[gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/files/, net-dns/knot-resolver/

Sun, 17 Sep 2023 00:39:10 -0700 

commit:     a1c699c2a6c5e30dfd7fa8e645756bb90cf87409
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Sun Sep 17 07:35:57 2023 +0000
Commit:     Matthew Smith <matthew <AT> gentoo <DOT> org>
CommitDate: Sun Sep 17 07:35:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1c699c2

net-dns/knot-resolver: drop privileges in kresd.initd

Closes: https://github.com/gentoo/gentoo/pull/32871
Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Signed-off-by: Matthew Smith <matthew <AT> gentoo.org>

 net-dns/knot-resolver/files/kresd.confd-r1         |  9 ++
 net-dns/knot-resolver/files/kresd.initd-r1         | 31 +++++++
 .../knot-resolver/knot-resolver-5.6.0-r2.ebuild    | 96 ++++++++++++++++++++++
 3 files changed, 136 insertions(+)

diff --git a/net-dns/knot-resolver/files/kresd.confd-r1 
b/net-dns/knot-resolver/files/kresd.confd-r1
new file mode 100644
index 000000000000..2b67587c646a
--- /dev/null
+++ b/net-dns/knot-resolver/files/kresd.confd-r1
@@ -0,0 +1,9 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+#KRESD_USER=knot-resolver
+#KRESD_GROUP=knot-resolver
+#KRESD_CONFIG="/etc/knot-resolver/kresd.conf"
+#KRESD_RUNDIR="/var/run/kresd"
+#KRESD_PIDFILE="/var/run/kresd.pid"
+KRESD_OPTS=""
\ No newline at end of file

diff --git a/net-dns/knot-resolver/files/kresd.initd-r1 
b/net-dns/knot-resolver/files/kresd.initd-r1
new file mode 100644
index 000000000000..9732b48cc2cb
--- /dev/null
+++ b/net-dns/knot-resolver/files/kresd.initd-r1
@@ -0,0 +1,31 @@
+#!/sbin/openrc-run
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${KRESD_GROUP:=knot-resolver}
+: ${KRESD_USER:=knot-resolver}
+: ${KRESD_CONFIG:=/etc/knot-resolver/kresd.conf}
+: ${KRESD_RUNDIR:=/var/run/kresd}
+: ${KRESD_PIDFILE:=/var/run/kresd.pid}
+
+command="/usr/sbin/kresd"
+command_args="${KRESD_OPTS} -n -c ${KRESD_CONFIG} ${KRESD_RUNDIR}"
+command_user="${KRESD_USER}:${KRESD_GROUP}"
+pidfile="${KRESD_PIDFILE}"
+command_background=true
+retry="TERM/60/KILL/5"
+
+capabilities="^cap_net_bind_service,^cap_setpcap"
+
+name="knot-resolver"
+description="scaleable caching DNS resolver"
+
+depend() {
+    need net
+    use logger
+    provide dns
+}
+
+start_pre() {
+        checkpath -d -m 0750 -o "${KRESD_USER}:${KRESD_GROUP}" ${KRESD_RUNDIR}
+}

diff --git a/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild 
b/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild
new file mode 100644
index 000000000000..1c2b1ab746e9
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-5.6.0-r2.ebuild
@@ -0,0 +1,96 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+
+inherit lua-single meson tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz 
https://gitlab.nic.cz/knot/knot-resolver";
+SRC_URI="
+       https://secure.nic.cz/files/${PN}/${P}.tar.xz
+       verify-sig? ( https://secure.nic.cz/files/${PN}/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="caps dnstap kresc nghttp2 systemd test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${LUA_REQUIRED_USE}"
+
+RDEPEND="
+       ${LUA_DEPS}
+       acct-group/knot-resolver
+       acct-user/knot-resolver
+       dev-db/lmdb:=
+       dev-libs/libuv:=
+       net-dns/knot:=
+       net-libs/gnutls:=
+       caps? ( sys-libs/libcap-ng )
+       dnstap? (
+               dev-libs/fstrm
+               dev-libs/protobuf-c:=
+       )
+       kresc? ( dev-libs/libedit )
+       nghttp2? ( net-libs/nghttp2:= )
+       systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+       ${RDEPEND}
+       test? (
+                 dev-util/cmocka
+       )
+"
+BDEPEND="
+       virtual/pkgconfig
+       verify-sig? ( sec-keys/openpgp-keys-knot-resolver )
+"
+
+PATCHES=(
+       "${FILESDIR}"/${PN}-5.5.3-docdir.patch
+       "${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/${PN}.gpg
+
+src_unpack() {
+       if use verify-sig; then
+               verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+       fi
+
+       unpack ${P}.tar.xz
+}
+
+src_configure() {
+       local emesonargs=(
+               --localstatedir "${EPREFIX}"/var # double lib
+               # https://bugs.gentoo.org/870019
+               -Dauto_features=disabled
+               -Ddoc=disabled
+               -Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+               -Dopenssl=disabled
+               $(meson_feature caps capng)
+               $(meson_feature dnstap)
+               $(meson_feature kresc client)
+               $(meson_feature nghttp2)
+               $(meson_feature test unit_tests)
+               $(meson_feature systemd systemd_files)
+       )
+
+       meson_src_configure
+}
+
+src_install() {
+       meson_src_install
+       fowners -R ${PN}: /etc/${PN}
+
+       newinitd "${FILESDIR}"/kresd.initd-r1 kresd
+       newconfd "${FILESDIR}"/kresd.confd-r1 kresd
+}
+
+pkg_postinst() {
+       use systemd && tmpfiles_process knot-resolver.conf
+}

Reply via email to