aboutsummaryrefslogtreecommitdiffstats
path: root/main/unbound/APKBUILD
blob: ad491ff4736090d3388ce6d35cd4a55b9c24f083 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.9.1
pkgrel=8
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
url="http://unbound.net/"
arch="all"
license="BSD-3-Clause"
depends="dns-root-hints dnssec-root"
depends_dev="expat-dev"
depends_migrate="/bin/sh apk-tools dns-root-hints openrc"
makedepends="$depends_dev libevent-dev openssl-dev python3-dev swig linux-headers"
install="$pkgname.pre-install"
options="!check"
pkgusers="unbound"
pkggroups="unbound"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg
	$pkgname-openrc py-unbound:py $pkgname-migrate::noarch"
source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz
	conf.patch
	CVE-2019-16866.patch
	CVE-2019-18934.patch
	CVE-2020-12662_CVE-2020-12663.patch
	migrate-dnscache-to-unbound
	$pkgname.initd
	$pkgname.confd
	"
builddir="$srcdir/$pkgname-$pkgver"

# secfixes:
#   1.9.1-r8:
#     - CVE-2020-12662
#     - CVE-2020-12663
#   1.9.1-r4:
#     - CVE-2019-18934
#   1.9.1-r3:
#     - CVE-2019-16866

build() {
	cd "$builddir"

	PYTHON_VERSION=3 ./configure \
		--build="$CBUILD" \
		--host="$CHOST" \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--with-username=unbound \
		--with-run-dir="" \
		--with-pidfile="" \
		--with-rootkey-file=/usr/share/dnssec-root/trusted-key.key \
		--with-libevent \
		--with-pthreads \
		--disable-static \
		--disable-rpath \
		--with-ssl \
		--without-pythonmodule \
		--with-pyunbound

	# do not link to libpython
	sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile

	make
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	install -m755 -D contrib/update-anchor.sh \
		"$pkgdir"/usr/share/$pkgname/update-anchor.sh

	mkdir -p "$pkgdir"/usr/share/doc/$pkgname/
	install -m644 doc/CREDITS doc/Changelog doc/FEATURES \
		doc/README doc/TODO "$pkgdir"/usr/share/doc/$pkgname/

	cd "$pkgdir"

	mkdir -p ./etc/unbound
	rm -f ./etc/unbound/root.hints
	ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints

	install -m755 -D "$srcdir"/unbound.initd ./etc/init.d/unbound
	install -m755 -D "$srcdir"/unbound.confd ./etc/conf.d/unbound
}

libs() {
	pkgdesc="unbound shared libraries"
	depends="$depends_libs"

	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/
}

openrc() {
	depends="$depends_openrc"

	default_openrc
}

py() {
	pkgdesc="Python bindings to libunbound"
	depends="$depends_py"

	mkdir -p "$subpkgdir"/usr/lib/
	mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
}

migrate() {
	pkgdesc="Simple tool to migrate from dnscache to unbound"
	depends="$depends_migrate"

	install -m755 -D "$srcdir"/migrate-dnscache-to-unbound \
		"$subpkgdir"/usr/bin/migrate-dnscache-to-unbound
}
sha512sums="5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d  unbound-1.9.1.tar.gz
f9b90c6e717f99f3927a20320c5ec9e666af9eb4ad732520cd6de12c9ea98375c44dbbc598bef955a7c0243fbce0b29d9015ccc85b909b62509967cd8976a3c8  conf.patch
da578f620bc1abca4a53bb3448c023c59ccd33c0d560603ab5e6caf7eebd8e4d8a2401f2e4ebbcf1124f168699be02a489ae27d7b723f9b67678592ecea30529  CVE-2019-16866.patch
b2ae6363d89c4effa9e926210c4b876eb8fefa79bf459047107e6fb8eb8aca2b9844a4a8bdabe361248be2eeb36519aac7bbc4fe7b805447958088bcc18a83d2  CVE-2019-18934.patch
9362936e4ce7c3f391590526423c7f13c596bc71db6b643056bcf885797a26ea74e44e920383b6af6ac56294f5dc9529dded96645f519a377269f920e9a8cf68  CVE-2020-12662_CVE-2020-12663.patch
0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59  migrate-dnscache-to-unbound
a2b39cb00d342c3bae70ae714dc2bd7c15d0475b35f7afff11fb0bd4c1786f83dd5425a5900a7b4d6c17915a6c546e37f82404bceb44f79c054629e999f23152  unbound.initd
40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71  unbound.confd"