aboutsummaryrefslogtreecommitdiffstats
path: root/main/unbound/APKBUILD
blob: f8bdcf0aaaa0542f57d83b6f93d6b6797a8bae8d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=unbound
pkgver=1.19.3
pkgrel=0
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
url="https://nlnetlabs.nl/projects/unbound/about/"
arch="all"
license="BSD-3-Clause"
depends="dnssec-root"
depends_dev="expat-dev"
_depends_migrate="
	/bin/sh
	apk-tools
	openrc
	"
makedepends="$depends_dev
	libevent-dev
	linux-headers
	openssl-dev>3
	protobuf-c-dev
	python3-dev
	swig
	"
checkdepends="
	bind-tools
	ldns-tools
	"
install="$pkgname.pre-install"
pkgusers="unbound"
pkggroups="unbound"
subpackages="
	$pkgname-dbg
	$pkgname-dev
	$pkgname-doc
	$pkgname-libs
	$pkgname-openrc
	py-unbound:py
	$pkgname-migrate::noarch
	"
source="https://unbound.net/downloads/unbound-$pkgver.tar.gz
	conf.patch
	migrate-dnscache-to-unbound
	$pkgname.initd
	$pkgname.confd
	"

# secfixes:
#   1.19.2-r0:
#     - CVE-2024-1931
#   1.19.1-r0:
#     - CVE-2023-50387
#     - CVE-2023-50868
#   1.16.3-r0:
#     - CVE-2022-3204
#   1.16.2-r0:
#     - CVE-2022-30698
#     - CVE-2022-30699
#   1.10.1-r0:
#     - CVE-2020-12662
#     - CVE-2020-12663
#   1.9.5-r0:
#     - CVE-2019-18934
#   1.9.4-r0:
#     - CVE-2019-16866

build() {
	export CFLAGS="$CFLAGS -flto=auto"

	PYTHON_VERSION=3 ./configure \
		--build="$CBUILD" \
		--host="$CHOST" \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--with-username=unbound \
		--with-run-dir="" \
		--with-pidfile="" \
		--with-rootkey-file=/usr/share/dnssec-root/trusted-key.key \
		--with-libevent \
		--with-pthreads \
		--disable-static \
		--disable-rpath \
		--enable-dnstap \
		--with-ssl \
		--without-pythonmodule \
		--with-pyunbound

	# do not link to libpython
	sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile

	make
}

check() {
	make test
}

package() {
	make DESTDIR="$pkgdir" install
	make DESTDIR="$pkgdir" unbound-event-install

	install -Dm755 contrib/update-anchor.sh \
		"$pkgdir"/usr/share/$pkgname/update-anchor.sh

	install -D -m644 doc/CREDITS doc/Changelog doc/FEATURES \
		doc/README doc/TODO -t "$pkgdir"/usr/share/doc/$pkgname/

	cd "$pkgdir"

	install -Dm755 "$srcdir"/unbound.initd ./etc/init.d/unbound
	install -Dm644 "$srcdir"/unbound.confd ./etc/conf.d/unbound
}

py() {
	pkgdesc="Python bindings to libunbound"
	depends="$depends_py"

	amove usr/lib/python*
}

migrate() {
	pkgdesc="Simple tool to migrate from dnscache to unbound"
	depends="$_depends_migrate"

	install -m755 -D "$srcdir"/migrate-dnscache-to-unbound \
		"$subpkgdir"/usr/bin/migrate-dnscache-to-unbound
}

sha512sums="
f860614f090a5a081cceff8ca7f4b3d416c00a251ae14ceb6b4159dc8cd022f025592074d3d78aee2f86c3eeae9d1a314713e4740aa91062579143199accd159  unbound-1.19.3.tar.gz
05fec1829dfb5279f35a76eeab768d88b6dffee4477b1db693360021969bdcc89e309f71ea6cc63e0f921b1fc223a073b97892be2095ed93d7da917a59e09d00  conf.patch
7ab3f57ade3fe8add60bfce208efccc968728fac5c94c759c34aaa09aa71e0da06dd7c24ae0fecf9e2ccc869594226d68b24fe2b0a0b161b833e22c0de1b03b6  migrate-dnscache-to-unbound
c8e29190a7ab2803bb528fcc008d9788c1d46ca96abd7273023778068156aa65330a99af76a755929d24dfa936a3900bd400368ddf7b89fb3bcef29dbaa32683  unbound.initd
0ceae15d69deb24baa16990226de31fe743d84779a2595f31b4910b46ef925fc132cec1683d0a06141f707d9cbe517d731015702c60d9df4958ccfb9abd5a23f  unbound.confd
"