net-dns/bind: Add from Gentoo

It's from Gentoo commit 2559800a0a46c96d9fe61768986de954c2f93e51.

sdk_container/src/third_party/portage-stable/net-dns/bind/Manifest

@@ -0,0 +1,7 @@
+DIST bind-9.16.48.tar.xz 5131176 BLAKE2B 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 SHA512 83829a5045e2a29dd2b491d3ab72b545f5664023fcd4aa205a44dbb7bcc5c737b4466c0d73f124b8d88fd33c56776871a07dde1ba0530d43eec8e7304a08d353
+DIST bind-9.16.48.tar.xz.asc 833 BLAKE2B 740ed58863ed3a7dee6ada4edd03cad5378ea0aa53cd6f071ca1911bb2d6b285ed292f32846790d42b97e8d9bb72588f1cd30c4e10557ac1e9f1df545923a9b1 SHA512 7bd813b5ab6f9677fc4ef21e0c3930f6319fa6c49d6869570794bc28212fe8935b72f9f217cfce692a2dec9ec29994f345d1b1145cef1ca976c5361f6ce0f75d
+DIST bind-9.16.50.tar.xz 5134620 BLAKE2B 0464d1e246d0a5c39e20faf733b7f4ee21d192cc0ccce5bba2a22ae4303c82005ccfb319fe2da51872c7258852a747984d7327c70dec08414ab2d194c412199b SHA512 7627e0606ac389343046fa9d1ca789ed732b3c8d99e83ba6f59593f816cebc0b2ebd319c2812ac1f604c68f5115bbc281d432036c0d31bbe489ee2d678374213
+DIST bind-9.16.50.tar.xz.asc 833 BLAKE2B 7eabf67b96d1fc94ec096adf1b4d075c370b603b7225522fe5b97d04c519f68f017fe0ccaf7ddeff029d17c0b4c3932a09f009376553f987671ba21f6b9cdb7d SHA512 0650ad5d55da2d9fe848d68aa59b16998b781152209ebcaabaea68144dab75ff9f4cfcceaa87a6b6da4f2f98fcf6f9eddd16d19ddf958fef242d93da03516dbc
+DIST bind-9.18.29.tar.xz 5562720 BLAKE2B f3e7de6936362bcce4993e401ed8fdd9d597459e82ad908a918fff1da619f91ef4896595ea210b43f2b492d763d7be2b71105495858da55431b60874c7fd2312 SHA512 6c2676e2e2cb90f3bd73afb367813c54d1c961e12df1e12e41b9d0ee5a1d5cdf368d81410469753eaef37e43358b56796f078f3b2f20c3b247c4bef91d56c716
+DIST bind-9.18.31.tar.xz 5385812 BLAKE2B e069ab3caab887a87220b54804e5b19a4c21b8d3e4e8f1bc6a7135b3990a228d6c48b1ca4a22c75242485275eff1de145a9aff89addf81124e7dfcafd8ab30cf SHA512 e51873484be3ee367eb1e601b8e0adc45abcdb16df04021ea42ffcc51b99821f8b30f67b2a693a90ad3efa51698a651c8da9d7947ee8fa19680f627afe1f7034
+DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac

sdk_container/src/third_party/portage-stable/net-dns/bind/bind-9.16.48.ebuild

@@ -0,0 +1,398 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc
+inherit python-r1 autotools multiprocessing toolchain-funcs flag-o-matic db-use systemd tmpfiles verify-sig
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
+SRC_URI="
+	https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
+	doc? ( mirror://gentoo/dyndns-samples.tbz2 )
+	verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz.asc )
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
+# -berkdb by default re bug #602682
+IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi"
+IUSE+=" json ldap lmdb mysql odbc postgres python selinux static-libs test xml +zlib"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687
+RESTRICT="!test? ( test )"
+
+# Upstream dropped the old geoip library, but the BIND configuration for using
+# GeoIP remained the same.
+REQUIRED_USE="
+	postgres? ( dlz )
+	berkdb? ( dlz )
+	mysql? ( dlz )
+	odbc? ( dlz )
+	ldap? ( dlz )
+	dnsrps? ( dlz )
+	python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+DEPEND="
+	acct-group/named
+	acct-user/named
+	dev-libs/libuv:=
+	berkdb? ( sys-libs/db:= )
+	dev-libs/openssl:=[-bindist(-)]
+	mysql? ( dev-db/mysql-connector-c:0= )
+	odbc? ( >=dev-db/unixODBC-2.2.6 )
+	ldap? ( net-nds/openldap:= )
+	postgres? ( dev-db/postgresql:= )
+	caps? ( >=sys-libs/libcap-2.1.0 )
+	xml? ( dev-libs/libxml2 )
+	geoip? ( dev-libs/libmaxminddb:= )
+	geoip2? ( dev-libs/libmaxminddb:= )
+	gssapi? ( virtual/krb5 )
+	json? ( dev-libs/json-c:= )
+	lmdb? ( dev-db/lmdb:= )
+	zlib? ( sys-libs/zlib )
+	dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
+	python? (
+		${PYTHON_DEPS}
+		dev-python/ply[${PYTHON_USEDEP}]
+	)
+"
+RDEPEND="
+	${DEPEND}
+	sys-process/psmisc
+	selinux? ( sec-policy/selinux-bind )
+"
+BDEPEND="
+	test? (
+		dev-util/cmocka
+		dev-util/kyua
+	)
+	verify-sig? ( sec-keys/openpgp-keys-isc )
+"
+
+PATCHES=(
+	"${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
+)
+
+src_unpack() {
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+	fi
+	default
+}
+
+src_prepare() {
+	default
+
+	# Should be installed by bind-tools
+	sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+	# Slow tests
+	sed -i "s/{name='mem_test'}/{name='mem_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
+	sed -i "s/{name='timer_test'}/{name='timer_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
+
+	# Conditionally broken
+	use sparc && ( sed -i "/{name='netmgr_test'}/d" "lib/isc/tests/Kyuafile" || die )
+
+	# bug #220361
+	rm aclocal.m4 || die
+	rm -rf libtool.m4/ || die
+	eautoreconf
+
+	use python && python_copy_sources
+}
+
+src_configure() {
+	bind_configure --without-python
+	use python && python_foreach_impl python_configure
+}
+
+bind_configure() {
+	local myeconfargs=(
+		AR="$(type -P $(tc-getAR))"
+		--prefix="${EPREFIX}"/usr
+		--sysconfdir=/etc/bind
+		--localstatedir=/var
+		--with-libtool
+		--enable-full-report
+		--without-readline
+		--with-openssl="${ESYSROOT}"/usr
+		$(use_with test cmocka)
+		# Removed in 9.17, drags in libunwind dependency too
+		--disable-backtrace
+		$(use_enable caps linux-caps)
+		$(use_enable dnsrps)
+		$(use_enable dnstap)
+		$(use_enable fixed-rrset)
+		$(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
+		$(use_with dlz dlopen)
+		$(use_with dlz dlz-filesystem)
+		$(use_with dlz dlz-stub)
+		$(use_with gssapi)
+		$(use_with json json-c)
+		$(use_with ldap dlz-ldap)
+		$(use_with mysql dlz-mysql)
+		$(use_with odbc dlz-odbc)
+		$(use_with postgres dlz-postgres)
+		$(use_with lmdb)
+		$(use_with xml libxml2)
+		$(use_with zlib)
+		"${@}"
+	)
+
+	# This is for users to start to migrate back to USE=geoip, rather than
+	# USE=geoip2
+	if use geoip ; then
+		myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
+	elif use geoip2 ; then
+		# Added 2020/09/30
+		# Remove USE=geoip2 support after 2020/03/01
+		ewarn "USE=geoip2 is deprecated; update your USE flags!"
+		myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
+	else
+		myeconfargs+=( --without-maxminddb --disable-geoip )
+	fi
+
+	# bug #158664
+	#gcc-specs-ssp && replace-flags -O[23s] -O
+
+	# To include db.h from proper path
+	use berkdb && append-flags "-I$(db_includedir)"
+
+	export BUILD_CC=$(tc-getBUILD_CC)
+	econf "${myeconfargs[@]}"
+
+	# bug #151839
+	echo '#undef SO_BSDCOMPAT' >> config.h || die
+}
+
+python_configure() {
+	pushd "${BUILD_DIR}" >/dev/null || die
+	bind_configure --with-python
+	popd >/dev/null || die
+}
+
+src_compile() {
+	default
+	use python && python_foreach_impl python_compile
+}
+
+python_compile() {
+	emake -C "${BUILD_DIR}"/bin/python
+}
+
+src_test() {
+	# system tests ('emake test') require network configuration for IPs etc
+	# so we run the unit tests instead.
+	TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake -Onone unit
+}
+
+src_install() {
+	default
+
+	dodoc CHANGES README
+
+	if use doc; then
+		docinto misc
+		dodoc -r doc/misc/
+
+		# might a 'html' useflag make sense?
+		docinto html
+		dodoc -r doc/arm/
+
+		docinto contrib
+		dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+		# some handy-dandy dynamic dns examples
+		pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
+		tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+		popd 1>/dev/null || die
+	fi
+
+	insinto /etc/bind
+	newins "${FILESDIR}"/named.conf-r8 named.conf
+
+	# ftp://ftp.rs.internic.net/domain/named.cache:
+	insinto /var/bind
+	newins "${FILESDIR}"/named.cache-r4 named.cache
+
+	insinto /var/bind/pri
+	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+	newinitd "${FILESDIR}"/named.init-r14 named
+	newconfd "${FILESDIR}"/named.confd-r7 named
+
+	newenvd "${FILESDIR}"/10bind.env 10bind
+
+	# Let's get rid of those tools and their manpages since they're provided by bind-tools
+	rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
+	rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
+	rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
+	rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
+	for tool in dsfromkey importkey keyfromlabel keygen \
+	revoke settime signzone verify; do
+		rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
+		rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
+	done
+
+	# bug 405251, library archives aren't properly handled by --enable/disable-static
+	if ! use static-libs; then
+		find "${ED}" -type f -name '*.a' -delete || die
+	fi
+
+	# bug 405251
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	use python && python_foreach_impl python_install
+
+	# bug 450406
+	dosym named.cache /var/bind/root.cache
+
+	dosym ../../var/bind/pri /etc/bind/pri
+	dosym ../../var/bind/sec /etc/bind/sec
+	dosym ../../var/bind/dyn /etc/bind/dyn
+	keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+	fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+	fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+	fperms 0750 /etc/bind /var/bind/pri
+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+	systemd_newunit "${FILESDIR}/named.service-r1" named.service
+	dotmpfiles "${FILESDIR}"/named.conf
+	exeinto /usr/libexec
+	doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+python_install() {
+	pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+	emake DESTDIR="${D}" install
+	python_scriptinto /usr/sbin
+	python_doscript dnssec-{checkds,coverage}
+	python_optimize
+	popd >/dev/null || die
+}
+
+pkg_postinst() {
+	tmpfiles_process named.conf
+
+	if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+		einfo "Using /dev/urandom for generating rndc.key"
+		/usr/sbin/rndc-confgen -a
+		chown root:named /etc/bind/rndc.key || die
+		chmod 0640 /etc/bind/rndc.key || die
+	fi
+
+	einfo
+	einfo "You can edit /etc/conf.d/named to customize named settings"
+	einfo
+	use mysql || use postgres || use ldap && {
+		elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+		elog "uncomment the specified rc_named_* lines in your"
+		elog "/etc/conf.d/named config to ensure they'll start before bind"
+		einfo
+	}
+	einfo "If you'd like to run bind in a chroot AND this is a new"
+	einfo "install OR your bind doesn't already run in a chroot:"
+	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+	einfo
+
+	CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+	if [[ -n ${CHROOT} ]]; then
+		elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		elog "To enable the old behaviour (without using mount) uncomment the"
+		elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		elog "If you decide to use the new/default method, ensure to make backup"
+		elog "first and merge your existing configs/zones to /etc/bind and"
+		elog "/var/bind because bind will now mount the needed directories into"
+		elog "the chroot dir."
+	fi
+}
+
+pkg_config() {
+	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+	if [[ -z "${CHROOT}" ]]; then
+		eerror "This config script is designed to automate setting up"
+		eerror "a chrooted bind/named. To do so, please first uncomment"
+		eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+		die "Unset CHROOT"
+	fi
+	if [[ -d "${CHROOT}" ]]; then
+		ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		ewarn "To enable the old behaviour (without using mount) uncomment the"
+		ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		ewarn
+		ewarn "${CHROOT} already exists... some things might become overridden"
+		ewarn "press CTRL+C if you don't want to continue"
+		sleep 10
+	fi
+
+	echo; einfo "Setting up the chroot directory..."
+
+	mkdir -m 0750 -p ${CHROOT} || die
+	mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+	mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+	mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+	chown root:named \
+		${CHROOT} \
+		${CHROOT}/var/{bind,log/named} \
+		${CHROOT}/run/named/ \
+		${CHROOT}/etc/bind \
+		|| die
+
+	mknod ${CHROOT}/dev/null c 1 3 || die
+	chmod 0666 ${CHROOT}/dev/null || die
+
+	mknod ${CHROOT}/dev/zero c 1 5 || die
+	chmod 0666 ${CHROOT}/dev/zero || die
+
+	mknod ${CHROOT}/dev/urandom c 1 9 || die
+	chmod 0666 ${CHROOT}/dev/urandom || die
+
+	if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+		cp -a /etc/bind ${CHROOT}/etc/ || die
+		cp -a /var/bind ${CHROOT}/var/ || die
+	fi
+
+	if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+		if use geoip; then
+			mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+		elif use geoip2; then
+			mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+		fi
+	fi
+
+	elog "You may need to add the following line to your syslog-ng.conf:"
+	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}

sdk_container/src/third_party/portage-stable/net-dns/bind/bind-9.16.50.ebuild

@@ -0,0 +1,398 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Re dlz/mysql and threads, needs to be verified..
+# MySQL uses thread local storage in its C api. Thus MySQL
+# requires that each thread of an application execute a MySQL
+# thread initialization to setup the thread local storage.
+# This is impossible to do safely while staying within the DLZ
+# driver API. This is a limitation caused by MySQL, and not the DLZ API.
+# Because of this BIND MUST only run with a single thread when
+# using the MySQL driver.
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/isc.asc
+inherit python-r1 autotools multiprocessing toolchain-funcs flag-o-matic db-use systemd tmpfiles verify-sig
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+MY_P="${PN}-${MY_PV}"
+
+SDB_LDAP_VER="1.1.0-fc14"
+
+RRL_PV="${MY_PV}"
+
+# SDB-LDAP: http://bind9-ldap.bayour.com/
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind https://gitlab.isc.org/isc-projects/bind9"
+SRC_URI="
+	https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz
+	doc? ( mirror://gentoo/dyndns-samples.tbz2 )
+	verify-sig? ( https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz.asc )
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+# -berkdb by default re bug #602682
+IUSE="berkdb +caps +dlz dnstap doc dnsrps fixed-rrset geoip geoip2 gssapi"
+IUSE+=" json ldap lmdb mysql odbc postgres python selinux static-libs test xml +zlib"
+# sdb-ldap - patch broken
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug #409687
+RESTRICT="!test? ( test )"
+
+# Upstream dropped the old geoip library, but the BIND configuration for using
+# GeoIP remained the same.
+REQUIRED_USE="
+	postgres? ( dlz )
+	berkdb? ( dlz )
+	mysql? ( dlz )
+	odbc? ( dlz )
+	ldap? ( dlz )
+	dnsrps? ( dlz )
+	python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+DEPEND="
+	acct-group/named
+	acct-user/named
+	dev-libs/libuv:=
+	berkdb? ( sys-libs/db:= )
+	dev-libs/openssl:=[-bindist(-)]
+	mysql? ( dev-db/mysql-connector-c:0= )
+	odbc? ( >=dev-db/unixODBC-2.2.6 )
+	ldap? ( net-nds/openldap:= )
+	postgres? ( dev-db/postgresql:= )
+	caps? ( >=sys-libs/libcap-2.1.0 )
+	xml? ( dev-libs/libxml2 )
+	geoip? ( dev-libs/libmaxminddb:= )
+	geoip2? ( dev-libs/libmaxminddb:= )
+	gssapi? ( virtual/krb5 )
+	json? ( dev-libs/json-c:= )
+	lmdb? ( dev-db/lmdb:= )
+	zlib? ( sys-libs/zlib )
+	dnstap? ( dev-libs/fstrm dev-libs/protobuf-c:= )
+	python? (
+		${PYTHON_DEPS}
+		dev-python/ply[${PYTHON_USEDEP}]
+	)
+"
+RDEPEND="
+	${DEPEND}
+	sys-process/psmisc
+	selinux? ( sec-policy/selinux-bind )
+"
+BDEPEND="
+	test? (
+		dev-util/cmocka
+		dev-util/kyua
+	)
+	verify-sig? ( sec-keys/openpgp-keys-isc )
+"
+
+PATCHES=(
+	"${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
+)
+
+src_unpack() {
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc}
+	fi
+	default
+}
+
+src_prepare() {
+	default
+
+	# Should be installed by bind-tools
+	sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
+
+	# Slow tests
+	sed -i "s/{name='mem_test'}/{name='mem_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
+	sed -i "s/{name='timer_test'}/{name='timer_test',timeout=900}/" "lib/isc/tests/Kyuafile" || die
+
+	# Conditionally broken
+	use sparc && ( sed -i "/{name='netmgr_test'}/d" "lib/isc/tests/Kyuafile" || die )
+
+	# bug #220361
+	rm aclocal.m4 || die
+	rm -rf libtool.m4/ || die
+	eautoreconf
+
+	use python && python_copy_sources
+}
+
+src_configure() {
+	bind_configure --without-python
+	use python && python_foreach_impl python_configure
+}
+
+bind_configure() {
+	local myeconfargs=(
+		AR="$(type -P $(tc-getAR))"
+		--prefix="${EPREFIX}"/usr
+		--sysconfdir=/etc/bind
+		--localstatedir=/var
+		--with-libtool
+		--enable-full-report
+		--without-readline
+		--with-openssl="${ESYSROOT}"/usr
+		$(use_with test cmocka)
+		# Removed in 9.17, drags in libunwind dependency too
+		--disable-backtrace
+		$(use_enable caps linux-caps)
+		$(use_enable dnsrps)
+		$(use_enable dnstap)
+		$(use_enable fixed-rrset)
+		$(use_with berkdb dlz-bdb "${ESYSROOT}"/usr)
+		$(use_with dlz dlopen)
+		$(use_with dlz dlz-filesystem)
+		$(use_with dlz dlz-stub)
+		$(use_with gssapi)
+		$(use_with json json-c)
+		$(use_with ldap dlz-ldap)
+		$(use_with mysql dlz-mysql)
+		$(use_with odbc dlz-odbc)
+		$(use_with postgres dlz-postgres)
+		$(use_with lmdb)
+		$(use_with xml libxml2)
+		$(use_with zlib)
+		"${@}"
+	)
+
+	# This is for users to start to migrate back to USE=geoip, rather than
+	# USE=geoip2
+	if use geoip ; then
+		myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
+	elif use geoip2 ; then
+		# Added 2020/09/30
+		# Remove USE=geoip2 support after 2020/03/01
+		ewarn "USE=geoip2 is deprecated; update your USE flags!"
+		myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
+	else
+		myeconfargs+=( --without-maxminddb --disable-geoip )
+	fi
+
+	# bug #158664
+	#gcc-specs-ssp && replace-flags -O[23s] -O
+
+	# To include db.h from proper path
+	use berkdb && append-flags "-I$(db_includedir)"
+
+	export BUILD_CC=$(tc-getBUILD_CC)
+	econf "${myeconfargs[@]}"
+
+	# bug #151839
+	echo '#undef SO_BSDCOMPAT' >> config.h || die
+}
+
+python_configure() {
+	pushd "${BUILD_DIR}" >/dev/null || die
+	bind_configure --with-python
+	popd >/dev/null || die
+}
+
+src_compile() {
+	default
+	use python && python_foreach_impl python_compile
+}
+
+python_compile() {
+	emake -C "${BUILD_DIR}"/bin/python
+}
+
+src_test() {
+	# system tests ('emake test') require network configuration for IPs etc
+	# so we run the unit tests instead.
+	TEST_PARALLEL_JOBS="$(makeopts_jobs)" emake -Onone unit
+}
+
+src_install() {
+	default
+
+	dodoc CHANGES README
+
+	if use doc; then
+		docinto misc
+		dodoc -r doc/misc/
+
+		# might a 'html' useflag make sense?
+		docinto html
+		dodoc -r doc/arm/
+
+		docinto contrib
+		dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
+
+		# some handy-dandy dynamic dns examples
+		pushd "${ED}"/usr/share/doc/${PF} 1>/dev/null || die
+		tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
+		popd 1>/dev/null || die
+	fi
+
+	insinto /etc/bind
+	newins "${FILESDIR}"/named.conf-r8 named.conf
+
+	# ftp://ftp.rs.internic.net/domain/named.cache:
+	insinto /var/bind
+	newins "${FILESDIR}"/named.cache-r4 named.cache
+
+	insinto /var/bind/pri
+	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+	newinitd "${FILESDIR}"/named.init-r14 named
+	newconfd "${FILESDIR}"/named.confd-r7 named
+
+	newenvd "${FILESDIR}"/10bind.env 10bind
+
+	# Let's get rid of those tools and their manpages since they're provided by bind-tools
+	rm -f "${ED}"/usr/share/man/man1/{dig,host,nslookup,delv,nsupdate}.1* || die
+	rm -f "${ED}"/usr/share/man/man8/nsupdate.8* || die
+	rm -f "${ED}"/usr/bin/{dig,host,nslookup,nsupdate} || die
+	rm -f "${ED}"/usr/sbin/{dig,host,nslookup,nsupdate} || die
+	for tool in dsfromkey importkey keyfromlabel keygen \
+	revoke settime signzone verify; do
+		rm -f "${ED}"/usr/{,s}bin/dnssec-"${tool}" || die
+		rm -f "${ED}"/usr/share/man/man8/dnssec-"${tool}".8* || die
+	done
+
+	# bug 405251, library archives aren't properly handled by --enable/disable-static
+	if ! use static-libs; then
+		find "${ED}" -type f -name '*.a' -delete || die
+	fi
+
+	# bug 405251
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	use python && python_foreach_impl python_install
+
+	# bug 450406
+	dosym named.cache /var/bind/root.cache
+
+	dosym ../../var/bind/pri /etc/bind/pri
+	dosym ../../var/bind/sec /etc/bind/sec
+	dosym ../../var/bind/dyn /etc/bind/dyn
+	keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+	fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+	fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
+	fperms 0750 /etc/bind /var/bind/pri
+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+	systemd_newunit "${FILESDIR}/named.service-r1" named.service
+	dotmpfiles "${FILESDIR}"/named.conf
+	exeinto /usr/libexec
+	doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+python_install() {
+	pushd "${BUILD_DIR}"/bin/python >/dev/null || die
+	emake DESTDIR="${D}" install
+	python_scriptinto /usr/sbin
+	python_doscript dnssec-{checkds,coverage}
+	python_optimize
+	popd >/dev/null || die
+}
+
+pkg_postinst() {
+	tmpfiles_process named.conf
+
+	if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+		einfo "Using /dev/urandom for generating rndc.key"
+		/usr/sbin/rndc-confgen -a
+		chown root:named /etc/bind/rndc.key || die
+		chmod 0640 /etc/bind/rndc.key || die
+	fi
+
+	einfo
+	einfo "You can edit /etc/conf.d/named to customize named settings"
+	einfo
+	use mysql || use postgres || use ldap && {
+		elog "If your named depends on MySQL/PostgreSQL or LDAP,"
+		elog "uncomment the specified rc_named_* lines in your"
+		elog "/etc/conf.d/named config to ensure they'll start before bind"
+		einfo
+	}
+	einfo "If you'd like to run bind in a chroot AND this is a new"
+	einfo "install OR your bind doesn't already run in a chroot:"
+	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+	einfo
+
+	CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+	if [[ -n ${CHROOT} ]]; then
+		elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		elog "To enable the old behaviour (without using mount) uncomment the"
+		elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		elog "If you decide to use the new/default method, ensure to make backup"
+		elog "first and merge your existing configs/zones to /etc/bind and"
+		elog "/var/bind because bind will now mount the needed directories into"
+		elog "the chroot dir."
+	fi
+}
+
+pkg_config() {
+	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+	if [[ -z "${CHROOT}" ]]; then
+		eerror "This config script is designed to automate setting up"
+		eerror "a chrooted bind/named. To do so, please first uncomment"
+		eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+		die "Unset CHROOT"
+	fi
+	if [[ -d "${CHROOT}" ]]; then
+		ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		ewarn "To enable the old behaviour (without using mount) uncomment the"
+		ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		ewarn
+		ewarn "${CHROOT} already exists... some things might become overridden"
+		ewarn "press CTRL+C if you don't want to continue"
+		sleep 10
+	fi
+
+	echo; einfo "Setting up the chroot directory..."
+
+	mkdir -m 0750 -p ${CHROOT} || die
+	mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+	mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+	mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+	chown root:named \
+		${CHROOT} \
+		${CHROOT}/var/{bind,log/named} \
+		${CHROOT}/run/named/ \
+		${CHROOT}/etc/bind \
+		|| die
+
+	mknod ${CHROOT}/dev/null c 1 3 || die
+	chmod 0666 ${CHROOT}/dev/null || die
+
+	mknod ${CHROOT}/dev/zero c 1 5 || die
+	chmod 0666 ${CHROOT}/dev/zero || die
+
+	mknod ${CHROOT}/dev/urandom c 1 9 || die
+	chmod 0666 ${CHROOT}/dev/urandom || die
+
+	if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
+		cp -a /etc/bind ${CHROOT}/etc/ || die
+		cp -a /var/bind ${CHROOT}/var/ || die
+	fi
+
+	if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+		if use geoip; then
+			mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+		elif use geoip2; then
+			mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+		fi
+	fi
+
+	elog "You may need to add the following line to your syslog-ng.conf:"
+	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}

sdk_container/src/third_party/portage-stable/net-dns/bind/bind-9.18.29-r2.ebuild

@@ -0,0 +1,275 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd tmpfiles
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz"
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+LICENSE="MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="+caps dnsrps dnstap doc doh fixed-rrset idn jemalloc geoip gssapi lmdb selinux static-libs test xml"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	acct-group/named
+	acct-user/named
+	dev-libs/json-c:=
+	>=dev-libs/libuv-1.37.0:=
+	sys-libs/zlib:=
+	dev-libs/openssl:=[-bindist(-)]
+	caps? ( >=sys-libs/libcap-2.1.0 )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c
+	)
+	doh? ( net-libs/nghttp2:= )
+	geoip? ( dev-libs/libmaxminddb )
+	gssapi? ( virtual/krb5 )
+	idn? ( net-dns/libidn2 )
+	jemalloc? ( dev-libs/jemalloc:= )
+	lmdb? ( dev-db/lmdb )
+	xml? ( dev-libs/libxml2 )
+"
+RDEPEND="
+	${DEPEND}
+	selinux? ( sec-policy/selinux-bind )
+	sys-process/psmisc
+	!<net-dns/bind-tools-9.18.0
+"
+# sphinx required for man-page and html creation
+BDEPEND="
+	dev-lang/perl
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	test? (
+		dev-util/cmocka
+	)
+"
+
+src_prepare() {
+	default
+
+	# Don't clobber our toolchain defaults
+	sed -i -e '/FORTIFY_SOURCE=/d' configure || die
+
+	# Test is (notoriously) slow/resource intensive
+	sed -i -e 's:ISC_TEST_MAIN:int main(void) { exit(77); }:' tests/isc/netmgr_test.c || die
+}
+
+src_configure() {
+	local myeconfargs=(
+		--prefix="${EPREFIX}"/usr
+		--sysconfdir="${EPREFIX}"/etc/bind
+		--localstatedir="${EPREFIX}"/var
+		--enable-full-report
+		--without-readline
+		--with-openssl="${ESYSROOT}"/usr
+		--with-json-c
+		--with-zlib
+		$(use_enable caps linux-caps)
+		$(use_enable dnsrps)
+		$(use_enable dnstap)
+		$(use_enable doh)
+		$(use_with doh libnghttp2)
+		$(use_enable fixed-rrset)
+		$(use_enable static-libs static)
+		$(use_enable geoip)
+		$(use_with test cmocka)
+		$(use_with geoip maxminddb)
+		$(use_with gssapi)
+		$(use_with idn libidn2)
+		$(use_with jemalloc)
+		$(use_with lmdb)
+		$(use_with xml libxml2)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	# system tests ('emake test') require network configuration for IPs etc
+	# so we run the unit tests instead.
+	CI=1 emake unit V=1
+
+	# libtest is an internal test helper library, it has no tests,
+	# so suppress the QA warning.
+	rm tests/libtest/test-suite.log || die
+}
+
+src_install() {
+	default
+
+	dodoc CHANGES README.md
+
+	if use doc; then
+		docinto misc
+		dodoc -r doc/misc/
+
+		docinto html
+		dodoc -r doc/arm/
+
+		docinto dnssec-guide
+		dodoc -r doc/dnssec-guide/
+
+		docinto contrib
+		dodoc contrib/scripts/nanny.pl
+	fi
+
+	insinto /etc/bind
+	newins "${FILESDIR}"/named.conf-r8 named.conf
+	newins "${FILESDIR}"/named.conf.auth named.conf.auth
+
+	newinitd "${FILESDIR}"/named.init-r15 named
+	newconfd "${FILESDIR}"/named.confd-r8 named
+
+	newenvd "${FILESDIR}"/10bind.env 10bind
+
+	if ! use static-libs ; then
+		find "${ED}"/usr/lib* -name '*.la' -delete || die
+	fi
+
+	#
+	# /var/bind
+	#
+	# These need to remain for now because CONFIG_PROTECT won't
+	# save them and we shipped configs for years containing references
+	# to them.
+	#
+	# ftp://ftp.rs.internic.net/domain/named.cache:
+	insinto /var/bind
+	newins "${FILESDIR}"/named.cache-r4 named.cache
+	# bug #450406
+	dosym named.cache /var/bind/root.cache
+	#
+	insinto /var/bind/pri
+	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+	dosym -r /var/bind/pri /etc/bind/pri
+	dosym -r /var/bind/sec /etc/bind/sec
+	dosym -r /var/bind/dyn /etc/bind/dyn
+	keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+	fowners root:named /etc/bind/{bind.keys,named.conf,named.conf.auth}
+	fperms 0640 /etc/bind/{bind.keys,named.conf,named.conf.auth}
+	fperms 0750 /etc/bind /var/bind/pri
+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+	systemd_newunit "${FILESDIR}/named.service-r2" named.service
+	dotmpfiles "${FILESDIR}"/named.conf
+	exeinto /usr/libexec
+	doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+	tmpfiles_process named.conf
+
+	if [[ ! -f '/etc/bind/rndc.key' && ! -f '/etc/bind/rndc.conf' ]]; then
+		einfo "Generating rndc.key"
+		/usr/sbin/rndc-confgen -a
+		chown root:named /etc/bind/rndc.key || die
+		chmod 0640 /etc/bind/rndc.key || die
+	fi
+
+	einfo
+	einfo "You can edit /etc/conf.d/named to customize named settings"
+	einfo
+
+	einfo "If you'd like to run bind in a chroot AND this is a new"
+	einfo "install OR your bind doesn't already run in a chroot:"
+	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+	einfo
+
+	CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+	if [[ -n ${CHROOT} ]]; then
+		elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		elog "To enable the old behaviour (without using mount) uncomment the"
+		elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		elog "If you decide to use the new/default method, ensure to make backup"
+		elog "first and merge your existing configs/zones to /etc/bind and"
+		elog "/var/bind because bind will now mount the needed directories into"
+		elog "the chroot dir."
+	fi
+
+	# show only when upgrading to 9.18
+	if [[ -n "${REPLACING_VERSIONS}" ]] && ver_test "${REPLACING_VERSIONS}" -lt 9.18; then
+		elog "As this is a major bind version upgrade, please read:"
+		elog "   https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918"
+		elog "for differences in functionality."
+		elog ""
+		ewarn "In particular, please note that bind-9.18 does not need a root hints file anymore"
+		ewarn "and we only ship with one as a stop-gap. If your current configuration specifies a"
+		ewarn "root hints file - usually called named.cache - bind will not start as it will not be able"
+		ewarn "to find the specified file. Best practice is to delete the offending lines that"
+		ewarn "reference named.cache file from your configuration."
+	fi
+}
+
+pkg_config() {
+	CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
+	CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+	CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+	if [[ -z "${CHROOT}" ]]; then
+		eerror "This config script is designed to automate setting up"
+		eerror "a chrooted bind/named. To do so, please first uncomment"
+		eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+		die "Unset CHROOT"
+	fi
+
+	if [[ -d "${CHROOT}" ]]; then
+		ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		ewarn "To enable the old behaviour (without using mount) uncomment the"
+		ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		ewarn
+		ewarn "${CHROOT} already exists... some things might become overridden"
+		ewarn "press CTRL+C if you don't want to continue"
+		sleep 10
+	fi
+
+	echo; einfo "Setting up the chroot directory..."
+
+	mkdir -m 0750 -p ${CHROOT} || die
+	mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die
+	mkdir -m 0750 -p ${CHROOT}/etc/bind || die
+	mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die
+
+	chown root:named \
+		${CHROOT} \
+		${CHROOT}/var/{bind,log/named} \
+		${CHROOT}/run/named/ \
+		${CHROOT}/etc/bind \
+		|| die
+
+	mknod ${CHROOT}/dev/null c 1 3 || die
+	chmod 0666 ${CHROOT}/dev/null || die
+
+	mknod ${CHROOT}/dev/zero c 1 5 || die
+	chmod 0666 ${CHROOT}/dev/zero || die
+
+	if [[ "${CHROOT_NOMOUNT:-0}" -ne 0 ]]; then
+		cp -a /etc/bind ${CHROOT}/etc/ || die
+		cp -a /var/bind ${CHROOT}/var/ || die
+	fi
+
+	if [[ "${CHROOT_GEOIP:-0}" -eq 1 ]]; then
+		if use geoip; then
+			mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die
+		elif use geoip2; then
+			mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP2 || die
+		fi
+	fi
+
+	elog "You may need to add the following line to your syslog-ng.conf:"
+	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}

sdk_container/src/third_party/portage-stable/net-dns/bind/bind-9.18.31-r1.ebuild

@@ -0,0 +1,275 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd tmpfiles
+
+MY_PV="${PV/_p/-P}"
+MY_PV="${MY_PV/_rc/rc}"
+
+DESCRIPTION="Berkeley Internet Name Domain - Name Server"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${P}.tar.xz"
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+LICENSE="MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="+caps dnstap doc doh fixed-rrset idn jemalloc geoip gssapi lmdb selinux static-libs test xml"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	acct-group/named
+	acct-user/named
+	dev-libs/json-c:=
+	>=dev-libs/libuv-1.37.0:=
+	sys-libs/zlib:=
+	dev-libs/openssl:=[-bindist(-)]
+	caps? ( >=sys-libs/libcap-2.1.0 )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c
+	)
+	doh? ( net-libs/nghttp2:= )
+	geoip? ( dev-libs/libmaxminddb )
+	gssapi? ( virtual/krb5 )
+	idn? ( net-dns/libidn2 )
+	jemalloc? ( dev-libs/jemalloc:= )
+	lmdb? ( dev-db/lmdb )
+	xml? ( dev-libs/libxml2 )
+"
+RDEPEND="
+	${DEPEND}
+	selinux? ( sec-policy/selinux-bind )
+	sys-process/psmisc
+	!<net-dns/bind-tools-9.18.0
+"
+# sphinx required for man-page and html creation
+BDEPEND="
+	dev-lang/perl
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+	test? (
+		dev-util/cmocka
+	)
+"
+
+src_prepare() {
+	default
+
+	# Don't clobber our toolchain defaults
+	sed -i -e '/FORTIFY_SOURCE=/d' configure || die
+
+	# Test is (notoriously) slow/resource intensive
+	sed -i -e 's:ISC_TEST_MAIN:int main(void) { exit(77); }:' tests/isc/netmgr_test.c || die
+}
+
+src_configure() {
+	local myeconfargs=(
+		--prefix="${EPREFIX}"/usr
+		--sysconfdir="${EPREFIX}"/etc/bind
+		--localstatedir="${EPREFIX}"/var
+		--enable-full-report
+		--without-readline
+		--with-openssl="${ESYSROOT}"/usr
+		--with-json-c
+		--with-zlib
+		$(use_enable caps linux-caps)
+		--disable-dnsrps
+		$(use_enable dnstap)
+		$(use_enable doh)
+		$(use_with doh libnghttp2)
+		$(use_enable fixed-rrset)
+		$(use_enable static-libs static)
+		$(use_enable geoip)
+		$(use_with test cmocka)
+		$(use_with geoip maxminddb)
+		$(use_with gssapi)
+		$(use_with idn libidn2)
+		$(use_with jemalloc)
+		$(use_with lmdb)
+		$(use_with xml libxml2)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	# system tests ('emake test') require network configuration for IPs etc
+	# so we run the unit tests instead.
+	CI=1 emake unit V=1
+
+	# libtest is an internal test helper library, it has no tests,
+	# so suppress the QA warning.
+	rm tests/libtest/test-suite.log || die
+}
+
+src_install() {
+	default
+
+	dodoc CHANGES README.md
+
+	if use doc; then
+		docinto misc
+		dodoc -r doc/misc/
+
+		docinto html
+		dodoc -r doc/arm/
+
+		docinto dnssec-guide
+		dodoc -r doc/dnssec-guide/
+
+		docinto contrib
+		dodoc contrib/scripts/nanny.pl
+	fi
+
+	insinto /etc/bind
+	newins "${FILESDIR}"/named.conf-r8 named.conf
+	newins "${FILESDIR}"/named.conf.auth named.conf.auth
+
+	newinitd "${FILESDIR}"/named.init-r15 named
+	newconfd "${FILESDIR}"/named.confd-r8 named
+
+	newenvd "${FILESDIR}"/10bind.env 10bind
+
+	if ! use static-libs ; then
+		find "${ED}"/usr/lib* -name '*.la' -delete || die
+	fi
+
+	#
+	# /var/bind
+	#
+	# These need to remain for now because CONFIG_PROTECT won't
+	# save them and we shipped configs for years containing references
+	# to them.
+	#
+	# ftp://ftp.rs.internic.net/domain/named.cache:
+	insinto /var/bind
+	newins "${FILESDIR}"/named.cache-r4 named.cache
+	# bug #450406
+	dosym named.cache /var/bind/root.cache
+	#
+	insinto /var/bind/pri
+	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
+
+	dosym -r /var/bind/pri /etc/bind/pri
+	dosym -r /var/bind/sec /etc/bind/sec
+	dosym -r /var/bind/dyn /etc/bind/dyn
+	keepdir /var/bind/{pri,sec,dyn} /var/log/named
+
+	fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
+	fowners root:named /etc/bind/{bind.keys,named.conf,named.conf.auth}
+	fperms 0640 /etc/bind/{bind.keys,named.conf,named.conf.auth}
+	fperms 0750 /etc/bind /var/bind/pri
+	fperms 0770 /var/log/named /var/bind/{,sec,dyn}
+
+	systemd_newunit "${FILESDIR}/named.service-r2" named.service
+	dotmpfiles "${FILESDIR}"/named.conf
+	exeinto /usr/libexec
+	doexe "${FILESDIR}/generate-rndc-key.sh"
+}
+
+pkg_postinst() {
+	tmpfiles_process named.conf
+
+	if [[ -z ${ROOT} && ! -f ${EPREFIX}/etc/bind/rndc.key && ! -f ${EPREFIX}/etc/bind/rndc.conf ]]; then
+		einfo "Generating rndc.key"
+		"${EPREFIX}"/usr/sbin/rndc-confgen -a || die
+		chown root:named "${EPREFIX}"/etc/bind/rndc.key || die
+		chmod 0640 "${EPREFIX}"/etc/bind/rndc.key || die
+	fi
+
+	einfo
+	einfo "You can edit /etc/conf.d/named to customize named settings"
+	einfo
+
+	einfo "If you'd like to run bind in a chroot AND this is a new"
+	einfo "install OR your bind doesn't already run in a chroot:"
+	einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
+	einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
+	einfo
+
+	CHROOT=$(source "${EROOT}"/etc/conf.d/named 2>/dev/null; echo ${CHROOT})
+	if [[ -n ${CHROOT} ]]; then
+		elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		elog "To enable the old behaviour (without using mount) uncomment the"
+		elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		elog "If you decide to use the new/default method, ensure to make backup"
+		elog "first and merge your existing configs/zones to /etc/bind and"
+		elog "/var/bind because bind will now mount the needed directories into"
+		elog "the chroot dir."
+	fi
+
+	# show only when upgrading to 9.18
+	if [[ -n "${REPLACING_VERSIONS}" ]] && ver_test "${REPLACING_VERSIONS}" -lt 9.18; then
+		elog "As this is a major bind version upgrade, please read:"
+		elog "   https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918"
+		elog "for differences in functionality."
+		elog ""
+		ewarn "In particular, please note that bind-9.18 does not need a root hints file anymore"
+		ewarn "and we only ship with one as a stop-gap. If your current configuration specifies a"
+		ewarn "root hints file - usually called named.cache - bind will not start as it will not be able"
+		ewarn "to find the specified file. Best practice is to delete the offending lines that"
+		ewarn "reference named.cache file from your configuration."
+	fi
+}
+
+pkg_config() {
+	CHROOT=$(source "${EROOT}"/etc/conf.d/named; echo ${CHROOT})
+	CHROOT_NOMOUNT=$(source "${EROOT}"/etc/conf.d/named; echo ${CHROOT_NOMOUNT})
+	CHROOT_GEOIP=$(source "${EROOT}"/etc/conf.d/named; echo ${CHROOT_GEOIP})
+
+	if [[ -z "${CHROOT}" ]]; then
+		eerror "This config script is designed to automate setting up"
+		eerror "a chrooted bind/named. To do so, please first uncomment"
+		eerror "and set the CHROOT variable in '/etc/conf.d/named'."
+		die "Unset CHROOT"
+	fi
+
+	if [[ -d "${CHROOT}" ]]; then
+		ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
+		ewarn "To enable the old behaviour (without using mount) uncomment the"
+		ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
+		ewarn
+		ewarn "${CHROOT} already exists... some things might become overridden"
+		ewarn "press CTRL+C if you don't want to continue"
+		sleep 10
+	fi
+
+	echo; einfo "Setting up the chroot directory..."
+
+	mkdir -m 0750 -p "${CHROOT}" || die
+	mkdir -m 0755 -p "${CHROOT}"/{dev,etc,var/log,run} || die
+	mkdir -m 0750 -p "${CHROOT}"/etc/bind || die
+	mkdir -m 0770 -p "${CHROOT}"/var/{bind,log/named} "${CHROOT}"/run/named/ || die
+
+	chown root:named \
+		"${CHROOT}" \
+		"${CHROOT}"/var/{bind,log/named} \
+		"${CHROOT}"/run/named/ \
+		"${CHROOT}"/etc/bind \
+		|| die
+
+	mknod "${CHROOT}"/dev/null c 1 3 || die
+	chmod 0666 "${CHROOT}"/dev/null || die
+
+	mknod "${CHROOT}"/dev/zero c 1 5 || die
+	chmod 0666 "${CHROOT}"/dev/zero || die
+
+	if [[ "${CHROOT_NOMOUNT:-0}" -ne 0 ]]; then
+		cp -a /etc/bind "${CHROOT}"/etc/ || die
+		cp -a /var/bind "${CHROOT}"/var/ || die
+	fi
+
+	if [[ "${CHROOT_GEOIP:-0}" -eq 1 ]]; then
+		if use geoip; then
+			mkdir -m 0755 -p "${CHROOT}"/usr/share/GeoIP || die
+		elif use geoip2; then
+			mkdir -m 0755 -p "${CHROOT}"/usr/share/GeoIP2 || die
+		fi
+	fi
+
+	elog "You may need to add the following line to your syslog-ng.conf:"
+	elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
+}

sdk_container/src/third_party/portage-stable/net-dns/bind/files/10bind.env

@@ -0,0 +1 @@
+CONFIG_PROTECT="/var/bind"

sdk_container/src/third_party/portage-stable/net-dns/bind/files/generate-rndc-key.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ ! -s /etc/bind/rndc.key ]; then
+    /usr/sbin/rndc-confgen -a > /dev/null 2>&1 || exit 1
+    chmod 640 /etc/bind/rndc.key
+    chown root.named /etc/bind/rndc.key
+fi

sdk_container/src/third_party/portage-stable/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch

@@ -0,0 +1,13 @@
+diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
+index f769cf1..721d480 100644
+--- a/contrib/dlz/config.dlz.in
++++ b/contrib/dlz/config.dlz.in
+@@ -396,7 +396,7 @@ case "$use_dlz_ldap" in
+ 	*)
+ 		DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
+ 				[-I$use_dlz_ldap/include],
+-				[-L$use_dlz_ldap/lib -lldap -llber])
++				[-lldap -llber])
+ 
+ 		AC_MSG_RESULT(
+ [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])

sdk_container/src/third_party/portage-stable/net-dns/bind/files/localhost.zone-r3

@@ -0,0 +1,11 @@
+$TTL 1W
+@       IN      SOA     localhost. root.localhost.  (
+                                      2008122601 ; Serial
+                                      28800      ; Refresh
+                                      14400      ; Retry
+                                      604800     ; Expire - 1 week
+                                      86400 )    ; Minimum
+@		IN      NS      localhost.
+@		IN	A	127.0.0.1
+
+@		IN	AAAA	::1

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.cache-r4

@@ -0,0 +1,92 @@
+;       This file holds the information on root name servers needed to 
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers). 
+; 
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache 
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:     January 24, 2024
+;       related version of root zone:     2024012401
+; 
+; FORMERLY NS.INTERNIC.NET 
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+; 
+; FORMERLY NS1.ISI.EDU 
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     170.247.170.2
+B.ROOT-SERVERS.NET.      3600000      AAAA  2801:1b8:10::b
+; 
+; FORMERLY C.PSI.NET 
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+; 
+; FORMERLY TERP.UMD.EDU 
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+; 
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
+; 
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+; 
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
+; 
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+; 
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+; 
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+; 
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+; 
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
+; 
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.conf

@@ -0,0 +1 @@
+d /run/named 0750 named named -

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.conf-r8

@@ -0,0 +1,166 @@
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-* for more details.
+ * Online versions of the documentation can be found here:
+ * https://kb.isc.org/article/AA-01031
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+	/* Deny transfers by default except for the listed hosts.
+	 * If we have other name servers, place them here.
+	 */
+	none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+	127.0.0.0/8;
+	::1/128;
+};
+
+options {
+	directory "/var/bind";
+	pid-file "/run/named/named.pid";
+
+	/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+	//bindkeys-file "/etc/bind/bind.keys";
+
+	listen-on-v6 { ::1; };
+	listen-on { 127.0.0.1; };
+
+	allow-query {
+		/*
+		 * Accept queries from our "trusted" ACL.  We will
+		 * allow anyone to query our master zones below.
+		 * This prevents us from becoming a free DNS server
+		 * to the masses.
+		 */
+		trusted;
+	};
+
+	allow-query-cache {
+		/* Use the cache for the "trusted" ACL. */
+		trusted;
+	};
+
+	allow-recursion {
+		/* Only trusted addresses are allowed to use recursion. */
+		trusted;
+	};
+
+	allow-transfer {
+		/* Zone tranfers are denied by default. */
+		none;
+	};
+
+	allow-update {
+		/* Don't allow updates, e.g. via nsupdate. */
+		none;
+	};
+
+	/*
+	* If you've got a DNS server around at your upstream provider, enter its
+	* IP address here, and enable the line below. This will make you benefit
+	* from its cache, thus reduce overall DNS traffic in the Internet.
+	*
+	* Uncomment the following lines to turn on DNS forwarding, and change
+	*  and/or update the forwarding ip address(es):
+	*/
+/*
+	forward first;
+	forwarders {
+	//	123.123.123.123;	// Your ISP NS
+	//	124.124.124.124;	// Your ISP NS
+	//	4.2.2.1;		// Level3 Public DNS
+	//	4.2.2.2;		// Level3 Public DNS
+		8.8.8.8;		// Google Open DNS
+		8.8.4.4;		// Google Open DNS
+	};
+
+*/
+
+	dnssec-enable yes;
+	//dnssec-validation yes;
+
+	/*
+	 * As of bind 9.8.0:
+	 * "If the root key provided has expired,
+	 * named will log the expiration and validation will not work."
+	 */
+	dnssec-validation auto;
+
+	/* if you have problems and are behind a firewall: */
+	//query-source address * port 53;
+};
+
+/*
+logging {
+	channel default_log {
+		file "/var/log/named/named.log" versions 5 size 50M;
+		print-time yes;
+		print-severity yes;
+		print-category yes;
+	};
+
+	category default { default_log; };
+	category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+	inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+	type hint;
+	file "/var/bind/named.cache";
+};
+
+zone "localhost" IN {
+	type master;
+	file "pri/localhost.zone";
+	notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+//	type master;
+//	file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+//	allow-query { any; };
+//	allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+//	type slave;
+//	file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+//	masters { <MASTER>; };
+
+	/* Anybody is allowed to query but transfer should be controlled by the master. */
+//	allow-query { any; };
+//	allow-transfer { none; };
+
+	/* The master should be the only one who notifies the slaves, shouldn't it? */
+//	allow-notify { <MASTER>; };
+//	notify no;
+//};

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.conf.auth

@@ -0,0 +1,33 @@
+//http local {
+//	endpoints { "/dns-query"; };
+//};
+
+options {
+	directory "/var/cache/bind";
+	pid-file "/run/named/named.pid";
+
+	listen-on { 127.0.0.1; };
+	listen-on-v6 { ::1; };
+	// dns-over-tls
+	listen-on port 853 tls ephemeral { 127.0.0.1; };
+	listen-on-v6 port 853 tls ephemeral { ::1; };
+	// dns-over-https
+	//listen-on port 443 tls ephemeral http local { 127.0.0.1; };
+	//listen-on-v6 port 443 tls ephemeral http local { ::1; };
+
+	allow-recursion {
+		none;
+	};
+	allow-transfer {
+		none;
+	};
+	allow-update {
+		none;
+	};
+};
+
+zone "example.com." {
+	type primary;
+	file "/var/bind/pri/db.example.com";
+	notify explicit;
+};

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.confd-r7

@@ -0,0 +1,48 @@
+# Set various named options here.
+#
+#OPTIONS=""
+
+# Set this to the number of processors you want bind to use.
+# Leave this unchanged if you want bind to automatically detect the number
+#CPU="1"
+
+# If you wish to run bind in a chroot:
+# 1) un-comment the CHROOT= assignment, below. You may use
+#    a different chroot directory but MAKE SURE it's empty.
+# 2) run: emerge --config =<bind-version>
+#
+#CHROOT="/chroot/dns"
+
+# Uncomment to enable binmount of /usr/share/GeoIP
+#CHROOT_GEOIP="1"
+
+# Uncomment the line below to avoid that the init script mounts the needed paths
+# into the chroot directory.
+# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
+#CHROOT_NOMOUNT="1"
+
+# Uncomment this option if you have setup your own chroot environment and you
+# don't want/need the chroot consistency check
+#CHROOT_NOCHECK=1
+
+# Default pid file location
+PIDFILE="${CHROOT}/run/named/named.pid"
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+# Default: 0
+#NAMED_NICELEVEL="0"
+
+# Uncomment rc_named_use/rc_named_after for the database you need.
+# Its necessary to ensure the database backend will be started before named.
+
+# MySQL
+#rc_named_use="mysql"
+#rc_named_after="mysql"
+
+# PostgreSQL
+#rc_named_use="pg_autovacuum postgresql"
+#rc_named_after="pg_autovacuum postgresql"
+
+# LDAP
+#rc_named_use="ldap"
+#rc_named_after="ldap"

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.confd-r8

@@ -0,0 +1,37 @@
+# Set various named options here.
+#
+#OPTIONS=""
+
+# config file path
+NAMED_CONF="/etc/bind/named.conf"
+
+# Set this to the number of processors you want bind to use.
+# Leave this unchanged if you want bind to automatically detect the number
+#CPU="1"
+
+# If you wish to run bind in a chroot:
+# 1) un-comment the CHROOT= assignment, below. You may use
+#    a different chroot directory but MAKE SURE it's empty.
+# 2) run: emerge --config =<bind-version>
+#
+#CHROOT="/chroot/dns"
+
+# Uncomment to enable binmount of /usr/share/GeoIP
+#CHROOT_GEOIP="1"
+
+# Uncomment the line below to avoid that the init script mounts the needed paths
+# into the chroot directory.
+# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
+#CHROOT_NOMOUNT="1"
+
+# Uncomment this option if you have setup your own chroot environment and you
+# don't want/need the chroot consistency check
+#CHROOT_NOCHECK=1
+
+# Default pid file location
+# use named.conf to specify pid-file location
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+# Default: 0
+#NAMED_NICELEVEL="0"
+

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.init-r14

@@ -0,0 +1,252 @@
+#!/sbin/openrc-run
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+	need net
+	use logger
+	provide dns
+}
+
+NAMED_CONF=${CHROOT}/etc/bind/named.conf
+
+OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
+MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
+
+_mount() {
+	local from
+	local to
+	local opts
+	local ret=0
+
+	if [ "${#}" -lt 3 ]; then
+		eerror "_mount(): to few arguments"
+		return 1
+	fi
+
+	from=$1
+	to=$2
+	shift 2
+
+	opts="${*}"
+	shift $#
+
+	if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
+		einfo "mounting ${from} to ${to}"
+		mount ${from} ${to} ${opts}
+		ret=$?
+
+		eend $ret
+		return $ret
+	fi
+
+	return 0
+}
+
+_umount() {
+	local dir=$1
+	local ret=0
+
+	if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
+		ebegin "umounting ${dir}"
+		umount ${dir}
+		ret=$?
+
+		eend $ret
+		return $ret
+	fi
+
+	return 0
+}
+
+_get_pidfile() {
+	# as suggested in bug #107724, bug 335398#c17
+	[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+			/usr/sbin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+	[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
+}
+
+check_chroot() {
+	if [ -n "${CHROOT}" ]; then
+		[ ! -d "${CHROOT}" ] && return 1
+		[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
+		[ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
+		[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
+		[ ! -d "${CHROOT}/var/log/named" ] && return 1
+		[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
+		[ ! -c "${CHROOT}/dev/urandom" ] && return 1
+		[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
+		if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+			if [ -d "/usr/lib64" ]; then
+				[ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
+			elif [ -d "/usr/lib" ]; then
+				[ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
+			fi
+		fi
+	fi
+
+	return 0
+}
+
+checkconfig() {
+	ebegin "Checking named configuration"
+
+	if [ ! -f "${NAMED_CONF}" ] ; then
+		eerror "No ${NAMED_CONF} file exists!"
+		return 1
+	fi
+
+	/usr/sbin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
+		eerror "named-checkconf failed! Please fix your config first."
+		return 1
+	}
+
+	eend 0
+	return 0
+}
+
+checkzones() {
+	ebegin "Checking named configuration and zones"
+	/usr/sbin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
+	eend $?
+}
+
+start() {
+	local piddir
+
+	ebegin "Starting ${CHROOT:+chrooted }named"
+
+	if [ -n "${CHROOT}" ]; then
+		if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+			check_chroot || {
+				eend 1
+				eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+				return 1
+			}
+		fi
+
+		if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+			if [ ! -e /usr/lib/engines/libgost.so ]; then
+				eend 1
+				eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
+				return 1
+			fi
+			cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
+				eend 1
+				eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
+				return 1
+			}
+		fi
+		cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
+
+		if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+			einfo "Mounting chroot dirs"
+			_mount /etc/bind ${CHROOT}/etc/bind -o bind
+			_mount /var/bind ${CHROOT}/var/bind -o bind
+			_mount /var/log/named ${CHROOT}/var/log/named -o bind
+			if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+				_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+			fi
+		fi
+
+		# On initial startup, if piddir inside the chroot /var/run/named
+		# Then the .../var/run part might not exist yet
+		checkpath -q -d -o root:root -m 0755 "${piddir}/.."
+	fi
+
+	checkconfig || { eend 1; return 1; }
+
+	# create piddir (usually /run/named) if necessary, bug 334535
+	_get_pidfile
+	piddir="${PIDFILE%/*}"
+	checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+		eerror "Failed to create PID directory at $piddir"
+		eend 1
+		return 1
+	}
+
+	# In case someone have $CPU set in /etc/conf.d/named
+	if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+		CPU="-n ${CPU}"
+	fi
+
+	start-stop-daemon --start --pidfile ${PIDFILE} \
+		--nicelevel ${NAMED_NICELEVEL:-0} \
+		--exec /usr/sbin/named \
+		-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
+	eend $?
+}
+
+stop() {
+	local reported=0
+
+	ebegin "Stopping ${CHROOT:+chrooted }named"
+
+	# Workaround for now, until openrc's restart has been fixed.
+	# openrc doesn't care about a restart() function in init scripts.
+	if [ "${RC_CMD}" = "restart" ]; then
+		if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+			check_chroot || {
+				eend 1
+				eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+				return 1
+			}
+		fi
+
+		checkconfig || { eend 1; return 1; }
+	fi
+
+	# -R 10, bug 335398
+	_get_pidfile
+	start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+		--exec /usr/sbin/named
+
+	if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+		ebegin "Umounting chroot dirs"
+
+		# just to be sure everything gets clean
+		while fuser -s ${CHROOT} 2>/dev/null; do
+			if [ "${reported}" -eq 0 ]; then
+				einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
+			elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
+				eerror "Waiting until all named processes are stopped failed!"
+				eend 1
+				break
+			fi
+			sleep 1
+			reported=$((reported+1))
+		done
+
+		[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
+		_umount ${CHROOT}/etc/bind
+		_umount ${CHROOT}/var/log/named
+		_umount ${CHROOT}/var/bind
+	fi
+
+	eend $?
+}
+
+reload() {
+	local ret
+
+	ebegin "Reloading named.conf and zone files"
+
+	checkconfig || { eend 1; return 1; }
+
+	_get_pidfile
+	if [ -n "${PIDFILE}" ]; then
+		start-stop-daemon --pidfile $PIDFILE --signal HUP
+		ret=$?
+	else
+		ewarn "Unable to determine the pidfile... this is"
+		ewarn "a fallback mode. Please check your installation!"
+
+		$RC_SERVICE restart
+		ret=$?
+	fi
+
+	eend $ret
+}

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.init-r15

@@ -0,0 +1,251 @@
+#!/sbin/openrc-run
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig checkzones"
+extra_started_commands="reload"
+
+depend() {
+	need net
+	use logger
+	provide dns
+}
+
+NAMED_CONF=${NAMED_CONF:-${CHROOT}/etc/bind/named.conf}
+
+OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}
+MOUNT_CHECK_TIMEOUT=${MOUNT_CHECK_TIMEOUT:-60}
+
+_mount() {
+	local from
+	local to
+	local opts
+	local ret=0
+
+	if [ "${#}" -lt 3 ]; then
+		eerror "_mount(): to few arguments"
+		return 1
+	fi
+
+	from=$1
+	to=$2
+	shift 2
+
+	opts="${*}"
+	shift $#
+
+	if [ -z "$(awk "\$2 == \"${to}\" { print \$2 }" /proc/mounts)" ]; then
+		einfo "mounting ${from} to ${to}"
+		mount ${from} ${to} ${opts}
+		ret=$?
+
+		eend $ret
+		return $ret
+	fi
+
+	return 0
+}
+
+_umount() {
+	local dir=$1
+	local ret=0
+
+	if [ -n "$(awk "\$2 == \"${dir}\" { print \$2 }" /proc/mounts)" ]; then
+		ebegin "umounting ${dir}"
+		umount ${dir}
+		ret=$?
+
+		eend $ret
+		return $ret
+	fi
+
+	return 0
+}
+
+_get_pidfile() {
+	# as suggested in bug #107724, bug 335398#c17
+	[ -n "${PIDFILE}" ] || PIDFILE=${CHROOT}$(\
+			/usr/bin/named-checkconf -p ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} | grep 'pid-file' | cut -d\" -f2)
+	[ -z "${PIDFILE}" ] && PIDFILE=${CHROOT}/run/named/named.pid
+}
+
+check_chroot() {
+	if [ -n "${CHROOT}" ]; then
+		[ ! -d "${CHROOT}" ] && return 1
+		[ ! -d "${CHROOT}/dev" ] || [ ! -d "${CHROOT}/etc" ] || [ ! -d "${CHROOT}/var" ] && return 1
+		[ ! -d "${CHROOT}/run" ] || [ ! -d "${CHROOT}/var/log" ] && return 1
+		[ ! -d "${CHROOT}/etc/bind" ] || [ ! -d "${CHROOT}/var/bind" ] && return 1
+		[ ! -d "${CHROOT}/var/log/named" ] && return 1
+		[ ! -c "${CHROOT}/dev/null" ] || [ ! -c "${CHROOT}/dev/zero" ] && return 1
+		[ "${CHROOT_GEOIP:-0}" -eq 1 ] && [ ! -d "${CHROOT}/usr/share/GeoIP" ] && return 1
+		if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+			if [ -d "/usr/lib64" ]; then
+				[ ! -d "${CHROOT}/usr/lib64/engines" ] && return 1
+			elif [ -d "/usr/lib" ]; then
+				[ ! -d "${CHROOT}/usr/lib/engines" ] && return 1
+			fi
+		fi
+	fi
+
+	return 0
+}
+
+checkconfig() {
+	ebegin "Checking named configuration"
+
+	if [ ! -f "${NAMED_CONF}" ] ; then
+		eerror "No ${NAMED_CONF} file exists!"
+		return 1
+	fi
+
+	/usr/bin/named-checkconf ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}} || {
+		eerror "named-checkconf failed! Please fix your config first."
+		return 1
+	}
+
+	eend 0
+	return 0
+}
+
+checkzones() {
+	ebegin "Checking named configuration and zones"
+	/usr/bin/named-checkconf -z -j ${CHROOT:+-t} ${CHROOT} ${NAMED_CONF#${CHROOT}}
+	eend $?
+}
+
+start() {
+	local piddir
+
+	ebegin "Starting ${CHROOT:+chrooted }named"
+
+	if [ -n "${CHROOT}" ]; then
+		if [ ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+			check_chroot || {
+				eend 1
+				eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+				return 1
+			}
+		fi
+
+		if [ ${OPENSSL_LIBGOST:-0} -eq 1 ]; then
+			if [ ! -e /usr/lib/engines/libgost.so ]; then
+				eend 1
+				eerror "Couldn't find /usr/lib/engines/libgost.so but bind has been built with openssl and libgost support"
+				return 1
+			fi
+			cp -Lp /usr/lib/engines/libgost.so "${CHROOT}/usr/lib/engines/libgost.so" || {
+				eend 1
+				eerror "Couldn't copy /usr/lib/engines/libgost.so into '${CHROOT}/usr/lib/engines/'"
+				return 1
+			}
+		fi
+		cp -Lp /etc/localtime "${CHROOT}/etc/localtime"
+
+		if [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+			einfo "Mounting chroot dirs"
+			_mount /etc/bind ${CHROOT}/etc/bind -o bind
+			_mount /var/bind ${CHROOT}/var/bind -o bind
+			_mount /var/log/named ${CHROOT}/var/log/named -o bind
+			if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
+				_mount /usr/share/GeoIP ${CHROOT}/usr/share/GeoIP -o bind
+			fi
+		fi
+
+		# On initial startup, if piddir inside the chroot /var/run/named
+		# Then the .../var/run part might not exist yet
+		checkpath -q -d -o root:root -m 0755 "${piddir}/.."
+	fi
+
+	checkconfig || { eend 1; return 1; }
+
+	# create piddir (usually /run/named) if necessary, bug 334535
+	_get_pidfile
+	piddir="${PIDFILE%/*}"
+	checkpath -q -d -o root:named -m 0770 "${piddir}" || {
+		eerror "Failed to create PID directory at $piddir"
+		eend 1
+		return 1
+	}
+
+	# In case someone have $CPU set in /etc/conf.d/named
+	if [ -n "${CPU}" ] && [ "${CPU}" -gt 0 ]; then
+		CPU="-n ${CPU}"
+	fi
+
+	start-stop-daemon --start --pidfile ${PIDFILE} \
+		--nicelevel ${NAMED_NICELEVEL:-0} \
+		--exec /usr/sbin/named \
+		-- -u named ${CPU} ${OPTIONS} ${CHROOT:+-t} ${CHROOT}
+	eend $?
+}
+
+stop() {
+	local reported=0
+
+	ebegin "Stopping ${CHROOT:+chrooted }named"
+
+	# Workaround for now, until openrc's restart has been fixed.
+	# openrc doesn't care about a restart() function in init scripts.
+	if [ "${RC_CMD}" = "restart" ]; then
+		if [ -n "${CHROOT}" -a ${CHROOT_NOCHECK:-0} -eq 0 ]; then
+			check_chroot || {
+				eend 1
+				eerror "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first"
+				return 1
+			}
+		fi
+
+		checkconfig || { eend 1; return 1; }
+	fi
+
+	# -R 10, bug 335398
+	_get_pidfile
+	start-stop-daemon --stop --retry 10 --pidfile $PIDFILE \
+		--exec /usr/sbin/named
+
+	if [ -n "${CHROOT}" ] && [ "${CHROOT_NOMOUNT:-0}" -eq 0 ]; then
+		ebegin "Umounting chroot dirs"
+
+		# just to be sure everything gets clean
+		while fuser -s ${CHROOT} 2>/dev/null; do
+			if [ "${reported}" -eq 0 ]; then
+				einfo "Waiting until all named processes are stopped (max. ${MOUNT_CHECK_TIMEOUT} seconds)"
+			elif [ "${reported}" -eq "${MOUNT_CHECK_TIMEOUT}" ]; then
+				eerror "Waiting until all named processes are stopped failed!"
+				eend 1
+				break
+			fi
+			sleep 1
+			reported=$((reported+1))
+		done
+
+		[ "${CHROOT_GEOIP:-0}" -eq 1 ] && _umount ${CHROOT}/usr/share/GeoIP
+		_umount ${CHROOT}/etc/bind
+		_umount ${CHROOT}/var/log/named
+		_umount ${CHROOT}/var/bind
+	fi
+
+	eend $?
+}
+
+reload() {
+	local ret
+
+	ebegin "Reloading named.conf and zone files"
+
+	checkconfig || { eend 1; return 1; }
+
+	_get_pidfile
+	if [ -n "${PIDFILE}" ]; then
+		start-stop-daemon --pidfile $PIDFILE --signal HUP
+		ret=$?
+	else
+		ewarn "Unable to determine the pidfile... this is"
+		ewarn "a fallback mode. Please check your installation!"
+
+		$RC_SERVICE restart
+		ret=$?
+	fi
+
+	eend $ret
+}

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.service-r1

@@ -0,0 +1,13 @@
+[Unit]
+Description=Internet domain name server
+After=network.target
+
+[Service]
+ExecStartPre=/usr/libexec/generate-rndc-key.sh
+ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf
+ExecStart=/usr/sbin/named -f -u named
+ExecReload=/usr/sbin/rndc reload
+ExecStop=/usr/sbin/rndc stop
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/portage-stable/net-dns/bind/files/named.service-r2

@@ -0,0 +1,13 @@
+[Unit]
+Description=Internet domain name server
+After=network.target
+
+[Service]
+ExecStartPre=/usr/libexec/generate-rndc-key.sh
+ExecStartPre=/usr/bin/named-checkconf -z /etc/bind/named.conf
+ExecStart=/usr/sbin/named -f -u named
+ExecReload=/usr/sbin/rndc reload
+ExecStop=/usr/sbin/rndc stop
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/portage-stable/net-dns/bind/metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>chutzpah@gentoo.org</email>
+		<name>Patrick McLean</name>
+	</maintainer>
+	<use>
+		<flag name="dnstap">Enables dnstap packet logging</flag>
+		<flag name="dnsrps">Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an external response policy provider</flag>
+		<flag name="dlz">Enables dynamic loaded zones, 3rd party extension</flag>
+		<flag name="doh">Enables dns-over-https</flag>
+		<flag name="fixed-rrset">Enables fixed rrset-order option</flag>
+		<flag name="geoip2">Enable GeoIP2 API from MaxMind</flag>
+		<flag name="gssapi">Enable gssapi support</flag>
+		<flag name="json">Enable JSON statistics channel</flag>
+		<flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag>
+	</use>
+</pkgmetadata>