bind: Rework package and update to 9.9.9-P6

Message ID 20170223115111.23057-1-stefan.schantl@ipfire.org
State New
Headers show

Message

Stefan Schantl Feb. 23, 2017, 11:51 a.m.
This commit rapidely slims down the bind package. It now only
provides the libraries and development files, which are needed
to build the isc-dhcp server and in a subpackage some very handy
utils like dig, host and some more.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 bind/bind.nm                                       | 142 ++++-----
 bind/named.tmpfiles                                |   1 -
 bind/patches/bind-9.5-PIE.patch                    |  27 --
 bind/patches/bind-9.5-parallel-build.patch         |  14 -
 bind/patches/bind-9.9-libidn.patch                 | 326 ---------------------
 ...-9.7-exportlib.patch => bind97-exportlib.patch} |   0
 bind/patches/bind99-dont-build-bin.patch           |  13 +
 bind/trusted-key.key                               |   1 -
 8 files changed, 69 insertions(+), 455 deletions(-)
 delete mode 100644 bind/named.tmpfiles
 delete mode 100644 bind/patches/bind-9.5-PIE.patch
 delete mode 100644 bind/patches/bind-9.5-parallel-build.patch
 delete mode 100644 bind/patches/bind-9.9-libidn.patch
 rename bind/patches/{bind-9.7-exportlib.patch => bind97-exportlib.patch} (100%)
 create mode 100644 bind/patches/bind99-dont-build-bin.patch
 delete mode 100644 bind/trusted-key.key

Comments

Michael Tremer Feb. 25, 2017, 3:21 p.m. | #1
Hi,

you cannot drop the DNS root key because tools like dig and other software like
unbound depend on it.

Could you re-add that please?

-Michael

On Thu, 2017-02-23 at 12:51 +0100, Stefan Schantl wrote:
> This commit rapidely slims down the bind package. It now only
> provides the libraries and development files, which are needed
> to build the isc-dhcp server and in a subpackage some very handy
> utils like dig, host and some more.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
>  bind/bind.nm                                       | 142 ++++-----
>  bind/named.tmpfiles                                |   1 -
>  bind/patches/bind-9.5-PIE.patch                    |  27 --
>  bind/patches/bind-9.5-parallel-build.patch         |  14 -
>  bind/patches/bind-9.9-libidn.patch                 | 326 --------------------
> -
>  ...-9.7-exportlib.patch => bind97-exportlib.patch} |   0
>  bind/patches/bind99-dont-build-bin.patch           |  13 +
>  bind/trusted-key.key                               |   1 -
>  8 files changed, 69 insertions(+), 455 deletions(-)
>  delete mode 100644 bind/named.tmpfiles
>  delete mode 100644 bind/patches/bind-9.5-PIE.patch
>  delete mode 100644 bind/patches/bind-9.5-parallel-build.patch
>  delete mode 100644 bind/patches/bind-9.9-libidn.patch
>  rename bind/patches/{bind-9.7-exportlib.patch => bind97-exportlib.patch}
> (100%)
>  create mode 100644 bind/patches/bind99-dont-build-bin.patch
>  delete mode 100644 bind/trusted-key.key
> 
> diff --git a/bind/bind.nm b/bind/bind.nm
> index 7b6344f..4775c14 100644
> --- a/bind/bind.nm
> +++ b/bind/bind.nm
> @@ -4,8 +4,8 @@
>  #############################################################################
> ##
>  
>  name       = bind
> -version    = 9.9.6-P1
> -release    = 2
> +version    = 9.9.9-P6
> +release    = 1
>  
>  groups     = Networking/Tools
>  url        = http://www.isc.org/products/BIND/
> @@ -19,14 +19,10 @@ end
>  
>  source_dl  = ftp://ftp.isc.org/isc/bind/%{version}/
>  
> -sources += \
> -	%{name}-config-12.tar.bz2
> -
>  build
>  	requires
>  		autoconf
>  		automake
> -		chrpath
>  		libcap-devel
>  		libidn-devel
>  		libtool
> @@ -43,116 +39,88 @@ build
>  		--disable-static \
>  		--disable-openssl-version-check \
>  		--enable-exportlib \
> -		--with-export-libdir=/%{lib}/ \
> -		--with-export-includedir=/usr/include/ \
> -		--includedir=/usr/include/bind9/ \
> -		--with-pkcs11=%{libdir}/pkcs11/PKCS11_API.so \
> +		--with-export-libdir=%{libdir}/ \
> +		--with-export-includedir=%{includedir} \
> +		--includedir=%{includedir}/bind9/ \
>  		--with-gssapi \
>  		--enable-rrl \
>  		--disable-isc-spnego
>  
> -	prepare
> -		cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
> -
> +	prepare_cmds
>  		# Create m4 directory.
>  		cd %{DIR_APP} && mkdir -pv m4
>  
> -		# Apply all patches.
> -		%{MACRO_PATCHES}
> -
>  		# Branding.
>  		sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{DISTRO_NAME}-
> %{version}-%{release}/' version
>  
>  		# Regenerate build environment
> -		libtoolize -c -f
> -		aclocal -I m4 --force
> -		autoconf -f
> +		autoreconf -vfi
>  
> -		# Create user and group for /run directory.
> -		%{create_user}
>  	end
>  
> -	install
> -		# Create directory layout.
> -		mkdir -pv %{BUILDROOT}%{libdir}/bind
> -		mkdir -pv %{BUILDROOT}/var/named/{slaves,data,dynamic}
> -		mkdir -pv %{BUILDROOT}/usr/share/man/{man1,man5,man8}
> -		mkdir -pv %{BUILDROOT}/run/named
> -		mkdir -pv %{BUILDROOT}/var/log
> -
> -		# Create named chroot environment.
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/{dev,etc,var}
> -		mkdir -pv
> %{BUILDROOT}/var/named/chroot/var/{log,named,run/named,tmp}
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/etc/{pki/dnssec-
> keys,named}
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/usr/lib/bind
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/null
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/random
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/dev/zero
> -		mkdir -pv %{BUILDROOT}/var/named/chroot/etc/localtime
> +	build_cmds
> +		# Build some typical system tools (dig, host, nslookup)
> +		make -C bin/dig -j %{PARALLELISMFLAGS}
>  
> -		touch %{BUILDROOT}/var/named/chroot/etc/named.conf
> -
> -		# Run make install
> -		make DESTDIR=%{BUILDROOT} install
> +		# Build nsupdate
> +		make -C bin/nsupdate -j %{PARALLELISMFLAGS}
> +	end
>  
> -		# Remove RPATH from libraries.
> -		chrpath --delete %{BUILDROOT}/lib*/*export*.so.*
> +	install_cmds
> +		# Install typical system tools
> +		make -C bin/dig install DESTDIR=%{BUILDROOT}
>  
> -		# Remove unwanted files
> -		rm -rvf %{BUILDROOT}/etc/bind.keys
> +		# Install nsupdate
> +		make -C bin/nsupdate install DESTDIR=%{BUILDROOT}
>  
> -		# Create ghost config files
> -		touch %{BUILDROOT}/var/log/named.log
> +		# Install isc/errno2result.h header
> +		install -m 644 lib/isc/unix/errno2result.h
> %{BUILDROOT}%{includedir}/isc
>  
> -		# Configuration files
> -		tar -C %{BUILDROOT} -xaf %{DIR_DL}/bind-config-12.tar.bz2
> -		touch %{BUILDROOT}/etc/rndc.key
> -		touch %{BUILDROOT}/etc/rndc.conf
> +		# Remove development libraries and headers except *-export
> ones
> +		rm -rvf %{BUILDROOT}%{libdir}/libbind9.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libdns.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libisccc.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libisccfg.so
> +		rm -rvf %{BUILDROOT}%{libdir}/libisc.so
> +		rm -rvf %{BUILDROOT}%{libdir}/liblwres.so
> +		rm -rvf %{BUILDROOT}%{includedir}/bind9
>  
> -		mkdir %{BUILDROOT}/etc/named
> -		install -m 644 bind.keys %{BUILDROOT}/etc/named.iscdlv.key
> -		install -m 644 %{DIR_SOURCE}/trusted-key.key
> %{BUILDROOT}/etc/trusted-key.key
> +		# Remove unwanted files
> +		rm -rvf %{BUILDROOT}/etc
> +		rm -rvf %{BUILDROOT}/var
>  
> -		# Recreate symlinks for export libraries
> -		rm -rf %{BUILDROOT}/%{lib}/lib*-export.so
> +		# Remove unneeded tools
> +		rm -rvf %{BUILDROOT}%{bindir}/isc-config.sh
> +		rm -rvf %{BUILDROOT}%{bindir}/bind9-config
>  
> -		ln -svf ../../%{lib}/libdns-export.so.104
> %{BUILDROOT}%{libdir}/libdns-export.so
> -		ln -svf ../../%{lib}/libirs-export.so.91
> %{BUILDROOT}%{libdir}/libirs-export.so
> -		ln -svf ../../%{lib}/libisccfg-export.so.90
> %{BUILDROOT}%{libdir}/libisccfg-export.so
> -		ln -svf ../../%{lib}/libisc-export.so.95
> %{BUILDROOT}%{libdir}/libisc-export.so
> +		# Remove manpages for the unneeded tools
> +		rm -rvf %{BUILDROOT}%{mandir}/man1/isc-config.sh.1
> +		rm -rvf %{BUILDROOT}%{mandir}/man1/bind9-config.1
>  
> -		# Create /run/named.
> -		mkdir -pv %{BUILDROOT}/run/named
> -		chown -Rv named.named %{BUILDROOT}/run/named/
> +		# Remove documentation for liblwres and tools
> +		rm -rvf %{BUILDROOT}%{mandir}/man3
>  	end
>  end
>  
> -create_user
> -	getent group named >/dev/null || /usr/sbin/groupadd -r named
> -	getent passwd named >/dev/null || /usr/sbin/useradd -r -g named \
> -		-d /var/named -c "User for bind DNS server" -s /sbin/nologin
> named
> -end
> -
>  packages
>  	package %{name}
> +		# The bind package is just an umbrella package for the utils
> +		# and libs package.
>  		requires
> -			bind-utils
> -			bind-chroot
> -		end
> -
> -		prerequires += shadow-utils
> -
> -		script prein
> -			%{create_user}
> +			%{name}-libs = %{thisver}	
> +			%{name}-utils = %{thisver}
> +			%{name}-utils-libs = %{thisver}
>  		end
> -
> -		# XXX Add systemd scriptlet if a service file becomes
> available
>  	end
>  
>  	package %{name}-utils
>  		summary = Utilities for querying bind DNS name server.
>  		description = %{summary}
>  
> +		requires
> +			%{name}-utils-libs = %{thisver}
> +		end
> +
>  		files
>  			/usr/bin/dig
>  			/usr/bin/host
> @@ -165,17 +133,19 @@ packages
>  		end
>  	end
>  
> -	package %{name}-chroot
> -		summary = Chroot environment for bind DNS servers.
> -		description = %{summary}
> +	package %{name}-utils-libs
> +		template LIBS
>  
> -		files
> -			/var/named/chroot
> -		end
> +		summary = Required libraries for the tools in the bind-utils
> package.
> +		description = %{summary}
>  	end
>  
>  	package %{name}-libs
>  		template LIBS
> +
> +		files
> +			%{libdir}/*export.so.*
> +		end
>  	end
>  
>  	package %{name}-devel
> diff --git a/bind/named.tmpfiles b/bind/named.tmpfiles
> deleted file mode 100644
> index 640a656..0000000
> --- a/bind/named.tmpfiles
> +++ /dev/null
> @@ -1 +0,0 @@
> -d /run/named 0755 named named -
> diff --git a/bind/patches/bind-9.5-PIE.patch b/bind/patches/bind-9.5-PIE.patch
> deleted file mode 100644
> index a525b9b..0000000
> --- a/bind/patches/bind-9.5-PIE.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> ---- bind-9.5.0b2/bin/named/Makefile.in.pie	2008-02-11
> 17:21:47.000000000 +0100
> -+++ bind-9.5.0b2/bin/named/Makefile.in	2008-02-11 17:22:10.000000000
> +0100
> -@@ -100,8 +100,12 @@ HTMLPAGES =	named.html lwresd.html named
> - 
> - MANOBJS =	${MANPAGES} ${HTMLPAGES}
> - 
> -+EXT_CFLAGS = -fpie
> -+
> - @BIND9_MAKE_RULES@
> - 
> -+LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
> -+
> - main.@O@: main.c
> - 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
> - 		-DVERSION=\"${VERSION}\" \
> -diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind-
> 9.5.0b2/bin/named/unix/Makefile.in
> ---- bind-9.5.0b2/bin/named/unix/Makefile.in.pie	2008-02-11
> 17:22:21.000000000 +0100
> -+++ bind-9.5.0b2/bin/named/unix/Makefile.in	2008-02-11
> 17:23:00.000000000 +0100
> -@@ -19,6 +19,8 @@ srcdir =	@srcdir@
> - VPATH =		@srcdir@
> - top_srcdir =	@top_srcdir@
> - 
> -+EXT_CFLAGS = -fpie
> -+
> - @BIND9_MAKE_INCLUDES@
> - 
> - CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
> diff --git a/bind/patches/bind-9.5-parallel-build.patch b/bind/patches/bind-
> 9.5-parallel-build.patch
> deleted file mode 100644
> index 53e34ca..0000000
> --- a/bind/patches/bind-9.5-parallel-build.patch
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind-
> 9.5.0b1/lib/dns/Makefile.in
> ---- bind-9.5.0b1/lib/dns/Makefile.in.parallel	2008-01-17
> 18:27:38.000000000 +0100
> -+++ bind-9.5.0b1/lib/dns/Makefile.in	2008-01-17 18:27:45.000000000
> +0100
> -@@ -19,10 +19,6 @@ srcdir =	@srcdir@
> - VPATH =		@srcdir@
> - top_srcdir =	@top_srcdir@
> - 
> --# Attempt to disable parallel processing.
> --.NOTPARALLEL:
> --.NO_PARALLEL:
> --
> - @BIND9_VERSION@
> - 
> - @LIBDNS_API@
> diff --git a/bind/patches/bind-9.9-libidn.patch b/bind/patches/bind-9.9-
> libidn.patch
> deleted file mode 100644
> index fca8665..0000000
> --- a/bind/patches/bind-9.9-libidn.patch
> +++ /dev/null
> @@ -1,326 +0,0 @@
> -From 19809fe6154ea0471a2c4fa3bd66787facf7704a Mon Sep 17 00:00:00 2001
> -From: Tomas Hozza <thozza@redhat.com>
> -Date: Mon, 26 May 2014 15:25:34 +0200
> -Subject: [PATCH] Use libidn instead of bundled idnkit
> -
> -Signed-off-by: Tomas Hozza <thozza@redhat.com>
> ----
> - bin/dig/Makefile.in |   6 +-
> - bin/dig/dig.docbook |   4 +-
> - bin/dig/dighost.c   | 168 ++++++++++++++++++++++++++++++++++++++++++++++++
> ----
> - 3 files changed, 162 insertions(+), 16 deletions(-)
> -
> -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
> -index 5bc4db0..3864e06 100644
> ---- a/bin/dig/Makefile.in
> -+++ b/bin/dig/Makefile.in
> -@@ -48,10 +48,10 @@ DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS}
> ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
> - 		${LWRESDEPLIBS}
> - 
> - LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
> --		${ISCLIBS} @IDNLIBS@ @LIBS@
> -+		${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn
> - 
> - NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
> --		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
> -+		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn
> - 
> - SUBDIRS =
> - 
> -@@ -69,6 +69,8 @@ HTMLPAGES =	dig.html host.html nslookup.html
> - 
> - MANOBJS =	${MANPAGES} ${HTMLPAGES}
> - 
> -+EXT_CFLAGS = -DWITH_LIBIDN
> -+
> - @BIND9_MAKE_RULES@
> - 
> - dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
> -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
> -index 7a01ec0..c3a7976 100644
> ---- a/bin/dig/dig.docbook
> -+++ b/bin/dig/dig.docbook
> -@@ -970,8 +970,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
> -       <command>dig</command> appropriately converts character encoding of
> -       domain name before sending a request to DNS server or displaying a
> -       reply from the server.
> --      If you'd like to turn off the IDN support for some reason, defines
> --      the <envar>IDN_DISABLE</envar> environment variable.
> -+      If you'd like to turn off the IDN support for some reason, define
> -+      the <envar>CHARSET=ASCII</envar> environment variable.
> -       The IDN support is disabled if the variable is set when 
> -       <command>dig</command> runs.
> -     </para>
> -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
> -index 56d763c..5a40051 100644
> ---- a/bin/dig/dighost.c
> -+++ b/bin/dig/dighost.c
> -@@ -44,6 +44,11 @@
> - #include <idn/api.h>
> - #endif
> - 
> -+#ifdef WITH_LIBIDN
> -+#include <stringprep.h>
> -+#include <idna.h>
> -+#endif
> -+
> - #include <dns/byaddr.h>
> - #ifdef DIG_SIGCHASE
> - #include <dns/callbacks.h>
> -@@ -158,6 +163,14 @@ static void		idn_check_result(idn_result_t
> r, const char *msg);
> - int  idnoptions	= 0;
> - #endif
> - 
> -+#ifdef WITH_LIBIDN
> -+static isc_result_t	libidn_locale_to_utf8 (const char* from, char
> *to);
> -+static isc_result_t	libidn_utf8_to_ascii (const char* from, char
> *to);
> -+static isc_result_t	output_filter (isc_buffer_t *buffer,
> -+				       unsigned int used_org,
> -+				       isc_boolean_t absolute);
> -+#endif
> -+
> - isc_socket_t *keep = NULL;
> - isc_sockaddr_t keepaddr;
> - 
> -@@ -1210,6 +1223,9 @@ setup_system(void) {
> - 	dig_searchlist_t *domain = NULL;
> - 	lwres_result_t lwresult;
> - 	unsigned int lwresflags;
> -+#ifdef WITH_LIBIDN
> -+	isc_result_t result;
> -+#endif
> - 
> - 	debug("setup_system()");
> - 
> -@@ -1268,8 +1284,15 @@ setup_system(void) {
> - 
> - #ifdef WITH_IDN
> - 	initialize_idn();
> -+	
> -+#endif
> -+#ifdef WITH_LIBIDN
> -+	result = dns_name_settotextfilter(output_filter);
> -+	check_result(result, "dns_name_settotextfilter");
> -+#ifdef HAVE_SETLOCALE
> -+	setlocale (LC_ALL, "");
> -+#endif
> - #endif
> --
> - 	if (keyfile[0] != 0)
> - 		setup_file_key();
> - 	else if (keysecret[0] != 0)
> -@@ -2028,12 +2051,14 @@ setup_lookup(dig_lookup_t *lookup) {
> - 	idn_result_t mr;
> - 	char utf8_textname[MXNAME], utf8_origin[MXNAME],
> idn_textname[MXNAME];
> - #endif
> -+#ifdef WITH_LIBIDN
> -+	char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME];
> -+#endif
> - 
> --#ifdef WITH_IDN
> -+#if defined (WITH_IDN) || defined (WITH_LIBIDN)
> - 	result = dns_name_settotextfilter(output_filter);
> - 	check_result(result, "dns_name_settotextfilter");
> - #endif
> --
> - 	REQUIRE(lookup != NULL);
> - 	INSIST(!free_now);
> - 
> -@@ -2070,6 +2095,14 @@ setup_lookup(dig_lookup_t *lookup) {
> - 	mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
> - 			    utf8_textname, sizeof(utf8_textname));
> - 	idn_check_result(mr, "convert textname to UTF-8");
> -+#elif defined (WITH_LIBIDN)
> -+	result = libidn_locale_to_utf8 (lookup->textname, utf8_str);
> -+	check_result (result, "convert textname to UTF-8");
> -+	len = strlen (utf8_str);
> -+	if (len < MXNAME)
> -+		(void) strcpy (utf8_name, utf8_str);
> -+	else
> -+		fatal ("Too long name");
> - #endif
> - 
> - 	/*
> -@@ -2082,15 +2115,11 @@ setup_lookup(dig_lookup_t *lookup) {
> - 	if (lookup->new_search) {
> - #ifdef WITH_IDN
> - 		if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
> --			lookup->origin = NULL; /* Force abs lookup */
> --			lookup->done_as_is = ISC_TRUE;
> --			lookup->need_search = usesearch;
> --		} else if (lookup->origin == NULL && usesearch) {
> --			lookup->origin = ISC_LIST_HEAD(search_list);
> --			lookup->need_search = ISC_FALSE;
> --		}
> -+#elif defined (WITH_LIBIDN)
> -+		if ((count_dots(utf8_name) >= ndots) || !usesearch) {
> - #else
> - 		if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
> -+#endif
> - 			lookup->origin = NULL; /* Force abs lookup */
> - 			lookup->done_as_is = ISC_TRUE;
> - 			lookup->need_search = usesearch;
> -@@ -2098,7 +2127,6 @@ setup_lookup(dig_lookup_t *lookup) {
> - 			lookup->origin = ISC_LIST_HEAD(search_list);
> - 			lookup->need_search = ISC_FALSE;
> - 		}
> --#endif
> - 	}
> - 
> - #ifdef WITH_IDN
> -@@ -2115,6 +2143,20 @@ setup_lookup(dig_lookup_t *lookup) {
> - 			    IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
> - 			    idn_textname, sizeof(idn_textname));
> - 	idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
> -+#elif defined (WITH_LIBIDN)
> -+	if (lookup->origin != NULL) {
> -+		result = libidn_locale_to_utf8 (lookup->origin->origin,
> utf8_str);
> -+		check_result (result, "convert origin to UTF-8");
> -+		if (len > 0 && utf8_name[len - 1] != '.') {
> -+			utf8_name[len++] = '.';
> -+			if (len + strlen (utf8_str) < MXNAME)
> -+				(void) strcpy (utf8_name + len, utf8_str);
> -+			else
> -+				fatal ("Too long name + origin");
> -+		}
> -+	}
> -+
> -+	result = libidn_utf8_to_ascii (utf8_name, ascii_name);
> - #else
> - 	if (lookup->origin != NULL) {
> - 		debug("trying origin %s", lookup->origin->origin);
> -@@ -2170,6 +2212,13 @@ setup_lookup(dig_lookup_t *lookup) {
> - 			result = dns_name_fromtext(lookup->name, &b,
> - 						   dns_rootname, 0,
> - 						   &lookup->namebuf);
> -+#elif defined (WITH_LIBIDN)
> -+			len = strlen (ascii_name);
> -+			isc_buffer_init(&b, ascii_name, len);
> -+			isc_buffer_add(&b, len);
> -+			result = dns_name_fromtext(lookup->name, &b,
> -+						   dns_rootname, 0,
> -+						   &lookup->namebuf);
> - #else
> - 			len = strlen(lookup->textname);
> - 			isc_buffer_init(&b, lookup->textname, len);
> -@@ -3788,7 +3837,7 @@ destroy_libs(void) {
> - 	void * ptr;
> - 	dig_message_t *chase_msg;
> - #endif
> --#ifdef WITH_IDN
> -+#if defined (WITH_IDN) || defined (WITH_LIBIDN)
> - 	isc_result_t result;
> - #endif
> - 
> -@@ -3829,6 +3878,10 @@ destroy_libs(void) {
> - 	result = dns_name_settotextfilter(NULL);
> - 	check_result(result, "dns_name_settotextfilter");
> - #endif
> -+#ifdef WITH_LIBIDN
> -+	result = dns_name_settotextfilter (NULL);
> -+	check_result(result, "clearing dns_name_settotextfilter");
> -+#endif
> - 	dns_name_destroy();
> - 
> - 	if (commctx != NULL) {
> -@@ -4008,6 +4061,97 @@ idn_check_result(idn_result_t r, const char *msg) {
> - 	}
> - }
> - #endif /* WITH_IDN */
> -+#ifdef WITH_LIBIDN
> -+static isc_result_t
> -+libidn_locale_to_utf8 (const char *from, char *to) {
> -+	char *utf8_str;
> -+
> -+	debug ("libidn_locale_to_utf8");
> -+	utf8_str = stringprep_locale_to_utf8 (from);
> -+	if (utf8_str != NULL) {
> -+		(void) strcpy (to, utf8_str);
> -+		free (utf8_str);
> -+		return ISC_R_SUCCESS;
> -+	}
> -+
> -+	debug ("libidn_locale_to_utf8: failure");
> -+	return ISC_R_FAILURE;
> -+}
> -+static isc_result_t
> -+libidn_utf8_to_ascii (const char *from, char *to) {
> -+	char *ascii;
> -+	int iresult;
> -+
> -+	debug ("libidn_utf8_to_ascii");
> -+	iresult = idna_to_ascii_8z (from, &ascii, 0);
> -+	if (iresult != IDNA_SUCCESS) {
> -+		debug ("idna_to_ascii_8z: %s", idna_strerror (iresult));
> -+		return ISC_R_FAILURE;
> -+	}
> -+
> -+	(void) strcpy (to, ascii);
> -+	free (ascii);
> -+	return ISC_R_SUCCESS;
> -+}
> -+
> -+static isc_result_t
> -+output_filter (isc_buffer_t *buffer, unsigned int used_org,
> -+	       isc_boolean_t absolute) {
> -+
> -+	char tmp1[MXNAME], *tmp2;
> -+        size_t fromlen, tolen;
> -+        isc_boolean_t end_with_dot;
> -+	int iresult;
> -+
> -+	debug ("output_filter");
> -+
> -+        fromlen = isc_buffer_usedlength (buffer) - used_org;
> -+	if (fromlen >= MXNAME)
> -+		return ISC_R_SUCCESS;
> -+        memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org,
> fromlen);
> -+        end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
> -+        if (absolute && !end_with_dot) {
> -+                fromlen++;
> -+		if (fromlen >= MXNAME)
> -+			return ISC_R_SUCCESS;
> -+                tmp1[fromlen - 1] = '.';
> -+        }
> -+        tmp1[fromlen] = '\0';
> -+
> -+	iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0);
> -+	if (iresult != IDNA_SUCCESS) {
> -+		debug ("output_filter: %s", idna_strerror (iresult));
> -+		return ISC_R_SUCCESS;
> -+	}
> -+
> -+	(void) strcpy (tmp1, tmp2);
> -+	free (tmp2);
> -+
> -+	tmp2 = stringprep_utf8_to_locale (tmp1);
> -+	if (tmp2 == NULL) {
> -+		debug ("output_filter: stringprep_utf8_to_locale failed");
> -+		return ISC_R_SUCCESS;
> -+	}
> -+
> -+	(void) strcpy (tmp1, tmp2);
> -+	free (tmp2);
> -+
> -+        tolen = strlen (tmp1);
> -+        if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
> -+                tolen--;
> -+
> -+        if (isc_buffer_length (buffer) < used_org + tolen)
> -+                return ISC_R_NOSPACE;
> -+
> -+	debug ("%s", tmp1);
> -+
> -+        isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) -
> used_org);
> -+        memcpy (isc_buffer_used (buffer), tmp1, tolen);
> -+        isc_buffer_add (buffer, tolen);
> -+
> -+        return ISC_R_SUCCESS;
> -+}
> -+#endif /* WITH_LIBIDN*/
> - 
> - #ifdef DIG_SIGCHASE
> - void
> --- 
> -1.9.0
> -
> diff --git a/bind/patches/bind-9.7-exportlib.patch b/bind/patches/bind97-
> exportlib.patch
> similarity index 100%
> rename from bind/patches/bind-9.7-exportlib.patch
> rename to bind/patches/bind97-exportlib.patch
> diff --git a/bind/patches/bind99-dont-build-bin.patch b/bind/patches/bind99-
> dont-build-bin.patch
> new file mode 100644
> index 0000000..ae50372
> --- /dev/null
> +++ b/bind/patches/bind99-dont-build-bin.patch
> @@ -0,0 +1,13 @@
> +diff --git a/Makefile.in b/Makefile.in
> +index 4f7f5a6..d59b9b1 100644
> +--- a/Makefile.in
> ++++ b/Makefile.in
> +@@ -21,7 +21,7 @@ top_srcdir =	@top_srcdir@
> + 
> + VERSION=@BIND9_VERSION@
> + 
> +-SUBDIRS =	make unit lib bin doc @LIBEXPORT@
> ++SUBDIRS =	make lib doc @LIBEXPORT@
> + TARGETS =
> + 
> + MANPAGES =	isc-config.sh.1
> diff --git a/bind/trusted-key.key b/bind/trusted-key.key
> deleted file mode 100644
> index ea07836..0000000
> --- a/bind/trusted-key.key
> +++ /dev/null
> @@ -1 +0,0 @@
> -. 3600 IN DNSKEY 257 3 8
> AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0Ez
> rAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkj
> f5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCT
> MjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqr
> AmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=