diff options
Diffstat (limited to 'net-dns/pdns')
-rw-r--r-- | net-dns/pdns/ChangeLog | 13 | ||||
-rw-r--r-- | net-dns/pdns/files/pdns-3.3-fix-autoconf.patch | 13 | ||||
-rw-r--r-- | net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch | 26 | ||||
-rw-r--r-- | net-dns/pdns/files/pdns-3.3-fix-curl-link.patch | 11 | ||||
-rw-r--r-- | net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch | 77 | ||||
-rw-r--r-- | net-dns/pdns/files/pdns-3.3-lib_lua.patch | 16 | ||||
-rw-r--r-- | net-dns/pdns/files/pdns-3.3_sha.hh | 134 | ||||
-rw-r--r-- | net-dns/pdns/pdns-3.3.ebuild | 187 |
8 files changed, 476 insertions, 1 deletions
diff --git a/net-dns/pdns/ChangeLog b/net-dns/pdns/ChangeLog index 4c51847d8206..2e744574d66a 100644 --- a/net-dns/pdns/ChangeLog +++ b/net-dns/pdns/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for net-dns/pdns # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/ChangeLog,v 1.89 2013/09/22 10:31:55 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/ChangeLog,v 1.90 2013/12/16 14:56:40 ultrabug Exp $ + +*pdns-3.3 (16 Dec 2013) + + 16 Dec 2013; Ultrabug <ultrabug@gentoo.org> +pdns-3.3.ebuild, + +files/pdns-3.3-fix-autoconf.patch, + +files/pdns-3.3-fix-conditional-polarssl.patch, + +files/pdns-3.3-fix-curl-link.patch, + +files/pdns-3.3-fix-polarssl_1.3.0.patch, +files/pdns-3.3-lib_lua.patch, + +files/pdns-3.3_sha.hh: + Version bump, fix #493302 thx to @Nawadanp, add support for polarSSL 1.3.0 in + tree 22 Sep 2013; Agostino Sarubbo <ago@gentoo.org> pdns-3.2.ebuild: Add ~amd64/~x86, wrt bug #456412 diff --git a/net-dns/pdns/files/pdns-3.3-fix-autoconf.patch b/net-dns/pdns/files/pdns-3.3-fix-autoconf.patch new file mode 100644 index 000000000000..e3ee3037b5df --- /dev/null +++ b/net-dns/pdns/files/pdns-3.3-fix-autoconf.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index 1beab82..243b693 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -180,7 +180,7 @@ AC_ARG_WITH([system-polarssl], + [system_polarssl=$withval], + [system_polarssl=yes]) + AC_MSG_RESULT($system_polarssl) +-AM_CONDITIONAL(HAVE_LIBPOLARSSL, false) ++AM_CONDITIONAL(HAVE_LIBPOLARSSL, test x"$system_polarssl" = "xyes") + if test x$system_polarssl = xyes; then + AC_MSG_CHECKING([PolarSSL version >= 1.1]) + AC_COMPILE_IFELSE( diff --git a/net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch b/net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch new file mode 100644 index 000000000000..15a2c504f49d --- /dev/null +++ b/net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch @@ -0,0 +1,26 @@ +--- a/pdns/Makefile.am 2013-12-10 11:53:54.530368351 +0100 ++++ b/pdns/Makefile.am 2013-12-10 11:55:33.398973939 +0100 +@@ -70,7 +70,11 @@ + + # + pdns_server_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@ $(BOOST_SERIALIZATION_LDFLAGS) -rdynamic ++if HAVE_LIBPOLARSSL ++pdns_server_LDADD= $(BOOST_SERIALIZATION_LIBS) $(LUA_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib) ++else + pdns_server_LDADD= ext/polarssl-1.1.2/library/libpolarssl.a $(BOOST_SERIALIZATION_LIBS) $(LUA_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib) ++endif + + if BOTAN110 + pdns_server_SOURCES += botan110signers.cc botansigners.cc +@@ -112,7 +116,11 @@ + + + pdnssec_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@ $(BOOST_PROGRAM_OPTIONS_LDFLAGS) $(BOOST_SERIALIZATION_LDFLAGS) ++if HAVE_LIBPOLARSSL ++pdnssec_LDADD= $(BOOST_PROGRAM_OPTIONS_LIBS) $(BOOST_SERIALIZATION_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib) ++else + pdnssec_LDADD= ext/polarssl-1.1.2/library/libpolarssl.a $(BOOST_PROGRAM_OPTIONS_LIBS) $(BOOST_SERIALIZATION_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib) ++endif + + if BOTAN110 + pdnssec_SOURCES += botan110signers.cc botansigners.cc diff --git a/net-dns/pdns/files/pdns-3.3-fix-curl-link.patch b/net-dns/pdns/files/pdns-3.3-fix-curl-link.patch new file mode 100644 index 000000000000..64366a09d7f3 --- /dev/null +++ b/net-dns/pdns/files/pdns-3.3-fix-curl-link.patch @@ -0,0 +1,11 @@ +--- a/modules/remotebackend/Makefile.am 2013-12-10 11:45:24.487559267 +0100 ++++ b/modules/remotebackend/Makefile.am 2013-12-10 11:45:48.887215368 +0100 +@@ -13,7 +13,7 @@ + libremotebackend_la_SOURCES=remotebackend.hh remotebackend.cc unixconnector.cc httpconnector.cc pipeconnector.cc + + libremotebackend_la_LDFLAGS=-module -avoid-version +-libremotebackend_la_LIBS=$(LIBCURL_LIBS) ++libremotebackend_la_LIBADD=$(LIBCURL_LIBS) + + TESTS_ENVIRONMENT = env BOOST_TEST_LOG_LEVEL=message REMOTEBACKEND_HTTP=$(REMOTEBACKEND_HTTP) ./testrunner.sh + TESTS=test_remotebackend_pipe test_remotebackend_http test_remotebackend_post test_remotebackend_json diff --git a/net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch b/net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch new file mode 100644 index 000000000000..032cfd028461 --- /dev/null +++ b/net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch @@ -0,0 +1,77 @@ +--- /dev/shm/portage/net-dns/pdns-3.3/work/pdns-3.3/pdns/polarrsakeyinfra.cc 2013-04-26 21:54:34.000000000 +0200 ++++ pdns/pdns/polarrsakeyinfra.cc 2013-12-16 15:08:59.476418683 +0100 +@@ -1,20 +1,8 @@ +-#ifdef HAVE_LIBPOLARSSLSSL + #include <polarssl/rsa.h> + #include <polarssl/base64.h> +-#include <polarssl/sha1.h> +-#include <polarssl/sha2.h> +-#include <polarssl/sha4.h> ++#include <sha.hh> + #include <polarssl/entropy.h> + #include <polarssl/ctr_drbg.h> +-#else +-#include "ext/polarssl-1.1.2/include/polarssl/rsa.h" +-#include "ext/polarssl-1.1.2/include/polarssl/base64.h" +-#include "ext/polarssl-1.1.2/include/polarssl/sha1.h" +-#include "ext/polarssl-1.1.2/include/polarssl/sha2.h" +-#include "ext/polarssl-1.1.2/include/polarssl/sha4.h" +-#include "ext/polarssl-1.1.2/include/polarssl/entropy.h" +-#include "ext/polarssl-1.1.2/include/polarssl/ctr_drbg.h" +-#endif + #include <boost/assign/std/vector.hpp> // for 'operator+=()' + #include <boost/foreach.hpp> + #include "dnssecinfra.hh" +@@ -147,7 +135,8 @@ + { + string hash = this->hash(msg); + unsigned char signature[mpi_size(&d_context.N)]; +- int hashKind; ++ md_type_t hashKind; ++ + if(hash.size()==20) + hashKind= SIG_RSA_SHA1; + else if(hash.size()==32) +@@ -169,7 +158,7 @@ + + bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const + { +- int hashKind; ++ md_type_t hashKind; + string hash=this->hash(msg); + if(hash.size()==20) + hashKind= SIG_RSA_SHA1; +@@ -178,7 +167,11 @@ + else + hashKind = SIG_RSA_SHA512; + +- int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context), RSA_PUBLIC, ++ int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context), ++#if POLARSSL_VERSION_NUMBER >= 0x01020900 ++ NULL, NULL, ++#endif ++ RSA_PUBLIC, + hashKind, + hash.size(), + (const unsigned char*) hash.c_str(), (unsigned char*) signature.c_str()); +@@ -195,12 +188,20 @@ + } + else if(d_algorithm == 8) { // RSASHA256 + unsigned char hash[32]; ++#if POLARSSL_VERSION_NUMBER >= 0x01030000 ++ sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); ++#else + sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); ++#endif + return string((char*)hash, sizeof(hash)); + } + else if(d_algorithm == 10) { // RSASHA512 + unsigned char hash[64]; ++#if POLARSSL_VERSION_NUMBER >= 0x01030000 ++ sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); ++#else + sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); ++#endif + return string((char*)hash, sizeof(hash)); + } + throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm)); diff --git a/net-dns/pdns/files/pdns-3.3-lib_lua.patch b/net-dns/pdns/files/pdns-3.3-lib_lua.patch new file mode 100644 index 000000000000..916ae26c911a --- /dev/null +++ b/net-dns/pdns/files/pdns-3.3-lib_lua.patch @@ -0,0 +1,16 @@ +--- a/modules/luabackend/Makefile.am 2013-12-10 11:57:48.597065748 +0100 ++++ b/modules/luabackend/Makefile.am 2013-12-10 12:00:05.855127730 +0100 +@@ -1,4 +1,4 @@ +-AM_CPPFLAGS=-I/usr/include/lua5.1 @THREADFLAGS@ ++AM_CPPFLAGS=$(LUA_CFLAGS) @THREADFLAGS@ + #AM_CPPFLAGS=-I/usr/local/include/luajit-2.0 -DUSE_LUAJIT @THREADFLAGS@ + EXTRA_DIST=OBJECTFILES OBJECTLIBS + +@@ -8,5 +8,6 @@ + libluabackend_la_SOURCES=luabackend.cc luabackend.hh minimal.cc reload.cc lua_functions.cc master.cc private.cc slave.cc supermaster.cc dnssec.cc \ + lua_functions.hh + +-libluabackend_la_LDFLAGS=-module -avoid-version -llua5.1 ++libluabackend_la_LDFLAGS=-module -avoid-version ++libluabackend_la_LIBADD=$(LUA_LIBS) + #-lluajit-5.1 diff --git a/net-dns/pdns/files/pdns-3.3_sha.hh b/net-dns/pdns/files/pdns-3.3_sha.hh new file mode 100644 index 000000000000..f90e8cb3e720 --- /dev/null +++ b/net-dns/pdns/files/pdns-3.3_sha.hh @@ -0,0 +1,134 @@ +#ifndef _SHA_HH +#define _SHA_HH + +#include <string> +#include <stdint.h> +#include <polarssl/version.h> +#if POLARSSL_VERSION_NUMBER >= 0x01030000 + #include <polarssl/sha1.h> + #include <polarssl/sha256.h> + #include <polarssl/sha512.h> + typedef sha256_context sha2_context; + typedef sha512_context sha4_context; + #define sha2_finish sha256_finish + #define sha2_hmac_finish sha256_hmac_finish + #define sha2_hmac_starts sha256_hmac_starts + #define sha2_hmac_update sha256_hmac_update + #define sha2_starts sha256_starts + #define sha2_update sha256_update + #define sha4_finish sha512_finish + #define sha4_hmac_finish sha512_hmac_finish + #define sha4_hmac_starts sha512_hmac_starts + #define sha4_hmac_update sha512_hmac_update + #define sha4_starts sha512_starts + #define sha4_update sha512_update + #define POLARSSL_SHA2_C POLARSSL_SHA256_C + #define POLARSSL_SHA4_C POLARSSL_SHA512_C + #define SIG_RSA_SHA1 POLARSSL_MD_SHA1 + #define SIG_RSA_SHA224 POLARSSL_MD_SHA224 + #define SIG_RSA_SHA256 POLARSSL_MD_SHA256 + #define SIG_RSA_SHA384 POLARSSL_MD_SHA384 + #define SIG_RSA_SHA512 POLARSSL_MD_SHA512 +#else + #include <polarssl/sha1.h> + #include <polarssl/sha2.h> + #include <polarssl/sha4.h> + typedef int md_type_t; +#endif + +class SHA1Summer +{ +public: + SHA1Summer() { sha1_starts(&d_context); }; + void feed(const std::string &str) { feed(str.c_str(), str.length()); }; + void feed(const char *ptr, size_t len) { sha1_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); }; + const std::string get() const { + sha1_context ctx2; + unsigned char result[20] = {0}; + ctx2=d_context; + sha1_finish(&ctx2, result); + return std::string(result, result + sizeof result); + }; +private: + SHA1Summer(const SHA1Summer&); + SHA1Summer& operator=(const SHA1Summer&); + sha1_context d_context; +}; + +class SHA224Summer +{ +public: + SHA224Summer() { sha2_starts(&d_context, 1); }; + void feed(const std::string &str) { feed(str.c_str(), str.length()); }; + void feed(const char *ptr, size_t len) { sha2_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); }; + const std::string get() const { + sha2_context ctx2; + unsigned char result[32] = {0}; + ctx2=d_context; + sha2_finish(&ctx2, result); + return std::string(result, result + 28); + }; +private: + SHA224Summer(const SHA1Summer&); + SHA224Summer& operator=(const SHA1Summer&); + sha2_context d_context; +}; + +class SHA256Summer +{ +public: + SHA256Summer() { sha2_starts(&d_context, 0); }; + void feed(const std::string &str) { feed(str.c_str(), str.length()); }; + void feed(const char *ptr, size_t len) { sha2_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); }; + const std::string get() const { + sha2_context ctx2; + unsigned char result[32] = {0}; + ctx2=d_context; + sha2_finish(&ctx2, result); + return std::string(result, result + 32); + }; +private: + SHA256Summer(const SHA1Summer&); + SHA256Summer& operator=(const SHA1Summer&); + sha2_context d_context; +}; + +class SHA384Summer +{ +public: + SHA384Summer() { sha4_starts(&d_context, 1); }; + void feed(const std::string &str) { feed(str.c_str(), str.length()); }; + void feed(const char *ptr, size_t len) { sha4_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); }; + const std::string get() const { + sha4_context ctx2; + unsigned char result[64] = {0}; + ctx2 = d_context; + sha4_finish(&ctx2, result); + return std::string(result, result + 48); + }; +private: + SHA384Summer(const SHA1Summer&); + SHA384Summer& operator=(const SHA1Summer&); + sha4_context d_context; +}; + +class SHA512Summer +{ +public: + SHA512Summer() { sha4_starts(&d_context, 0); }; + void feed(const std::string &str) { feed(str.c_str(), str.length()); }; + void feed(const char *ptr, size_t len) { sha4_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); }; + const std::string get() const { + sha4_context ctx2; + unsigned char result[64] = {0}; + ctx2=d_context; + sha4_finish(&ctx2, result); + return std::string(result, result + sizeof result); + }; +private: + SHA512Summer(const SHA1Summer&); + SHA512Summer& operator=(const SHA1Summer&); + sha4_context d_context; +}; + +#endif /* sha.hh */ diff --git a/net-dns/pdns/pdns-3.3.ebuild b/net-dns/pdns/pdns-3.3.ebuild new file mode 100644 index 000000000000..e13cac88aa6d --- /dev/null +++ b/net-dns/pdns/pdns-3.3.ebuild @@ -0,0 +1,187 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/pdns-3.3.ebuild,v 1.1 2013/12/16 14:56:40 ultrabug Exp $ + +EAPI=5 + +inherit autotools eutils multilib systemd user toolchain-funcs + +DESCRIPTION="The PowerDNS Daemon" +HOMEPAGE="http://www.powerdns.com/" +SRC_URI="http://downloads.powerdns.com/releases/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +# other possible flags: +# db2: we lack the dep +# oracle: dito (need Oracle Client Libraries) +# xdb: (almost) dead, surely not supported + +IUSE="botan cryptopp debug doc ldap lua mydns mysql odbc opendbx postgres remote +remote-http sqlite static tinydns" + +REQUIRED_USE="mydns? ( mysql )" + +RDEPEND="!static? ( + net-libs/polarssl + >=dev-libs/boost-1.34:= + botan? ( =dev-libs/botan-1.10* ) + cryptopp? ( dev-libs/crypto++ ) + lua? ( dev-lang/lua ) + mysql? ( virtual/mysql ) + postgres? ( dev-db/postgresql-base:= ) + ldap? ( >=net-nds/openldap-2.0.27-r4 ) + sqlite? ( dev-db/sqlite:3 ) + odbc? ( dev-db/unixODBC ) + opendbx? ( dev-db/opendbx ) + remote-http? ( net-misc/curl ) + tinydns? ( dev-db/cdb ) )" +DEPEND="${RDEPEND} + virtual/pkgconfig + static? ( + net-libs/polarssl[static-libs(+)] + >=dev-libs/boost-1.34[static-libs(+)] + botan? ( =dev-libs/botan-1.10*[static-libs(+)] ) + cryptopp? ( dev-libs/crypto++[static-libs(+)] ) + lua? ( dev-lang/lua[static-libs(+)] ) + mysql? ( virtual/mysql[static-libs(+)] ) + postgres? ( dev-db/postgresql-base[static-libs(+)] ) + ldap? ( >=net-nds/openldap-2.0.27-r4[static-libs(+)] ) + sqlite? ( dev-db/sqlite:3[static-libs(+)] ) + odbc? ( dev-db/unixODBC[static-libs(+)] ) + opendbx? ( dev-db/opendbx[static-libs(+)] ) + remote-http? ( net-misc/curl[static-libs(+)] ) + tinydns? ( dev-db/cdb ) ) + doc? ( app-doc/doxygen )" + +src_prepare() { + #TODO: kill me, I'm dirty @ultrabug + cp "${FILESDIR}/${P}_sha.hh" pdns/sha.hh + epatch \ + "${FILESDIR}/${P}-fix-polarssl_1.3.0.patch" \ + "${FILESDIR}/${P}-fix-autoconf.patch" \ + "${FILESDIR}/${P}-fix-conditional-polarssl.patch" \ + "${FILESDIR}/${P}-fix-curl-link.patch" \ + "${FILESDIR}/${P}-lib_lua.patch" + eautoreconf +} + +src_configure() { + local dynmodules="pipe geo" # the default backends, always enabled + local modules="" + + #use db2 && dynmodules+=" db2" + use ldap && dynmodules+=" ldap" + use lua && dynmodules+=" lua" + use mydns && dynmodules+=" mydns" + use mysql && dynmodules+=" gmysql" + use odbc && dynmodules+=" godbc" + use opendbx && dynmodules+=" opendbx" + #use oracle && dynmodules+=" goracle oracle" + use postgres && dynmodules+=" gpgsql" + use remote && dynmodules+=" remote" + use sqlite && dynmodules+=" gsqlite3" + use tinydns && dynmodules+=" tinydns" + #use xdb && dynmodules+=" xdb" + + if use static ; then + modules="${dynmodules}" + dynmodules="" + fi + + use botan && myconf+=" --enable-botan1.10" + use cryptopp && myconf+=" --enable-cryptopp" + use debug && myconf+=" --enable-verbose-logging" + use remote-http && myconf+=" --enable-remotebackend-http" + + econf \ + --with-system-polarssl \ + --disable-static \ + --sysconfdir=/etc/powerdns \ + --libdir=/usr/$(get_libdir)/powerdns \ + --with-modules="${modules}" \ + --with-dynmodules="${dynmodules}" \ + --with-pgsql-includes=/usr/include \ + --with-pgsql-lib=/usr/$(get_libdir) \ + --with-mysql-lib=/usr/$(get_libdir) \ + $(use_with lua) \ + $(use_enable static static-binaries) \ + ${myconf} +} + +src_compile() { + default + use doc && emake -C codedocs codedocs +} + +src_install () { + default + + mv "${D}"/etc/powerdns/pdns.conf{-dist,} + + fperms 0700 /etc/powerdns + fperms 0600 /etc/powerdns/pdns.conf + + # set defaults: setuid=pdns, setgid=pdns + sed -i \ + -e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \ + "${D}"/etc/powerdns/pdns.conf + + doinitd "${FILESDIR}"/pdns + systemd_newunit contrib/systemd-pdns.service pdns.service + + keepdir /var/empty + + use doc && dohtml -r codedocs/html/. + + # Install development headers + insinto /usr/include/pdns + doins pdns/*.hh + insinto /usr/include/pdns/backends/gsql + doins pdns/backends/gsql/*.hh + + if use ldap ; then + insinto /etc/openldap/schema + doins "${FILESDIR}"/dnsdomain2.schema + fi + + prune_libtool_files --all +} + +pkg_preinst() { + enewgroup pdns + enewuser pdns -1 -1 /var/empty pdns +} + +pkg_postinst() { + elog "PowerDNS provides multiple instances support. You can create more instances" + elog "by symlinking the pdns init script to another name." + elog + elog "The name must be in the format pdns.<suffix> and PowerDNS will use the" + elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default." + + if use ldap ; then + ewarn "The official LDAP backend module is only compile-tested by upstream." + ewarn "Try net-dns/pdns-ldap-backend if you have problems with it." + fi + + local fix_perms=0 + + for rv in ${REPLACING_VERSIONS} ; do + version_compare ${rv} 3.2 + [[ $? -eq 1 ]] && fix_perms=1 + done + + if [[ $fix_perms -eq 1 ]] ; then + ewarn "To fix a security bug (bug #458018) had the following" + ewarn "files/directories the world-readable bit removed (if set):" + ewarn " ${EPREFIX}/etc/pdns" + ewarn " ${EPREFIX}/etc/pdns/pdns.conf" + ewarn "Check if this is correct for your setup" + ewarn "This is a one-time change and will not happen on subsequent updates." + chmod o-rwx "${EPREFIX}"/etc/pdns/{,pdns.conf} + fi + +} |