svn commit: r418476 - in head/dns: . opendnssec2 opendnssec2/files
Erwin Lansing
erwin at FreeBSD.org
Wed Jul 13 13:29:20 UTC 2016
Author: erwin
Date: Wed Jul 13 13:29:18 2016
New Revision: 418476
URL: https://svnweb.freebsd.org/changeset/ports/418476
Log:
The current opendnssec porthas seen a massive rewrite by the upstream
so it was rechristened opendnssec Version 2.
To quote the announcement at <https://www.opendnssec.org>:
"OpenDNSSEC got a entire re-write of the enforcer. This part of
OpenDNSSEC controls changing signing keys in the right way to perform
a roll-over. Before, the enforcer would perform a roll-over according
to a strict paradigm. One scenario in which deviations would not be
possible.
The new enforcer is more aware of the zone changes being propagated in
the Internet. It can therefore decide when it is safe to make changes,
rather than to rely upon a given scenario.
PR: 211018
Submitted by: Jaap Akkerhuis <jaap at NLnetLabs.nl>
Sponsored by: DK Hostmaster A/S
Added:
head/dns/opendnssec2/
head/dns/opendnssec2/Makefile (contents, props changed)
head/dns/opendnssec2/distinfo (contents, props changed)
head/dns/opendnssec2/files/
head/dns/opendnssec2/files/opendnssec.in (contents, props changed)
head/dns/opendnssec2/files/pkg-message.in (contents, props changed)
head/dns/opendnssec2/pkg-descr (contents, props changed)
head/dns/opendnssec2/pkg-plist (contents, props changed)
Modified:
head/dns/Makefile
Modified: head/dns/Makefile
==============================================================================
--- head/dns/Makefile Wed Jul 13 13:26:29 2016 (r418475)
+++ head/dns/Makefile Wed Jul 13 13:29:18 2016 (r418476)
@@ -105,6 +105,7 @@
SUBDIR += opendd
SUBDIR += opendnssec
SUBDIR += opendnssec13
+ SUBDIR += opendnssec2
SUBDIR += openresolv
SUBDIR += p5-AnyEvent-CacheDNS
SUBDIR += p5-AnyEvent-DNS-EtcHosts
Added: head/dns/opendnssec2/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/opendnssec2/Makefile Wed Jul 13 13:29:18 2016 (r418476)
@@ -0,0 +1,84 @@
+# Created by: Jaap Akkerhuis <jaap at NLnetLabs.nl>
+# $FreeBSD$
+
+PORTNAME= opendnssec
+PORTVERSION= 2.0.0
+CATEGORIES= dns
+MASTER_SITES= http://dist.opendnssec.org/source/
+PKGNAMESUFFIX= 2
+
+MAINTAINER= jaap at NLnetLabs.nl
+COMMENT= Tool suite for maintaining DNSSEC
+
+LICENSE= BSD3CLAUSE
+
+BUILD_DEPENDS= ldns>=1.6.16:dns/ldns
+LIB_DEPENDS= libldns.so:dns/ldns
+
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --localstatedir="${PREFIX}/var"
+USE_RC_SUBR= opendnssec
+USE_GNOME= libxml2
+USES= perl5
+USES= ssl
+USE_LDCONFIG= yes
+
+SUB_FILES+= pkg-message
+
+CONFLICTS= opendnssec-1.[0-4]*
+
+USERS= opendnssec
+GROUPS= opendnssec
+
+PORTDOCS= MIGRATION NEWS README.md
+MIGRATE= README.md find_problematic_zones.sql \
+ convert_mysql mysql_convert.sql \
+ convert_sqlite sqlite_convert.sql
+
+OPTIONS_DEFINE= SOFTHSM DOCS
+OPTIONS_SUB= yes
+
+OPTIONS_SINGLE= DB
+OPTIONS_SINGLE_DB= SQLITE MYSQL
+
+OPTIONS_DEFAULT= DOCS SQLITE
+
+SOFTHSM_DESC= SoftHSM cryptographic store for PKCS \#11 interface
+
+MYSQL_DESC= Use MYSQL backend
+SQLITE_DESC= Use SQLite backend
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MMYSQL}
+CONFIGURE_ARGS+= --with-enforcer-database=mysql
+USES+= mysql
+.endif
+
+.if ${PORT_OPTIONS:MSQLITE}
+USES= sqlite
+CONFIGURE_ARGS+= --with-enforcer-database=sqlite3
+BUILD_DEPENDS+= sqlite3>=3.3.9:databases/sqlite3
+.endif
+
+.if ${PORT_OPTIONS:MSOFTHSM}
+CONFIGURE_ARGS+= --with-pkcs11-softhsm=${LOCALBASE}/lib/softhsm/libsofthsm.so
+RUN_DEPENDS+= softhsm>=1.2.0:security/softhsm
+.endif
+
+pre-install:
+.if ${PORT_OPTIONS:MMYSQL}
+ ${REINPLACE_CMD} -e '/REQUIRE:/ s|$$| mysql|' ${WRKDIR}/opendnssec
+.endif
+
+post-install:
+.if ${PORT_OPTIONS:MDOCS}
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+ ${MKDIR} ${STAGEDIR}${DOCSDIR}/1.4-2.0_db_convert
+ ${INSTALL_DATA} \
+ ${MIGRATE:S|^|${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/|} \
+ ${STAGEDIR}${DOCSDIR}/1.4-2.0_db_convert
+.endif
+
+.include <bsd.port.mk>
Added: head/dns/opendnssec2/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/opendnssec2/distinfo Wed Jul 13 13:29:18 2016 (r418476)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1467876838
+SHA256 (opendnssec-2.0.0.tar.gz) = 3f3087ee1f2dee8b55d823d4b6825dc0212ea5162965382df11b2de36b888b7f
+SIZE (opendnssec-2.0.0.tar.gz) = 1072734
Added: head/dns/opendnssec2/files/opendnssec.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/opendnssec2/files/opendnssec.in Wed Jul 13 13:29:18 2016 (r418476)
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: opendnssec
+# REQUIRE: LOGIN DAEMON
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable opendnssec:
+#
+# opendnssec_enable="YES"
+
+. /etc/rc.subr
+
+name=opendnssec
+rcvar=opendnssec_enable
+
+load_rc_config $name
+
+opendnssec_enable=${opendnssec_enable:-"NO"}
+
+start_cmd="${name}_run start"
+stop_cmd="${name}_run stop"
+extra_commands="reload ksm hsm signer enforcer"
+
+procname=${opendnssec_procname}
+
+opendnssec_run()
+{
+ %%PREFIX%%/sbin/ods-control $1
+}
+
+run_rc_command "$1"
Added: head/dns/opendnssec2/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/opendnssec2/files/pkg-message.in Wed Jul 13 13:29:18 2016 (r418476)
@@ -0,0 +1,27 @@
+######
+# A manual migration step is needed to migration from 1.4 to 2.0.
+#
+# First migrate to at least the 1.4.10 release if you have not already done
+# so.
+#
+# Review the documentation on the OpenDNSSEC site. This can be
+# updated in between releases to provide more help. Especially if
+# you have tooling around OpenDNSSEC you should be aware that some
+# command line utilities have changed. A fair amount of backward
+# compatibility has been respected, but changes are present.
+#
+# The enforcer does require a full migration, as the internal database has
+# been completely revised. See the documentation in
+# %%DOCSDIR%%/1.4-2.0_db_convert/README.md for a description.
+#
+# Migration scripts are installed in %%DOCSDIR%%.
+#
+# The signer does not require any migration. Backward compatibility is
+# respected from earlier 1.4 release. The signer should not require a
+# full resign of your zone when upgrading, however if you decide to downgrade
+# a full resign is required.
+######
+
+An HowTo is provided at
+<https://wiki.opendnssec.org/display/DOCS20/Quick+start+guide>
+
Added: head/dns/opendnssec2/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/opendnssec2/pkg-descr Wed Jul 13 13:29:18 2016 (r418476)
@@ -0,0 +1,5 @@
+OpenDNSSEC was created as an open-source turn-key solution for
+DNSSEC. It secures zone data just before it is published in an
+authoritative name server.
+
+WWW: http://www.opendnssec.org
Added: head/dns/opendnssec2/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/opendnssec2/pkg-plist Wed Jul 13 13:29:18 2016 (r418476)
@@ -0,0 +1,65 @@
+bin/ods-hsmspeed
+bin/ods-hsmutil
+bin/ods-kasp2html
+bin/ods-kaspcheck
+bin/ods-ksmutil
+ at sample %%ETCDIR%%/addns.xml.sample
+ at sample %%ETCDIR%%/conf.xml.sample
+ at sample %%ETCDIR%%/kasp.xml.sample
+ at sample %%ETCDIR%%/zonelist.xml.sample
+man/man1/ods-hsmspeed.1.gz
+man/man1/ods-hsmutil.1.gz
+man/man1/ods-kaspcheck.1.gz
+man/man1/ods-ksmutil.1.gz
+man/man5/ods-kasp.5.gz
+man/man5/ods-timing.5.gz
+man/man7/opendnssec.7.gz
+man/man8/ods-control.8.gz
+man/man8/ods-enforcer-db-setup.8.gz
+man/man8/ods-enforcer.8.gz
+man/man8/ods-enforcerd.8.gz
+man/man8/ods-signer.8.gz
+man/man8/ods-signerd.8.gz
+sbin/ods-control
+sbin/ods-enforcer
+sbin/ods-enforcer-db-setup
+sbin/ods-enforcerd
+sbin/ods-migrate
+sbin/ods-signer
+sbin/ods-signerd
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/README.md
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/convert_mysql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/convert_sqlite
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/find_problematic_zones.sql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/mysql_convert.sql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/sqlite_convert.sql
+%%DATADIR%%/addns.rnc
+%%DATADIR%%/addns.rng
+%%DATADIR%%/conf.rnc
+%%DATADIR%%/conf.rng
+%%DATADIR%%/enforcerstate.rnc
+%%DATADIR%%/enforcerstate.rng
+%%DATADIR%%/kasp.rnc
+%%DATADIR%%/kasp.rng
+%%DATADIR%%/kasp2html.xsl
+ at comment %%SQLITE%%%%DATADIR%%/migrate_1_4_8.sqlite3
+ at comment %%SQLITE%%%%DATADIR%%/migrate_adapters_1.sqlite3
+ at comment %%SQLITE%%%%DATADIR%%/migrate_keyshare_sqlite3.pl
+ at comment %%SQLITE%%%%DATADIR%%/migrate_to_ng_sqlite.pl
+ at comment %%MYSQL%%%%DATADIR%%/migrate_1_4_8.mysql
+ at comment %%MYSQL%%%%DATADIR%%/migrate_adapters_1.mysql
+ at comment %%MYSQL%%%%DATADIR%%/migrate_keyshare_mysql.pl
+ at comment %%MYSQL%%%%DATADIR%%/migrate_zone_delete.mysql
+ at comment %%MYSQL%%%%DATADIR%%/migrate_id_mysql.pl
+ at comment %%MYSQL%%%%DATADIR%%/migrate_to_ng_mysql.pl
+%%DATADIR%%/signconf.rnc
+%%DATADIR%%/signconf.rng
+%%DATADIR%%/zonelist.rnc
+%%DATADIR%%/zonelist.rng
+ at dir(opendnssec,opendnssec,) var/opendnssec
+ at dir(opendnssec,opendnssec,) var/opendnssec/enforcer
+ at dir(opendnssec,opendnssec,) var/opendnssec/signconf
+ at dir(opendnssec,opendnssec,) var/opendnssec/signed
+ at dir(opendnssec,opendnssec,) var/opendnssec/signer
+ at dir(opendnssec,opendnssec,) var/opendnssec/unsigned
+ at dir(opendnssec,opendnssec,) var/run/opendnssec
More information about the svn-ports-all
mailing list