summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild48
-rw-r--r--net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch182
2 files changed, 230 insertions, 0 deletions
diff --git a/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
new file mode 100644
index 000000000000..cffca2ff2de9
--- /dev/null
+++ b/net-dns/dnsviz/dnsviz-0.8.2-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+inherit distutils-r1 eutils
+
+DESCRIPTION="Tool suite for analysis and visualization of DNS and DNSSEC"
+HOMEPAGE="https://dnsviz.net/"
+SRC_URI="https://github.com/dnsviz/dnsviz/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+ dev-python/dnspython[${PYTHON_USEDEP}]
+ >=dev-python/m2crypto-0.31.0[${PYTHON_USEDEP}]
+ >=dev-python/pygraphviz-1.3.1[${PYTHON_USEDEP}]
+ dev-python/setuptools[${PYTHON_USEDEP}]"
+
+RDEPEND="
+ ${DEPEND}"
+
+PATCHES=( "${FILESDIR}"/${PN}-0.8.2-add-ed448-support.patch )
+
+python_prepare_all() {
+ # Fix the ebuild to use correct FHS/Gentoo policy paths for 0.8.2
+ sed -i "s*share/doc/dnsviz*share/doc/dnsviz-${PV}*g" "${S}"/setup.py || die
+
+ distutils-r1_python_prepare_all
+}
+
+pkg_postinst() {
+ elog "Support for extra feature can be get from:"
+ optfeature "Support for pre-deployment testing" net-dns/bind
+
+ # Warn about extra requirements for >=OpenSSL 1.1.0
+ if has_version '=dev-libs/openssl-1.1*'; then
+ echo
+ ewarn "With OpenSSL version 1.1.0 and later,the OpenSSL GOST Engine"
+ ewarn "is necessary to validate DNSSEC signatures with algorithm 12"
+ ewarn "(GOST R 34.10-2001) and digests of type 3 (GOST R 34.11-94)"
+ ewarn "OpenSSL GOST Engine can be get from --> dev-libs/gost-engine"
+ fi
+}
diff --git a/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
new file mode 100644
index 000000000000..1d4d88e97e6d
--- /dev/null
+++ b/net-dns/dnsviz/files/dnsviz-0.8.2-add-ed448-support.patch
@@ -0,0 +1,182 @@
+From 99bb0c7430c9f954582eabd3a9581fe0db6f2e81 Mon Sep 17 00:00:00 2001
+From: Pascal Ernster <git@hardfalcon.net>
+Date: Mon, 22 Jul 2019 04:25:18 +0200
+Subject: [PATCH] Replace libnacl with python-cryptography, add support for
+ algo 16 (Ed448)
+
+Origin: https://github.com/dnsviz/dnsviz/pull/54
+
+---
+ Dockerfile | 2 +-
+ README.md | 8 ++++----
+ contrib/dnsviz-py2.spec | 2 +-
+ contrib/dnsviz-py3.spec | 2 +-
+ dnsviz/crypto.py | 30 +++++++++++++++++++++++++-----
+ requirements.txt | 2 +-
+ setup.py | 2 +-
+ 7 files changed, 34 insertions(+), 14 deletions(-)
+
+diff --git a/Dockerfile b/Dockerfile
+index dc6a0d9e..61a319de 100644
+--- a/Dockerfile
++++ b/Dockerfile
+@@ -2,7 +2,7 @@ FROM alpine:edge
+
+ RUN apk add python3 graphviz ttf-liberation libsodium bind bind-tools
+ RUN apk add --virtual builddeps linux-headers python3-dev graphviz-dev gcc libc-dev openssl-dev swig && \
+- pip3 install pygraphviz m2crypto dnspython libnacl && \
++ pip3 install pygraphviz m2crypto dnspython cryptography && \
+ apk del builddeps
+
+ COPY . /tmp/dnsviz
+diff --git a/README.md b/README.md
+index e9dcda83..03d9c3dd 100644
+--- a/README.md
++++ b/README.md
+@@ -41,7 +41,7 @@ Instructions for running in a Docker container are also available
+
+ * M2Crypto (0.28.0 or later) - https://gitlab.com/m2crypto/m2crypto
+
+-* libnacl - https://github.com/saltstack/libnacl
++* Cryptography (2.6 or later) - https://cryptography.io/
+
+ Note that the software versions listed above are known to work with the current
+ version of DNSViz. Other versions might also work well together, but might
+@@ -85,7 +85,7 @@ $ source ~/myenv/bin/activate
+ ```
+ (Note that this installs the dependencies that are python packages, but some of
+ these packages have non-python dependecies, such as Graphviz (required for
+-pygraphviz) and libsodium (required for libnacl), that are not installed
++pygraphviz) and OpenSSL (required for Cryptography), that are not installed
+ automatically.)
+
+ Next download and install DNSViz from the Python Package Index (PyPI):
+@@ -121,9 +121,9 @@ $ cp dist/dnsviz-*.tar.gz ~/rpmbuild/SOURCES/
+ $ cp contrib/dnsviz-py${PY_VERS}.spec ~/rpmbuild/SPECS/dnsviz.spec
+ ```
+
+-Install dnspython, pygraphviz, M2Crypto, and libnacl.
++Install dnspython, pygraphviz, M2Crypto, and Cryptography.
+ ```
+-$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-libnacl
++$ sudo dnf install python${PY_VERS}-dns python${PY_VERS}-pygraphviz python${PY_VERS}-cryptography
+ ```
+ For python2:
+ ```
+diff --git a/contrib/dnsviz-py2.spec b/contrib/dnsviz-py2.spec
+index 0bea597b..65033c95 100644
+--- a/contrib/dnsviz-py2.spec
++++ b/contrib/dnsviz-py2.spec
+@@ -15,7 +15,7 @@ BuildRequires: make
+ Requires: python2-pygraphviz >= 1.3
+ Requires: m2crypto >= 0.28.0
+ Requires: python2-dns >= 1.13
+-Requires: python2-libnacl
++Requires: python2-cryptography
+
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/contrib/dnsviz-py3.spec b/contrib/dnsviz-py3.spec
+index ef25f4b5..975f3e10 100644
+--- a/contrib/dnsviz-py3.spec
++++ b/contrib/dnsviz-py3.spec
+@@ -15,7 +15,7 @@ BuildRequires: make
+ Requires: python3-pygraphviz >= 1.3
+ Requires: python3-m2crypto >= 0.28.0
+ Requires: python3-dns >= 1.13
+-Requires: python3-libnacl
++Requires: python3-cryptography
+
+ %description
+ DNSViz is a tool suite for analysis and visualization of Domain Name System
+diff --git a/dnsviz/crypto.py b/dnsviz/crypto.py
+index b011cbf3..283eac4d 100644
+--- a/dnsviz/crypto.py
++++ b/dnsviz/crypto.py
+@@ -55,7 +55,7 @@
+ 'M2Crypto >= 0.21.1': (set([1,5,7,8,10]), set([1,2,4]), set([1])),
+ 'M2Crypto >= 0.24.0': (set([3,6,13,14]), set(), set()),
+ 'M2Crypto >= 0.24.0 and either openssl < 1.1.0 or openssl >= 1.1.0 plus the OpenSSL GOST Engine': (set([12]), set([3]), set()),
+- 'libnacl': (set([15]), set(), set()),
++ 'cryptography': (set([15,16]), set(), set()),
+ }
+ _logged_modules = set()
+
+@@ -72,12 +72,19 @@
+ _supported_digest_algs.update(set([1,2,4]))
+
+ try:
+- from libnacl.sign import Verifier as ed25519Verifier
++ from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+ except ImportError:
+ pass
+ else:
+ _supported_algs.add(15)
+
++try:
++ from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
++except ImportError:
++ pass
++else:
++ _supported_algs.add(16)
++
+ GOST_PREFIX = b'\x30\x63\x30\x1c\x06\x06\x2a\x85\x03\x02\x02\x13\x30\x12\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x07\x2a\x85\x03\x02\x02\x1e\x01\x03\x43\x00\x04\x40'
+ GOST_ENGINE_NAME = b'gost'
+ GOST_DIGEST_NAME = b'GOST R 34.11-94'
+@@ -386,10 +393,21 @@ def _validate_rrsig_ec(alg, sig, msg, key):
+
+ def _validate_rrsig_ed25519(alg, sig, msg, key):
+ try:
+- verifier = ed25519Verifier(binascii.hexlify(key))
+- return verifier.verify(sig + msg) == msg
+- except ValueError:
++ verifier = Ed25519PublicKey.from_public_bytes(key)
++ verifier.verify(sig, msg)
++ except:
+ return False
++ else:
++ return True
++
++def _validate_rrsig_ed448(alg, sig, msg, key):
++ try:
++ verifier = Ed448PublicKey.from_public_bytes(key)
++ verifier.verify(sig, msg)
++ except:
++ return False
++ else:
++ return True
+
+ def validate_rrsig(alg, sig, msg, key):
+ if not alg_is_supported(alg):
+@@ -407,6 +425,8 @@ def validate_rrsig(alg, sig, msg, key):
+ return _validate_rrsig_ec(alg, sig, msg, key)
+ elif alg in (15,):
+ return _validate_rrsig_ed25519(alg, sig, msg, key)
++ elif alg in (16,):
++ return _validate_rrsig_ed448(alg, sig, msg, key)
+
+ def get_digest_for_nsec3(val, salt, alg, iterations):
+ if not nsec3_alg_is_supported(alg):
+diff --git a/requirements.txt b/requirements.txt
+index d6b2de5e..af2be235 100644
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -1,4 +1,4 @@
+ dnspython
+ pygraphviz
+ m2crypto
+-libnacl
++cryptography
+diff --git a/setup.py b/setup.py
+index ba1016e3..b531c025 100644
+--- a/setup.py
++++ b/setup.py
+@@ -135,7 +135,7 @@ def run(self):
+ 'pygraphviz (>=1.1)',
+ 'm2crypto (>=0.24.0)',
+ 'dnspython (>=1.11)',
+- 'libnacl',
++ 'cryptography (>=2.6)',
+ ],
+ classifiers=[
+ 'Development Status :: 5 - Production/Stable',