# Contributor: Sören Tempel # Contributor: Carlo Landmeter # Maintainer: Natanael Copa pkgname=unbound pkgver=1.9.1 pkgrel=8 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" license="BSD-3-Clause" depends="dns-root-hints dnssec-root" depends_dev="expat-dev" depends_migrate="/bin/sh apk-tools dns-root-hints openrc" makedepends="$depends_dev libevent-dev openssl-dev python3-dev swig linux-headers" install="$pkgname.pre-install" options="!check" pkgusers="unbound" pkggroups="unbound" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg $pkgname-openrc py-unbound:py $pkgname-migrate::noarch" source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz conf.patch CVE-2019-16866.patch CVE-2019-18934.patch CVE-2020-12662_CVE-2020-12663.patch migrate-dnscache-to-unbound $pkgname.initd $pkgname.confd " builddir="$srcdir/$pkgname-$pkgver" # secfixes: # 1.9.1-r8: # - CVE-2020-12662 # - CVE-2020-12663 # 1.9.1-r4: # - CVE-2019-18934 # 1.9.1-r3: # - CVE-2019-16866 build() { cd "$builddir" PYTHON_VERSION=3 ./configure \ --build="$CBUILD" \ --host="$CHOST" \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var \ --with-username=unbound \ --with-run-dir="" \ --with-pidfile="" \ --with-rootkey-file=/usr/share/dnssec-root/trusted-key.key \ --with-libevent \ --with-pthreads \ --disable-static \ --disable-rpath \ --with-ssl \ --without-pythonmodule \ --with-pyunbound # do not link to libpython sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile make } package() { cd "$builddir" make DESTDIR="$pkgdir" install install -m755 -D contrib/update-anchor.sh \ "$pkgdir"/usr/share/$pkgname/update-anchor.sh mkdir -p "$pkgdir"/usr/share/doc/$pkgname/ install -m644 doc/CREDITS doc/Changelog doc/FEATURES \ doc/README doc/TODO "$pkgdir"/usr/share/doc/$pkgname/ cd "$pkgdir" mkdir -p ./etc/unbound rm -f ./etc/unbound/root.hints ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints install -m755 -D "$srcdir"/unbound.initd ./etc/init.d/unbound install -m755 -D "$srcdir"/unbound.confd ./etc/conf.d/unbound } libs() { pkgdesc="unbound shared libraries" depends="$depends_libs" mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/ } openrc() { depends="$depends_openrc" default_openrc } py() { pkgdesc="Python bindings to libunbound" depends="$depends_py" mkdir -p "$subpkgdir"/usr/lib/ mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ } migrate() { pkgdesc="Simple tool to migrate from dnscache to unbound" depends="$depends_migrate" install -m755 -D "$srcdir"/migrate-dnscache-to-unbound \ "$subpkgdir"/usr/bin/migrate-dnscache-to-unbound } sha512sums="5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d unbound-1.9.1.tar.gz f9b90c6e717f99f3927a20320c5ec9e666af9eb4ad732520cd6de12c9ea98375c44dbbc598bef955a7c0243fbce0b29d9015ccc85b909b62509967cd8976a3c8 conf.patch da578f620bc1abca4a53bb3448c023c59ccd33c0d560603ab5e6caf7eebd8e4d8a2401f2e4ebbcf1124f168699be02a489ae27d7b723f9b67678592ecea30529 CVE-2019-16866.patch b2ae6363d89c4effa9e926210c4b876eb8fefa79bf459047107e6fb8eb8aca2b9844a4a8bdabe361248be2eeb36519aac7bbc4fe7b805447958088bcc18a83d2 CVE-2019-18934.patch 9362936e4ce7c3f391590526423c7f13c596bc71db6b643056bcf885797a26ea74e44e920383b6af6ac56294f5dc9529dded96645f519a377269f920e9a8cf68 CVE-2020-12662_CVE-2020-12663.patch 0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59 migrate-dnscache-to-unbound a2b39cb00d342c3bae70ae714dc2bd7c15d0475b35f7afff11fb0bd4c1786f83dd5425a5900a7b4d6c17915a6c546e37f82404bceb44f79c054629e999f23152 unbound.initd 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71 unbound.confd"