Import net/unbound package from Subversion

This is an import of the net/unbound package from Subversion
revision 40658 (May 2, 2014). The only change is the addition of
PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile.
Unbound 1.4.22 is the current upstream release.

Signed-off-by: Michael Hanselmann <public@hansmi.ch>

net/unbound/Makefile

@@ -0,0 +1,176 @@
+#
+# Copyright (C) 2010-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=unbound
+PKG_VERSION:=1.4.22
+PKG_RELEASE:=1
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILE:=LICENSE
+PKG_MAINTAINER:=Michael Hanselmann <public@hansmi.ch>
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.unbound.net/downloads
+PKG_MD5SUM:=59728c74fef8783f8bad1d7451eba97f
+
+PKG_BUILD_DEPENDS:=libexpat
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/unbound/Default
+  TITLE:=A validating, recursive & caching DNS resolver
+  URL:=http://www.unbound.net/
+  DEPENDS:=+libopenssl
+endef
+
+define Package/unbound
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (daemon)
+  DEPENDS+= +libunbound
+endef
+
+define Package/unbound/description
+  This package contains the Unbound daemon.
+endef
+
+define Package/unbound-anchor
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (anchor utility)
+  DEPENDS+= +unbound +libexpat
+endef
+
+define Package/unbound-anchor/description
+  This package contains the Unbound anchor utility.
+endef
+
+define Package/unbound-control
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (control utility)
+  DEPENDS+= +unbound
+endef
+
+define Package/unbound-control/description
+  This package contains the Unbound control utility.
+endef
+
+define Package/unbound-control-setup
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (control setup utility)
+  DEPENDS+= +unbound-control +openssl-util
+endef
+
+define Package/unbound-control-setup/description
+  This package contains the Unbound control setup utility.
+endef
+
+define Package/unbound-host
+  $(call Package/unbound/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE+= (DNS lookup utility)
+  DEPENDS+= +libunbound
+endef
+
+define Package/unbound-host/description
+  This package contains the Unbound DNS lookup utility.
+endef
+
+define Package/libunbound
+  $(call Package/unbound/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE+= (library)
+endef
+
+define Package/libunbound/description
+  This package contains the Unbound shared library.
+endef
+
+CONFIGURE_ARGS += \
+	--disable-ecdsa \
+	--disable-gost \
+	--enable-allsymbols \
+	--with-libexpat="$(STAGING_DIR)/usr" \
+	--with-ssl="$(STAGING_DIR)/usr" \
+	--without-pthreads
+
+define Package/unbound/conffiles
+/etc/unbound/unbound.conf
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/unbound.h $(1)/usr/include/
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.{so*,a,la} $(1)/usr/lib/
+endef
+
+define Package/unbound/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/sbin/unbound \
+		$(PKG_INSTALL_DIR)/usr/sbin/unbound-checkconf \
+		$(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/unbound
+	$(INSTALL_CONF) \
+		$(PKG_INSTALL_DIR)/etc/unbound/unbound.conf \
+		$(1)/etc/unbound/
+	$(INSTALL_CONF) ./files/root.key $(1)/etc/unbound/
+	$(INSTALL_CONF) ./files/named.cache $(1)/etc/unbound/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/unbound.init $(1)/etc/init.d/unbound
+endef
+
+define Package/unbound-anchor/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-anchor $(1)/usr/sbin/
+endef
+
+define Package/unbound-control/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control $(1)/usr/sbin/
+endef
+
+define Package/unbound-control-setup/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-control-setup $(1)/usr/sbin/
+endef
+
+define Package/unbound-host/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/unbound-host $(1)/usr/sbin/
+endef
+
+define Package/libunbound/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libunbound.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,unbound))
+$(eval $(call BuildPackage,unbound-anchor))
+$(eval $(call BuildPackage,unbound-control))
+$(eval $(call BuildPackage,unbound-control-setup))
+$(eval $(call BuildPackage,unbound-host))
+$(eval $(call BuildPackage,libunbound))

net/unbound/files/named.cache

@@ -0,0 +1,89 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Mar 26, 2014
+;       related version of root zone:   2014032601
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::C
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File

net/unbound/files/root.key

@@ -0,0 +1 @@
+. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

net/unbound/files/unbound.init

@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+#Copyright (C) 2010 Ondrej Caletka <o.caletka@sh.cvut.cz>
+START=61
+
+start () {
+	unbound
+}
+
+stop () {
+	PIDFILE='/var/run/unbound.pid'
+	if [ -f $PIDFILE ] ; then
+		kill $(cat $PIDFILE)
+	fi
+}

net/unbound/patches/001-conf.patch

@@ -0,0 +1,154 @@
+--- a/doc/example.conf.in
++++ b/doc/example.conf.in
+@@ -38,6 +38,8 @@ server:
+ 	# interface: 192.0.2.154
+ 	# interface: 192.0.2.154@5003
+ 	# interface: 2001:DB8::5
++	interface: 0.0.0.0
++	interface: ::0
+ 
+ 	# enable this feature to copy the source address of queries to reply.
+ 	# Socket options are not supported on all platforms. experimental. 
+@@ -57,6 +59,7 @@ server:
+ 	# port range that can be open simultaneously.  About double the
+ 	# num-queries-per-thread, or, use as many as the OS will allow you.
+ 	# outgoing-range: 4096
++	outgoing-range: 60
+ 
+ 	# permit unbound to use this port number or port range for
+ 	# making outgoing queries, using an outgoing interface.
+@@ -73,9 +76,11 @@ server:
+ 
+ 	# number of outgoing simultaneous tcp buffers to hold per thread.
+ 	# outgoing-num-tcp: 10
++	outgoing-num-tcp: 1
+ 
+ 	# number of incoming simultaneous tcp buffers to hold per thread.
+ 	# incoming-num-tcp: 10
++	incoming-num-tcp: 1
+ 
+ 	# buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
+ 	# 0 is system default.  Use 4m to catch query spikes for busy servers.
+@@ -99,18 +104,22 @@ server:
+ 	# buffer size for handling DNS data. No messages larger than this
+ 	# size can be sent or received, by UDP or TCP. In bytes.
+ 	# msg-buffer-size: 65552
++	msg-buffer-size: 8192
+ 
+ 	# the amount of memory to use for the message cache.
+ 	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+ 	# msg-cache-size: 4m
++	msg-cache-size: 100k
+ 
+ 	# the number of slabs to use for the message cache.
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# msg-cache-slabs: 4
++	msg-cache-slabs: 1
+ 
+ 	# the number of queries that a thread gets to service.
+ 	# num-queries-per-thread: 1024
++	num-queries-per-thread: 30
+ 
+ 	# if very busy, 50% queries run to completion, 50% get timeout in msec
+ 	# jostle-timeout: 200
+@@ -121,11 +130,13 @@ server:
+ 	# the amount of memory to use for the RRset cache.
+ 	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+ 	# rrset-cache-size: 4m
++	rrset-cache-size: 100k
+ 
+ 	# the number of slabs to use for the RRset cache.
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# rrset-cache-slabs: 4
++	rrset-cache-slabs: 1
+ 
+ 	# the time to live (TTL) value lower bound, in seconds. Default 0.
+ 	# If more than an hour could easily give trouble due to stale data.
+@@ -143,9 +154,11 @@ server:
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# infra-cache-slabs: 4
++	infra-cache-slabs: 1
+ 
+ 	# the maximum number of hosts that are cached (roundtrip, EDNS, lame).
+ 	# infra-cache-numhosts: 10000
++	infra-cache-numhosts: 200
+ 
+ 	# Enable IPv4, "yes" or "no".
+ 	# do-ip4: yes
+@@ -178,6 +191,8 @@ server:
+ 	# access-control: ::0/0 refuse
+ 	# access-control: ::1 allow
+ 	# access-control: ::ffff:127.0.0.1 allow
++	access-control: 0.0.0.0/0 allow
++	access-control: ::0/0 allow
+ 
+ 	# if given, a chroot(2) is done to the given directory.
+ 	# i.e. you can chroot to the working directory, for example,
+@@ -208,6 +223,7 @@ server:
+ 	# and the given username is assumed. Default is user "unbound".
+ 	# If you give "" no privileges are dropped.
+ 	# username: "@UNBOUND_USERNAME@"
++	username: ""
+ 
+ 	# the working directory. The relative files in this config are 
+ 	# relative to this directory. If you give "" the working directory
+@@ -230,10 +246,12 @@ server:
+ 
+ 	# the pid file. Can be an absolute path outside of chroot/work dir.
+ 	# pidfile: "@UNBOUND_PIDFILE@"
++	pidfile: "/var/run/unbound.pid"
+ 
+ 	# file to read root hints from.
+ 	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
+ 	# root-hints: ""
++	root-hints: "/etc/unbound/named.cache"
+ 
+ 	# enable to not answer id.server and hostname.bind queries.
+ 	# hide-identity: no
+@@ -256,12 +274,15 @@ server:
+ 	#	positive value: fetch that many targets opportunistically.
+ 	# Enclose the list of numbers between quotes ("").
+ 	# target-fetch-policy: "3 2 1 0 0"
++	target-fetch-policy: "2 1 0 0 0 0"
+ 
+ 	# Harden against very small EDNS buffer sizes. 
+ 	# harden-short-bufsize: no
++	harden-short-bufsize: yes
+ 
+ 	# Harden against unseemly large queries.
+ 	# harden-large-queries: no
++	harden-large-queries: yes
+ 
+ 	# Harden against out of zone rrsets, to avoid spoofing attempts. 
+ 	# harden-glue: yes
+@@ -342,7 +363,7 @@ server:
+ 	# you start unbound (i.e. in the system boot scripts).  And enable:
+ 	# Please note usage of unbound-anchor root anchor is at your own risk
+ 	# and under the terms of our LICENSE (see that file in the source).
+-	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
++	auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+ 
+ 	# File with DLV trusted keys. Same format as trust-anchor-file.
+ 	# There can be only one DLV configured, it is trusted from root down.
+@@ -428,15 +449,18 @@ server:
+ 	# the amount of memory to use for the key cache.
+ 	# plain value in bytes or you can append k, m or G. default is "4Mb". 
+ 	# key-cache-size: 4m
++	key-cache-size: 100k
+ 
+ 	# the number of slabs to use for the key cache.
+ 	# the number of slabs must be a power of 2.
+ 	# more slabs reduce lock contention, but fragment memory usage.
+ 	# key-cache-slabs: 4
++	key-cache-slabs: 1
+ 
+ 	# the amount of memory to use for the negative cache (used for DLV).
+ 	# plain value in bytes or you can append k, m or G. default is "1Mb". 
+ 	# neg-cache-size: 1m
++	neg-cache-size: 10k
+ 
+ 	# By default, for a number of zones a small default 'nothing here'
+ 	# reply is built-in.  Query traffic is thus blocked.  If you