bind: Rework package and update to 9.9.9-P6

Submitted by Stefan Schantl on Feb. 23, 2017, 11:51 a.m.

Details

Message ID 20170223115111.23057-1-stefan.schantl@ipfire.org
State New
Headers show

Commit Message

Stefan Schantl Feb. 23, 2017, 11:51 a.m.
This commit rapidely slims down the bind package. It now only
provides the libraries and development files, which are needed
to build the isc-dhcp server and in a subpackage some very handy
utils like dig, host and some more.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 bind/bind.nm                                       | 142 ++++-----
 bind/named.tmpfiles                                |   1 -
 bind/patches/bind-9.5-PIE.patch                    |  27 --
 bind/patches/bind-9.5-parallel-build.patch         |  14 -
 bind/patches/bind-9.9-libidn.patch                 | 326 ---------------------
 ...-9.7-exportlib.patch => bind97-exportlib.patch} |   0
 bind/patches/bind99-dont-build-bin.patch           |  13 +
 bind/trusted-key.key                               |   1 -
 8 files changed, 69 insertions(+), 455 deletions(-)
 delete mode 100644 bind/named.tmpfiles
 delete mode 100644 bind/patches/bind-9.5-PIE.patch
 delete mode 100644 bind/patches/bind-9.5-parallel-build.patch
 delete mode 100644 bind/patches/bind-9.9-libidn.patch
 rename bind/patches/{bind-9.7-exportlib.patch => bind97-exportlib.patch} (100%)
 create mode 100644 bind/patches/bind99-dont-build-bin.patch
 delete mode 100644 bind/trusted-key.key

Patch hide | download patch | download mbox

diff --git a/bind/bind.nm b/bind/bind.nm
index 7b6344f..4775c14 100644
--- a/bind/bind.nm
+++ b/bind/bind.nm
@@ -4,8 +4,8 @@ 
 ###############################################################################
 
 name       = bind
-version    = 9.9.6-P1
-release    = 2
+version    = 9.9.9-P6
+release    = 1
 
 groups     = Networking/Tools
 url        = http://www.isc.org/products/BIND/
@@ -19,14 +19,10 @@  end
 
 source_dl  = ftp://ftp.isc.org/isc/bind/%{version}/
 
-sources += \
-	%{name}-config-12.tar.bz2
-
 build
 	requires
 		autoconf
 		automake
-		chrpath
 		libcap-devel
 		libidn-devel
 		libtool
@@ -43,116 +39,88 @@  build
 		--disable-static \
 		--disable-openssl-version-check \
 		--enable-exportlib \
-		--with-export-libdir=/%{lib}/ \
-		--with-export-includedir=/usr/include/ \
-		--includedir=/usr/include/bind9/ \
-		--with-pkcs11=%{libdir}/pkcs11/PKCS11_API.so \
+		--with-export-libdir=%{libdir}/ \
+		--with-export-includedir=%{includedir} \
+		--includedir=%{includedir}/bind9/ \
 		--with-gssapi \
 		--enable-rrl \
 		--disable-isc-spnego
 
-	prepare
-		cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
-
+	prepare_cmds
 		# Create m4 directory.
 		cd %{DIR_APP} && mkdir -pv m4
 
-		# Apply all patches.
-		%{MACRO_PATCHES}
-
 		# Branding.
 		sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{DISTRO_NAME}-%{version}-%{release}/' version
 
 		# Regenerate build environment
-		libtoolize -c -f
-		aclocal -I m4 --force
-		autoconf -f
+		autoreconf -vfi
 
-		# Create user and group for /run directory.
-		%{create_user}
 	end
 
-	install
-		# Create directory layout.
-		mkdir -pv %{BUILDROOT}%{libdir}/bind
-		mkdir -pv %{BUILDROOT}/var/named/{slaves,data,dynamic}
-		mkdir -pv %{BUILDROOT}/usr/share/man/{man1,man5,man8}
-		mkdir -pv %{BUILDROOT}/run/named
-		mkdir -pv %{BUILDROOT}/var/log
-
-		# Create named chroot environment.
-		mkdir -pv %{BUILDROOT}/var/named/chroot/{dev,etc,var}
-		mkdir -pv %{BUILDROOT}/var/named/chroot/var/{log,named,run/named,tmp}
-		mkdir -pv %{BUILDROOT}/var/named/chroot/etc/{pki/dnssec-keys,named}
-		mkdir -pv %{BUILDROOT}/var/named/chroot/usr/lib/bind
-		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/null
-		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/random
-		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/zero
-		mkdir -pv %{BUILDROOT}/var/named/chroot/etc/localtime
+	build_cmds
+		# Build some typical system tools (dig, host, nslookup)
+		make -C bin/dig -j %{PARALLELISMFLAGS}
 
-		touch %{BUILDROOT}/var/named/chroot/etc/named.conf
-
-		# Run make install
-		make DESTDIR=%{BUILDROOT} install
+		# Build nsupdate
+		make -C bin/nsupdate -j %{PARALLELISMFLAGS}
+	end
 
-		# Remove RPATH from libraries.
-		chrpath --delete %{BUILDROOT}/lib*/*export*.so.*
+	install_cmds
+		# Install typical system tools
+		make -C bin/dig install DESTDIR=%{BUILDROOT}
 
-		# Remove unwanted files
-		rm -rvf %{BUILDROOT}/etc/bind.keys
+		# Install nsupdate
+		make -C bin/nsupdate install DESTDIR=%{BUILDROOT}
 
-		# Create ghost config files
-		touch %{BUILDROOT}/var/log/named.log
+		# Install isc/errno2result.h header
+		install -m 644 lib/isc/unix/errno2result.h %{BUILDROOT}%{includedir}/isc
 
-		# Configuration files
-		tar -C %{BUILDROOT} -xaf %{DIR_DL}/bind-config-12.tar.bz2
-		touch %{BUILDROOT}/etc/rndc.key
-		touch %{BUILDROOT}/etc/rndc.conf
+		# Remove development libraries and headers except *-export ones
+		rm -rvf %{BUILDROOT}%{libdir}/libbind9.so
+		rm -rvf %{BUILDROOT}%{libdir}/libdns.so
+		rm -rvf %{BUILDROOT}%{libdir}/libisccc.so
+		rm -rvf %{BUILDROOT}%{libdir}/libisccfg.so
+		rm -rvf %{BUILDROOT}%{libdir}/libisc.so
+		rm -rvf %{BUILDROOT}%{libdir}/liblwres.so
+		rm -rvf %{BUILDROOT}%{includedir}/bind9
 
-		mkdir %{BUILDROOT}/etc/named
-		install -m 644 bind.keys %{BUILDROOT}/etc/named.iscdlv.key
-		install -m 644 %{DIR_SOURCE}/trusted-key.key %{BUILDROOT}/etc/trusted-key.key
+		# Remove unwanted files
+		rm -rvf %{BUILDROOT}/etc
+		rm -rvf %{BUILDROOT}/var
 
-		# Recreate symlinks for export libraries
-		rm -rf %{BUILDROOT}/%{lib}/lib*-export.so
+		# Remove unneeded tools
+		rm -rvf %{BUILDROOT}%{bindir}/isc-config.sh
+		rm -rvf %{BUILDROOT}%{bindir}/bind9-config
 
-		ln -svf ../../%{lib}/libdns-export.so.104 %{BUILDROOT}%{libdir}/libdns-export.so
-		ln -svf ../../%{lib}/libirs-export.so.91 %{BUILDROOT}%{libdir}/libirs-export.so
-		ln -svf ../../%{lib}/libisccfg-export.so.90 %{BUILDROOT}%{libdir}/libisccfg-export.so
-		ln -svf ../../%{lib}/libisc-export.so.95 %{BUILDROOT}%{libdir}/libisc-export.so
+		# Remove manpages for the unneeded tools
+		rm -rvf %{BUILDROOT}%{mandir}/man1/isc-config.sh.1
+		rm -rvf %{BUILDROOT}%{mandir}/man1/bind9-config.1
 
-		# Create /run/named.
-		mkdir -pv %{BUILDROOT}/run/named
-		chown -Rv named.named %{BUILDROOT}/run/named/
+		# Remove documentation for liblwres and tools
+		rm -rvf %{BUILDROOT}%{mandir}/man3
 	end
 end
 
-create_user
-	getent group named >/dev/null || /usr/sbin/groupadd -r named
-	getent passwd named >/dev/null || /usr/sbin/useradd -r -g named \
-		-d /var/named -c "User for bind DNS server" -s /sbin/nologin named
-end
-
 packages
 	package %{name}
+		# The bind package is just an umbrella package for the utils
+		# and libs package.
 		requires
-			bind-utils
-			bind-chroot
-		end
-
-		prerequires += shadow-utils
-
-		script prein
-			%{create_user}
+			%{name}-libs = %{thisver}	
+			%{name}-utils = %{thisver}
+			%{name}-utils-libs = %{thisver}
 		end
-
-		# XXX Add systemd scriptlet if a service file becomes available
 	end
 
 	package %{name}-utils
 		summary = Utilities for querying bind DNS name server.
 		description = %{summary}
 
+		requires
+			%{name}-utils-libs = %{thisver}
+		end
+
 		files
 			/usr/bin/dig
 			/usr/bin/host
@@ -165,17 +133,19 @@  packages
 		end
 	end
 
-	package %{name}-chroot
-		summary = Chroot environment for bind DNS servers.
-		description = %{summary}
+	package %{name}-utils-libs
+		template LIBS
 
-		files
-			/var/named/chroot
-		end
+		summary = Required libraries for the tools in the bind-utils package.
+		description = %{summary}
 	end
 
 	package %{name}-libs
 		template LIBS
+
+		files
+			%{libdir}/*export.so.*
+		end
 	end
 
 	package %{name}-devel
diff --git a/bind/named.tmpfiles b/bind/named.tmpfiles
deleted file mode 100644
index 640a656..0000000
--- a/bind/named.tmpfiles
+++ /dev/null
@@ -1 +0,0 @@ 
-d /run/named 0755 named named -
diff --git a/bind/patches/bind-9.5-PIE.patch b/bind/patches/bind-9.5-PIE.patch
deleted file mode 100644
index a525b9b..0000000
--- a/bind/patches/bind-9.5-PIE.patch
+++ /dev/null
@@ -1,27 +0,0 @@ 
---- bind-9.5.0b2/bin/named/Makefile.in.pie	2008-02-11 17:21:47.000000000 +0100
-+++ bind-9.5.0b2/bin/named/Makefile.in	2008-02-11 17:22:10.000000000 +0100
-@@ -100,8 +100,12 @@ HTMLPAGES =	named.html lwresd.html named
- 
- MANOBJS =	${MANPAGES} ${HTMLPAGES}
- 
-+EXT_CFLAGS = -fpie
-+
- @BIND9_MAKE_RULES@
- 
-+LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
-+
- main.@O@: main.c
- 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
- 		-DVERSION=\"${VERSION}\" \
-diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind-9.5.0b2/bin/named/unix/Makefile.in
---- bind-9.5.0b2/bin/named/unix/Makefile.in.pie	2008-02-11 17:22:21.000000000 +0100
-+++ bind-9.5.0b2/bin/named/unix/Makefile.in	2008-02-11 17:23:00.000000000 +0100
-@@ -19,6 +19,8 @@ srcdir =	@srcdir@
- VPATH =		@srcdir@
- top_srcdir =	@top_srcdir@
- 
-+EXT_CFLAGS = -fpie
-+
- @BIND9_MAKE_INCLUDES@
- 
- CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
diff --git a/bind/patches/bind-9.5-parallel-build.patch b/bind/patches/bind-9.5-parallel-build.patch
deleted file mode 100644
index 53e34ca..0000000
--- a/bind/patches/bind-9.5-parallel-build.patch
+++ /dev/null
@@ -1,14 +0,0 @@ 
-diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind-9.5.0b1/lib/dns/Makefile.in
---- bind-9.5.0b1/lib/dns/Makefile.in.parallel	2008-01-17 18:27:38.000000000 +0100
-+++ bind-9.5.0b1/lib/dns/Makefile.in	2008-01-17 18:27:45.000000000 +0100
-@@ -19,10 +19,6 @@ srcdir =	@srcdir@
- VPATH =		@srcdir@
- top_srcdir =	@top_srcdir@
- 
--# Attempt to disable parallel processing.
--.NOTPARALLEL:
--.NO_PARALLEL:
--
- @BIND9_VERSION@
- 
- @LIBDNS_API@
diff --git a/bind/patches/bind-9.9-libidn.patch b/bind/patches/bind-9.9-libidn.patch
deleted file mode 100644
index fca8665..0000000
--- a/bind/patches/bind-9.9-libidn.patch
+++ /dev/null
@@ -1,326 +0,0 @@ 
-From 19809fe6154ea0471a2c4fa3bd66787facf7704a Mon Sep 17 00:00:00 2001
-From: Tomas Hozza <thozza@redhat.com>
-Date: Mon, 26 May 2014 15:25:34 +0200
-Subject: [PATCH] Use libidn instead of bundled idnkit
-
-Signed-off-by: Tomas Hozza <thozza@redhat.com>
----
- bin/dig/Makefile.in |   6 +-
- bin/dig/dig.docbook |   4 +-
- bin/dig/dighost.c   | 168 ++++++++++++++++++++++++++++++++++++++++++++++++----
- 3 files changed, 162 insertions(+), 16 deletions(-)
-
-diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
-index 5bc4db0..3864e06 100644
---- a/bin/dig/Makefile.in
-+++ b/bin/dig/Makefile.in
-@@ -48,10 +48,10 @@ DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
- 		${LWRESDEPLIBS}
- 
- LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
--		${ISCLIBS} @IDNLIBS@ @LIBS@
-+		${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn
- 
- NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
--		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
-+		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn
- 
- SUBDIRS =
- 
-@@ -69,6 +69,8 @@ HTMLPAGES =	dig.html host.html nslookup.html
- 
- MANOBJS =	${MANPAGES} ${HTMLPAGES}
- 
-+EXT_CFLAGS = -DWITH_LIBIDN
-+
- @BIND9_MAKE_RULES@
- 
- dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
-index 7a01ec0..c3a7976 100644
---- a/bin/dig/dig.docbook
-+++ b/bin/dig/dig.docbook
-@@ -970,8 +970,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-       <command>dig</command> appropriately converts character encoding of
-       domain name before sending a request to DNS server or displaying a
-       reply from the server.
--      If you'd like to turn off the IDN support for some reason, defines
--      the <envar>IDN_DISABLE</envar> environment variable.
-+      If you'd like to turn off the IDN support for some reason, define
-+      the <envar>CHARSET=ASCII</envar> environment variable.
-       The IDN support is disabled if the variable is set when 
-       <command>dig</command> runs.
-     </para>
-diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
-index 56d763c..5a40051 100644
---- a/bin/dig/dighost.c
-+++ b/bin/dig/dighost.c
-@@ -44,6 +44,11 @@
- #include <idn/api.h>
- #endif
- 
-+#ifdef WITH_LIBIDN
-+#include <stringprep.h>
-+#include <idna.h>
-+#endif
-+
- #include <dns/byaddr.h>
- #ifdef DIG_SIGCHASE
- #include <dns/callbacks.h>
-@@ -158,6 +163,14 @@ static void		idn_check_result(idn_result_t r, const char *msg);
- int  idnoptions	= 0;
- #endif
- 
-+#ifdef WITH_LIBIDN
-+static isc_result_t	libidn_locale_to_utf8 (const char* from, char *to);
-+static isc_result_t	libidn_utf8_to_ascii (const char* from, char *to);
-+static isc_result_t	output_filter (isc_buffer_t *buffer,
-+				       unsigned int used_org,
-+				       isc_boolean_t absolute);
-+#endif
-+
- isc_socket_t *keep = NULL;
- isc_sockaddr_t keepaddr;
- 
-@@ -1210,6 +1223,9 @@ setup_system(void) {
- 	dig_searchlist_t *domain = NULL;
- 	lwres_result_t lwresult;
- 	unsigned int lwresflags;
-+#ifdef WITH_LIBIDN
-+	isc_result_t result;
-+#endif
- 
- 	debug("setup_system()");
- 
-@@ -1268,8 +1284,15 @@ setup_system(void) {
- 
- #ifdef WITH_IDN
- 	initialize_idn();
-+	
-+#endif
-+#ifdef WITH_LIBIDN
-+	result = dns_name_settotextfilter(output_filter);
-+	check_result(result, "dns_name_settotextfilter");
-+#ifdef HAVE_SETLOCALE
-+	setlocale (LC_ALL, "");
-+#endif
- #endif
--
- 	if (keyfile[0] != 0)
- 		setup_file_key();
- 	else if (keysecret[0] != 0)
-@@ -2028,12 +2051,14 @@ setup_lookup(dig_lookup_t *lookup) {
- 	idn_result_t mr;
- 	char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME];
- #endif
-+#ifdef WITH_LIBIDN
-+	char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME];
-+#endif
- 
--#ifdef WITH_IDN
-+#if defined (WITH_IDN) || defined (WITH_LIBIDN)
- 	result = dns_name_settotextfilter(output_filter);
- 	check_result(result, "dns_name_settotextfilter");
- #endif
--
- 	REQUIRE(lookup != NULL);
- 	INSIST(!free_now);
- 
-@@ -2070,6 +2095,14 @@ setup_lookup(dig_lookup_t *lookup) {
- 	mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
- 			    utf8_textname, sizeof(utf8_textname));
- 	idn_check_result(mr, "convert textname to UTF-8");
-+#elif defined (WITH_LIBIDN)
-+	result = libidn_locale_to_utf8 (lookup->textname, utf8_str);
-+	check_result (result, "convert textname to UTF-8");
-+	len = strlen (utf8_str);
-+	if (len < MXNAME)
-+		(void) strcpy (utf8_name, utf8_str);
-+	else
-+		fatal ("Too long name");
- #endif
- 
- 	/*
-@@ -2082,15 +2115,11 @@ setup_lookup(dig_lookup_t *lookup) {
- 	if (lookup->new_search) {
- #ifdef WITH_IDN
- 		if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
--			lookup->origin = NULL; /* Force abs lookup */
--			lookup->done_as_is = ISC_TRUE;
--			lookup->need_search = usesearch;
--		} else if (lookup->origin == NULL && usesearch) {
--			lookup->origin = ISC_LIST_HEAD(search_list);
--			lookup->need_search = ISC_FALSE;
--		}
-+#elif defined (WITH_LIBIDN)
-+		if ((count_dots(utf8_name) >= ndots) || !usesearch) {
- #else
- 		if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
-+#endif
- 			lookup->origin = NULL; /* Force abs lookup */
- 			lookup->done_as_is = ISC_TRUE;
- 			lookup->need_search = usesearch;
-@@ -2098,7 +2127,6 @@ setup_lookup(dig_lookup_t *lookup) {
- 			lookup->origin = ISC_LIST_HEAD(search_list);
- 			lookup->need_search = ISC_FALSE;
- 		}
--#endif
- 	}
- 
- #ifdef WITH_IDN
-@@ -2115,6 +2143,20 @@ setup_lookup(dig_lookup_t *lookup) {
- 			    IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
- 			    idn_textname, sizeof(idn_textname));
- 	idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
-+#elif defined (WITH_LIBIDN)
-+	if (lookup->origin != NULL) {
-+		result = libidn_locale_to_utf8 (lookup->origin->origin, utf8_str);
-+		check_result (result, "convert origin to UTF-8");
-+		if (len > 0 && utf8_name[len - 1] != '.') {
-+			utf8_name[len++] = '.';
-+			if (len + strlen (utf8_str) < MXNAME)
-+				(void) strcpy (utf8_name + len, utf8_str);
-+			else
-+				fatal ("Too long name + origin");
-+		}
-+	}
-+
-+	result = libidn_utf8_to_ascii (utf8_name, ascii_name);
- #else
- 	if (lookup->origin != NULL) {
- 		debug("trying origin %s", lookup->origin->origin);
-@@ -2170,6 +2212,13 @@ setup_lookup(dig_lookup_t *lookup) {
- 			result = dns_name_fromtext(lookup->name, &b,
- 						   dns_rootname, 0,
- 						   &lookup->namebuf);
-+#elif defined (WITH_LIBIDN)
-+			len = strlen (ascii_name);
-+			isc_buffer_init(&b, ascii_name, len);
-+			isc_buffer_add(&b, len);
-+			result = dns_name_fromtext(lookup->name, &b,
-+						   dns_rootname, 0,
-+						   &lookup->namebuf);
- #else
- 			len = strlen(lookup->textname);
- 			isc_buffer_init(&b, lookup->textname, len);
-@@ -3788,7 +3837,7 @@ destroy_libs(void) {
- 	void * ptr;
- 	dig_message_t *chase_msg;
- #endif
--#ifdef WITH_IDN
-+#if defined (WITH_IDN) || defined (WITH_LIBIDN)
- 	isc_result_t result;
- #endif
- 
-@@ -3829,6 +3878,10 @@ destroy_libs(void) {
- 	result = dns_name_settotextfilter(NULL);
- 	check_result(result, "dns_name_settotextfilter");
- #endif
-+#ifdef WITH_LIBIDN
-+	result = dns_name_settotextfilter (NULL);
-+	check_result(result, "clearing dns_name_settotextfilter");
-+#endif
- 	dns_name_destroy();
- 
- 	if (commctx != NULL) {
-@@ -4008,6 +4061,97 @@ idn_check_result(idn_result_t r, const char *msg) {
- 	}
- }
- #endif /* WITH_IDN */
-+#ifdef WITH_LIBIDN
-+static isc_result_t
-+libidn_locale_to_utf8 (const char *from, char *to) {
-+	char *utf8_str;
-+
-+	debug ("libidn_locale_to_utf8");
-+	utf8_str = stringprep_locale_to_utf8 (from);
-+	if (utf8_str != NULL) {
-+		(void) strcpy (to, utf8_str);
-+		free (utf8_str);
-+		return ISC_R_SUCCESS;
-+	}
-+
-+	debug ("libidn_locale_to_utf8: failure");
-+	return ISC_R_FAILURE;
-+}
-+static isc_result_t
-+libidn_utf8_to_ascii (const char *from, char *to) {
-+	char *ascii;
-+	int iresult;
-+
-+	debug ("libidn_utf8_to_ascii");
-+	iresult = idna_to_ascii_8z (from, &ascii, 0);
-+	if (iresult != IDNA_SUCCESS) {
-+		debug ("idna_to_ascii_8z: %s", idna_strerror (iresult));
-+		return ISC_R_FAILURE;
-+	}
-+
-+	(void) strcpy (to, ascii);
-+	free (ascii);
-+	return ISC_R_SUCCESS;
-+}
-+
-+static isc_result_t
-+output_filter (isc_buffer_t *buffer, unsigned int used_org,
-+	       isc_boolean_t absolute) {
-+
-+	char tmp1[MXNAME], *tmp2;
-+        size_t fromlen, tolen;
-+        isc_boolean_t end_with_dot;
-+	int iresult;
-+
-+	debug ("output_filter");
-+
-+        fromlen = isc_buffer_usedlength (buffer) - used_org;
-+	if (fromlen >= MXNAME)
-+		return ISC_R_SUCCESS;
-+        memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org, fromlen);
-+        end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
-+        if (absolute && !end_with_dot) {
-+                fromlen++;
-+		if (fromlen >= MXNAME)
-+			return ISC_R_SUCCESS;
-+                tmp1[fromlen - 1] = '.';
-+        }
-+        tmp1[fromlen] = '\0';
-+
-+	iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0);
-+	if (iresult != IDNA_SUCCESS) {
-+		debug ("output_filter: %s", idna_strerror (iresult));
-+		return ISC_R_SUCCESS;
-+	}
-+
-+	(void) strcpy (tmp1, tmp2);
-+	free (tmp2);
-+
-+	tmp2 = stringprep_utf8_to_locale (tmp1);
-+	if (tmp2 == NULL) {
-+		debug ("output_filter: stringprep_utf8_to_locale failed");
-+		return ISC_R_SUCCESS;
-+	}
-+
-+	(void) strcpy (tmp1, tmp2);
-+	free (tmp2);
-+
-+        tolen = strlen (tmp1);
-+        if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
-+                tolen--;
-+
-+        if (isc_buffer_length (buffer) < used_org + tolen)
-+                return ISC_R_NOSPACE;
-+
-+	debug ("%s", tmp1);
-+
-+        isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) - used_org);
-+        memcpy (isc_buffer_used (buffer), tmp1, tolen);
-+        isc_buffer_add (buffer, tolen);
-+
-+        return ISC_R_SUCCESS;
-+}
-+#endif /* WITH_LIBIDN*/
- 
- #ifdef DIG_SIGCHASE
- void
--- 
-1.9.0
-
diff --git a/bind/patches/bind-9.7-exportlib.patch b/bind/patches/bind97-exportlib.patch
similarity index 100%
rename from bind/patches/bind-9.7-exportlib.patch
rename to bind/patches/bind97-exportlib.patch
diff --git a/bind/patches/bind99-dont-build-bin.patch b/bind/patches/bind99-dont-build-bin.patch
new file mode 100644
index 0000000..ae50372
--- /dev/null
+++ b/bind/patches/bind99-dont-build-bin.patch
@@ -0,0 +1,13 @@ 
+diff --git a/Makefile.in b/Makefile.in
+index 4f7f5a6..d59b9b1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -21,7 +21,7 @@ top_srcdir =	@top_srcdir@
+ 
+ VERSION=@BIND9_VERSION@
+ 
+-SUBDIRS =	make unit lib bin doc @LIBEXPORT@
++SUBDIRS =	make lib doc @LIBEXPORT@
+ TARGETS =
+ 
+ MANPAGES =	isc-config.sh.1
diff --git a/bind/trusted-key.key b/bind/trusted-key.key
deleted file mode 100644
index ea07836..0000000
--- a/bind/trusted-key.key
+++ /dev/null
@@ -1 +0,0 @@ 
-. 3600 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=

Comments

Michael Tremer Feb. 25, 2017, 3:21 p.m.
Hi,

you cannot drop the DNS root key because tools like dig and other software like
unbound depend on it.

Could you re-add that please?

-Michael

On Thu, 2017-02-23 at 12:51 +0100, Stefan Schantl wrote:
> This commit rapidely slims down the bind package. It now only
> provides the libraries and development files, which are needed
> to build the isc-dhcp server and in a subpackage some very handy
> utils like dig, host and some more.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
>  bind/bind.nm                                       | 142 ++++-----
>  bind/named.tmpfiles                                |   1 -
>  bind/patches/bind-9.5-PIE.patch                    |  27 --
>  bind/patches/bind-9.5-parallel-build.patch         |  14 -
>  bind/patches/bind-9.9-libidn.patch                 | 326 --------------------
> -
>  ...-9.7-exportlib.patch => bind97-exportlib.patch} |   0
>  bind/patches/bind99-dont-build-bin.patch           |  13 +
>  bind/trusted-key.key                               |   1 -
>  8 files changed, 69 insertions(+), 455 deletions(-)
>  delete mode 100644 bind/named.tmpfiles
>  delete mode 100644 bind/patches/bind-9.5-PIE.patch
>  delete mode 100644 bind/patches/bind-9.5-parallel-build.patch
>  delete mode 100644 bind/patches/bind-9.9-libidn.patch
>  rename bind/patches/{bind-9.7-exportlib.patch => bind97-exportlib.patch}
> (100%)
>  create mode 100644 bind/patches/bind99-dont-build-bin.patch
>  delete mode 100644 bind/trusted-key.key
> 
> diff --git a/bind/bind.nm b/bind/bind.nm
> index 7b6344f..4775c14 100644
> --- a/bind/bind.nm
> +++ b/bind/bind.nm
> @@ -4,8 +4,8 @@
>  #############################################################################
> ##
>  
>  name       = bind
> -version    = 9.9.6-P1
> -release    = 2
> +version    = 9.9.9-P6
> +release    = 1
>  
>  groups     = Networking/Tools
>  url        = http://www.isc.org/products/BIND/
> @@ -19,14 +19,10 @@ end
>  
>  source_dl  = ftp://ftp.isc.org/isc/bind/%{version}/
>  
> -sources += \
> -	%{name}-config-12.tar.bz2
> -
>  build
>  	requires
>  		autoconf
>  		automake
> -		chrpath
>  		libcap-devel
>  		libidn-devel
>  		libtool
> @@ -43,116 +39,88 @@ build
>  		--disable-static \
>  		--disable-openssl-version-check \
>  		--enable-exportlib \
> -		--with-export-libdir=/%{lib}/ \
> -		--with-export-includedir=/usr/include/ \
> -		--includedir=/usr/include/bind9/ \
> -		--with-pkcs11=%{libdir}/pkcs11/PKCS11_API.so \
> +		--with-export-libdir=%{libdir}/ \
> +		--with-export-includedir=%{includedir} \
> +		--includedir=%{includedir}/bind9/ \
>  		--with-gssapi \
>  		--enable-rrl \
>  		--disable-isc-spnego
>  
> -	prepare
> -		cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
> -
> +	prepare_cmds
>  		# Create m4 directory.
>  		cd %{DIR_APP} && mkdir -pv m4
>  
> -		# Apply all patches.
> -		%{MACRO_PATCHES}
> -
>  		# Branding.
>  		sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{DISTRO_NAME}-
> %{version}-%{release}/' version
>  
>  		# Regenerate build environment
> -		libtoolize -c -f
> -		aclocal -I m4 --force
> -		autoconf -f
> +		autoreconf -vfi
>  
> -		# Create user and group for /run directory.
> -		%{create_user}
>  	end
>  
> -	install
> -		# Create directory layout.
> -		mkdir -pv %{BUILDROOT}%{libdir}/bind
> -		mkdir -pv %{BUILDROOT}/var/named/{slaves,data,dynamic}
> -		mkdir -pv %{BUILDROOT}/usr/share/man/{man1,man5,man8}
> -		mkdir -pv %{BUILDROOT}/run/named
> -		mkdir -pv %{BUILDROOT}/var/log
> -
> -		# Create named chroot environment.
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/{dev,etc,var}
> -		mkdir -pv
> %{BUILDROOT}/var/named/chroot/var/{log,named,run/named,tmp}
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/etc/{pki/dnssec-
> keys,named}
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/usr/lib/bind
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/null
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/random
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/zero
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/etc/localtime
> +	build_cmds
> +		# Build some typical system tools (dig, host, nslookup)
> +		make -C bin/dig -j %{PARALLELISMFLAGS}
>  
> -		touch %{BUILDROOT}/var/named/chroot/etc/named.conf
> -
> -		# Run make install
> -		make DESTDIR=%{BUILDROOT} install
> +		# Build nsupdate
> +		make -C bin/nsupdate -j %{PARALLELISMFLAGS}
> +	end
>  
> -		# Remove RPATH from libraries.
> -		chrpath --delete %{BUILDROOT}/lib*/*export*.so.*
> +	install_cmds
> +		# Install typical system tools
> +		make -C bin/dig install DESTDIR=%{BUILDROOT}
>  
> -		# Remove unwanted files
> -		rm -rvf %{BUILDROOT}/etc/bind.keys
> +		# Install nsupdate
> +		make -C bin/nsupdate install DESTDIR=%{BUILDROOT}
>  
> -		# Create ghost config files
> -		touch %{BUILDROOT}/var/log/named.log
> +		# Install isc/errno2result.h header
> +		install -m 644 lib/isc/unix/errno2result.h
> %{BUILDROOT}%{includedir}/isc
>  
> -		# Configuration files
> -		tar -C %{BUILDROOT} -xaf %{DIR_DL}/bind-config-12.tar.bz2
> -		touch %{BUILDROOT}/etc/rndc.key
> -		touch %{BUILDROOT}/etc/rndc.conf
> +		# Remove development libraries and headers except *-export
> ones
> +		rm -rvf %{BUILDROOT}%{libdir}/libbind9.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libdns.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libisccc.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libisccfg.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libisc.so
> +		rm -rvf %{BUILDROOT}%{libdir}/liblwres.so
> +		rm -rvf %{BUILDROOT}%{includedir}/bind9
>  
> -		mkdir %{BUILDROOT}/etc/named
> -		install -m 644 bind.keys %{BUILDROOT}/etc/named.iscdlv.key
> -		install -m 644 %{DIR_SOURCE}/trusted-key.key
> %{BUILDROOT}/etc/trusted-key.key
> +		# Remove unwanted files
> +		rm -rvf %{BUILDROOT}/etc
> +		rm -rvf %{BUILDROOT}/var
>  
> -		# Recreate symlinks for export libraries
> -		rm -rf %{BUILDROOT}/%{lib}/lib*-export.so
> +		# Remove unneeded tools
> +		rm -rvf %{BUILDROOT}%{bindir}/isc-config.sh
> +		rm -rvf %{BUILDROOT}%{bindir}/bind9-config
>  
> -		ln -svf ../../%{lib}/libdns-export.so.104
> %{BUILDROOT}%{libdir}/libdns-export.so
> -		ln -svf ../../%{lib}/libirs-export.so.91
> %{BUILDROOT}%{libdir}/libirs-export.so
> -		ln -svf ../../%{lib}/libisccfg-export.so.90
> %{BUILDROOT}%{libdir}/libisccfg-export.so
> -		ln -svf ../../%{lib}/libisc-export.so.95
> %{BUILDROOT}%{libdir}/libisc-export.so
> +		# Remove manpages for the unneeded tools
> +		rm -rvf %{BUILDROOT}%{mandir}/man1/isc-config.sh.1
> +		rm -rvf %{BUILDROOT}%{mandir}/man1/bind9-config.1
>  
> -		# Create /run/named.
> -		mkdir -pv %{BUILDROOT}/run/named
> -		chown -Rv named.named %{BUILDROOT}/run/named/
> +		# Remove documentation for liblwres and tools
> +		rm -rvf %{BUILDROOT}%{mandir}/man3
>  	end
>  end
>  
> -create_user
> -	getent group named >/dev/null || /usr/sbin/groupadd -r named
> -	getent passwd named >/dev/null || /usr/sbin/useradd -r -g named \
> -		-d /var/named -c "User for bind DNS server" -s /sbin/nologin
> named
> -end
> -
>  packages
>  	package %{name}
> +		# The bind package is just an umbrella package for the utils
> +		# and libs package.
>  		requires
> -			bind-utils
> -			bind-chroot
> -		end
> -
> -		prerequires += shadow-utils
> -
> -		script prein
> -			%{create_user}
> +			%{name}-libs = %{thisver}	
> +			%{name}-utils = %{thisver}
> +			%{name}-utils-libs = %{thisver}
>  		end
> -
> -		# XXX Add systemd scriptlet if a service file becomes
> available
>  	end
>  
>  	package %{name}-utils
>  		summary = Utilities for querying bind DNS name server.
>  		description = %{summary}
>  
> +		requires
> +			%{name}-utils-libs = %{thisver}
> +		end
> +
>  		files
>  			/usr/bin/dig
>  			/usr/bin/host
> @@ -165,17 +133,19 @@ packages
>  		end
>  	end
>  
> -	package %{name}-chroot
> -		summary = Chroot environment for bind DNS servers.
> -		description = %{summary}
> +	package %{name}-utils-libs
> +		template LIBS
>  
> -		files
> -			/var/named/chroot
> -		end
> +		summary = Required libraries for the tools in the bind-utils
> package.
> +		description = %{summary}
>  	end
>  
>  	package %{name}-libs
>  		template LIBS
> +
> +		files
> +			%{libdir}/*export.so.*
> +		end
>  	end
>  
>  	package %{name}-devel
> diff --git a/bind/named.tmpfiles b/bind/named.tmpfiles
> deleted file mode 100644
> index 640a656..0000000
> --- a/bind/named.tmpfiles
> +++ /dev/null
> @@ -1 +0,0 @@
> -d /run/named 0755 named named -
> diff --git a/bind/patches/bind-9.5-PIE.patch b/bind/patches/bind-9.5-PIE.patch
> deleted file mode 100644
> index a525b9b..0000000
> --- a/bind/patches/bind-9.5-PIE.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> ---- bind-9.5.0b2/bin/named/Makefile.in.pie	2008-02-11
> 17:21:47.000000000 +0100
> -+++ bind-9.5.0b2/bin/named/Makefile.in	2008-02-11 17:22:10.000000000
> +0100
> -@@ -100,8 +100,12 @@ HTMLPAGES =	named.html lwresd.html named
> - 
> - MANOBJS =	${MANPAGES} ${HTMLPAGES}
> - 
> -+EXT_CFLAGS = -fpie
> -+
> - @BIND9_MAKE_RULES@
> - 
> -+LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
> -+
> - main.@O@: main.c
> - 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
> - 		-DVERSION=\"${VERSION}\" \
> -diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind-
> 9.5.0b2/bin/named/unix/Makefile.in
> ---- bind-9.5.0b2/bin/named/unix/Makefile.in.pie	2008-02-11
> 17:22:21.000000000 +0100
> -+++ bind-9.5.0b2/bin/named/unix/Makefile.in	2008-02-11
> 17:23:00.000000000 +0100
> -@@ -19,6 +19,8 @@ srcdir =	@srcdir@
> - VPATH =		@srcdir@
> - top_srcdir =	@top_srcdir@
> - 
> -+EXT_CFLAGS = -fpie
> -+
> - @BIND9_MAKE_INCLUDES@
> - 
> - CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
> diff --git a/bind/patches/bind-9.5-parallel-build.patch b/bind/patches/bind-
> 9.5-parallel-build.patch
> deleted file mode 100644
> index 53e34ca..0000000
> --- a/bind/patches/bind-9.5-parallel-build.patch
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind-
> 9.5.0b1/lib/dns/Makefile.in
> ---- bind-9.5.0b1/lib/dns/Makefile.in.parallel	2008-01-17
> 18:27:38.000000000 +0100
> -+++ bind-9.5.0b1/lib/dns/Makefile.in	2008-01-17 18:27:45.000000000
> +0100
> -@@ -19,10 +19,6 @@ srcdir =	@srcdir@
> - VPATH =		@srcdir@
> - top_srcdir =	@top_srcdir@
> - 
> --# Attempt to disable parallel processing.
> --.NOTPARALLEL:
> --.NO_PARALLEL:
> --
> - @BIND9_VERSION@
> - 
> - @LIBDNS_API@
> diff --git a/bind/patches/bind-9.9-libidn.patch b/bind/patches/bind-9.9-
> libidn.patch
> deleted file mode 100644
> index fca8665..0000000
> --- a/bind/patches/bind-9.9-libidn.patch
> +++ /dev/null
> @@ -1,326 +0,0 @@
> -From 19809fe6154ea0471a2c4fa3bd66787facf7704a Mon Sep 17 00:00:00 2001
> -From: Tomas Hozza <thozza@redhat.com>
> -Date: Mon, 26 May 2014 15:25:34 +0200
> -Subject: [PATCH] Use libidn instead of bundled idnkit
> -
> -Signed-off-by: Tomas Hozza <thozza@redhat.com>
> ----
> - bin/dig/Makefile.in |   6 +-
> - bin/dig/dig.docbook |   4 +-
> - bin/dig/dighost.c   | 168 ++++++++++++++++++++++++++++++++++++++++++++++++
> ----
> - 3 files changed, 162 insertions(+), 16 deletions(-)
> -
> -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
> -index 5bc4db0..3864e06 100644
> ---- a/bin/dig/Makefile.in
> -+++ b/bin/dig/Makefile.in
> -@@ -48,10 +48,10 @@ DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS}
> ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
> - 		${LWRESDEPLIBS}
> - 
> - LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
> --		${ISCLIBS} @IDNLIBS@ @LIBS@
> -+		${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn
> - 
> - NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
> --		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
> -+		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn
> - 
> - SUBDIRS =
> - 
> -@@ -69,6 +69,8 @@ HTMLPAGES =	dig.html host.html nslookup.html
> - 
> - MANOBJS =	${MANPAGES} ${HTMLPAGES}
> - 
> -+EXT_CFLAGS = -DWITH_LIBIDN
> -+
> - @BIND9_MAKE_RULES@
> - 
> - dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
> -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
> -index 7a01ec0..c3a7976 100644
> ---- a/bin/dig/dig.docbook
> -+++ b/bin/dig/dig.docbook
> -@@ -970,8 +970,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
> -       <command>dig</command> appropriately converts character encoding of
> -       domain name before sending a request to DNS server or displaying a
> -       reply from the server.
> --      If you'd like to turn off the IDN support for some reason, defines
> --      the <envar>IDN_DISABLE</envar> environment variable.
> -+      If you'd like to turn off the IDN support for some reason, define
> -+      the <envar>CHARSET=ASCII</envar> environment variable.
> -       The IDN support is disabled if the variable is set when 
> -       <command>dig</command> runs.
> -     </para>
> -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
> -index 56d763c..5a40051 100644
> ---- a/bin/dig/dighost.c
> -+++ b/bin/dig/dighost.c
> -@@ -44,6 +44,11 @@
> - #include <idn/api.h>
> - #endif
> - 
> -+#ifdef WITH_LIBIDN
> -+#include <stringprep.h>
> -+#include <idna.h>
> -+#endif
> -+
> - #include <dns/byaddr.h>
> - #ifdef DIG_SIGCHASE
> - #include <dns/callbacks.h>
> -@@ -158,6 +163,14 @@ static void		idn_check_result(idn_result_t
> r, const char *msg);
> - int  idnoptions	= 0;
> - #endif
> - 
> -+#ifdef WITH_LIBIDN
> -+static isc_result_t	libidn_locale_to_utf8 (const char* from, char
> *to);
> -+static isc_result_t	libidn_utf8_to_ascii (const char* from, char
> *to);
> -+static isc_result_t	output_filter (isc_buffer_t *buffer,
> -+				       unsigned int used_org,
> -+				       isc_boolean_t absolute);
> -+#endif
> -+
> - isc_socket_t *keep = NULL;
> - isc_sockaddr_t keepaddr;
> - 
> -@@ -1210,6 +1223,9 @@ setup_system(void) {
> - 	dig_searchlist_t *domain = NULL;
> - 	lwres_result_t lwresult;
> - 	unsigned int lwresflags;
> -+#ifdef WITH_LIBIDN
> -+	isc_result_t result;
> -+#endif
> - 
> - 	debug("setup_system()");
> - 
> -@@ -1268,8 +1284,15 @@ setup_system(void) {
> - 
> - #ifdef WITH_IDN
> - 	initialize_idn();
> -+	
> -+#endif
> -+#ifdef WITH_LIBIDN
> -+	result = dns_name_settotextfilter(output_filter);
> -+	check_result(result, "dns_name_settotextfilter");
> -+#ifdef HAVE_SETLOCALE
> -+	setlocale (LC_ALL, "");
> -+#endif
> - #endif
> --
> - 	if (keyfile[0] != 0)
> - 		setup_file_key();
> - 	else if (keysecret[0] != 0)
> -@@ -2028,12 +2051,14 @@ setup_lookup(dig_lookup_t *lookup) {
> - 	idn_result_t mr;
> - 	char utf8_textname[MXNAME], utf8_origin[MXNAME],
> idn_textname[MXNAME];
> - #endif
> -+#ifdef WITH_LIBIDN
> -+	char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME];
> -+#endif
> - 
> --#ifdef WITH_IDN
> -+#if defined (WITH_IDN) || defined (WITH_LIBIDN)
> - 	result = dns_name_settotextfilter(output_filter);
> - 	check_result(result, "dns_name_settotextfilter");
> - #endif
> --
> - 	REQUIRE(lookup != NULL);
> - 	INSIST(!free_now);
> - 
> -@@ -2070,6 +2095,14 @@ setup_lookup(dig_lookup_t *lookup) {
> - 	mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
> - 			    utf8_textname, sizeof(utf8_textname));
> - 	idn_check_result(mr, "convert textname to UTF-8");
> -+#elif defined (WITH_LIBIDN)
> -+	result = libidn_locale_to_utf8 (lookup->textname, utf8_str);
> -+	check_result (result, "convert textname to UTF-8");
> -+	len = strlen (utf8_str);
> -+	if (len < MXNAME)
> -+		(void) strcpy (utf8_name, utf8_str);
> -+	else
> -+		fatal ("Too long name");
> - #endif
> - 
> - 	/*
> -@@ -2082,15 +2115,11 @@ setup_lookup(dig_lookup_t *lookup) {
> - 	if (lookup->new_search) {
> - #ifdef WITH_IDN
> - 		if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
> --			lookup->origin = NULL; /* Force abs lookup */
> --			lookup->done_as_is = ISC_TRUE;
> --			lookup->need_search = usesearch;
> --		} else if (lookup->origin == NULL && usesearch) {
> --			lookup->origin = ISC_LIST_HEAD(search_list);
> --			lookup->need_search = ISC_FALSE;
> --		}
> -+#elif defined (WITH_LIBIDN)
> -+		if ((count_dots(utf8_name) >= ndots) || !usesearch) {
> - #else
> - 		if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
> -+#endif
> - 			lookup->origin = NULL; /* Force abs lookup */
> - 			lookup->done_as_is = ISC_TRUE;
> - 			lookup->need_search = usesearch;
> -@@ -2098,7 +2127,6 @@ setup_lookup(dig_lookup_t *lookup) {
> - 			lookup->origin = ISC_LIST_HEAD(search_list);
> - 			lookup->need_search = ISC_FALSE;
> - 		}
> --#endif
> - 	}
> - 
> - #ifdef WITH_IDN
> -@@ -2115,6 +2143,20 @@ setup_lookup(dig_lookup_t *lookup) {
> - 			    IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
> - 			    idn_textname, sizeof(idn_textname));
> - 	idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
> -+#elif defined (WITH_LIBIDN)
> -+	if (lookup->origin != NULL) {
> -+		result = libidn_locale_to_utf8 (lookup->origin->origin,
> utf8_str);
> -+		check_result (result, "convert origin to UTF-8");
> -+		if (len > 0 && utf8_name[len - 1] != '.') {
> -+			utf8_name[len++] = '.';
> -+			if (len + strlen (utf8_str) < MXNAME)
> -+				(void) strcpy (utf8_name + len, utf8_str);
> -+			else
> -+				fatal ("Too long name + origin");
> -+		}
> -+	}
> -+
> -+	result = libidn_utf8_to_ascii (utf8_name, ascii_name);
> - #else
> - 	if (lookup->origin != NULL) {
> - 		debug("trying origin %s", lookup->origin->origin);
> -@@ -2170,6 +2212,13 @@ setup_lookup(dig_lookup_t *lookup) {
> - 			result = dns_name_fromtext(lookup->name, &b,
> - 						   dns_rootname, 0,
> - 						   &lookup->namebuf);
> -+#elif defined (WITH_LIBIDN)
> -+			len = strlen (ascii_name);
> -+			isc_buffer_init(&b, ascii_name, len);
> -+			isc_buffer_add(&b, len);
> -+			result = dns_name_fromtext(lookup->name, &b,
> -+						   dns_rootname, 0,
> -+						   &lookup->namebuf);
> - #else
> - 			len = strlen(lookup->textname);
> - 			isc_buffer_init(&b, lookup->textname, len);
> -@@ -3788,7 +3837,7 @@ destroy_libs(void) {
> - 	void * ptr;
> - 	dig_message_t *chase_msg;
> - #endif
> --#ifdef WITH_IDN
> -+#if defined (WITH_IDN) || defined (WITH_LIBIDN)
> - 	isc_result_t result;
> - #endif
> - 
> -@@ -3829,6 +3878,10 @@ destroy_libs(void) {
> - 	result = dns_name_settotextfilter(NULL);
> - 	check_result(result, "dns_name_settotextfilter");
> - #endif
> -+#ifdef WITH_LIBIDN
> -+	result = dns_name_settotextfilter (NULL);
> -+	check_result(result, "clearing dns_name_settotextfilter");
> -+#endif
> - 	dns_name_destroy();
> - 
> - 	if (commctx != NULL) {
> -@@ -4008,6 +4061,97 @@ idn_check_result(idn_result_t r, const char *msg) {
> - 	}
> - }
> - #endif /* WITH_IDN */
> -+#ifdef WITH_LIBIDN
> -+static isc_result_t
> -+libidn_locale_to_utf8 (const char *from, char *to) {
> -+	char *utf8_str;
> -+
> -+	debug ("libidn_locale_to_utf8");
> -+	utf8_str = stringprep_locale_to_utf8 (from);
> -+	if (utf8_str != NULL) {
> -+		(void) strcpy (to, utf8_str);
> -+		free (utf8_str);
> -+		return ISC_R_SUCCESS;
> -+	}
> -+
> -+	debug ("libidn_locale_to_utf8: failure");
> -+	return ISC_R_FAILURE;
> -+}
> -+static isc_result_t
> -+libidn_utf8_to_ascii (const char *from, char *to) {
> -+	char *ascii;
> -+	int iresult;
> -+
> -+	debug ("libidn_utf8_to_ascii");
> -+	iresult = idna_to_ascii_8z (from, &ascii, 0);
> -+	if (iresult != IDNA_SUCCESS) {
> -+		debug ("idna_to_ascii_8z: %s", idna_strerror (iresult));
> -+		return ISC_R_FAILURE;
> -+	}
> -+
> -+	(void) strcpy (to, ascii);
> -+	free (ascii);
> -+	return ISC_R_SUCCESS;
> -+}
> -+
> -+static isc_result_t
> -+output_filter (isc_buffer_t *buffer, unsigned int used_org,
> -+	       isc_boolean_t absolute) {
> -+
> -+	char tmp1[MXNAME], *tmp2;
> -+        size_t fromlen, tolen;
> -+        isc_boolean_t end_with_dot;
> -+	int iresult;
> -+
> -+	debug ("output_filter");
> -+
> -+        fromlen = isc_buffer_usedlength (buffer) - used_org;
> -+	if (fromlen >= MXNAME)
> -+		return ISC_R_SUCCESS;
> -+        memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org,
> fromlen);
> -+        end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
> -+        if (absolute && !end_with_dot) {
> -+                fromlen++;
> -+		if (fromlen >= MXNAME)
> -+			return ISC_R_SUCCESS;
> -+                tmp1[fromlen - 1] = '.';
> -+        }
> -+        tmp1[fromlen] = '\0';
> -+
> -+	iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0);
> -+	if (iresult != IDNA_SUCCESS) {
> -+		debug ("output_filter: %s", idna_strerror (iresult));
> -+		return ISC_R_SUCCESS;
> -+	}
> -+
> -+	(void) strcpy (tmp1, tmp2);
> -+	free (tmp2);
> -+
> -+	tmp2 = stringprep_utf8_to_locale (tmp1);
> -+	if (tmp2 == NULL) {
> -+		debug ("output_filter: stringprep_utf8_to_locale failed");
> -+		return ISC_R_SUCCESS;
> -+	}
> -+
> -+	(void) strcpy (tmp1, tmp2);
> -+	free (tmp2);
> -+
> -+        tolen = strlen (tmp1);
> -+        if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
> -+                tolen--;
> -+
> -+        if (isc_buffer_length (buffer) < used_org + tolen)
> -+                return ISC_R_NOSPACE;
> -+
> -+	debug ("%s", tmp1);
> -+
> -+        isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) -
> used_org);
> -+        memcpy (isc_buffer_used (buffer), tmp1, tolen);
> -+        isc_buffer_add (buffer, tolen);
> -+
> -+        return ISC_R_SUCCESS;
> -+}
> -+#endif /* WITH_LIBIDN*/
> - 
> - #ifdef DIG_SIGCHASE
> - void
> --- 
> -1.9.0
> -
> diff --git a/bind/patches/bind-9.7-exportlib.patch b/bind/patches/bind97-
> exportlib.patch
> similarity index 100%
> rename from bind/patches/bind-9.7-exportlib.patch
> rename to bind/patches/bind97-exportlib.patch
> diff --git a/bind/patches/bind99-dont-build-bin.patch b/bind/patches/bind99-
> dont-build-bin.patch
> new file mode 100644
> index 0000000..ae50372
> --- /dev/null
> +++ b/bind/patches/bind99-dont-build-bin.patch
> @@ -0,0 +1,13 @@
> +diff --git a/Makefile.in b/Makefile.in
> +index 4f7f5a6..d59b9b1 100644
> +--- a/Makefile.in
> ++++ b/Makefile.in
> +@@ -21,7 +21,7 @@ top_srcdir =	@top_srcdir@
> + 
> + VERSION=@BIND9_VERSION@
> + 
> +-SUBDIRS =	make unit lib bin doc @LIBEXPORT@
> ++SUBDIRS =	make lib doc @LIBEXPORT@
> + TARGETS =
> + 
> + MANPAGES =	isc-config.sh.1
> diff --git a/bind/trusted-key.key b/bind/trusted-key.key
> deleted file mode 100644
> index ea07836..0000000
> --- a/bind/trusted-key.key
> +++ /dev/null
> @@ -1 +0,0 @@
> -. 3600 IN DNSKEY 257 3 8
> AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0Ez
> rAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkj
> f5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCT
> MjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqr
> AmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=