[packages] unbound: update to 1.4.11 (#9374), thanks Cybjit

* add anchor, control, control-setup, host & library packages * add patch for the configuration options * drop the incomplete local configuration file * update named.cache * use the default auto-trust-anchor-file filename git-svn-id: svn://svn.openwrt.org/openwrt/packages@27603 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-07-13 05:35:48 +00:00 · 2011-07-13 05:35:48 +00:00 · 11b8a2ad96
commit 11b8a2ad96
parent 0b69e93928
5 changed files with 289 additions and 102 deletions
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2010 OpenWrt.org
+# Copyright (C) 2010-2011 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -8,55 +8,166 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=unbound
-PKG_VERSION:=1.4.5
-PKG_RELEASE:=3
+PKG_VERSION:=1.4.11
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_MD5SUM:=f1f6c97b90b15ca503a80b888c311d6c
+PKG_MD5SUM:=8e9903dd5cba0d3501e24f55b25debbd

+PKG_BUILD_DEPENDS:=libexpat
+PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
 PKG_LIBTOOL_PATHS:= ./libtool ./ldns-src/libtool

 include $(INCLUDE_DIR)/package.mk

+define Package/unbound/Default
+  TITLE:=A validating, recursive & caching DNS resolver
+  URL:=http://www.unbound.net/
+  DEPENDS:=+libldns
+endef
+
 define Package/unbound
+  $(call Package/unbound/Default)
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=IP Addresses and Names
-  TITLE:=A validating, recursive, and caching DNS resolver
-  URL:=http://www.unbound.net/
-  DEPENDS:=+libopenssl
+  TITLE+= (daemon)
+  DEPENDS+= +libunbound
+endef
+
+define Package/unbound/description
+  This package contains the Unbound daemon.
+endef
+
+define Package/unbound-anchor
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (anchor utility)
+  DEPENDS+= +unbound +libexpat
+endef
+
+define Package/unbound-anchor/description
+  This package contains the Unbound anchor utility.
+endef
+
+define Package/unbound-control
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (control utility)
+  DEPENDS+= +unbound
+endef
+
+define Package/unbound-control/description
+  This package contains the Unbound control utility.
+endef
+
+define Package/unbound-control-setup
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (control setup utility)
+  DEPENDS+= +unbound-control +openssl-util
+endef
+
+define Package/unbound-control-setup/description
+  This package contains the Unbound control setup utility.
+endef
+
+define Package/unbound-host
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (DNS lookup utility)
+  DEPENDS+= +libunbound
+endef
+
+define Package/unbound-host/description
+  This package contains the Unbound DNS lookup utility.
+endef
+
+define Package/libunbound
+  $(call Package/unbound/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE+= (library)
+endef
+
+define Package/libunbound/description
+  This package contains the Unbound shared library.
 endef

 CONFIGURE_ARGS += \
+	--disable-gost \
+	--enable-allsymbols \
+	--with-ldns="$(STAGING_DIR)/usr" \
+	--with-libexpat="$(STAGING_DIR)/usr" \
 	--with-ssl="$(STAGING_DIR)/usr" \
-	--without-pthreads \
+	--without-pthreads

 define Package/unbound/conffiles
 /etc/unbound/unbound.conf
 endef

-define Package/unbound/install
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* \
-		$(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/
+endef
+
+define Package/unbound/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/sbin/unbound \
 		$(PKG_INSTALL_DIR)/usr/sbin/unbound-checkconf \
-		$(PKG_INSTALL_DIR)/usr/sbin/unbound-control \
-		$(PKG_INSTALL_DIR)/usr/sbin/unbound-host \
 		$(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/unbound
-	$(INSTALL_CONF) ./files/unbound.conf $(1)/etc/unbound/
-	$(INSTALL_CONF) ./files/root.autokey $(1)/etc/unbound/
+	$(INSTALL_CONF) \
+		$(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \
+		$(1)/etc/unbound/
+	$(INSTALL_CONF) ./files/root.key $(1)/etc/unbound/
 	$(INSTALL_CONF) ./files/named.cache $(1)/etc/unbound/
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/unbound.init $(1)/etc/init.d/unbound
 endef

-$(eval $(call BuildPackage,unbound))
+define Package/unbound-anchor/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/
+endef

+define Package/unbound-control/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control $(1)/usr/sbin/
+endef
+
+define Package/unbound-control-setup/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control-setup $(1)/usr/sbin/
+endef
+
+define Package/unbound-host/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-host $(1)/usr/sbin/
+endef
+
+define Package/libunbound/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,unbound))
+$(eval $(call BuildPackage,unbound-anchor))
+$(eval $(call BuildPackage,unbound-control))
+$(eval $(call BuildPackage,unbound-control-setup))
+$(eval $(call BuildPackage,unbound-host))
+$(eval $(call BuildPackage,libunbound))
--- a/net/unbound/files/named.cache
+++ b/net/unbound/files/named.cache
@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:    Jun 17, 2010
-;       related version of root zone:   2010061700
+;       last update:    Jun 8, 2011
+;       related version of root zone:   2011060800
 ;
 ; formerly NS.INTERNIC.NET
 ;
@ -32,6 +32,7 @@ C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
 ;
 .                        3600000      NS    D.ROOT-SERVERS.NET.
 D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
 ;
 ; FORMERLY NS.NASA.GOV
 ;
--- a/net/unbound/files/root.autokey
+++ b/net/unbound/files/root.autokey
--- a/net/unbound/files/unbound.conf
+++ b/net/unbound/files/unbound.conf
@ -1,83 +0,0 @@
-server:
-	verbosity: 1
-
-	interface: ::0
-	interface: 0.0.0.0
-
-	# the amount of memory to use for the RRset cache.
-	# plain value in bytes or you can append k, m or G. default is "4Mb". 
-	rrset-cache-size: 1m
-
-	# the number of slabs to use for the RRset cache.
-	# the number of slabs must be a power of 2.
-	# more slabs reduce lock contention, but fragment memory usage.
-	rrset-cache-slabs: 2
-
-	# control which clients are allowed to make (recursive) queries
-	# to this server. Specify classless netblocks with /size and action.
-	# By default everything is refused, except for localhost.
-	# Choose deny (drop message), refuse (polite error reply),
-	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
-	# access-control: 0.0.0.0/0 refuse
-	# access-control: 127.0.0.0/8 allow
-	# access-control: ::0/0 refuse
-	# access-control: ::1 allow
-	# access-control: ::ffff:127.0.0.1 allow
-	access-control: 0.0.0.0/0 allow
-	access-control: ::0/0 allow
-
-
-	# if given, user privileges are dropped (after binding port),
-	# and the given username is assumed. Default is user "unbound".
-	# If you give "" no privileges are dropped.
-	# username: "unbound"
-	username: ""
-
-	# the working directory. The relative files in this config are 
-	# relative to this directory. If you give "" the working directory
-	# is not changed.
-	directory: "/etc/unbound"
-
-	# the log file, "" means log to stderr. 
-	# Use of this option sets use-syslog to "no".
-	# logfile: ""
-
-	# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to 
-	# log to, with identity "unbound". If yes, it overrides the logfile.
-	use-syslog: yes 
-
-	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
-	# log-time-ascii: no
-
-	# the pid file. Can be an absolute path outside of chroot/work dir.
-	pidfile: "/var/run/unbound.pid"
-
-	# file to read root hints from.
-	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
-	root-hints: "named.cache"
-	
-	
-	# Root zone trust anchor key
-	# Will be autoupdated by unbound in case of key change
-	auto-trust-anchor-file: "root.autokey"
-
-	# If you want to also do DLV validation (RFC5074),
-	# download http://ftp.isc.org/www/dlv/dlv.isc.org.key
-	# and uncomment following line:
-	#dlv-anchor-file: "dlv.isc.org.key"
-
-	# You can also do ITAR validation (https://itar.iana.org)
-	# To download and update anchors.mf file, use update-itar.sh
-	# from page http://www.unbound.net/documentation/howto_itar.html
-	#trust-anchor-file: "anchors.mf"
-
-
-    # If you want to forward requests to another recursive DNS server
-    # uncomment this. Please note that many DNS recursors do strip 
-    # DNSSEC data, rendering unbound server unusable.
-    # forward-zone:
-    #   name: "."
-    #	forward-addr: 8.8.8.8
-    #	forward-addr: 8.8.4.4
-	
-
--- a/net/unbound/patches/001-conf.patch
+++ b/net/unbound/patches/001-conf.patch
@ -0,0 +1,158 @@
+--- a/doc/example.conf.in
+++ b/doc/example.conf.in
+@@ -38,6 +38,8 @@ server:
+ 	# interface: 192.0.2.154
+ 	# interface: 192.0.2.154@5003
+ 	# interface: 2001:DB8::5
+	interface: 0.0.0.0
+	interface: ::0
+ 
+ 	# enable this feature to copy the source address of queries to reply.
+ 	# Socket options are not supported on all platforms. experimental. 
+@@ -57,6 +59,7 @@ server:
+ 	# port range that can be open simultaneously.  About double the
+ 	# num-queries-per-thread, or, use as many as the OS will allow you.
+ 	# outgoing-range: 4096
+	outgoing-range: 60
+ 
+ 	# permit unbound to use this port number or port range for
+ 	# making outgoing queries, using an outgoing interface.
+@@ -71,9 +74,11 @@ server:
+ 
+ 	# number of outgoing simultaneous tcp buffers to hold per thread.
+ 	# outgoing-num-tcp: 10
+	outgoing-num-tcp: 1
+ 
+ 	# number of incoming simultaneous tcp buffers to hold per thread.
+ 	# incoming-num-tcp: 10
+	incoming-num-tcp: 1
+ 
+ 	# buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
+ 	# 0 is system default.  Use 4m to catch query spikes for busy servers.
+@@ -90,18 +95,22 @@ server:
+ 	# buffer size for handling DNS data. No messages larger than this
+ 	# size can be sent or received, by UDP or TCP. In bytes.
+ 	# msg-buffer-size: 65552
+	msg-buffer-size: 8192
+ 
+ 	# the amount of memory to use for the message cache.
+ 	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+ 	# msg-cache-size: 4m
+	msg-cache-size: 100k
+ 
+ 	# the number of slabs to use for the message cache.
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# msg-cache-slabs: 4
+	msg-cache-slabs: 1
+ 
+ 	# the number of queries that a thread gets to service.
+ 	# num-queries-per-thread: 1024
+	num-queries-per-thread: 30
+ 
+ 	# if very busy, 50% queries run to completion, 50% get timeout in msec
+ 	# jostle-timeout: 200
+@@ -109,11 +118,13 @@ server:
+ 	# the amount of memory to use for the RRset cache.
+ 	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+ 	# rrset-cache-size: 4m
+	rrset-cache-size: 100k
+ 
+ 	# the number of slabs to use for the RRset cache.
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# rrset-cache-slabs: 4
+	rrset-cache-slabs: 1
+ 
+ 	# the time to live (TTL) value lower bound, in seconds. Default 0.
+ 	# If more than an hour could easily give trouble due to stale data.
+@@ -134,12 +145,15 @@ server:
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# infra-cache-slabs: 4
+	infra-cache-slabs: 1
+ 
+ 	# the maximum number of hosts that are cached (roundtrip times, EDNS).
+ 	# infra-cache-numhosts: 10000
+	infra-cache-numhosts: 200
+ 
+ 	# the maximum size of the lame zones cached per host. in bytes.
+ 	# infra-cache-lame-size: 10k
+	infra-cache-lame-size: 1k
+ 
+ 	# Enable IPv4, "yes" or "no".
+ 	# do-ip4: yes
+@@ -166,6 +180,8 @@ server:
+ 	# access-control: ::0/0 refuse
+ 	# access-control: ::1 allow
+ 	# access-control: ::ffff:127.0.0.1 allow
+	access-control: 0.0.0.0/0 allow
+	access-control: ::0/0 allow
+ 
+ 	# if given, a chroot(2) is done to the given directory.
+ 	# i.e. you can chroot to the working directory, for example,
+@@ -196,6 +212,7 @@ server:
+ 	# and the given username is assumed. Default is user "unbound".
+ 	# If you give "" no privileges are dropped.
+ 	# username: "@UNBOUND_USERNAME@"
+	username: ""
+ 
+ 	# the working directory. The relative files in this config are 
+ 	# relative to this directory. If you give "" the working directory
+@@ -218,10 +235,12 @@ server:
+ 
+ 	# the pid file. Can be an absolute path outside of chroot/work dir.
+ 	# pidfile: "@UNBOUND_PIDFILE@"
+	pidfile: "/var/run/unbound.pid"
+ 
+ 	# file to read root hints from.
+ 	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
+ 	# root-hints: ""
+	root-hints: "/etc/unbound/named.cache"
+ 
+ 	# enable to not answer id.server and hostname.bind queries.
+ 	# hide-identity: no
+@@ -244,12 +263,15 @@ server:
+ 	#	positive value: fetch that many targets opportunistically.
+ 	# Enclose the list of numbers between quotes ("").
+ 	# target-fetch-policy: "3 2 1 0 0"
+	target-fetch-policy: "2 1 0 0 0 0"
+ 
+ 	# Harden against very small EDNS buffer sizes. 
+ 	# harden-short-bufsize: no
+	harden-short-bufsize: yes
+ 
+ 	# Harden against unseemly large queries.
+ 	# harden-large-queries: no
+	harden-large-queries: yes
+ 
+ 	# Harden against out of zone rrsets, to avoid spoofing attempts. 
+ 	# harden-glue: yes
+@@ -323,7 +345,7 @@ server:
+ 	# you start unbound (i.e. in the system boot scripts).  And enable:
+ 	# Please note usage of unbound-anchor root anchor is at your own risk
+ 	# and under the terms of our LICENSE (see that file in the source).
+-	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+	auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+ 
+ 	# File with DLV trusted keys. Same format as trust-anchor-file.
+ 	# There can be only one DLV configured, it is trusted from root down.
+@@ -409,15 +431,18 @@ server:
+ 	# the amount of memory to use for the key cache.
+ 	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+ 	# key-cache-size: 4m
+	key-cache-size: 100k
+ 
+ 	# the number of slabs to use for the key cache.
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# key-cache-slabs: 4
+	key-cache-slabs: 1
+ 
+ 	# the amount of memory to use for the negative cache (used for DLV).
+ 	# plain value in bytes or you can append k, m or G. default is "1Mb". 
+ 	# neg-cache-size: 1m
+	neg-cache-size: 10k
+ 
+ 	# a number of locally served zones can be configured.
+ 	# 	local-zone: <zone> <type>