net-dns/bind: bump to 9.18.0

- punted CHROOT stuff to simplify the ebuild and scripts
- bind-tools binaries (dig, delv etc) are not stand alone binaries
  anymore but link to bind libraries, i.e. net-dns/bind and
  net-dns/bind-tools by neccesity produce the same libraries resulting
  in file collisions. soft blocked each other for now
- net-dns/bind now produces everything, including binaries produced by
  net-dns/bind-tools
- old style dlz drivers have been removed upstream. prefer dumping from
  datastore (database, ldap etc) to a file on a regular basis/on demand
  instead anyway
- licensing: bind is mozilla-2.0
- dev-libs/jemalloc is the preferred allocator for bind-9.18. made it
  obligatory and dropped sparc keyword
- json and zlib USE flags dropped and made obligatory. zlib is more or
  less necessary because of doh stuff. json requirement is a small
  library. xml is still behind a USE flag as it has the potential to
  bring in big libraries (icu etc)
- python is optional and only used for testing
- upstream dropped berkdb support
- unified geoip and geoip2 USE flags
- build system now uses a more traditional autotools stack. punted old
  stuff from the ebuild
- do not install a zone file for loopback addresses. they are already
  built in
- no need for named.cache as well
- install named.conf.auth as a sample config file for authoratative
  named server.  recursive server do not need one to function
- openrc init script and confd revized, mostly because of punting chroot

Bug: https://bugs.gentoo.org/832218
Bug: https://bugs.gentoo.org/930348
Bug: https://bugs.gentoo.org/936568
Bug: https://bugs.gentoo.org/937907
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Eray Aslan <eras@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>

6 files changed, 292 insertions, 0 deletions

diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 56161e2f3eed..8e14a31310ce 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,4 @@
 DIST bind-9.16.48.tar.xz 5131176 BLAKE2B 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 SHA512 83829a5045e2a29dd2b491d3ab72b545f5664023fcd4aa205a44dbb7bcc5c737b4466c0d73f124b8d88fd33c56776871a07dde1ba0530d43eec8e7304a08d353
 DIST bind-9.16.48.tar.xz.asc 833 BLAKE2B 740ed58863ed3a7dee6ada4edd03cad5378ea0aa53cd6f071ca1911bb2d6b285ed292f32846790d42b97e8d9bb72588f1cd30c4e10557ac1e9f1df545923a9b1 SHA512 7bd813b5ab6f9677fc4ef21e0c3930f6319fa6c49d6869570794bc28212fe8935b72f9f217cfce692a2dec9ec29994f345d1b1145cef1ca976c5361f6ce0f75d
+DIST bind-9.18.0.tar.xz 5292320 BLAKE2B 3ed32880bcaf47d3a56a59cf35506c6f28acdfa52365615a3cd9671bbbc6437a1aab8cebb3ed6dec61af25b71357f8924ae8aae8779cdd422e8a3ff6ee3ef4e5 SHA512 941fe32499e1e7b08c2554f2e68a4886160d239ae23c9810f0cc0565636b5ce218dad5d332c1f4d101ce15f85b6cc2cd877fbf9ebdafb693a83ae57f999cab12
 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.18.0.ebuild b/net-dns/bind/bind-9.18.0.ebuild
new file mode 100644
index 000000000000..7499493af4f4
--- /dev/null
+++ b/net-dns/bind/bind-9.18.0.ebuild
@@ -0,0 +1,151 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{8..10} )
+
+inherit python-any-r1 systemd tmpfiles
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+RRL_PV="${MY_PV}"
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz"
+
+LICENSE="MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux"
+IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn geoip gssapi lmdb selinux static-libs test-extra xml"
+
+DEPEND="
+	acct-group/named
+	acct-user/named
+	dev-libs/jemalloc
+	dev-libs/json-c:=
+	dev-libs/libuv:=
+	sys-libs/zlib
+	dev-libs/openssl:=[-bindist(-)]
+	caps? ( >=sys-libs/libcap-2.1.0 )
+	dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
+	doh? ( net-libs/nghttp2 )
+	geoip? ( dev-libs/libmaxminddb )
+	gssapi? ( virtual/krb5 )
+	idn? ( net-dns/libidn2 )
+	lmdb? ( dev-db/lmdb )
+	xml? ( dev-libs/libxml2 )
+"
+BDEPEND="
+	test-extra? (
+		${PYTHON_DEPS}
+		dev-python/pytest
+		dev-perl/Net-DNS-SEC
+		dev-util/cmocka
+	)
+"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-bind )
+	sys-process/psmisc
+	!net-dns/bind-tools
+"
+
+S="${WORKDIR}/${MY_P}"
+
+src_configure() {
+	local myeconfargs=(
+		--prefix="${EPREFIX}"/usr
+		--sysconfdir=/etc/bind
+		--localstatedir=/var
+		--enable-full-report
+		--without-readline
+		--with-openssl="${ESYSROOT}"/usr
+		--with-jemalloc
+		--with-json-c
+		--with-zlib
+		$(use_enable caps linux-caps)
+		$(use_enable dnsrps)
+		$(use_enable dnstap)
+		$(use_enable doh)
+		$(use_with doh libnghttp2)
+		$(use_enable fixed-rrset)
+		$(use_enable static-libs static)
+		$(use_enable geoip)
+		$(use_with geoip maxminddb)
+		$(use_with gssapi)
+		$(use_with idn libidn2)
+		$(use_with lmdb)
+		$(use_with xml libxml2)
+		"${@}"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	# "${WORKDIR}/${P}"/bin/tests/system/README
+	# ifconfig.sh up and then down as root
+	#default
+
+	# just run the tests that dont mock around with IPs
+	emake -C lib/ check
+}
+
+src_install() {
+	default
+
+	dodoc CHANGES README.md
+
+	if use doc; then
+		docinto misc
+		dodoc -r doc/misc/
+
+		docinto html
+		dodoc -r doc/arm/
+
+		docinto dnssec-guide
+		dodoc -r doc/dnssec-guide/
+
+		docinto contrib
+		dodoc contrib/scripts/nanny.pl
+	fi
+
+	insinto /etc/bind
+	newins "${FILESDIR}"/named.conf-r9 named.conf.auth
+
+	newinitd "${FILESDIR}"/named.init-r15 named
+	newconfd "${FILESDIR}"/named.confd-r8 named
+
+	newenvd "${FILESDIR}"/10bind.env 10bind
+
+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+
+	dosym ../../var/bind/pri /etc/bind/pri
+	dosym ../../var/bind/sec /etc/bind/sec
+	dosym ../../var/bind/dyn /etc/bind/dyn
+	keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+	fowners root:named /etc/bind/{bind.keys,named.conf.auth}
+	fperms 0640 /etc/bind/{bind.keys,named.conf.auth}
+	fperms 0750 /etc/bind /var/bind/pri
+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+	systemd_newunit "${FILESDIR}/named.service-r1" named.service
+	dotmpfiles "${FILESDIR}"/named.conf
+	exeinto /usr/libexec
+	doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+	tmpfiles_process named.conf
+
+	if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+		einfo "Using /dev/urandom for generating rndc.key"
+		/usr/sbin/rndc-confgen -a
+		chown root:named /etc/bind/rndc.key || die
+		chmod 0640 /etc/bind/rndc.key || die
+	fi
+}
diff --git a/net-dns/bind/files/named.conf-r9 b/net-dns/bind/files/named.conf-r9
new file mode 100644
index 000000000000..e14996561731
--- /dev/null
+++ b/net-dns/bind/files/named.conf-r9
@@ -0,0 +1,21 @@
+options {
+        directory "/var/cache/bind";
+	pid-file "/run/named/named.pid";
+        listen-on { 127.0.0.1; };
+        listen-on-v6 { ::1; };
+        allow-recursion {
+                none;
+        };
+        allow-transfer {
+                none;
+        };
+        allow-update {
+                none;
+        };
+};
+
+zone "example.com." {
+        type primary;
+        file "/var/lib/bind/db.example.com";
+        notify explicit;
+};
diff --git a/net-dns/bind/files/named.confd-r8 b/net-dns/bind/files/named.confd-r8
new file mode 100644
index 000000000000..915c51d4f19f
--- /dev/null
+++ b/net-dns/bind/files/named.confd-r8
@@ -0,0 +1,18 @@
+# Set various named options here.
+#
+#OPTIONS=""
+
+# config file path
+NAMED_CONF="/etc/bind/named.conf"
+
+# Set this to the number of processors you want bind to use.
+# Leave this unchanged if you want bind to automatically detect the number
+#CPU="1"
+
+# Default pid file location
+# use named.conf to specify pid-file location
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+# Default: 0
+#NAMED_NICELEVEL="0"
+
diff --git a/net-dns/bind/files/named.init-r15 b/net-dns/bind/files/named.init-r15
new file mode 100644
index 000000000000..d5539d9aa854
--- /dev/null
+++ b/net-dns/bind/files/named.init-r15
@@ -0,0 +1,99 @@
+#!/sbin/openrc-run
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+	need net
+	use logger
+	provide dns
+}
+
+NAMED_CONF=${NAMED_CONF:-/etc/bind/named.conf}
+
+_get_pidfile() {
+	# as suggested in bug #107724, bug 335398#c17
+	[ -n "${PIDFILE}" ] || PIDFILE=$(\
+			/usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
+	[ -z "${PIDFILE}" ] && PIDFILE="/run/named/named.pid"
+}
+
+checkconfig() {
+	ebegin "Checking named configuration"
+
+	if [ ! -f "${NAMED_CONF}" ] ; then
+		eerror "No ${NAMED_CONF} file exists!"
+		return 1
+	fi
+	/usr/bin/named-checkconf ${NAMED_CONF} || {
+		eerror "named-checkconf failed! Please fix your config first."
+		return 1
+	}
+	eend 0
+}
+
+checkzones() {
+	ebegin "Checking named configuration and zones"
+	/usr/bin/named-checkconf -z ${NAMED_CONF}
+	eend $?
+}
+
+start() {
+	local piddir
+
+	ebegin "Starting named"
+	checkconfig || { eend 1; return 1; }
+
+	# create piddir (usually /run/named) if necessary, bug 334535
+	_get_pidfile
+	piddir="${PIDFILE%/*}"
+	checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+		eerror "Failed to create PID directory at $piddir"
+		eend 1
+		return 1
+	}
+
+	# In case someone have $CPU set in /etc/conf.d/named
+	if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+		CPU="-n ${CPU}"
+	fi
+
+	start-stop-daemon --start --pidfile ${PIDFILE} \
+		--nicelevel ${NAMED_NICELEVEL:-0} \
+		--exec /usr/sbin/named \
+		-- -u named ${CPU} ${OPTIONS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping named"
+	# -R 10, bug 335398
+	_get_pidfile
+	start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+		--exec /usr/sbin/named
+	eend $?
+}
+
+reload() {
+	local ret
+
+	ebegin "Reloading named.conf and zone files"
+
+	checkconfig || { eend 1; return 1; }
+
+	_get_pidfile
+	if [ -n "${PIDFILE}" ]; then
+		start-stop-daemon --pidfile $PIDFILE --signal HUP
+		ret=$?
+	else
+		ewarn "Unable to determine the pidfile... this is"
+		ewarn "a fallback mode. Please check your installation!"
+
+		$RC_SERVICE restart
+		ret=$?
+	fi
+
+	eend $ret
+}
diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml
index ec13f291d0cd..49012f10c364 100644
--- a/net-dns/bind/metadata.xml
+++ b/net-dns/bind/metadata.xml
@@ -9,10 +9,12 @@
 		<flag name="dnstap">Enables dnstap packet logging</flag>
 		<flag name="dnsrps">Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an external response policy provider</flag>
 		<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
+		<flag name="doh">Enables dns-over-https</flag>
 		<flag name="fixed-rrset">Enables fixed rrset-order option</flag>
 		<flag name="geoip2">Enable GeoIP2 API from MaxMind</flag>
 		<flag name="gssapi">Enable gssapi support</flag>
 		<flag name="json">Enable JSON statistics channel</flag>
 		<flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag>
+		<flag name="test-extra">Pulls in extra dependencies for additional testing</flag>
 	</use>
 </pkgmetadata>