proj/gentoo: Initial commit

This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
author: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 13:49:04 -0700
committer: Robin H. Johnson <robbat2@gentoo.org> 2015-08-08 17:38:18 -0700
commit: 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree: 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-dns/unbound
download: gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
12 files changed, 572 insertions, 0 deletions
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
new file mode 100644
index 000000000000..e52eac000c58
--- /dev/null
+++ b/net-dns/unbound/Manifest
@@ -0,0 +1,3 @@
+DIST unbound-1.4.22.tar.gz 4735801 SHA256 1caf5081b2190ecdb23fc4d998b7999e28640c941f53baff7aee03c092a7d29f SHA512 0593cad3966f24f76b93bbc9c906c096c645e9360a57034c5ed4f04baeaa021eb9169a8e9cd0a98651c7a564d9feda8b9490e3b87ad469f6ce1dd1fcb05d9974 WHIRLPOOL 4de27d6c4548c46c83b95a7f21efd8d75898ddb92e3af84fbd1d07a39e29a121e593ddbf13676f914d4ee428942bf345c9b93937165725ece5031fc67ab9eacc
+DIST unbound-1.5.1.tar.gz 4805176 SHA256 0ff82709fb2bd7ecbde8dbdcf60fa417d2b43379570a3d460193a76a169900ec SHA512 85d7069cf47709aceb7d9457c8befb1b327adfb098d8aa98082fc9bf710274e8ba86b56d796c86917639bb7e57ab5c40af1bc79090de038c6375be2c3877e0c4 WHIRLPOOL e23f7d399a1f01da5aec98ff0fa3b377e8a76789d237ceaf0e9146c96a97088716a0ec6c0f68f95f57af16743e73c1bc7209889a04a698bf7aa5d0706c7514f5
+DIST unbound-1.5.4.tar.gz 4844273 SHA256 a1e1c1a578cf8447cb51f6033714035736a0f04444854a983123c094cc6fb137 SHA512 af8032b09ce75bb1aefab31ce5583c0fa8aaca544e13d6d7eaea8e44a940b1797397951f06f453ef80653038b5966d6053ddeb79818a66825925186ee351c65c WHIRLPOOL 874bca4abe3ea246cfccd6f4bb8084026b82d1d1868aa365f1bc6075c2c625fb517f46f9c8282f1bc030f759bd0d0b26582e4288cf1a2cd7d88212a38590723d
diff --git a/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch
new file mode 100644
index 000000000000..c1be28cbc0db
--- /dev/null
+++ b/net-dns/unbound/files/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch
@@ -0,0 +1,72 @@
+From 858da540f70a4411ad8fbe7144cef6ce9da18f89 Mon Sep 17 00:00:00 2001
+From: wouter <wouter@be551aaa-1e26-0410-a405-d3ace91eadb9>
+Date: Mon, 5 Jan 2015 13:51:22 +0000
+Subject: [PATCH] - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores
+ missing   IP_MTU_DISCOVER OMIT option.
+
+--- a/services/listen_dnsport.c
++++ b/services/listen_dnsport.c
+@@ -368,29 +368,47 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
+  * (and also uses the interface mtu to determine the size of the packets).
+  * So there won't be any EMSGSIZE error.  Against DNS fragmentation attacks.
+  * FreeBSD already has same semantics without setting the option. */
+-#    if defined(IP_PMTUDISC_OMIT)
+-		int action = IP_PMTUDISC_OMIT;
+-#    else
+-		int action = IP_PMTUDISC_DONT;
+-#    endif
++		int omit_set = 0;
++		int action;
++#   if defined(IP_PMTUDISC_OMIT)
++		action = IP_PMTUDISC_OMIT;
+ 		if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 
+ 			&action, (socklen_t)sizeof(action)) < 0) {
+-			log_err("setsockopt(..., IP_MTU_DISCOVER, "
+-#    if defined(IP_PMTUDISC_OMIT)
+-				"IP_PMTUDISC_OMIT"
++
++			if (errno != EINVAL) {
++				log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
++					strerror(errno));
++
++#    ifndef USE_WINSOCK
++				close(s);
+ #    else
+-				"IP_PMTUDISC_DONT"
++				closesocket(s);
+ #    endif
+-				"...) failed: %s",
+-				strerror(errno));
++				*noproto = 0;
++				*inuse = 0;
++				return -1;
++			}
++		}
++		else
++		{
++		    omit_set = 1;
++		}
++#   endif
++		if (omit_set == 0) {
++   			action = IP_PMTUDISC_DONT;
++			if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
++				&action, (socklen_t)sizeof(action)) < 0) {
++				log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
++					strerror(errno));
+ #    ifndef USE_WINSOCK
+-			close(s);
++				close(s);
+ #    else
+-			closesocket(s);
++				closesocket(s);
+ #    endif
+-			*noproto = 0;
+-			*inuse = 0;
+-			return -1;
++				*noproto = 0;
++				*inuse = 0;
++				return -1;
++			}
+ 		}
+ #  elif defined(IP_DONTFRAG)
+ 		int off = 0;
diff --git a/net-dns/unbound/files/unbound-1.4.12-gentoo.patch b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch
new file mode 100644
index 000000000000..57920689783e
--- /dev/null
+++ b/net-dns/unbound/files/unbound-1.4.12-gentoo.patch
@@ -0,0 +1,12 @@
+diff -Naur unbound-1.4.12.orig/doc/example.conf.in unbound-1.4.12/doc/example.conf.in
+--- unbound-1.4.12.orig/doc/example.conf.in	2011-07-14 17:33:37.000000000 +0900
++++ unbound-1.4.12/doc/example.conf.in	2011-07-16 10:01:06.644402341 +0900
+@@ -334,7 +334,7 @@
+ 	# with several entries, one file per entry.
+ 	# Zone file format, with DS and DNSKEY entries.
+ 	# Note this gets out of date, use auto-trust-anchor-file please.
+-	# trust-anchor-file: ""
++	# trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+ 	
+ 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
+ 	# single line, surrounded by "". TTL is ignored. class is IN default.
diff --git a/net-dns/unbound/files/unbound-anchor.service b/net-dns/unbound/files/unbound-anchor.service
new file mode 100644
index 000000000000..f55cf9db5d1e
--- /dev/null
+++ b/net-dns/unbound/files/unbound-anchor.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Update of the root trust anchor for DNSSEC validation
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+Before=unbound.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/unbound-anchor
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-dns/unbound/files/unbound.confd b/net-dns/unbound/files/unbound.confd
new file mode 100644
index 000000000000..b4de7cf1142e
--- /dev/null
+++ b/net-dns/unbound/files/unbound.confd
@@ -0,0 +1,4 @@
+# Settings should normally not need any changes.
+
+# Location of the unbound configuration file. Leave empty for the default.
+#UNBOUND_CONFFILE="/etc/unbound/unbound.conf"
diff --git a/net-dns/unbound/files/unbound.initd b/net-dns/unbound/files/unbound.initd
new file mode 100644
index 000000000000..f17d0720b8f8
--- /dev/null
+++ b/net-dns/unbound/files/unbound.initd
@@ -0,0 +1,56 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+name="unbound daemon"
+extra_commands="configtest"
+extra_started_commands="reload"
+description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address."
+description_configtest="Run syntax tests for configuration files only."
+description_reload="Kills all children and reloads the configuration."
+
+
+UNBOUND_BINARY=${UNBOUND_BINARY:-/usr/sbin/unbound}
+UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-/usr/sbin/unbound-checkconf}
+UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-/etc/unbound/${SVCNAME}.conf}
+
+depend() {
+	need net
+	use logger
+	provide dns
+	after auth-dns
+}
+
+checkconfig() {
+	UNBOUND_PIDFILE=$("${UNBOUND_CHECKCONF}" -o pidfile "${UNBOUND_CONFFILE}")
+	return $?
+}
+
+configtest() {
+	ebegin "Checking ${SVCNAME} configuration"
+	checkconfig
+	eend $?
+}
+
+start() {
+	checkconfig || return $?
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --pidfile "${UNBOUND_PIDFILE}" \
+		--exec "${UNBOUND_BINARY}" -- -c "${UNBOUND_CONFFILE}"
+	eend $?
+}
+
+stop() {
+	checkconfig || return $?
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --pidfile "${UNBOUND_PIDFILE}"
+	eend $?
+}
+
+reload() {
+	checkconfig || return $?
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${UNBOUND_PIDFILE}"
+	eend $?
+}
diff --git a/net-dns/unbound/files/unbound.service b/net-dns/unbound/files/unbound.service
new file mode 100644
index 000000000000..41dd6fabd290
--- /dev/null
+++ b/net-dns/unbound/files/unbound.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Unbound recursive Domain Name Server
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+ExecStartPre=/usr/sbin/unbound-checkconf
+ExecStart=/usr/sbin/unbound -d
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-dns/unbound/files/unbound_at.service b/net-dns/unbound/files/unbound_at.service
new file mode 100644
index 000000000000..84b34af45446
--- /dev/null
+++ b/net-dns/unbound/files/unbound_at.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Unbound recursive Domain Name Server
+After=network.target
+Before=nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+Type=simple
+ExecStartPre=/usr/sbin/unbound-checkconf /etc/unbound/%i.conf
+ExecStart=/usr/sbin/unbound -d -c /etc/unbound/%i.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
new file mode 100644
index 000000000000..75f7246c048b
--- /dev/null
+++ b/net-dns/unbound/metadata.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>proxy-maintainers</herd>
+  <maintainer>
+    <email>mschiff@gentoo.org</email>
+    <name>Marc Schiffbauer</name>
+  </maintainer>
+  <maintainer>
+    <email>nabeken@tknetworks.org</email>
+    <description>Proxied developer. Please CC on bugs.</description>
+    <name>TANABE Ken-ichi</name>
+  </maintainer>
+  <longdescription lang="en">
+  Unbound is a validating, recursive, and caching DNS resolver.
+
+  The C implementation of Unbound is developed and maintained by NLnet
+  Labs. It is based on ideas and algorithms taken from a java prototype
+  developed by Verisign labs, Nominet, Kirei and ep.net.
+
+  Unbound is designed as a set of modular components, so that also
+  DNSSEC (secure DNS) validation and stub-resolvers (that do not run
+  as a server, but are linked into an application) are easily possible.
+  </longdescription>
+  <use>
+    <flag name='dnstap'>Enable dnstap support</flag>
+	<flag name='ecdsa'>Enable ECDSA support</flag>
+    <flag name='gost'>Enable GOST support</flag>
+  </use>
+</pkgmetadata>
diff --git a/net-dns/unbound/unbound-1.4.22-r1.ebuild b/net-dns/unbound/unbound-1.4.22-r1.ebuild
new file mode 100644
index 000000000000..fff8e87add5f
--- /dev/null
+++ b/net-dns/unbound/unbound-1.4.22-r1.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user
+
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="http://unbound.net/"
+SRC_URI="http://unbound.net/downloads/${P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x64-macos"
+IUSE="debug gost python selinux static-libs test threads"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# Note: expat is needed by executable only but the Makefile is custom
+# and doesn't make it possible to easily install the library without
+# the executables. MULTILIB_USEDEP may be dropped once build system
+# is fixed.
+
+CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+	>=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}]
+	>=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}]
+	python? ( ${PYTHON_DEPS} )"
+
+DEPEND="${CDEPEND}
+	python? ( dev-lang/swig )
+	test? (
+		net-dns/ldns-utils[examples]
+		dev-util/splint
+		app-text/wdiff
+	)"
+
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-bind )"
+
+# bug #347415
+RDEPEND="${RDEPEND}
+	net-dns/dnssec-root"
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 /etc/unbound unbound
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# To avoid below error messages, set 'trust-anchor-file' to same value in
+	# 'auto-trust-anchor-file'.
+	# [23109:0] error: Could not open autotrust file for writing,
+	# /etc/dnssec/root-anchors.txt: Permission denied
+	epatch "${FILESDIR}"/${PN}-1.4.12-gentoo.patch
+
+	# required for the python part
+	multilib_copy_sources
+}
+
+src_configure() {
+	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable gost) \
+		$(use_enable static-libs static) \
+		$(multilib_native_use_with python pythonmodule) \
+		$(multilib_native_use_with python pyunbound) \
+		$(use_with threads pthreads) \
+		--disable-rpath \
+		--enable-ecdsa \
+		--with-libevent="${EPREFIX}"/usr \
+		--with-pidfile="${EPREFIX}"/var/run/unbound.pid \
+		--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \
+		--with-ssl="${EPREFIX}"/usr \
+		--with-libexpat="${EPREFIX}"/usr
+
+		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
+		# $(use_enable debug lock-checks) \
+		# $(use_enable debug alloc-checks) \
+		# $(use_enable debug alloc-lite) \
+		# $(use_enable debug alloc-nonregional) \
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	use python && python_optimize
+
+	newinitd "${FILESDIR}"/unbound.initd unbound
+	newconfd "${FILESDIR}"/unbound.confd unbound
+
+	systemd_dounit "${FILESDIR}"/unbound.service
+	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
+	systemd_dounit "${FILESDIR}"/unbound-anchor.service
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
+
+	# bug #315519
+	dodoc contrib/unbound_munin_
+
+	docinto selinux
+	dodoc contrib/selinux/*
+
+	exeinto /usr/share/${PN}
+	doexe contrib/update-anchor.sh
+}
diff --git a/net-dns/unbound/unbound-1.5.1-r2.ebuild b/net-dns/unbound/unbound-1.5.1-r2.ebuild
new file mode 100644
index 000000000000..8f51b7fcd493
--- /dev/null
+++ b/net-dns/unbound/unbound-1.5.1-r2.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user
+
+MY_P=${PN}-${PV/_/}
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="http://unbound.net/"
+SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~hppa ppc ppc64 x86"
+IUSE="debug dnstap +ecdsa gost python selinux static-libs test threads"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# Note: expat is needed by executable only but the Makefile is custom
+# and doesn't make it possible to easily install the library without
+# the executables. MULTILIB_USEDEP may be dropped once build system
+# is fixed.
+
+CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+	>=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}]
+	>=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}]
+	dnstap? (
+		dev-libs/fstrm[${MULTILIB_USEDEP}]
+		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]
+	)
+	ecdsa? ( dev-libs/openssl:0[-bindist] )
+	python? ( ${PYTHON_DEPS} )"
+
+DEPEND="${CDEPEND}
+	python? ( dev-lang/swig )
+	test? (
+		net-dns/ldns-utils[examples]
+		dev-util/splint
+		app-text/wdiff
+	)"
+
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-bind )"
+
+# bug #347415
+RDEPEND="${RDEPEND}
+	net-dns/dnssec-root"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 /etc/unbound unbound
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# To avoid below error messages, set 'trust-anchor-file' to same value in
+	# 'auto-trust-anchor-file'.
+	# [23109:0] error: Could not open autotrust file for writing,
+	# /etc/dnssec/root-anchors.txt: Permission denied
+	epatch "${FILESDIR}"/${PN}-1.4.12-gentoo.patch
+	epatch "${FILESDIR}"/0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch
+
+	# required for the python part
+	multilib_copy_sources
+}
+
+src_configure() {
+	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable gost) \
+		$(use_enable dnstap) \
+		$(use_enable ecdsa) \
+		$(use_enable static-libs static) \
+		$(multilib_native_use_with python pythonmodule) \
+		$(multilib_native_use_with python pyunbound) \
+		$(use_with threads pthreads) \
+		--disable-flto \
+		--disable-rpath \
+		--with-libevent="${EPREFIX}"/usr \
+		--with-pidfile="${EPREFIX}"/var/run/unbound.pid \
+		--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \
+		--with-ssl="${EPREFIX}"/usr \
+		--with-libexpat="${EPREFIX}"/usr
+
+		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
+		# $(use_enable debug lock-checks) \
+		# $(use_enable debug alloc-checks) \
+		# $(use_enable debug alloc-lite) \
+		# $(use_enable debug alloc-nonregional) \
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	use python && python_optimize
+
+	newinitd "${FILESDIR}"/unbound.initd unbound
+	newconfd "${FILESDIR}"/unbound.confd unbound
+
+	systemd_dounit "${FILESDIR}"/unbound.service
+	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
+	systemd_dounit "${FILESDIR}"/unbound-anchor.service
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
+
+	# bug #315519
+	dodoc contrib/unbound_munin_
+
+	docinto selinux
+	dodoc contrib/selinux/*
+
+	exeinto /usr/share/${PN}
+	doexe contrib/update-anchor.sh
+}
diff --git a/net-dns/unbound/unbound-1.5.4.ebuild b/net-dns/unbound/unbound-1.5.4.ebuild
new file mode 100644
index 000000000000..a67b9d97bcae
--- /dev/null
+++ b/net-dns/unbound/unbound-1.5.4.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user
+
+MY_P=${PN}-${PV/_/}
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="http://unbound.net/"
+SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86"
+IUSE="debug dnstap +ecdsa gost python selinux static-libs test threads"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# Note: expat is needed by executable only but the Makefile is custom
+# and doesn't make it possible to easily install the library without
+# the executables. MULTILIB_USEDEP may be dropped once build system
+# is fixed.
+
+CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+	>=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}]
+	>=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}]
+	dnstap? (
+		dev-libs/fstrm[${MULTILIB_USEDEP}]
+		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]
+	)
+	ecdsa? ( dev-libs/openssl:0[-bindist] )
+	python? ( ${PYTHON_DEPS} )"
+
+DEPEND="${CDEPEND}
+	python? ( dev-lang/swig )
+	test? (
+		net-dns/ldns-utils[examples]
+		dev-util/splint
+		app-text/wdiff
+	)"
+
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-bind )"
+
+# bug #347415
+RDEPEND="${RDEPEND}
+	net-dns/dnssec-root"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 /etc/unbound unbound
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# To avoid below error messages, set 'trust-anchor-file' to same value in
+	# 'auto-trust-anchor-file'.
+	# [23109:0] error: Could not open autotrust file for writing,
+	# /etc/dnssec/root-anchors.txt: Permission denied
+	epatch "${FILESDIR}"/${PN}-1.4.12-gentoo.patch
+
+	# required for the python part
+	multilib_copy_sources
+}
+
+src_configure() {
+	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable gost) \
+		$(use_enable dnstap) \
+		$(use_enable ecdsa) \
+		$(use_enable static-libs static) \
+		$(multilib_native_use_with python pythonmodule) \
+		$(multilib_native_use_with python pyunbound) \
+		$(use_with threads pthreads) \
+		--disable-flto \
+		--disable-rpath \
+		--with-libevent="${EPREFIX}"/usr \
+		--with-pidfile="${EPREFIX}"/var/run/unbound.pid \
+		--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \
+		--with-ssl="${EPREFIX}"/usr \
+		--with-libexpat="${EPREFIX}"/usr
+
+		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
+		# $(use_enable debug lock-checks) \
+		# $(use_enable debug alloc-checks) \
+		# $(use_enable debug alloc-lite) \
+		# $(use_enable debug alloc-nonregional) \
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	use python && python_optimize
+
+	newinitd "${FILESDIR}"/unbound.initd unbound
+	newconfd "${FILESDIR}"/unbound.confd unbound
+
+	systemd_dounit "${FILESDIR}"/unbound.service
+	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
+	systemd_dounit "${FILESDIR}"/unbound-anchor.service
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
+
+	# bug #315519
+	dodoc contrib/unbound_munin_
+
+	docinto selinux
+	dodoc contrib/selinux/*
+
+	exeinto /usr/share/${PN}
+	doexe contrib/update-anchor.sh
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 13:49:04 -0700
committer	Robin H. Johnson <robbat2@gentoo.org>	2015-08-08 17:38:18 -0700
commit	56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree	3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-dns/unbound
download	gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip