main/nsd: moved from testing

7 files changed, 575 insertions, 0 deletions

diff --git a/main/nsd/0010-stop-unlink-pid-error.patch b/main/nsd/0010-stop-unlink-pid-error.patch
new file mode 100644
index 000000000..24175df33
--- /dev/null
+++ b/main/nsd/0010-stop-unlink-pid-error.patch
@@ -0,0 +1,26 @@
+This patch prevents nsd from attempting to unlink the pidfile on nsd
+shutdown.  The reason for this is because we get a permission denied
+error in nsd.log when it attempts to do so.
+
+I think this is needed because of how normal OpenRC init scripts are
+designed and handled.
+
+See the included /etc/init.d/nsd (nsd.initd) for my conversion of the
+nsdc script that's normally distributed with nsd.  The included nsdc
+script is a wrapper for the converted OpenRC init script, designed to
+maintain compatibility.
+
+Matt Smith <msmith@alpinelinux.org>
+
+
+--- a/server.c
++++ b/server.c
+@@ -1167,7 +1167,7 @@
+ 	close(fd);
+ 
+ 	/* Unlink it if possible... */
+-	unlinkpid(nsd->pidfile);
++	//unlinkpid(nsd->pidfile);
+ 
+ 	if(reload_listener.fd > 0) {
+ 		sig_atomic_t cmd = NSD_QUIT;
diff --git a/main/nsd/APKBUILD b/main/nsd/APKBUILD
new file mode 100644
index 000000000..758570294
--- /dev/null
+++ b/main/nsd/APKBUILD
@@ -0,0 +1,76 @@
+# Contributor: Matt Smith <mcs@darkregion.net>
+# Maintainer:  Matt Smith <mcs@darkregion.net>
+pkgname=nsd
+pkgver=3.2.7
+pkgrel=1
+pkgdesc="NSD is an authoritative only, high performance, simple and open source name server."
+url="http://www.nlnetlabs.nl/projects/nsd/"
+arch="all"
+license="BSD"
+depends=
+depends_dev=
+makedepends="$depends_dev openssl-dev"
+install="$pkgname.pre-install $pkgname.post-deinstall"
+subpackages="$pkgname-doc"
+pkgusers="nsd"
+pkggroups="nsd"
+source="http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.7.tar.gz
+	0010-stop-unlink-pid-error.patch
+	nsdc
+	nsd.initd
+	nsd.confd
+	"
+
+_builddir="$srcdir/$pkgname-$pkgver"
+prepare() {
+	local i
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
+build() {
+	cd "$_builddir"
+
+	./configure \
+		--sbindir=/usr/sbin \
+		--mandir=/usr/share/man \
+		--with-user=nsd \
+		|| return 1
+	make || return 1
+}
+
+package() {
+	cd "$_builddir"
+	make DESTDIR="$pkgdir" install || return 1
+
+	install -m755 -D "$srcdir"/nsdc \
+		"$pkgdir"/usr/sbin/nsdc || return 1
+	install -m755 -D "$srcdir"/$pkgname.initd \
+		"$pkgdir"/etc/init.d/nsd || return 1
+	install -m644 -D "$srcdir"/$pkgname.confd \
+		"$pkgdir"/etc/conf.d/nsd || return 1
+
+	chown nsd "$pkgdir"/var/db/nsd || return 1
+}
+
+doc() {
+	arch="noarch"
+
+	mkdir -p "$subpkgdir"/usr/share/doc/$pkgname || return 1
+	cp -a "$_builddir"/doc/* \
+		"$subpkgdir"/usr/share/doc/$pkgname/ || return 1
+	cp -a "$_builddir"/contrib/ \
+		"$subpkgdir"/usr/share/doc/$pkgname/ || return 1
+	mv "$pkgdir"/usr/share/man \
+		"$subpkgdir"/usr/share/man || return 1
+}
+
+md5sums="b5aca8a207f77db566b08db25bf77d74  nsd-3.2.7.tar.gz
+cc592572846b978a6f52130a8e518ab3  0010-stop-unlink-pid-error.patch
+3aa94004a39319db89a329e9f24fb9da  nsdc
+4c0eef07caac9083aeeb9b15602d014d  nsd.initd
+37bd648259fdd919c79aaa0168b4423c  nsd.confd"
diff --git a/main/nsd/nsd.confd b/main/nsd/nsd.confd
new file mode 100644
index 000000000..e37f716ba
--- /dev/null
+++ b/main/nsd/nsd.confd
@@ -0,0 +1,15 @@
+#
+# Specify nsd options here.
+#
+
+# configuration file default
+configfile="/etc/nsd/nsd.conf"
+
+# The directory where NSD binaries reside
+sbindir="/usr/sbin"
+
+# how verbose is zonec run. Specify Nothing (empty string), -v or -vv.
+ZONEC_VERBOSE=-v
+
+# how patch is done. Specify 1 (with use of textfiles, default) or 0 (without)
+PATCH_STYLE=1
diff --git a/main/nsd/nsd.initd b/main/nsd/nsd.initd
new file mode 100644
index 000000000..f40008049
--- /dev/null
+++ b/main/nsd/nsd.initd
@@ -0,0 +1,420 @@
+#!/sbin/runscript
+#
+# nsdc.sh -- a shell script to manage the beast
+#
+# Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+#
+# See LICENSE for the license.
+#
+# OpenRC conversion by Matt Smith <msmith@alpinelinux.org>
+#
+#
+
+name=nsd
+daemon=/usr/sbin/${name}
+initd=/etc/init.d/${name}
+
+description="NSD, authoritative only high performance name server."
+
+extra_commands="stats reload running patch rebuild update notify do_start do_stop"
+description_reload="Reloads the nsd database file."
+description_running="Prints message and exits nonzero if server is not running."
+description_patch="Merge zone transfer changes back to zone files."
+description_rebuild="Compile database file from zone files."
+description_update="Try to update all slave zones hosted on this server."
+description_notify="Send notify messages to all secondary servers."
+description_do_start="Internal command; use 'start' instead."
+description_do_stop="Internal command; use 'stop' instead."
+
+depend() {
+        need net
+        after firewall
+}
+
+#
+# You sure heard this many times before: NO USER SERVICEABLE PARTS BELOW
+#
+
+# see if user selects a different config file, with -c <filename>
+if test "x$1" = "x-c"; then
+	shift
+	if [ -e $1 ]; then
+		configfile=$1
+		shift
+	else
+		echo "`basename $0`: Config file "$1" does not exist."
+		exit 1
+	fi
+fi
+
+# locate nsd-checkconf : in sbindir, PATH, nsdc_dir or .
+nsd_checkconf=""
+if [ -e ${sbindir}/nsd-checkconf ]; then
+	nsd_checkconf=${sbindir}/nsd-checkconf
+else
+	if which nsd-checkconf >/dev/null 2>&1 ; then
+		if which nsd-checkconf 2>&1 | grep "^[Nn]o " >/dev/null; then
+			nsd_checkconf=""
+		else
+			nsd_checkconf=`which nsd-checkconf`
+		fi
+	fi
+	if [ -z "${nsd_checkconf}" -a -e `dirname $0`/nsd-checkconf ]; then
+		nsd_checkconf=`dirname $0`/nsd-checkconf
+	fi
+	if [ -z "${nsd_checkconf}" -a -e ./nsd-checkconf ]; then
+		nsd_checkconf=./nsd-checkconf
+	fi
+	if [ -z "${nsd_checkconf}" ]; then
+		echo "`basename $0`: Could not find nsd programs" \
+			"in $sbindir, in PATH=$PATH, in cwd=`pwd`," \
+			"or in dir of nsdc=`dirname $0`"
+		exit 1
+	fi
+fi
+
+# check the config syntax before using it
+${nsd_checkconf} ${configfile}
+if test $? -ne 0 ; then
+	${initd} describe
+	exit 1
+fi
+
+# Read some settings from the config file.
+dbfile=`${nsd_checkconf} -o database ${configfile}`
+pidfile=`${nsd_checkconf} -o pidfile ${configfile}`
+difffile=`${nsd_checkconf} -o difffile ${configfile}`
+zonesdir=`${nsd_checkconf} -o zonesdir ${configfile}`
+lockfile="${dbfile}.lock"  # still needed
+sbindir=`dirname ${nsd_checkconf}`
+
+# move to zonesdir (if specified), and make absolute pathnames.
+if test -n "${zonesdir}"; then
+       zonesdir=`dirname ${zonesdir}/.`
+       if echo "${zonesdir}" | grep "^[^/]" >/dev/null; then
+               zonesdir=`pwd`/${zonesdir}
+       fi
+       if echo "${dbfile}" | grep "^[^/]" >/dev/null; then
+               dbfile=${zonesdir}/${dbfile}
+       fi
+       if echo "${pidfile}" | grep "^[^/]" >/dev/null; then
+               pidfile=${zonesdir}/${pidfile}
+       fi
+       if echo "${lockfile}" | grep "^[^/]" >/dev/null; then
+               lockfile=${zonesdir}/${lockfile}
+       fi
+       if echo "${difffile}" | grep "^[^/]" >/dev/null; then
+               difffile=${zonesdir}/${difffile}
+       fi
+fi
+
+# for bash: -C or noclobber. For tcsh: noclobber. For bourne: -C.
+noclobber_set="set -C"
+# ugly check for tcsh
+if echo /bin/sh | grep tcsh >/dev/null; then
+	noclobber_set="set noclobber"
+fi
+
+#
+# useful routines
+#
+signal() {
+	if [ -s ${pidfile} ]
+	then
+		kill -"$1" `cat ${pidfile}` && return 0
+	else
+		echo "nsd is not running"
+	fi
+	return 1
+}
+
+lock_file() {
+	(umask 222; ${noclobber_set}; echo "$$" >${lockfile})
+}
+
+lock() {
+	lock_file
+	if [ $? = 1 ]
+	then
+		# check if the lockfile has not gone stale
+		LPID=`cat ${lockfile}`
+		echo database locked by PID: $LPID
+		if kill -0 $LPID 2>/dev/null; then
+			exit 1
+		fi
+
+		# locking process does not exist, consider lockfile stale
+		echo stale lockfile, removing... && rm -f ${lockfile} && lock_file
+	fi
+
+	if [ $? = 1 ]
+	then
+		echo lock failed
+		exit 1
+	fi
+	return 0
+}
+
+unlock() {
+	rm -f ${lockfile}
+}
+	
+do_start() {
+	if test -x ${sbindir}/nsd; then
+		${sbindir}/nsd -c ${configfile}
+		test $? = 0 || (echo "nsd startup failed."; exit 1)
+	else
+		echo "${sbindir}/nsd not an executable file, nsd startup failed."; exit 1
+	fi
+}
+
+controlled_sleep() {
+	if [ $1 -ge 25 ]; then
+		sleep 1
+	fi
+}
+
+controlled_stop() {
+	pid=$1
+	try=1
+
+	while [ $try -ne 0 ]; do
+		if [ ${try} -gt 50 ]; then
+			echo "nsdc stop failed"
+			return 1
+		else
+			if [ $try -eq 1 ]; then
+				kill -TERM ${pid}
+			else
+				kill -TERM ${pid} >/dev/null 2>&1
+			fi
+
+			# really stopped?
+			kill -0 ${pid} >/dev/null 2>&1
+			if [ $? -eq 0 ]; then
+				controlled_sleep ${try}
+				try=`expr ${try} + 1`
+			else
+				try=0
+			fi
+		fi
+	done
+
+	return 0
+}
+
+do_controlled_stop() {
+	if [ -s ${pidfile} ]; then
+		pid=`cat ${pidfile}`
+		controlled_stop ${pid} && return 0
+	else
+		echo "nsd is not running, starting anyway" && return 0
+	fi
+	return 1
+}
+
+do_stop() {
+	signal "TERM"
+}
+
+do_reload() {
+	signal "HUP"
+}
+
+# send_updates zone_name {ip_spec key_spec}
+send_updates() {
+	local zonename=$1
+	shift 1
+	# extract port number (if any) 
+	port=`${nsd_checkconf} -o port ${configfile}`
+	if test -n "${port}"; then
+		port="-p ${port}"
+	fi
+	update_sent="no"
+
+	while test $# -gt 0; do
+		ip_spec=$1
+		key_spec=$2
+		shift 2
+		# only localhost is allowed.
+		# see if zone has 127.0.0.1 or ::1 as allowed.
+		if test Z${ip_spec} = "Z127.0.0.1" -o Z${ip_spec} = "Z::1"; then
+			secret=""
+			if test K${key_spec} != KNOKEY -a K${key_spec} != KBLOCKED; then
+				secret=`${nsd_checkconf} -s ${key_spec} ${configfile}`
+				algo=`${nsd_checkconf} -a ${key_spec} ${configfile}`
+				secret="-y ${key_spec}:${secret}:${algo}"
+			fi
+			if test K${key_spec} != KBLOCKED; then
+				#echo "${sbindir}/nsd-notify -a ${ip_spec} ${port} ${secret} -z ${zonename} ${ip_spec}"
+				${sbindir}/nsd-notify -a ${ip_spec} ${port} ${secret} -z ${zonename} ${ip_spec} && update_sent="yes"
+			fi
+		fi
+	done
+	if test ${update_sent} = no; then
+		req_xfr=`${nsd_checkconf} -z "${zonename}" -o request-xfr ${configfile}`
+		if test -n "${req_xfr}"; then
+			# must be a slave zone (has request-xfr).
+			echo "`basename $0`: Could not send notify for slave zone ${zonename}: not configured (with allow-notify: 127.0.0.1 or ::1)"
+		fi
+	fi
+}
+
+# send_notify zone_name ifc_spec {ip_spec key_spec}
+send_notify() {
+	local zonename=$1
+	# set local interface
+	ifc_spec=""
+	if test I$2 != INOIFC; then
+		ifc_spec="-a $2"
+	fi
+	shift 2
+
+	while test $# -gt 0; do
+		ip_spec=$1
+		key_spec=$2
+		shift 2
+		secret=""
+
+		if test K${key_spec} != KNOKEY -a K${key_spec} != KBLOCKED; then
+			secret=`${nsd_checkconf} -s ${key_spec} ${configfile}`
+			algo=`${nsd_checkconf} -a ${key_spec} ${configfile}`
+			secret="-y ${key_spec}:${secret}:${algo}"
+		fi
+		if test K${key_spec} != KBLOCKED; then
+			port=""
+			ipaddr=${ip_spec}
+			if echo ${ip_spec} | grep @ >/dev/null; then
+				port="-p "`echo ${ip_spec} | sed -e 's/[^@]*@\([0-9]*\)/\1/'`
+				ipaddr=`echo ${ip_spec} | sed -e 's/\([^@]*\)@[0-9]*/\1/'`
+			fi
+			#echo "${sbindir}/nsd-notify ${ifc_spec} ${port} ${secret} -z ${zonename} ${ipaddr}"
+			${sbindir}/nsd-notify ${ifc_spec} ${port} ${secret} -z ${zonename} ${ipaddr}
+		fi
+	done
+}
+
+# do_patch {with-textfile}
+do_patch() {
+	if test I$1 = I1; then
+		lock && mv ${difffile} ${difffile}.$$ && \
+		  ${sbindir}/nsd-patch -c ${configfile} -x ${difffile}.$$ && \
+		  rm -f ${difffile}.$$ && unlock && do_rebuild
+		result=$?
+	else # without textfile
+		lock && mv ${difffile} ${difffile}.$$ && \
+		  ${sbindir}/nsd-patch -c ${configfile} -x ${difffile}.$$ -s -o ${dbfile}.$$ \
+		  && rm -f ${difffile}.$$ && unlock && \
+		  mv ${dbfile}.$$ ${dbfile}
+		result=$?
+	fi
+
+	return ${result}
+}
+
+do_rebuild() {
+	lock && \
+	  ${sbindir}/zonec ${ZONEC_VERBOSE} -c ${configfile} -f ${dbfile}.$$ && \
+	  mv ${dbfile}.$$ ${dbfile}
+	result=$?
+	unlock
+	[ $result != 0 ] && echo "${dbfile} is unmodified"
+	rm -f ${dbfile}.$$
+	return ${result}
+}
+
+start() {
+	ebegin "Starting ${name}"
+	if test -s ${pidfile} && kill -"0" `cat ${pidfile}` 
+	then
+		(echo "process `cat ${pidfile}` exists, please use restart"; exit 1)
+	else
+		start-stop-daemon --start --quiet \
+			--pidfile ${pidfile} \
+			--exec ${initd} -- do_start
+	fi
+        eend $?
+}
+
+stop() {
+        ebegin "Stopping ${name}"
+	start-stop-daemon --stop --quiet \
+		--pidfile ${pidfile} \
+		--exec ${initd} -- do_stop
+	eend $?
+}
+
+stats() {
+	signal "USR1"
+}
+
+reload() {
+	do_reload
+}
+
+running() {
+	signal "0"
+}
+
+patch() {
+        # patch queue clearen
+	if test -s ${difffile}; then
+		#${sbindir}/nsd-patch -c ${configfile} -x ${difffile} -l #debug
+		#echo ${sbindir}/nsd-patch -c ${configfile} -x ${difffile}
+		if do_patch ${PATCH_STYLE}; then
+			do_reload
+		else
+			unlock
+			# try to move back the transfer data
+			if [ -e ${difffile}.$$ -a ! -e ${difffile} ]; then
+				mv ${difffile}.$$ ${difffile}
+			fi
+			echo "`basename $0`: patch failed."
+			exit 1
+		fi
+	else
+		echo "`basename $0`: no patch necessary."
+	fi
+}
+
+rebuild() {
+	do_rebuild
+}
+
+update() {
+        # send notifies to localhost for all zones that allow it
+	echo "Sending notify to localhost to update secondary zones..."
+	if [ -s ${pidfile} ]; then
+		zoneslist=`${nsd_checkconf} -o zones ${configfile}`
+		for zonename in ${zoneslist}; do
+			notify_allow=`${nsd_checkconf} -z "${zonename}" -o allow-notify ${configfile}`
+			if test "" != "${notify_allow}"; then
+				send_updates ${zonename} ${notify_allow}
+			fi
+		done
+	else
+		echo "nsd is not running"
+	fi
+}
+
+notify() {
+	# send notifies to all slaves
+	echo "Sending notify to slave servers..."
+	zoneslist=`${nsd_checkconf} -o zones ${configfile}`
+	for zonename in ${zoneslist}; do
+		notify=`${nsd_checkconf} -z "${zonename}" -o notify ${configfile}`
+		local_ifc=`${nsd_checkconf} -z "${zonename}" -o outgoing-interface ${configfile}`
+		if test "" = "${local_ifc}"; then
+			local_ifc="NOIFC"
+		fi
+		if test "" != "${notify}"; then
+			for ifc in ${local_ifc}; do
+				send_notify ${zonename} ${ifc} ${notify}
+			done
+		fi
+	done
+}
+
+restart() {
+	do_controlled_stop && do_start
+}
diff --git a/main/nsd/nsd.post-deinstall b/main/nsd/nsd.post-deinstall
new file mode 100644
index 000000000..4d5fc4093
--- /dev/null
+++ b/main/nsd/nsd.post-deinstall
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+deluser nsd 2>/dev/null
+exit 0
diff --git a/main/nsd/nsd.pre-install b/main/nsd/nsd.pre-install
new file mode 100644
index 000000000..daabc70b3
--- /dev/null
+++ b/main/nsd/nsd.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -S -H -h /var/db/nsd -s /bin/false nsd 2>/dev/null
+exit 0
diff --git a/main/nsd/nsdc b/main/nsd/nsdc
new file mode 100644
index 000000000..ff4cb5c6b
--- /dev/null
+++ b/main/nsd/nsdc
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# nsdc replacement script by Matt Smith <msmith@alpinelinux.org>
+#
+
+usage() {
+	echo "Usage: `basename $0` {start|stop|reload|rebuild|restart|"
+	echo "                          running|update|notify|patch}"
+	echo "commands:"
+	echo "  start           Start nsd server."
+	echo "  stop            Stop nsd server."
+	echo "  reload          Nsd server reloads database file."
+	echo "  rebuild         Compile database file from zone files."
+	echo "  restart         Stop the nsd server and start it again."
+	echo "  running         Prints message and exit nonzero if server not running."
+	echo "  update          Try to update all slave zones hosted on this server."
+	echo "  notify          Send notify messages to all secondary servers."
+	echo "  patch           Merge zone transfer changes back to zone files."
+}
+
+if [ $# -eq 0 ]; then
+	usage
+else
+	case "$1" in
+		"-h"|"--help")
+			usage;;
+		*)
+			/etc/init.d/nsd $*
+	esac
+fi