From: Nicolas Thill <nico@openwrt.org>
Date: Thu, 15 Apr 2010 15:34:54 +0000 (+0000)
Subject: [packages] add unbound (closes: #7022)
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=9b5e933529bc5672afbb324f00cb9382d1e5d902

[packages] add unbound (closes: #7022)


SVN-Revision: 20880
---

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
new file mode 100644
index 0000000000..8bd1f9a181
--- /dev/null
+++ b/net/unbound/Makefile
@@ -0,0 +1,61 @@
+#
+# Copyright (C) 2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=unbound
+PKG_VERSION:=1.4.3
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.unbound.net/downloads
+PKG_MD5SUM:=2dffdd42f94b8238447a41835439d129
+
+PKG_FIXUP:=libtool
+PKG_INSTALL:=1
+PKG_LIBTOOL_PATHS:= ./libtool ./ldns-src/libtool
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/unbound
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=A validating, recursive, and caching DNS resolver
+  URL:=http://www.unbound.net/
+  DEPENDS:=+libopenssl
+endef
+
+CONFIGURE_ARGS += \
+	--with-ssl="$(STAGING_DIR)/usr" \
+	--without-pthreads \
+
+define Package/unbound/conffiles
+/etc/unbound/unbound.conf
+endef
+
+define Package/unbound/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* \
+		$(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/sbin/unbound \
+		$(PKG_INSTALL_DIR)/usr/sbin/unbound-checkconf \
+		$(PKG_INSTALL_DIR)/usr/sbin/unbound-control \
+		$(PKG_INSTALL_DIR)/usr/sbin/unbound-host \
+		$(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/unbound
+	$(INSTALL_CONF) ./files/unbound.conf $(1)/etc/unbound/
+	$(INSTALL_CONF) ./files/dlv.isc.org.key $(1)/etc/unbound/
+	$(INSTALL_CONF) ./files/anchors.mf $(1)/etc/unbound/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/unbound.init $(1)/etc/init.d/unbound
+endef
+
+$(eval $(call BuildPackage,unbound))
+
diff --git a/net/unbound/files/anchors.mf b/net/unbound/files/anchors.mf
new file mode 100644
index 0000000000..d0bc3e9e3a
--- /dev/null
+++ b/net/unbound/files/anchors.mf
@@ -0,0 +1,52 @@
+;
+;  Interim Trust Anchor Repository
+;  (Master file format)
+;
+;  See https://itar.iana.org/ for details. This is currently an
+;  experimental service.
+;
+;  Generated: 2010-03-30 04:45:04.022878
+;  Serial:    39
+;
+
+ARPA.               DS 42581 8 1 778606D9623F843F156E7D11ACBF815EB67AB516
+                    DS 42581 8 2 F28391C1ED4DC0F151EDD251A3103DCE0B9A5A251ACF6E24073771D71F3C40F9
+BG.                 DS 46846 5 1 1D83F503CCED4A4B6F7F8DB1CF43D38F9133A3EA
+CH.                 DS 54624 7 1 66B273B62A7282590410B4E6831A665A930CC2E9
+CZ.                 DS 7978 5 1 9B6C3898470914CDDA98D0CC001688CB32C17A09
+                    DS 9988 5 1 AA94DEC91A18ECAFB85797AEA1031703FC9A6E73
+GOV.                DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041
+LI.                 DS 23403 7 1 60039CDD684CCCACF2ED7719D2844FC6C9EFC7AE
+NA.                 DS 24484 5 1 EFC19D4685751FF8E11F96142A083DCB9C708912
+NU.                 DS 13925 7 1 1C407A48DA11EA76F04E95FC518C1010B2C92BD1
+ORG.                DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+PR.                 DS 6277 5 1 05D02DCE8385974D958A5DB409F6FF3658293B23
+                    DS 33253 5 1 6119CAE74A6EC411FE0B3260FC5C20ABD68A485A
+SE.                 DS 8779 5 1 2B81EE6B375BB8A3F80A7F2555F6646DC84A3752
+TH.                 DS 57559 5 1 A76DDE827B52D66933340341A24B0D16A29D117C
+                    DS 51601 5 1 0D0CD17B3ED3F60ED687F90FF9C795BBE9C67E62
+TM.                 DS 28935 7 2 0C30AA64DF5149B0237F0CAD8E6AB22825BDC8CADBD7CC108F6FFC74AC428709
+XN--0ZWM56D.        DS 39286 5 1 7E43E0891843984900A5A03AA01883EB37A20F5A
+                    DS 1009 5 2 55DC4FFA17AE42F4556C65C66872C07486AEAF373670D8D168CF5D5B8AA344FA
+XN--11B5BS3A9AJ6G.  DS 39997 5 1 7C8D871795A865013C6C93043977F9FFAB9BFF89
+                    DS 44194 5 2 F26E858B23E41A981A9AB9EECF257D7C6E4D2F30CD68B3809D22C4AAE3DB2BF8
+XN--80AKHBYKNJ4F.   DS 14152 5 1 88CC1E75CEFD6D98A343E9692BF1231AA8614BB9
+                    DS 42652 5 2 DFCD066694090B519ECE9579C6D0ADA0E048A08D12DB910B41C10266997DE967
+XN--9T4B11YI5A.     DS 9373 5 1 41DA40A2D18DD43F2C4551F86A803CC33A9E511E
+                    DS 35626 5 2 4CFA6E6C228172C4781B75CA591B76A7A93F76954C7E1921B41088C839F28336
+XN--DEBA0AD.        DS 40603 5 1 67CD88407E0920444BC048AA7033951BCFDE7813
+                    DS 27979 5 2 D07ADE2CFE838EBB542C11E0D0C494D8F796C87EDA504263119B9F87E1AA396A
+XN--G6W251D.        DS 9751 5 1 62B4203F816B860A06D3E504C2CDACCDEB2207F6
+                    DS 28879 5 2 75A4E1F3A1CCEC6CA5DC3D00A79410C016FBEFC2C37C11CF2EB0E324787DBE09
+XN--HGBK6AJ7F53BBA. DS 63736 5 1 34196D7F8BF29D11C75F51CDFA1A2E5BB989833F
+                    DS 15478 5 2 15DD8725357EFB6DFE56C066551AE27A39FDC9E830E7082BD66D79C7CA741B38
+XN--HLCJ6AYA9ESC7A. DS 42082 5 1 8F453B9165D2206A33A179AFA9EEA23B52FC021E
+                    DS 24331 5 2 5B8985456CDDFB117925229CE34DDD46C53E8F0E13C8924DF6F56D5DD63728F7
+XN--JXALPDLP.       DS 59152 5 1 FA28F4B3F974E1C009678D8AB862AA086406F864
+                    DS 14587 5 2 3FCBF0C8ADF0D32F9635ABFFB20665BB49C5E9EBEDC5E3FBDFC4BBC87A34F7B9
+XN--KGBECHTV.       DS 46069 5 1 BDA7800D097E2BE71A2EB38329C668F6861ABCDA
+                    DS 30481 5 2 BA4A72FAC16C37B795693EE6C84BD5D9758EE5C964633A409B08C9C69AAF430A
+XN--ZCKZAH.         DS 6154 5 1 E11DA05B7466A82A98E750556F046C4E22767082
+                    DS 29959 5 2 DA79DAC649FA22E4E67AA9BE3C0DEECE07216640277406E6C40573EE920769BB
+
+; End of file
diff --git a/net/unbound/files/dlv.isc.org.key b/net/unbound/files/dlv.isc.org.key
new file mode 100644
index 0000000000..8e40e626f4
--- /dev/null
+++ b/net/unbound/files/dlv.isc.org.key
@@ -0,0 +1 @@
+dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh
diff --git a/net/unbound/files/unbound.conf b/net/unbound/files/unbound.conf
new file mode 100644
index 0000000000..50c3593893
--- /dev/null
+++ b/net/unbound/files/unbound.conf
@@ -0,0 +1,84 @@
+server:
+	verbosity: 1
+
+	interface: ::0
+	interface: 0.0.0.0
+
+	# the amount of memory to use for the RRset cache.
+	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+	rrset-cache-size: 1m
+
+	# the number of slabs to use for the RRset cache.
+	# the number of slabs must be a power of 2.
+	# more slabs reduce lock contention, but fragment memory usage.
+	rrset-cache-slabs: 2
+
+	# control which clients are allowed to make (recursive) queries
+	# to this server. Specify classless netblocks with /size and action.
+	# By default everything is refused, except for localhost.
+	# Choose deny (drop message), refuse (polite error reply),
+	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
+	# access-control: 0.0.0.0/0 refuse
+	# access-control: 127.0.0.0/8 allow
+	# access-control: ::0/0 refuse
+	# access-control: ::1 allow
+	# access-control: ::ffff:127.0.0.1 allow
+	access-control: 0.0.0.0/0 allow
+	access-control: ::0/0 allow
+
+
+	# if given, user privileges are dropped (after binding port),
+	# and the given username is assumed. Default is user "unbound".
+	# If you give "" no privileges are dropped.
+	# username: "unbound"
+	username: ""
+
+	# the working directory. The relative files in this config are 
+	# relative to this directory. If you give "" the working directory
+	# is not changed.
+	directory: "/etc/unbound"
+
+	# the log file, "" means log to stderr. 
+	# Use of this option sets use-syslog to "no".
+	 logfile: ""
+
+	# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to 
+	# log to, with identity "unbound". If yes, it overrides the logfile.
+	# use-syslog: yes 
+
+	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
+	# log-time-ascii: no
+
+	# the pid file. Can be an absolute path outside of chroot/work dir.
+	pidfile: "/var/run/unbound.pid"
+
+	# file to read root hints from.
+	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
+	# root-hints: ""
+
+	# File with DLV trusted keys. Same format as trust-anchor-file.
+	# There can be only one DLV configured, it is trusted from root down.
+	# Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
+	dlv-anchor-file: "dlv.isc.org.key"
+
+	# File with trusted keys for validation. Specify more than one file
+	# with several entries, one file per entry.
+	# Zone file format, with DS and DNSKEY entries.
+	# trust-anchor-file: ""
+	trust-anchor-file: "anchors.mf"
+
+	# File with trusted keys, kept uptodate using RFC5011 probes,
+	# initial file like trust-anchor-file, then it stores metadata.
+	# Use several entries, one per domain name, to track multiple zones.
+	# auto-trust-anchor-file: ""
+
+
+    # If you want to forward requests to another recursive DNS server
+    # uncomment this. Please note that many DNS recursors do strip 
+    # DNSSEC data, rendering unbound server unusable.
+    # forward-zone:
+    #   name: "."
+    #	forward-addr: 8.8.8.8
+    #	forward-addr: 8.8.4.4
+	
+
diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
new file mode 100755
index 0000000000..4e700e4458
--- /dev/null
+++ b/net/unbound/files/unbound.init
@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+#Copyright (C) 2010 Ondrej Caletka <o.caletka@sh.cvut.cz>
+START=61
+
+start () {
+	unbound
+}
+
+stop () {
+	PIDFILE='/var/run/unbound.pid'
+	if [ -f $PIDFILE ] ; then
+		kill $(cat $PIDFILE)
+	fi
+}