The OpenDNSSEC project announces the development of Open Source software

that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.

7 files changed, 236 insertions, 0 deletions

diff --git a/security/opendnssec/DESCR b/security/opendnssec/DESCR
new file mode 100644
index 00000000000..188dfb3e64f
--- /dev/null
+++ b/security/opendnssec/DESCR
@@ -0,0 +1,4 @@
+The OpenDNSSEC project announces the development of Open Source software
+that manages the security of domain names on the Internet.
+The project intends to drive adoption of Domain Name System Security Extensions
+(DNSSEC) to further enhance Internet security.
diff --git a/security/opendnssec/MESSAGE b/security/opendnssec/MESSAGE
new file mode 100644
index 00000000000..6c30081f027
--- /dev/null
+++ b/security/opendnssec/MESSAGE
@@ -0,0 +1,7 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
+
+For latest information about configuring OpenDNSSEC, see:
+http://trac.opendnssec.org/wiki/WikiStart
+
+===========================================================================
diff --git a/security/opendnssec/Makefile b/security/opendnssec/Makefile
new file mode 100644
index 00000000000..784f251eeb8
--- /dev/null
+++ b/security/opendnssec/Makefile
@@ -0,0 +1,73 @@
+# $NetBSD: Makefile,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
+#
+
+DISTNAME=	opendnssec-1.0.0
+CATEGORIES=	security net
+MASTER_SITES=	http://www.opendnssec.org/files/source/
+
+MAINTAINER=	pettai@NetBSD.net
+HOMEPAGE=	http://www.opendnssec.org/
+COMMENT=	OSS for a fast and easy DNSSEC deployment
+LICENSE=	2-clause-bsd
+
+DEPENDS+=	${PYPKGPREFIX}-4Suite-[0-9]*:../../textproc/py-4Suite
+DEPENDS+=	ldns>=1.6.4:../../net/ldns
+DEPENDS+=	${RUBY_PKGPREFIX}-dnsruby>=1.43:../../net/ruby-dnsruby
+BUILD_DEPENDS+=	CUnit-[0-9]*:../../devel/cunit
+
+PKG_DESTDIR_SUPPORT=	user-destdir
+
+BUILD_DEFS+=	VARBASE
+
+USE_TOOLS+=	bash gmake perl
+CONFIG_SHELL=	${BASH}
+USE_LANGUAGES=	c c++
+USE_LIBTOOL=	yes
+
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--prefix=${PREFIX:Q}
+CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
+CONFIGURE_ENV+=		RUBY=${RUBY}
+
+EGDIR=			${PREFIX}/share/examples/opendnssec
+ODS_SYSCONFDIR=		${PKG_SYSCONFDIR}/opendnssec
+
+SUBST_CLASSES+=		paths
+SUBST_FILES.paths=	${WRKSRC}/conf/Makefile.in
+SUBST_STAGE.paths=	post-patch
+SUBST_SED.paths=	-e 's,@EGDIR@,${EGDIR},'
+
+CXXFLAGS.NetBSD+=	-D_NETBSD_SOURCE
+
+CONF_FILES=	${EGDIR}/conf.xml.sample \
+			${ODS_SYSCONFDIR}/conf.xml
+CONF_FILES+=	${EGDIR}/kasp.xml.sample \
+			${ODS_SYSCONFDIR}/kasp.xml
+CONF_FILES+=	${EGDIR}/zonefetch.xml.sample \
+			${ODS_SYSCONFDIR}/zonefetch.xml
+CONF_FILES+=	${EGDIR}/zonelist.xml.sample \
+			${ODS_SYSCONFDIR}/zonelist.xml
+
+INSTALLATION_DIRS=	${EGDIR} ${ODS_SYSCONFDIR}
+INSTALLATION_DIRS+=	share/opendnssec
+INSTALLATION_DIRS+=	lib/opendnssec
+INSTALLATION_DIRS+=	lib/opendnssec/signer
+INSTALLATION_DIRS+=	lib/opendnssec/kasp_auditor
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/tmp
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/signconf
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/signed
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/unsigned
+
+.include "options.mk"
+
+pre-install:
+	${MKDIR} ${DESTDIR}${PKG_SYSCONFDIR}/opendnssec
+
+.include "../../lang/python/application.mk"
+#.include "../../devel/cunit/buildlink3.mk"
+.include "../../textproc/libxml2/buildlink3.mk"
+.include "../../net/ldns/buildlink3.mk"
+.include "../../databases/sqlite3/buildlink3.mk"
+.include "../../lang/ruby/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/opendnssec/PLIST b/security/opendnssec/PLIST
new file mode 100644
index 00000000000..707ee44627d
--- /dev/null
+++ b/security/opendnssec/PLIST
@@ -0,0 +1,87 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
+bin/ods-auditor
+bin/ods-hsmspeed
+bin/ods-hsmutil
+bin/ods-kaspcheck
+bin/ods-ksmutil
+include/hsmtest.h
+include/libhsm.h
+include/libhsmdns.h
+lib/libhsm.la
+lib/opendnssec/kasp_auditor.rb
+lib/opendnssec/kasp_auditor/auditor.rb
+lib/opendnssec/kasp_auditor/config.rb
+lib/opendnssec/kasp_auditor/key_tracker.rb
+lib/opendnssec/kasp_auditor/parse.rb
+lib/opendnssec/kasp_auditor/preparser.rb
+lib/opendnssec/kasp_checker.rb
+lib/opendnssec/signer/Engine.py
+lib/opendnssec/signer/Engine.pyc
+lib/opendnssec/signer/Engine.pyo
+lib/opendnssec/signer/EngineConfig.py
+lib/opendnssec/signer/EngineConfig.pyc
+lib/opendnssec/signer/EngineConfig.pyo
+lib/opendnssec/signer/Util.py
+lib/opendnssec/signer/Util.pyc
+lib/opendnssec/signer/Util.pyo
+lib/opendnssec/signer/Worker.py
+lib/opendnssec/signer/Worker.pyc
+lib/opendnssec/signer/Worker.pyo
+lib/opendnssec/signer/Zone.py
+lib/opendnssec/signer/Zone.pyc
+lib/opendnssec/signer/Zone.pyo
+lib/opendnssec/signer/ZoneConfig.py
+lib/opendnssec/signer/ZoneConfig.pyc
+lib/opendnssec/signer/ZoneConfig.pyo
+lib/opendnssec/signer/ZoneList.py
+lib/opendnssec/signer/ZoneList.pyc
+lib/opendnssec/signer/ZoneList.pyo
+lib/opendnssec/time_shift.rb
+libexec/opendnssec/create_dnskey
+libexec/opendnssec/finalizer
+libexec/opendnssec/get_class
+libexec/opendnssec/get_serial
+libexec/opendnssec/nsec3er
+libexec/opendnssec/nseccer
+libexec/opendnssec/signer
+libexec/opendnssec/signer_threads
+libexec/opendnssec/sorter
+libexec/opendnssec/zone_fetcher
+libexec/opendnssec/zone_reader
+man/man1/ods-auditor.1
+man/man1/ods-hsmspeed.1
+man/man1/ods-hsmutil.1
+man/man1/ods-kaspcheck.1
+man/man1/ods-ksmutil.1
+man/man5/ods-timing.5
+man/man7/opendnssec.7
+man/man8/ods-control.8
+man/man8/ods-enforcerd.8
+man/man8/ods-signer.8
+man/man8/ods-signerd.8
+sbin/ods-control
+sbin/ods-enforcerd
+sbin/ods-signer
+sbin/ods-signerd
+share/examples/opendnssec/conf.xml
+share/examples/opendnssec/conf.xml.sample
+share/examples/opendnssec/kasp.xml
+share/examples/opendnssec/kasp.xml.sample
+share/examples/opendnssec/zonefetch.xml
+share/examples/opendnssec/zonefetch.xml.sample
+share/examples/opendnssec/zonelist.xml
+share/examples/opendnssec/zonelist.xml.sample
+share/opendnssec.spec
+share/opendnssec/conf.rnc
+share/opendnssec/conf.rng
+share/opendnssec/database_create.sqlite3
+share/opendnssec/kasp.rnc
+share/opendnssec/kasp.rng
+share/opendnssec/kasp2html.xsl
+share/opendnssec/signconf.rnc
+share/opendnssec/signconf.rng
+share/opendnssec/zonefetch.rnc
+share/opendnssec/zonefetch.rng
+share/opendnssec/zonelist.rnc
+share/opendnssec/zonelist.rng
+@pkgdir etc/opendnssec
diff --git a/security/opendnssec/distinfo b/security/opendnssec/distinfo
new file mode 100644
index 00000000000..4eae89ac290
--- /dev/null
+++ b/security/opendnssec/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
+
+SHA1 (opendnssec-1.0.0.tar.gz) = fc2deb8277753f74807d0a0a335120bce4e656b7
+RMD160 (opendnssec-1.0.0.tar.gz) = e41016fe350f1a0706ea5910841417d6850c69de
+Size (opendnssec-1.0.0.tar.gz) = 2055424 bytes
+SHA1 (patch-aa) = 189bada3d170c621e486f9d0e065fc028902862e
diff --git a/security/opendnssec/options.mk b/security/opendnssec/options.mk
new file mode 100644
index 00000000000..c7c2560461f
--- /dev/null
+++ b/security/opendnssec/options.mk
@@ -0,0 +1,14 @@
+# $NetBSD: options.mk,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
+
+PKG_OPTIONS_VAR=		PKG_OPTIONS.opendnssec
+PKG_SUPPORTED_OPTIONS=		softhsm
+PKG_SUGGESTED_OPTIONS=		softhsm
+
+.include "../../mk/bsd.options.mk"
+
+###
+### SoftHSM
+###
+.if !empty(PKG_OPTIONS:Msofthsm)
+.include "../../security/softhsm/buildlink3.mk"
+.endif
diff --git a/security/opendnssec/patches/patch-aa b/security/opendnssec/patches/patch-aa
new file mode 100644
index 00000000000..d9f3cf56cbe
--- /dev/null
+++ b/security/opendnssec/patches/patch-aa
@@ -0,0 +1,45 @@
+$NetBSD: patch-aa,v 1.1.1.1 2010/05/06 12:50:17 pettai Exp $
+
+--- conf/Makefile.in.orig	2009-12-19 21:39:52.000000000 +0100
++++ conf/Makefile.in	2009-12-19 21:43:40.000000000 +0100
+@@ -166,6 +166,7 @@
+ sharedstatedir = @sharedstatedir@
+ srcdir = @srcdir@
+ sysconfdir = @sysconfdir@/opendnssec
++EGDIR=@EGDIR@
+ target_alias = @target_alias@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+@@ -553,19 +554,19 @@
+ 		(echo "kasp.xml built")
+ 
+ install-data-hook:
+-	test -d ${sysconfdir} || mkdir -p ${DESTDIR}${sysconfdir}
+-	test -f ${sysconfdir}/conf.xml || \
+-		${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample
+-	test -f ${sysconfdir}/zonelist.xml || \
+-		${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample
+-	test -f ${sysconfdir}/zonefetch.xml || \
+-		${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample
+-	test -f ${sysconfdir}/kasp.xml || \
+-		${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample
++	test -d ${DESTDIR}${EGDIR} || mkdir -p ${DESTDIR}${EGDIR}
++	test -f ${DESTDIR}${EGDIR}/conf.xml || \
++		${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample
++	test -f ${DESTDIR}${EGDIR}/zonelist.xml || \
++		${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample
++	test -f ${DESTDIR}${EGDIR}/zonefetch.xml || \
++		${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample
++	test -f ${DESTDIR}${EGDIR}/kasp.xml || \
++		${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample
+ 
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.