network/unbound: Added (DNSSEC resolver).

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2015-04-17 01:13:40 +07:00 · 2015-04-17 01:13:40 +07:00 · 13a40781c5
parent 517147a506
commit 13a40781c5
6 changed files with 314 additions and 0 deletions
--- a/network/unbound/README
+++ b/network/unbound/README
@ -0,0 +1,8 @@
+Unbound is a validating, recursive, and caching DNS resolver.
+The C implementation of Unbound is developed and maintained by 
+NLnet Labs. It is based on ideas and algorithms taken from a java 
+prototype developed by Verisign labs, Nominet, Kirei and ep.net.
+
+Unbound is designed as a set of modular components, so that also DNSSEC 
+(secure DNS) validation and stub-resolvers (that do not run as a server,
+but are linked into an application) are easily possible.
--- a/network/unbound/doinst.sh
+++ b/network/unbound/doinst.sh
@ -0,0 +1,26 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ -e $OLD ]; then
+    cp -a $OLD ${NEW}.incoming
+    cat $NEW > ${NEW}.incoming
+    mv ${NEW}.incoming $NEW
+  fi
+  config $NEW
+}
+
+preserve_perms etc/rc.d/rc.unbound.new
+config etc/unbound/unbound.conf.new
--- a/network/unbound/rc.unbound
+++ b/network/unbound/rc.unbound
@ -0,0 +1,118 @@
+#!/bin/sh
+#
+# unbound       This shell script takes care of starting and stopping
+#               unbound (DNS server).
+#
+# chkconfig:   - 14 86
+# description:  unbound is a Domain Name Server (DNS) \
+#               that is used to resolve host names to IP addresses.
+
+### BEGIN INIT INFO
+# Provides: unbound
+# Required-Start: $network $local_fs
+# Required-Stop: $network $local_fs
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Should-Start: $syslog
+# Should-Stop: $syslog
+# Short-Description: unbound recursive Domain Name Server.
+# Description:  unbound is a Domain Name Server (DNS) 
+#               that is used to resolve host names to IP addresses.
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="/usr/sbin/unbound"
+config="/etc/unbound/unbound.conf"
+pidfile="/var/run/unbound/unbound.pid"
+piddir=`dirname $pidfile`
+
+[ -x /usr/sbin/dnssec-configure ] && [ -r "$config" ] &&
+  [ /etc/sysconfig/dnssec -nt "$config" ] && \
+    /usr/sbin/dnssec-configure -u --norestart --dnssec="$DNSSEC" --dlv="$DLV"
+
+start() {
+    [ -x $exec ] || exit 5
+    [ -f $config ] || exit 6
+    # /var/run could (and should) be tmpfs
+    [ -d $piddir ] || mkdir $piddir
+
+    if [ -f /var/lib/unbound/root.anchor -a -f /usr/sbin/unbound-anchor ]
+    then
+        /sbin/runuser --command="/usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem" --shell /bin/sh unbound
+    fi
+
+    if [ ! -f /etc/unbound/unbound_control.key ]
+    then
+        echo -n $"Generating unbound control key and certificate: "
+        /usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null
+        chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
+        [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
+            [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
+        echo
+    else
+        # old init script created these as root instead of unbound.
+        if [ -G /etc/unbound/unbound_control.key ]
+        then
+            chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
+            [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
+                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
+            echo
+        fi
+    fi
+
+
+    unbound-checkconf $config > /dev/null
+    RETVAL=$?
+    if [ $RETVAL != 0 ]
+    then
+        echo "Error in /etc/unbound/unbound.conf, aborted"
+        exit 6
+    fi
+
+    echo -n $"Starting unbound: "
+
+    # if not running, start it up here
+    daemon --pidfile=$pidfile $exec -c $config
+    echo
+}
+
+stop() {
+    echo -n $"Stopping unbound: "
+    # stop it here, often "killproc unbound"
+    killproc -p $pidfile unbound
+    echo
+}
+
+restart() {
+    unbound-checkconf $config > /dev/null
+    RETVAL=$?
+    if [ $RETVAL != 0 ]
+    then
+        echo "Error in /etc/unbound/unbound.conf, aborted"
+        exit 6
+    fi
+    stop
+    start
+}
+
+reload() {
+    restart
+}
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    restart)
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|restart}"
+        exit 2
+esac
+exit $?
--- a/network/unbound/slack-desc
+++ b/network/unbound/slack-desc
@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+       |-----handy-ruler------------------------------------------------------|
+unbound: unbound (a validating, recursive, and caching DNSSEC resolver)
+unbound:
+unbound: Unbound is a validating, recursive, and caching DNS resolver.
+unbound: The C implementation of Unbound is developed and maintained by 
+unbound: NLnet Labs. It is based on ideas and algorithms taken from a java 
+unbound: prototype developed by Verisign labs, Nominet, Kirei and ep.net.
+unbound: 
+unbound: It is designed as a set of modular components, so that also DNSSEC 
+unbound: validation and stub-resolvers are easily possible.
+unbound: 
+unbound: Homepage: https://unbound.net/
--- a/network/unbound/unbound.SlackBuild
+++ b/network/unbound/unbound.SlackBuild
@ -0,0 +1,133 @@
+#!/bin/sh
+
+# Slackware build script for unbound
+
+# Copyright 2015 Gerardo Zamudio <gerardo.zamudio@linux.com> Mexico City, Mexico
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=unbound
+VERSION=${VERSION:-1.5.3}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i486 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i386" ]; then
+  SLKCFLAGS="-O2 -march=i386 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+USER=${USER:-unbound}
+GROUP=${GROUP:-unbound}
+
+# Check the system user and group for unbound:
+if ! grep -q ^"$GROUP": /etc/group ; then
+  echo "  You will need a dedicated group to run unbound"
+  echo "    # groupadd -g 304 $GROUP"
+  echo "  should do the job."
+  exit 1
+fi
+
+if ! grep -q ^"$USER": /etc/passwd ; then
+  echo "  You will need a dedicated user to run unbound, something like"
+  echo "    # useradd -r -u 304 -g $GROUP -d /etc/unbound/ -s /sbin/nologin -c 'Unbound DNS resolver' $USER"
+  exit 1
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --docdir=/usr/doc/$PRGNAM-$VERSION \
+  --with-libevent \
+  --with-ssl \
+  --with-username=$USER \
+  --with-pidfile=/var/run/unbound/unbound.pid \
+  --build=$ARCH-slackware-linux
+
+make
+make install DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a doc/CREDITS doc/FEATURES doc/LICENSE doc/README* $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/var/run/unbound
+chown $USER:$GROUP $PKG/var/run/unbound/
+install -m 0640 -D doc/example.conf.in $PKG/etc/unbound/unbound.conf.new
+install -m 0644 -D $CWD/rc.unbound $PKG/etc/rc.d/rc.unbound.new
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
--- a/network/unbound/unbound.info
+++ b/network/unbound/unbound.info
@ -0,0 +1,10 @@
+PRGNAM="unbound"
+VERSION="1.5.3"
+HOMEPAGE="https://unbound.net"
+DOWNLOAD="https://unbound.net/downloads/unbound-1.5.3.tar.gz"
+MD5SUM="1e95fdcbaaf5dc87432d898006a5eb13"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="ldns"
+MAINTAINER="Gerardo Zamudio"
+EMAIL="gerardo.zamudio@linux.com"