include Config
-VER = 2.76
+VER = 1.5.9
-THISAPP = dnsmasq-$(VER)
-DL_FILE = $(THISAPP).tar.xz
+THISAPP = unbound-$(VER)
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
-# We cannot use INOTIFY because our ISC reader code does not support that
-COPTS = -DHAVE_ISC_READER -DNO_INOTIFY
-
###############################################################################
# Top-level Rules
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 00f5ee66b4e4b7f14538bf62ae3c9461
+$(DL_FILE)_MD5 = 0cefa62c1690b4db18583db84bff00e3
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-Check_return_of_expand_always.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-Manpage_typo.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/013-auth-zone_allow_to_exclude_ip_addresses_from_answer.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/014-Bump_auth_zone_serial_when_reloading_etc_hosts_and_friends.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/015-Handle_v4-mapped_IPv6_addresses_sanely_for_--synth-domain.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/016-Refactor_openBSD_pftables_code_to_remove_blatant_copyright_violation.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
-
- cd $(DIR_APP) && sed -i src/config.h \
- -e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
- -e 's|/\* #define HAVE_DNSSEC \*/|#define HAVE_DNSSEC|g' \
- -e 's|#define HAVE_DHCP|//#define HAVE_DHCP|g' \
- -e 's|#define HAVE_DHCP6|//#define HAVE_DHCP6|g' \
- -e 's|#define HAVE_TFTP|//#define HAVE_TFTP|g'
-
- cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" COPTS="$(COPTS)" \
- PREFIX=/usr all install
+ cd $(DIR_APP) && \
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-pidfile=/var/run/unbound.pid \
+ --with-rootkey-file=/var/lib/unbound/root.key \
+ --disable-static \
+ --with-libevent
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+
+ # Install configuration
+ install -v -m 644 $(DIR_SRC)/config/unbound/unbound.conf \
+ /etc/unbound/unbound.conf
+ touch /etc/unbound/{dhcp-leases,forward}.conf
+ -mkdir -pv /etc/unbound/local.d
+
+ # Install root hints
+ install -v -m 644 $(DIR_SRC)/config/unbound/root.hints \
+ /etc/unbound/root.hints
+
+ # Install DHCP leases bridge
+ install -v -m 755 $(DIR_SRC)/config/unbound/unbound-dhcp-leases-bridge \
+ /usr/sbin/unbound-dhcp-leases-bridge
+
+ # Install key
+ -mkdir -pv /var/lib/unbound
+ install -v -m 644 $(DIR_SRC)/config/unbound/root.key \
+ /var/lib/unbound/root.key
+ chown -Rv nobody.nobody /var/lib/unbound
+
+ # Ship ICANN's certificates to validate DNS trust anchors
+ install -v -m 644 $(DIR_SRC)/config/unbound/icannbundle.pem \
+ /etc/unbound/icannbundle.pem
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)