata.xml: + version bump + 15 Oct 2010; Tom Hendrikx (whyscream) <tom@whyscream.net> files/opendnssec.initd: minor change to initd file diff --git a/net-dns/opendnssec/Manifest b/net-dns/opendnssec/Manifest index 45285396b..aa8e9e2de 100644 --- a/net-dns/opendnssec/Manifest +++ b/net-dns/opendnssec/Manifest @@ -1,6 +1,6 @@ AUX opendnssec-drop-privileges.patch 906 RMD160 c7e5f09d08c7431fbe0d5496e980f1468de5185a SHA1 875529fd365e9168f4a34334c884e01b670974d3 SHA256 faecb049748efab2652b890020106748039dbe7022d943393ac50b71b429b340 -AUX opendnssec.initd 2298 RMD160 3024d31f7a2aa5dd917e7505a9b06efd2fa93d94 SHA1 cabe945d886dbebff08ed6197d0665b9c0071253 SHA256 2328977690492589e8670105986dd5d20fde19944304f68b4abafbc52bb6a919 -DIST opendnssec-1.1.3.tar.gz 2207087 RMD160 2a41bf17553ed02e4654887a81f4665e4acdbf2d SHA1 394640b0cb8bb5afdf3446b4fe15e4942acd0d11 SHA256 bd6616e724fec0b95829b6ccc364b919e460786bd4deda9b80ac005d325c166c -EBUILD opendnssec-1.1.3.ebuild 5079 RMD160 cb5dad0b8c4b8c34ba8cd0b0a6144d3d119f97e5 SHA1 a9e6690caa1ba33bf163a69796d380aa49543d6a SHA256 85b7c5c1c87ba44e91225231d30248c8efdc94a4e3d89f4df432de2e139acea7 -MISC ChangeLog 1135 RMD160 bd27d1c17e3c59e146caca4d3a80f683ca84f8a4 SHA1 73a4bf87b0563ec06a1c58834b1b7b61eda62117 SHA256 c007c907eef81765e33530a1d78cf43f76cef5b541e3c2091ef6fcef76a5a9da -MISC metadata.xml 837 RMD160 97d0d9bc90ace43d8ac98e37bfe9c79922c7d3bd SHA1 6d714c285fe7f552b2cb0e761cf267f00ccbd699 SHA256 b428c003671bd6c66a011c7647cdf7a1349a2376073f15c1a97690abed61811f +AUX opendnssec.initd 2110 RMD160 81362fd5e399e90e4b61ccb85d0d22b619db7c18 SHA1 776ff0b5495b6570088dd9aff6e66f816c7432fe SHA256 dca460b1732917695543ece1dd7ce5c1e6547e259d2c4119967621dbef26aa6c +DIST opendnssec-1.2.0.tar.gz 1614858 RMD160 b243c9e6edccd15e1ccb8fb8839c931a77e613df SHA1 51e169f283bd1b69892bead8be9b6b7446e607de SHA256 adef63bae6cca53e4144cfe0d555be11a26447c787e2155ce60d11abe979f1be +EBUILD opendnssec-1.2.0.ebuild 6152 RMD160 387b2b5689182d0f88481dd4d30e54ac616c323b SHA1 9d477d6f868f6a8ce1e31f54db4f51c6b67180f5 SHA256 ab5c4d3254597078cd910d861f4bf38309b75846da2ded9f66c053bae945facf +MISC ChangeLog 1305 RMD160 84100078f6d74d59ac62b357f8ce24b647956637 SHA1 366e182ec768e6238c79d06aca1e6cd54177958a SHA256 8a548fa9775588913881d9a7f5695ccd046fc9abf2c77f59a4f2f2613e0399d4 +MISC metadata.xml 909 RMD160 ce76bb8d238ade156005656c28924ab215d5e473 SHA1 58de6a2400597a2972071e49cc56d4c39efef919 SHA256 a39476165120bc973f2c918d0ec2ed92dd1297823aa64a1142e6b256643903bc diff --git a/net-dns/opendnssec/files/opendnssec.initd b/net-dns/opendnssec/files/opendnssec.initd index 4901a2430..ff9461773 100644 --- a/net-dns/opendnssec/files/opendnssec.initd +++ b/net-dns/opendnssec/files/opendnssec.initd @@ -6,13 +6,12 @@ # for openrc description="An open-source turn-key solution for DNSSEC" -checkconf_binary=/usr/bin/ods-kaspcheck -signerd_binary=/usr/sbin/ods-signer -signerd_pidfile=/var/lib/run/opendnssec/signerd.pid -enforcerd_binary=/usr/sbin/ods-enforcerd -enforcerd_pidfile=/var/lib/run/opendnssec/enforcerd.pid -eppclientd_binary=/usr/sbin/eppclientd -eppclientd_pidfile=/var/lib/run/opendnssec/eppclientd.pid +checkconf_bin=/usr/bin/ods-kaspcheck +control_bin=/usr/sbin/ods-control +enforcer_bin=/usr/sbin/ods-enforcerd +eppclient_bin=/usr/sbin/eppclientd +eppclient_pidfile=/var/lib/run/opendnssec/eppclientd.pid +signer_bin=/usr/sbin/ods-signerd depend() { need net @@ -20,8 +19,8 @@ depend() { } checkconfig() { - if [ -x "${checkconf_binary}" ]; then - output=$(${checkconf_binary}) + if [ -x "${checkconf_bin}" ]; then + output=$(${checkconf_bin} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates") if [ -n "$output" ]; then echo $output fi @@ -35,61 +34,65 @@ checkconfig() { return } -start_signerd() { - ebegin "Starting OpenDNSSEC Signer" - start-stop-daemon --start --exec "${signerd_binary}" --pidfile "${signerd_pidfile}" -- start > /dev/null - eend $? + +start_enforcer() { + if [ -x "${enforcer_bin}" ]; then + ebegin "Starting OpenDNSSEC Enforcer" + ${control_bin} enforcer start > /dev/null + eend $? + fi } -stop_signerd() { - ebegin "Stopping OpenDNSSEC Signer" - start-stop-daemon --stop --exec "${signerd_binary}" --pidfile "${signerd_pidfile}" -- stop > /dev/null - eend $? +stop_enforcer() { + if [ -x "${enforcer_bin}" ]; then + ebegin "Stopping OpenDNSSEC Enforcer" + ${control_bin} enforcer stop > /dev/null + eend $? + fi } -start_enforcerd() { - ebegin "Starting OpenDNSSEC Enforcer" - start-stop-daemon --start --exec "${enforcerd_binary}" --pidfile "${enforcerd_pidfile}" > /dev/null - eend $? +start_signer() { + if [ -x "${signer_bin}" ]; then + ebegin "Starting OpenDNSSEC Signer" + ${control_bin} signer start > /dev/null 2>&1 + eend $? + fi } -stop_enforcerd() { - ebegin "Stopping OpenDNSSEC Enforcer" - start-stop-daemon --stop --exec "${enforcerd_binary}" --pidfile "${enforcerd_pidfile}" > /dev/null - eend $? +stop_signer() { + if [ -x "${signer_bin}" ]; then + ebegin "Stopping OpenDNSSEC Signer" + ${control_bin} signer stop > /dev/null 2>&1 + eend $? + fi } -start_eppclientd() { - if [ -x "${eppclientd_binary}" ]; then +start_eppclient() { + if [ -x "${eppclient_bin}" ]; then ebegin "Starting OpenDNSSEC Eppclient" - start-stop-daemon --start --exec "${eppclientd_binary}" --pidfile "${eppclientd_pidfile}" > /dev/null + start-stop-daemon --start --user opendnssec --group opendnssec --exec "${eppclient_bin}" --pidfile "${eppclient_pidfile}" > /dev/null eend $? fi } -stop_eppclientd() { - if [ -x "${eppclientd_binary}" ]; then +stop_eppclient() { + if [ -x "${eppclient_bin}" ]; then ebegin "Stopping OpenDNSSEC Eppclient" - start-stop-daemon --stop --exec "${eppclientd_binary}" --pidfile "${eppclientd_pidfile}" > /dev/null + start-stop-daemon --stop --exec "${eppclient_bin}" --pidfile "${eppclient_pidfile}" > /dev/null eend $? fi } start() { checkconfig || return $? - start_signerd || return $? - start_enforcerd || return $? - start_eppclientd || return $? + start_enforcer || return $? + start_signer || return $? + start_eppclient || return $? } stop() { - stop_enforcerd || return $? - stop_signerd || return $? - stop_eppclientd || return $? -} - -restart() { - checkconfig || return $? - svc_stop - svc_start + stop_eppclient + stop_signer + stop_enforcer + sleep 1 } diff --git a/net-dns/opendnssec/metadata.xml b/net-dns/opendnssec/metadata.xml index bfc1cee67..690caa9b4 100644 --- a/net-dns/opendnssec/metadata.xml +++ b/net-dns/opendnssec/metadata.xml @@ -8,6 +8,7 @@ <flag name='eppclient'>Enables support for automatic submission of DNSSEC keys to an upstream epp server</flag> <flag name='external-hsm'>Enables support for storing DNSSEC keys through an arbitrary non-portage PKCS#11 interface, specified through an environment variable</flag> <flag name='opensc'>Enables support for storing DNSSEC keys through a <pkg>dev-libs/opensc</pkg> PKCS#11 interface</flag> + <flag name='signer'>Enables signing capabilities for OpenDNSSEC</flag> <flag name='softhsm'>Enables support for storing DNSSEC keys in a <pkg>dev-libs/softhsm</pkg> PKCS#11 object</flag> </use> </pkgmetadata> diff --git a/net-dns/opendnssec/opendnssec-1.1.3.ebuild b/net-dns/opendnssec/opendnssec-1.2.0.ebuild index c7c237439..5e5d884e7 100644 --- a/net-dns/opendnssec/opendnssec-1.1.3.ebuild +++ b/net-dns/opendnssec/opendnssec-1.2.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2010 Gentoo Foundation +# Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ @@ -13,15 +13,14 @@ LICENSE="BSD" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="+auditor debug eppclient external-hsm mysql opensc softhsm sqlite" -# Test suite needs a preconfigured sqlite/mysql database +IUSE="+auditor debug eppclient external-hsm mysql opensc +signer softhsm sqlite" +# Test suite needs a preconfigured sqlite/mysql database, and a cunit with curses support RESTRICT="test" -DEPEND=">=net-libs/ldns-1.6.6 - dev-libs/libxml2 - dev-python/4suite - auditor? ( dev-lang/ruby[ssl] >=dev-ruby/dnsruby-1.49 ) - eppclient? ( net-misc/curl ) +DEPEND="dev-libs/libxml2 + >=net-libs/ldns-1.6.7 + auditor? ( dev-lang/ruby[ssl] >=dev-ruby/dnsruby-1.51 ) + eppclient? ( net-misc/curl dev-db/sqlite:3 ) mysql? ( >=virtual/mysql-5.0 ) opensc? ( dev-libs/opensc ) softhsm? ( dev-libs/softhsm ) @@ -48,7 +47,7 @@ check_pkcs11_setup() { elif use external-hsm; then # Use an arbitrary non-portage PKCS#11 library, set by an environment variable if [ -n "$PKCS11_SOFTHSM" ]; then - # This is for testing, since it's the only actual library I have, set USE=softhsm instead. + # This is for testing, since it's the only actual library I have. Set USE=softhsm instead. PKCS11_LIB=softhsm PKCS11_PATH="$PKCS11_SOFTHSM" @@ -81,7 +80,7 @@ check_pkcs11_setup() { die "USE flag 'external-hsm' set but no PKCS#11 library path specified." fi - elog "Building with external PKCS#11 library support ($PKCS11_LIB): $PKCS11_PATH ." + elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" else # Should never happen because of 'confutils_require_one softhsm opensc external-hsm' die "No PKCS#11 library specified through USE flags." @@ -89,6 +88,9 @@ check_pkcs11_setup() { } pkg_setup() { + use eppclient && ewarn "Use of eppclient is still experimental" + use mysql && ewarn "Use of mysql is still experimental" + confutils_require_one mysql sqlite confutils_require_one softhsm opensc external-hsm @@ -113,7 +115,8 @@ src_configure() { econf $myconf \ $(use_enable auditor) \ $(use_enable debug timeshift) \ - $(use_enable eppclient) + $(use_enable eppclient) \ + $(use_enable signer) } src_install() { @@ -121,10 +124,17 @@ src_install() { newinitd "${FILESDIR}"/opendnssec.initd opendnssec || die "newinitd failed" dodoc KNOWN_ISSUES NEWS README || die "dodoc failed" - rm "${D}"/usr/share/opendnssec.spec || die "failed to remove spec file" # Remove subversion tags from config files to avoid useless config updates - sed -i -e 's/<!-- \$Id:.* \$ -->//g' "${D}"/etc/opendnssec/* || die "sed failed for files in /etc/opendnssec" + sed -i -e 's/<!-- \$Id:.* \$ -->//g' "${D}"etc/opendnssec/* || die "sed failed for files in /etc/opendnssec" + + # add upgrade script + insinto /usr/share/opendnssec + if use sqlite; then + doins enforcer/utils/migrate_keyshare_sqlite3.pl || die "doins failed for migrate_keyshare_sqlite3.pl" + elif mysql; then + doins enforcer/utils/migrate_keyshare_mysql.pl || die "doins failed for migrate_keyshare_mysql.pl" + fi # Set ownership of config files fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml || die "fowners failed for files in /etc/opendnssec" @@ -134,15 +144,27 @@ src_install() { # Set ownership of working directories fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,signed,tmp} || die "fowners failed for dirs in /var/lib/opendnssec" + fowners opendnssec:opendnssec /var/lib/run/opendnssec || die "fowners failed for /var/lib/run/opendnssec" } pkg_postinst() { + elog "If you are upgrading from a pre-1.2.0 install, you'll need to update your" + elog "key (KASP) database. Please run the following command to do so:" + if use sqlite; then + elog " perl /usr/share/opendnssec/migrate_keyshare_sqlite3.pl -d /var/lib/opendnssec/kasp.db" + elog "You'll need to emerge 'dev-perl/DBD-SQLite' if it is not installed yet." + elif use mysql; then + elog " perl /usr/share/opendnssec/migrate_keyshare_mysql.pl -d <database> -u <username> -p <password>" + elog "You'll need to emerge 'dev-perl/DBD-mysql' if it is not installed yet." + fi + elog "" + if use softhsm; then - elog "Please make sure that you create your softhsm database in a location readable" - elog "by the opendnssec user. You can set its location in ${ROOT}etc/softhsm.conf." + elog "Please make sure that you create your softhsm database in a location writeable" + elog "by the opendnssec user. You can set its location in /etc/softhsm.conf." elog "Suggested configuration is:" - elog " echo \"0:${ROOT}var/lib/opendnssec/softhsm_slot0.db\" >> ${ROOT}etc/softhsm.conf" + elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf" elog " softhsm --init-token --slot 0 --label OpenDNSSEC" - elog " chown opendnssec:opendnssec ${ROOT}var/lib/opendnssec/softhsm_slot0.db" + elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db" fi } |