From 836c3b18657f850ccd590532b10d8e06e5e87720 Mon Sep 17 00:00:00 2001 From: akuster Date: Thu, 9 Jul 2020 00:07:57 +0300 Subject: bind: update to 9.11.19 Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES (From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2) (From OE-Core rev: 74aacd292387f9a2c36381080ade5537af1d3d9e) Signed-off-by: Armin Kuster (cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225) Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie --- .../bind/bind/CVE-2020-8616.patch | 206 --------------------- .../bind/bind/CVE-2020-8617.patch | 29 --- meta/recipes-connectivity/bind/bind_9.11.13.bb | 141 -------------- meta/recipes-connectivity/bind/bind_9.11.19.bb | 140 ++++++++++++++ 4 files changed, 140 insertions(+), 376 deletions(-) delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch delete mode 100644 meta/recipes-connectivity/bind/bind_9.11.13.bb create mode 100644 meta/recipes-connectivity/bind/bind_9.11.19.bb diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch deleted file mode 100644 index 8f00231919..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch +++ /dev/null @@ -1,206 +0,0 @@ -Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8616.patch] -CVE: CVE-2020-8616 -Signed-off-by: Lee Chee Yang ---- -diff --git a/lib/dns/adb.c b/lib/dns/adb.c -index 058495f6a5..6b8a9537f0 100644 ---- a/lib/dns/adb.c -+++ b/lib/dns/adb.c -@@ -404,14 +404,13 @@ static void log_quota(dns_adbentry_t *entry, const char *fmt, ...) - */ - #define FIND_WANTEVENT(fn) (((fn)->options & DNS_ADBFIND_WANTEVENT) != 0) - #define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0) --#define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \ -- != 0) --#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) \ -- != 0) --#define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) --#define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) --#define FIND_HAS_ADDRS(fn) (!ISC_LIST_EMPTY((fn)->list)) --#define FIND_RETURNLAME(fn) (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0) -+#define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) != 0) -+#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) != 0) -+#define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) -+#define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) -+#define FIND_HAS_ADDRS(fn) (!ISC_LIST_EMPTY((fn)->list)) -+#define FIND_RETURNLAME(fn) (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0) -+#define FIND_NOFETCH(fn) (((fn)->options & DNS_ADBFIND_NOFETCH) != 0) - - /* - * These are currently used on simple unsigned ints, so they are -@@ -3155,21 +3154,26 @@ dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, - * Listen to negative cache hints, and don't start - * another query. - */ -- if (NCACHE_RESULT(result) || AUTH_NX(result)) -+ if (NCACHE_RESULT(result) || AUTH_NX(result)) { - goto fetch; -+ } - -- if (!NAME_FETCH_V6(adbname)) -+ if (!NAME_FETCH_V6(adbname)) { - wanted_fetches |= DNS_ADBFIND_INET6; -+ } - } - - fetch: - if ((WANT_INET(wanted_addresses) && NAME_HAS_V4(adbname)) || - (WANT_INET6(wanted_addresses) && NAME_HAS_V6(adbname))) -+ { - have_address = true; -- else -+ } else { - have_address = false; -- if (wanted_fetches != 0 && -- ! (FIND_AVOIDFETCHES(find) && have_address)) { -+ } -+ if (wanted_fetches != 0 && !(FIND_AVOIDFETCHES(find) && have_address) && -+ !FIND_NOFETCH(find)) -+ { - /* - * We're missing at least one address family. Either the - * caller hasn't instructed us to avoid fetches, or we don't -@@ -3177,8 +3181,9 @@ dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, - * be acceptable so we have to launch fetches. - */ - -- if (FIND_STARTATZONE(find)) -+ if (FIND_STARTATZONE(find)) { - start_at_zone = true; -+ } - - /* - * Start V4. -diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h -index 63a13c4e41..edf6e54935 100644 ---- a/lib/dns/include/dns/adb.h -+++ b/lib/dns/include/dns/adb.h -@@ -207,6 +207,10 @@ struct dns_adbfind { - * lame for this query. - */ - #define DNS_ADBFIND_OVERQUOTA 0x00000400 -+/*% -+ * Don't perform a fetch even if there are no address records available. -+ */ -+#define DNS_ADBFIND_NOFETCH 0x00000800 - - /*% - * The answers to queries come back as a list of these. -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 7c44478a26..0a40859d08 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -172,6 +172,14 @@ - #define DEFAULT_MAX_QUERIES 75 - #endif - -+/* -+ * After NS_FAIL_LIMIT attempts to fetch a name server address, -+ * if the number of addresses in the NS RRset exceeds NS_RR_LIMIT, -+ * stop trying to fetch, in order to avoid wasting resources. -+ */ -+#define NS_FAIL_LIMIT 4 -+#define NS_RR_LIMIT 5 -+ - /* Number of hash buckets for zone counters */ - #ifndef RES_DOMAIN_BUCKETS - #define RES_DOMAIN_BUCKETS 523 -@@ -3130,8 +3138,7 @@ sort_finds(dns_adbfindlist_t *findlist, unsigned int bias) { - static void - findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, - unsigned int options, unsigned int flags, isc_stdtime_t now, -- bool *overquota, bool *need_alternate) --{ -+ bool *overquota, bool *need_alternate, unsigned int *no_addresses) { - dns_adbaddrinfo_t *ai; - dns_adbfind_t *find; - dns_resolver_t *res; -@@ -3219,7 +3226,12 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, - find->result_v6 != DNS_R_NXDOMAIN) || - (res->dispatches6 == NULL && - find->result_v4 != DNS_R_NXDOMAIN))) -+ { - *need_alternate = true; -+ } -+ if (no_addresses != NULL) { -+ (*no_addresses)++; -+ } - } else { - if ((find->options & DNS_ADBFIND_OVERQUOTA) != 0) { - if (overquota != NULL) -@@ -3270,6 +3282,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) { - dns_rdata_ns_t ns; - bool need_alternate = false; - bool all_spilled = true; -+ unsigned int no_addresses = 0; - - FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth); - -@@ -3437,20 +3450,28 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) { - * Extract the name from the NS record. - */ - result = dns_rdata_tostruct(&rdata, &ns, NULL); -- if (result != ISC_R_SUCCESS) -+ if (result != ISC_R_SUCCESS) { - continue; -+ } - -- findname(fctx, &ns.name, 0, stdoptions, 0, now, -- &overquota, &need_alternate); -+ if (no_addresses > NS_FAIL_LIMIT && -+ dns_rdataset_count(&fctx->nameservers) > NS_RR_LIMIT) -+ { -+ stdoptions |= DNS_ADBFIND_NOFETCH; -+ } -+ findname(fctx, &ns.name, 0, stdoptions, 0, now, &overquota, -+ &need_alternate, &no_addresses); - -- if (!overquota) -+ if (!overquota) { - all_spilled = false; -+ } - - dns_rdata_reset(&rdata); - dns_rdata_freestruct(&ns); - } -- if (result != ISC_R_NOMORE) -+ if (result != ISC_R_NOMORE) { - return (result); -+ } - - /* - * Do we need to use 6 to 4? -@@ -3465,7 +3486,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) { - if (!a->isaddress) { - findname(fctx, &a->_u._n.name, a->_u._n.port, - stdoptions, FCTX_ADDRINFO_FORWARDER, -- now, NULL, NULL); -+ now, NULL, NULL, NULL); - continue; - } - if (isc_sockaddr_pf(&a->_u.addr) != family) -@@ -3827,16 +3827,14 @@ fctx_try(fetchctx_t *fctx, bool retrying, bool badcache) { - } - } - -- if (dns_name_countlabels(&fctx->domain) > 2) { -- result = isc_counter_increment(fctx->qc); -- if (result != ISC_R_SUCCESS) { -- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, -- DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), -- "exceeded max queries resolving '%s'", -- fctx->info); -- fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); -- return; -- } -+ result = isc_counter_increment(fctx->qc); -+ if (result != ISC_R_SUCCESS) { -+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, -+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), -+ "exceeded max queries resolving '%s'", -+ fctx->info); -+ fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); -+ return; - } - - bucketnum = fctx->bucketnum; diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch deleted file mode 100644 index d8769c45cc..0000000000 --- a/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch +++ /dev/null @@ -1,29 +0,0 @@ -Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8617.patch] -CVE: CVE-2020-8617 -Signed-off-by: Lee Chee Yang ---- -diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c -index b597a18d49..6357a3a486 100644 ---- a/lib/dns/tsig.c -+++ b/lib/dns/tsig.c -@@ -1427,8 +1424,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, - goto cleanup_context; - } - msg->verified_sig = 1; -- } else if (tsig.error != dns_tsigerror_badsig && -- tsig.error != dns_tsigerror_badkey) { -+ } else if (!response || (tsig.error != dns_tsigerror_badsig && -+ tsig.error != dns_tsigerror_badkey)) -+ { - tsig_log(msg->tsigkey, 2, "signature was empty"); - return (DNS_R_TSIGVERIFYFAILURE); - } -@@ -1484,7 +1482,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, - } - } - -- if (tsig.error != dns_rcode_noerror) { -+ if (response && tsig.error != dns_rcode_noerror) { - msg->tsigstatus = tsig.error; - if (tsig.error == dns_tsigerror_badtime) - ret = DNS_R_CLOCKSKEW; diff --git a/meta/recipes-connectivity/bind/bind_9.11.13.bb b/meta/recipes-connectivity/bind/bind_9.11.13.bb deleted file mode 100644 index 79275bb1ca..0000000000 --- a/meta/recipes-connectivity/bind/bind_9.11.13.bb +++ /dev/null @@ -1,141 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" - -DEPENDS = "openssl libcap zlib" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - " - -SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057" -SRC_URI[sha256sum] = "fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 -UPSTREAM_CHECK_REGEX = "(?P9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" - -# BIND >= 9.11.2 need dhcpd >= 4.4.0, -# don't report it here since dhcpd is already recent enough. -CVE_CHECK_WHITELIST += "CVE-2019-6470" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_script - -MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," -PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," - -ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ - --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ - --with-lmdb=no \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "named.service" - -do_install_prepend() { - # clean host path in isc-config.sh before the hardlink created - # by "make install": - # bind9-config -> isc-config.sh - sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh -} - -do_install_append() { - - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ - ${D}${sbindir}/dnssec-coverage \ - ${D}${sbindir}/dnssec-checkds \ - ${D}${sbindir}/dnssec-keymgr - fi - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -ALTERNATIVE_${PN}-utils = "nslookup" -ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" -ALTERNATIVE_PRIORITY = "100" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" - -PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ - ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN} = "bash" -RDEPENDS_${PN}-utils = "bash" -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/meta/recipes-connectivity/bind/bind_9.11.19.bb b/meta/recipes-connectivity/bind/bind_9.11.19.bb new file mode 100644 index 0000000000..a77be8678f --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.11.19.bb @@ -0,0 +1,140 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "http://www.isc.org/sw/bind/" +SECTION = "console/network" + +LICENSE = "ISC & BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45" + +DEPENDS = "openssl libcap zlib" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + " + +SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 +UPSTREAM_CHECK_REGEX = "(?P9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" + +# BIND >= 9.11.2 need dhcpd >= 4.4.0, +# don't report it here since dhcpd is already recent enough. +CVE_CHECK_WHITELIST += "CVE-2019-6470" + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_script + +MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" +PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," +PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," + +ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" +EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ + --disable-devpoll --enable-epoll --with-gost=no \ + --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ + --with-lmdb=no \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE_${PN} = "named.service" + +do_install_prepend() { + # clean host path in isc-config.sh before the hardlink created + # by "make install": + # bind9-config -> isc-config.sh + sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh +} + +do_install_append() { + + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then + sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ + ${D}${sbindir}/dnssec-coverage \ + ${D}${sbindir}/dnssec-checkds \ + ${D}${sbindir}/dnssec-keymgr + fi + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi +} + +CONFFILES_${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES_${PN}-dev += "${bindir}/isc-config.h" +FILES_${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +FILES_${PN}-libs = "${libdir}/*.so*" +FILES_${PN}-staticdev += "${libdir}/*.la" + +PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" +FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ + ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" + +RDEPENDS_${PN} = "bash" +RDEPENDS_${PN}-utils = "bash" +RDEPENDS_${PN}-dev = "" +RDEPENDS_python3-bind = "python3-core python3-ply" -- cgit v1.2.3-54-g00ecf