1################################################################################ 2# 3# bind 4# 5################################################################################ 6 7BIND_VERSION = 9.11.36 8BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION) 9# bind does not support parallel builds. 10BIND_MAKE = $(MAKE1) 11BIND_INSTALL_STAGING = YES 12BIND_CONFIG_SCRIPTS = bind9-config isc-config.sh 13BIND_LICENSE = MPL-2.0 14BIND_LICENSE_FILES = COPYRIGHT 15BIND_CPE_ID_VENDOR = isc 16BIND_SELINUX_MODULES = bind 17# Only applies to RHEL6.x with DNSSEC validation on 18BIND_IGNORE_CVES = CVE-2017-3139 19# Library CVE and not used by bind but used by ISC DHCP 20BIND_IGNORE_CVES += CVE-2019-6470 21BIND_TARGET_SERVER_SBIN = arpaname ddns-confgen dnssec-checkds dnssec-coverage 22BIND_TARGET_SERVER_SBIN += dnssec-importkey dnssec-keygen dnssec-revoke 23BIND_TARGET_SERVER_SBIN += dnssec-settime dnssec-verify genrandom 24BIND_TARGET_SERVER_SBIN += isc-hmac-fixup named-journalprint nsec3hash 25BIND_TARGET_SERVER_SBIN += lwresd named named-checkconf named-checkzone 26BIND_TARGET_SERVER_SBIN += named-compilezone rndc rndc-confgen dnssec-dsfromkey 27BIND_TARGET_SERVER_SBIN += dnssec-keyfromlabel dnssec-signzone tsig-keygen 28BIND_TARGET_TOOLS_BIN = dig host nslookup nsupdate 29BIND_CONF_ENV = \ 30 BUILD_CC="$(TARGET_CC)" \ 31 BUILD_CFLAGS="$(TARGET_CFLAGS)" 32BIND_CONF_OPTS = \ 33 $(if $(BR2_TOOLCHAIN_HAS_THREADS),--enable-threads,--disable-threads) \ 34 --without-lmdb \ 35 --with-libjson=no \ 36 --with-randomdev=/dev/urandom \ 37 --enable-epoll \ 38 --with-gssapi=no \ 39 --enable-filter-aaaa \ 40 --disable-backtrace 41 42ifeq ($(BR2_PACKAGE_ZLIB),y) 43BIND_CONF_OPTS += --with-zlib=$(STAGING_DIR)/usr 44BIND_DEPENDENCIES += zlib 45else 46BIND_CONF_OPTS += --without-zlib 47endif 48 49ifeq ($(BR2_PACKAGE_LIBCAP),y) 50BIND_CONF_OPTS += --enable-linux-caps 51BIND_DEPENDENCIES += libcap 52else 53BIND_CONF_OPTS += --disable-linux-caps 54endif 55 56ifeq ($(BR2_PACKAGE_LIBXML2),y) 57BIND_CONF_OPTS += --with-libxml2=$(STAGING_DIR)/usr 58BIND_DEPENDENCIES += libxml2 59else 60BIND_CONF_OPTS += --with-libxml2=no 61endif 62 63ifeq ($(BR2_PACKAGE_OPENSSL),y) 64BIND_DEPENDENCIES += host-pkgconf openssl 65BIND_CONF_OPTS += \ 66 --with-openssl=$(STAGING_DIR)/usr \ 67 --with-ecdsa=yes \ 68 --with-eddsa=no \ 69 --with-aes=yes 70BIND_CONF_ENV += LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl` 71# GOST cipher support requires openssl extra engines 72ifeq ($(BR2_PACKAGE_OPENSSL_ENGINES),y) 73BIND_CONF_OPTS += --with-gost=yes 74else 75BIND_CONF_OPTS += --with-gost=no 76endif 77else 78BIND_CONF_OPTS += --with-openssl=no 79endif 80 81# Used by dnssec-keymgr 82ifeq ($(BR2_PACKAGE_PYTHON_PLY),y) 83BIND_DEPENDENCIES += host-python-ply 84BIND_CONF_OPTS += --with-python=$(HOST_DIR)/usr/bin/python 85else 86BIND_CONF_OPTS += --with-python=no 87endif 88 89ifeq ($(BR2_PACKAGE_READLINE),y) 90BIND_DEPENDENCIES += readline 91else 92BIND_CONF_OPTS += --with-readline=no 93endif 94 95ifeq ($(BR2_STATIC_LIBS),y) 96BIND_CONF_OPTS += \ 97 --without-dlopen \ 98 --without-libtool 99else 100BIND_CONF_OPTS += \ 101 --with-dlopen \ 102 --with-libtool 103endif 104 105define BIND_TARGET_REMOVE_SERVER 106 rm -rf $(addprefix $(TARGET_DIR)/usr/sbin/, $(BIND_TARGET_SERVER_SBIN)) 107endef 108 109define BIND_TARGET_REMOVE_TOOLS 110 rm -rf $(addprefix $(TARGET_DIR)/usr/bin/, $(BIND_TARGET_TOOLS_BIN)) 111endef 112 113ifeq ($(BR2_PACKAGE_BIND_SERVER),y) 114define BIND_INSTALL_INIT_SYSV 115 $(INSTALL) -m 0755 -D $(BIND_PKGDIR)/S81named \ 116 $(TARGET_DIR)/etc/init.d/S81named 117endef 118define BIND_INSTALL_INIT_SYSTEMD 119 $(INSTALL) -D -m 644 $(BIND_PKGDIR)/named.service \ 120 $(TARGET_DIR)/usr/lib/systemd/system/named.service 121endef 122else 123BIND_POST_INSTALL_TARGET_HOOKS += BIND_TARGET_REMOVE_SERVER 124endif 125 126ifeq ($(BR2_PACKAGE_BIND_TOOLS),) 127BIND_POST_INSTALL_TARGET_HOOKS += BIND_TARGET_REMOVE_TOOLS 128endif 129 130define BIND_USERS 131 named -1 named -1 * /etc/bind - - BIND daemon 132endef 133 134$(eval $(autotools-package)) 135