The install script needs to call rndc-confgen to generate a key which is
required for reloading to work.
955e379151 (main/bind: add support for "reload", 2019-10-19) added
support for reload, but that causes an issues when installing bind,
because rndc-confgen is in the bind-tools subpackage, which is not
available if you just install bind.
Fix this by having bind depend on bind-tools.
Fixes#10935
In my experience, this project does not encourage contribution.
The people involved with merging have ignored improvements,
rewritten commits and history wholesale, and engaged in
squabbles over petty things rather than helping to improve
the packages.
These gatekeepers are adverse to large amounts of changes, large
numbers of commits and often request changes to the commit
histories without giving explanation.
Many times inconsistent suggestions and fixation on nits have
caused entire patch sets to be closed without any progress on
the package at all.
The style "rules" that are so often the sole focus of reviews
lately are a mistake.
https://gist.github.com/tcely/8ef31809f04a494a27ad79d49afdf167
Given all of this and the conversation below, I consider all of
my efforts toward improving this project to have been wasted.
Hopefully, this will serve as a warning of what others might
expect before they experience similar demoralizing responses.
2019-10-18 11:31:35 <tcely> If your only contribution to a review is to suggest breaking a package I'm maintaining, please don't waste everyone's time!
2019-10-18 12:15:47 <ncopa> tcely: url?
2019-10-18 12:26:56 <tcely> ncopa: !327
2019-10-18 12:29:22 <_ikke_> tcely: No need to be passive aggressive about this
2019-10-18 12:30:20 <_ikke_> tcely: being a maintainer of a package does not mean that you can do whatever you want
2019-10-18 12:30:52 <tcely> _ikke_: I'm fully willing to be direct. This is a stupid upgrade. Stop looking for useless things to argue about it is not a helpful review!
2019-10-18 12:31:19 <_ikke_> tcely: the problem is that there are so many changes in these stupid ugprades
2019-10-18 12:31:35 <_ikke_> if they were stupid upgrades, they would have been long applied
2019-10-18 12:33:10 <tcely> That last statement is false. If you disagree with changes, you need to do the work yourself. Stop shitting all over work you didn't have to think through for petty nonsense.
2019-10-18 12:42:28 <ncopa> can we please calm down
2019-10-18 13:17:46 <ncopa> tcely: i agree with _ikke_ that your commits are not always self explanatory, and a bit confusing to understand
2019-10-18 13:18:13 <ncopa> it may be good to have more explanations in the commit message to help people that are not as smart as you
2019-10-18 13:19:10 <ncopa> there seems also to be a disagreement on the coding style e.g $var vs ${var}
2019-10-18 13:19:43 <ncopa> i think consistence is better than the "perfect" coding style
2019-10-18 13:20:51 <ncopa> and we have landed on $var rather than ${var}
2019-10-18 13:21:46 <ncopa> and we expect maintainers to respect that
2019-10-18 13:25:51 <tcely> Duly noted. You want total control and slave labor with no room for improvement. I'll stop wasting my time.
Without this TOFU unknown entry, a release signed with the older key
prompts for a trust decision. Avoiding the prompt is desirable.
Also, format GPG details so they are easier to check manually.
Used:
$ gpg --verify bind-*.asc bind-*.tar.gz
$ awk \
'/gpgfingerprints=/,/(^|[^=])["'\'']$/ {print;}' \
APKBUILD
move python modules and dnssec-tools to separate subpackages so we avoid
install python3 by default.
py3-bind may be useful separately for python scripts so lets separate
out that as well.
Otherwise the dev and tools subpackages install dns-root-hints (since
both depend on the libs subpackage) even though they shouldn't need it.
Discussion: Unfortunately, abuild doesn't have a depends_libs variable
thus we need to define a custom libs function to clear the dependency.
This approach is also used by other abuilds, e.g. testing/boinc.
See also: 4badc1aa803f5dd0f67d2df3004acc3f990ba23f
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
