net-dns/knot: missing dep + mips compatibility + enhanced security with systemd

Add dev-python/lmdb, thanks to Karl-Johan Karlson for the report
	Enhance security with systemd service file thanks to hexum
	Integrate MIPS compatibility patch, upstreamed: 5cf2d1acf8
	Also fix QA issue with /var/run/knot created by make install

Gentoo-Bug: #606644
Gentoo-Bug: #623252

net-dns/knot/Manifest

@@ -1,14 +1,11 @@
 AUX 1.6.3-dont-create-extra-directories.patch 499 SHA256 9c8a18a56117830b9b9c50d95503928a08450cb8864d93cb72be98f532711a82 SHA512 69def6e4c5282dfaa070c41275ec6cdeccccf90c96ccb6c570e410ac3fba6cdf569468c9bdbcb3604de0c1c128d51d28846f5daa0f411a0c62d1fd2e5093795f WHIRLPOOL ccfdb194a1c0622939acf206ecd3e1dc0b33b03fb0a899364f15f1b920b08bdfab918f20f812da08c504fc9c98d132080272c7e249abf44c75a0d2da13d25cbb
 AUX 2.0.2-dont-create-extra-directories.patch 595 SHA256 27e9e307dfca4a534efca368689d5bf8738d7019991a064f3d9e4f32ca6331c6 SHA512 942a063102fe0d5273b1727432111798375a0cc3f9131e85184226a7de194c5bcfa96c64f3440dfcee3949ac8ecd9afd67ac75b5b47a677e09ad6e50db8bb083 WHIRLPOOL 1bf8403474b7e950b2a519d3f0122166dd290627a45e728afd9439f2a6bcc181df81b65a390a61a7a69b523d4a2294fcad834608f4cbe7a72499e620686076ec
+AUX 2.5.3-link-with-libatomic.patch 3837 SHA256 a615313865f527af1ef3e1fe8aaf272b77d80b3c33a2500edf7330cffd28f422 SHA512 8e3eac0cce77971a5c2357cc9fc8729f072363fcd160f5dec8ceb1b4b5ed938826bcfbabc7b78f81f21ff4b95aa38dcfc887470242589dd7684e79820a83a01a WHIRLPOOL 82216a015131ee04f21581b5e86afff1b40d44f4fac1f4898d2e0503f39cf81fd88c2a2e34a2da8b2ff98df48f5c717ee32ebcec2b932141d9120a1a90432284
+AUX knot-1.service 337 SHA256 5140fd96b54c3ecf79e9f386ce27159fa5c9d85c60fea11eb3d46a1b98e17b1d SHA512 58c4186e57ebd00b86dae34d5d208ed8801c0376da40cccb23b3d4542a7ee04a1003a12a4b89347b76a384b50eae4a61f96164bf22ec987ce05b1c65691659e7 WHIRLPOOL 03d9fd28f19d7c4a5a17fce6944560e01a4f95dc67a6a6385900f407c638b13c6f2908c619e652a7cfa08cea823bccc39de7cd939c152811a05240b14751192c
 AUX knot.init 861 SHA256 ec5c5aef42aaf7b0e47be6ea7dd94abdb38605f6e64b251184e381e2d490daf3 SHA512 e5faa96cbee618e9042bdfd0628f06c4bc4d23c7295521771e16f6eae715835a240799e8425317b03b1ea162966defb5d6b6592139cb1d9d61b47a24961ec9b9 WHIRLPOOL 5c102cf9ca93757a98be1e41f04027b6072b27e3e5e55d24c26040c94bcf6ac96cf5684ba639d3c65f9f46745a50981ac28a40bd50d432f04f83c5f84217ab60
 AUX knot.service 275 SHA256 3b091f61652f7d91189659e1d297e5ead76c79f4b0515c9eb4c7f054894e6810 SHA512 37c4700320a2781aa93ca92bc2634c3e080c87337b7d632d0e2fa23f6e2e8fa1985d1d8e2516fed02b612da4d340472d5f8d0ae37c5b323ac17bbd61ca243a86 WHIRLPOOL 39623f669bf141e785b630cd5caa71f47e67d6aa923cbfda074a4644faf83f05214484d133618a2c3731342f5bb44ef942d7559f36e7e2cade3c2318e8461dcb
-AUX knot.service-r1 337 SHA256 5140fd96b54c3ecf79e9f386ce27159fa5c9d85c60fea11eb3d46a1b98e17b1d SHA512 58c4186e57ebd00b86dae34d5d208ed8801c0376da40cccb23b3d4542a7ee04a1003a12a4b89347b76a384b50eae4a61f96164bf22ec987ce05b1c65691659e7 WHIRLPOOL 03d9fd28f19d7c4a5a17fce6944560e01a4f95dc67a6a6385900f407c638b13c6f2908c619e652a7cfa08cea823bccc39de7cd939c152811a05240b14751192c
-DIST knot-1.6.8.tar.xz 806748 SHA256 8d95dfd359fb187289d7d085e217d8fabb6022135d358134ed4165418a269237 SHA512 ee205a0813729bea712b0ac550209538382a2f0a7698607c3baa045a345f08e118e1b927116ad00fa58939051db70a6b21e154259276f3647acc80edf043efc8 WHIRLPOOL ed33ebdf99ba402b18550a880fb10e24f428108e297cb007d48ebbc0eea3f2e803034fe72052989e2eeb22859e3d47a5f93303b363bb50daddec868fd030e1a4
-DIST knot-2.3.3.tar.xz 1071160 SHA256 a929bce3b957a81776b1db7b43b0e4473339bf16be8dbba5abb4b0593bf43c94 SHA512 ed7b93c2d0ae15819d09a8bf77c2d12505a035dcd7777e9ac453b58c36d302c3cbaa2766e1f6d2163a71234d005494a7d9b5be436c0e16b443de4da97f7a5d9f WHIRLPOOL 4bdf92d537d90e2ad412bb0619a7b4b8f0752c9dc981b3522beece19514f22d88db083e59c0f833d9492b0a1f8d347e008350d108d4c7337c9ee748d007bbde7
-DIST knot-2.4.1.tar.xz 1104576 SHA256 c064ddf99bf5fc24dd3c6a3a523394760357e204c8b69f0e691e49bc0d9b704c SHA512 2b3e6c1a187538b218e3e915aaa91bc38ad4cdecb0f03f31b29bfa83c620d117c169a580ddcc8a33e6422109b422c72f3cf79f2a8d1e10e613edfe4437b4b29c WHIRLPOOL 538b8433efced9afe57d3d34216d3a4981a4c637e813b1601ca360f9eb8c7c903051ca5dbff3248b138129e80388a673e9177b8340e1e465b737686d4d2528e8
 DIST knot-2.4.2.tar.xz 1109156 SHA256 37da7fcf1f194bd6376c63d8c4fa28a21899b56a3f3b63dba7095740a5752c52 SHA512 8e3f6ea1cf951f090977d26ed555a8e228416e2b7c7f86eae1b5d744099203effb1df6c664076547ef3e820fe8af15b370651edbf8b846b3c0707f4cd2faa4f2 WHIRLPOOL 34358644fa20dbe60ec77ac0fb2915810b03b949a5cfc014b1be1a2d212fcf3f2c5a22ca00a48eed2879a4a2014362501a8261704ce27ae334cb1ff2fd7b0174
-EBUILD knot-1.6.8.ebuild 1782 SHA256 c7a47d5c0cf7400007d3827ad7283b82d8db1907c8eb70cd058a61c2faf5a3f3 SHA512 adb625746a03d8e450723c09638b21f7c4d85c294c44ce86a2c11acba08c84516c5c03165ac22ff81eb26368d1899f7310efa4a8d47337a4e2c023e76168678d WHIRLPOOL 74c2ea9bfb10bb195455b4f710f6550e679cc461a4df6a5612aa8c34d6a6ac24324925a6fd493be51e8f57cc712516fefaad06ba9fd64769110c66aa6ea5e43b
-EBUILD knot-2.3.3.ebuild 1618 SHA256 a910f934db21fd2d27b21708bb89d5de6e474911fa8e150e18f4090d3cc80f5a SHA512 f38788b4dacfce82fc1e7b604894dd6d3f2d3e9394f505bc59f193c8314a9922470f621caa9189777d7b99881b98f4243ac563384b5bc5e3eb8efc4c76408d2f WHIRLPOOL cb7efd00b14c966b09e4d01d6f1fa3622ed2b3a35e2585f82db03adde963c064684103e3e479a276de8a970b6e84f20aa4305ec57d4eaeac31cf274e10977fec
-EBUILD knot-2.4.1.ebuild 1618 SHA256 81f2d9681c97388cca53c0057142dacb358954c7255b59bc40fb631ac2d0190b SHA512 5f1eceed172d496201d3e9ca16baaab08cdce64f4cd6869ba2de727fefcafcdabedc0a1abee93335bde77b28c8f29049d9202e5053405a588702c06ee5b25cce WHIRLPOOL 2c8f81a28d5e2d3369e8ebc9ff8fc4c879ce23330d16fe1d5fa2d60c455989a01075b69befd6b413b5f33ee053c83041bc96f23b070ab10b269516c1a273a212
+DIST knot-2.5.3.tar.xz 1073372 SHA256 d78ae231a68ace264f5738c8e57481923bcad7413f3f440c06fa6cc0aded9d8e SHA512 c93bfdd42c3f1e5b74de7a5bb46841bee75d5153b4c72eb876f11e193a290484620ea8f877bd039c40fc665a9d5d07905a712e8e085c3267da5db5208aa71f08 WHIRLPOOL c6fa2cd7dde2cd0ee54a7fc68fdd441d6af03777c788adaf2534bc944a0a5f8f0445b2cc1f80502c905e1f55baf0f65db37b66a097e46ec9fa0c960767398278
 EBUILD knot-2.4.2.ebuild 1526 SHA256 6eddabf0cd0a65752e9d34284e0efd79b1933ca429f3044b8cf61edaea4b8a59 SHA512 611df211d6cbf85ee1da5f451f6ecad1666dc2939941bd8f689367125c1ca84e39e6cd809373b81043b3969b11b748f0b56d28dd40e48506f0c1f76133008323 WHIRLPOOL 29efd8fa9919c6ed2ce7f9ed65a17dddf5346b3d9d4752b777cf07d3ae53d147d9f7843ec7d6b4e5516f0939a90dd6cda29df97950f8380259683f396914fe7a
-MISC metadata.xml 700 SHA256 599e5d85b3f41649b1e19eec905262ba5fe19033f1cd42f57e2eaac7711b12b5 SHA512 1f036b49916a21225d3879dbb57863c2726d6ce06eaf1fabd068341c9666da735a06f8a3664250f4eb2c04ddfb948fa0510cb95e9d249dd0f67ff36ed898bc31 WHIRLPOOL 1c27ccecb4a00bb44eff00be16de2c21be4b7811dccba6a7a674a0ce976f8f2d70ee882dfc016b87f1989c9e432e801e20327bccf1ee592fd59ce4ce974f705a
+EBUILD knot-2.5.3-r1.ebuild 1860 SHA256 d3f7c1246430b043976f3233b34ca8ab5f462861b53c73124c89975ee83f7e07 SHA512 dfa857d95e89c5c81eeaf3bff5b4e9a55a1b372e97cd01ef5158212664a23e585a2a6a7a1228214c4522ebc363c196f768eef675e8d23281efd7da3c3dc297f1 WHIRLPOOL e81ad53c9cf09dc6bb5ef8be3099ffafde797b6aee166a53cce38832caa327db648b78a8d93d9d90014942a203ea0f3c64556d745915c0f929303aa844bf0c1b
+MISC metadata.xml 722 SHA256 b83d23fd04e358b42b1f5af545752931e83fa5b8e93ea12dc765a92ff6efe32e SHA512 885e24b980e0db1616e7e23f03e533dfa2766c87b066a3e3a130c02ea06cf1b944fc6406cc64b129b693d58de20bbdc4d52d485604d8772946d4c92047b08f54 WHIRLPOOL 3fdfe5b1a65d061d170f3f52eae65896c4813ab445c8d4dfda12b6d86bfd9abbada03617de14c49af7b0292b36b26b3dc78319cdd29de8051b321e2ca54124ba

net-dns/knot/files/2.5.3-link-with-libatomic.patch

@@ -0,0 +1,117 @@
+From 5cf2d1acf87fa0ab18375534ca210f1cabf212b3 Mon Sep 17 00:00:00 2001
+From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
+Date: Wed, 2 Aug 2017 23:16:43 +0200
+Subject: [PATCH] Link with libatomic on architectures that requires it
+
+---
+ configure.ac    | 10 +++++++++-
+ src/Makefile.am |  2 +-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2a28214..5bd1798 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -504,8 +504,16 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sched.h>]], [[cpuset_t* set = cpuset
+ AC_COMPILE_IFELSE(
+   [AC_LANG_PROGRAM([[#include <stdint.h>]],
+                    [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]])],
+-  [AC_DEFINE(HAVE_ATOMIC, 1, [Define to 1 if you have '__atomic' functions.])]
++  [AC_DEFINE(HAVE_ATOMIC, 1, [Define to 1 if you have '__atomic' functions.])
++    AC_LINK_IFELSE(
++     [AC_LANG_PROGRAM([[#include <stdint.h>]],
++                      [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]])],
++     [atomic_LIBS=""],
++     [atomic_LIBS="-latomic"]
++  )],
++  [atomic_LIBS=""]
+ )
++AC_SUBST([atomic_LIBS])
+ 
+ # Prepare CFLAG_VISIBILITY to be used where needed
+ gl_VISIBILITY()
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 948912e..bf28013 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -399,7 +399,7 @@ libknotd_la_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) $(systemd_CFLAGS) \
+                        $(liburcu_CFLAGS) -DKNOTD_MOD_STATIC
+ libknotd_la_LDFLAGS  = $(AM_LDFLAGS) -export-symbols-regex '^knotd_'
+ libknotd_la_LIBADD   = libknot.la zscanner/libzscanner.la $(systemd_LIBS) \
+-                       $(liburcu_LIBS)
++                       $(liburcu_LIBS) $(atomic_LIBS)
+ 
+ ###################
+ # Knot DNS Daemon #
+--- a/src/Makefile.in	2017-08-05 18:09:14.029882010 +0200
++++ b/src/Makefile.in	2017-08-05 18:12:43.541190937 +0200
+@@ -379,7 +379,7 @@
+ @STATIC_MODULE_dnstap_TRUE@	contrib/dnstap/libdnstap.la
+ libknotd_la_DEPENDENCIES = libknot.la zscanner/libzscanner.la \
+ 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+-	$(am__DEPENDENCIES_2)
++	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
+ am__libknotd_la_SOURCES_DIST = knot/conf/base.c knot/conf/base.h \
+ 	knot/conf/conf.c knot/conf/conf.h knot/conf/confdb.c \
+ 	knot/conf/confdb.h knot/conf/confio.c knot/conf/confio.h \
+@@ -937,6 +937,7 @@
+ am__quote = @am__quote@
+ am__tar = @am__tar@
+ am__untar = @am__untar@
++atomic_LIBS = @atomic_LIBS@
+ bindir = @bindir@
+ build = @build@
+ build_alias = @build_alias@
+@@ -1275,7 +1276,8 @@
+ 	$(am__append_11)
+ libknotd_la_LDFLAGS = $(AM_LDFLAGS) -export-symbols-regex '^knotd_'
+ libknotd_la_LIBADD = libknot.la zscanner/libzscanner.la \
+-	$(systemd_LIBS) $(liburcu_LIBS) $(am__append_12)
++	$(systemd_LIBS) $(liburcu_LIBS) $(atomic_LIBS) \
++	$(am__append_12)
+ @HAVE_DAEMON_TRUE@sbin_SCRIPTS = utils/pykeymgr/pykeymgr
+ @HAVE_DAEMON_TRUE@CLEAN_FILES = $(sbin_SCRIPTS)
+ @HAVE_DAEMON_TRUE@knotddir = $(includedir)/knot
+--- a/configure	2017-08-05 18:09:14.039882551 +0200
++++ b/configure	2017-08-05 18:12:18.779857706 +0200
+@@ -655,6 +655,7 @@
+ CODE_COVERAGE_ENABLED_TRUE
+ HAVE_VISIBILITY
+ CFLAG_VISIBILITY
++atomic_LIBS
+ libidn_LIBS
+ libidn_CFLAGS
+ libidn2_LIBS
+@@ -16347,10 +16358,32 @@
+ 
+ $as_echo "#define HAVE_ATOMIC 1" >>confdefs.h
+ 
++    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++#include <stdint.h>
++int
++main ()
++{
++uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++  atomic_LIBS=""
++else
++  atomic_LIBS="-latomic"
++
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++else
++  atomic_LIBS=""
+ 
+ fi
+ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ 
++
+ # Prepare CFLAG_VISIBILITY to be used where needed
+ 
+ 

net-dns/knot/knot-2.5.3-r1.ebuild

@@ -1,10 +1,9 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 
 EAPI=6
 
-inherit eutils user
+inherit eutils systemd user
 
 DESCRIPTION="High-performance authoritative-only DNS server"
 HOMEPAGE="http://www.knot-dns.cz/"
@@ -13,51 +12,60 @@ SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz"
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
-IUSE="debug dnstap doc caps +fastparser idn lmdb systemd"
+
+KNOT_MODULES="+dnsproxy dnstap +noudp +onlinesign rosedb +rrl +stats +synthrecord +whoami"
+IUSE="doc caps +fastparser idn systemd +utils ${KNOT_MODULES}"
 
 RDEPEND="
-	>=dev-libs/openssl-1.0.1
+	>=net-libs/gnutls-3.3:=
+	>=dev-db/lmdb-0.9.15
+	dev-python/lmdb
 	>=dev-libs/userspace-rcu-0.5.4
 	caps? ( >=sys-libs/libcap-ng-0.6.4 )
 	dnstap? (
 		dev-libs/fstrm
 		dev-libs/protobuf-c
 	)
-	idn? ( net-dns/libidn )
-	lmdb? ( dev-db/lmdb )
-	systemd? ( sys-apps/systemd )
+	idn? ( || ( net-dns/libidn >=net-dns/libidn2-2.0.0 ) )
+	dev-libs/libedit
+	systemd? ( >=sys-apps/systemd-229 )
 "
-
 DEPEND="${RDEPEND}
 	virtual/pkgconfig
-	sys-devel/flex
-	sys-devel/bison
 	doc? ( dev-python/sphinx )
 "
 
 S="${WORKDIR}/${P/_/-}"
 
-src_prepare() {
-	epatch "${FILESDIR}/1.6.3-dont-create-extra-directories.patch"
-	eapply_user
-}
+PATCHES=(
+	"${FILESDIR}/${PV}-link-with-libatomic.patch"
+)
 
 src_configure() {
+	local my_conf=""
+	for u in ${KNOT_MODULES//+/}; do
+		my_conf+="$(use_with $u module-$u) "
+	done
+
 	econf \
 		--with-storage="${EPREFIX}/var/lib/${PN}" \
 		--with-rundir="${EPREFIX}/var/run/${PN}" \
 		$(use_enable fastparser) \
-		$(use_enable debug debug server,zones,xfr,packet,rr,ns,loader,dnssec) \
-		$(use_enable debug debuglevel details) \
 		$(use_enable dnstap) \
-		$(use_enable lmdb) \
+		$(use_enable doc documentation) \
+		$(use_enable utils utilities) \
+		$(use_enable systemd) \
 		$(use_with idn libidn) \
-		$(usex systemd --enable-systemd=yes --enable-systemd=no)
+		${my_conf}
 }
 
 src_compile() {
 	default
-	use doc && emake -C doc html
+
+	if use doc; then
+		emake -C doc html
+		HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} )
+	fi
 }
 
 src_test() {
@@ -66,19 +74,16 @@ src_test() {
 
 src_install() {
 	default
+
+	rmdir "${D}/var/run/${PN}" "${D}/var/run/"
 	keepdir /var/lib/${PN}
 
-	if use doc; then
-		docinto html
-		dodoc doc/_build/html/*.html doc/_build/html/*.js
-		docinto html/_sources
-		dodoc doc/_build/html/_sources/*
-		docinto html/_static
-		dodoc doc/_build/html/_static/*
+	newinitd "${FILESDIR}/knot.init" knot
+	if use systemd; then
+		systemd_newunit "${FILESDIR}/knot-1.service" knot
 	fi
 
-	newinitd "${FILESDIR}/knot.init" knot
-	systemd_dounit "${FILESDIR}/knot.service"
+	prune_libtool_files
 }
 
 pkg_postinst() {

net-dns/knot/metadata.xml

@@ -2,27 +2,51 @@
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
-		<email>ondrej@sury.org</email>
-		<name>Ondřej Surý</name>
-	</maintainer>
-	<maintainer type="person">
-		<email>scarabeus@gentoo.org</email>
+		<email>nemunaire@nemunai.re</email>
+		<name>Pierre-Olivier Mercier</name>
 	</maintainer>
 	<maintainer type="project">
-	        <email>proxy-maint@gentoo.org</email>
-	        <name>Proxy Maintainers</name>
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
 	</maintainer>
 	<use>
-		<flag name="dnstap">Include support for the dnstap
-		binary log format (http://dnstap.info/).
+		<flag name="dnsproxy">
+			Enable the tiny DNS proxy module.
 		</flag>
-	        <flag name="fastparser">Use a zone file parser that is
-		faster, but requires more memory and CPU time to
-		compile.
+		<flag name="dnstap">
+			Include support for the dnstap binary log format
+			(http://dnstap.info/).
 		</flag>
-		<flag name="lmdb">Use the LMDB database to store
-		timers for slave zones on disk, making the timers
-		persist across server restarts.
+		<flag name="fastparser">
+			Use a zone file parser that is faster, but requires
+			more memory and CPU time to compile.
+		</flag>
+		<flag name="noudp">
+			Enable the module which can send empty truncated
+			responses to UDP queries.
+		</flag>
+		<flag name="onlinesign">
+			Enable the module that sign zones on the fly instead of
+			pre-signing zone.
+		</flag>
+		<flag name="rosedb">
+			Enable the module that staticaly override certain
+			responses.
+		</flag>
+		<flag name="rrl">
+			Enable the response rate limiting module.
+		</flag>
+		<flag name="stats">
+			Enable the server statistics module.
+		</flag>
+		<flag name="synthrecord">
+			Enable the automatic forward/reverse records module.
+		</flag>
+		<flag name="utils">
+			Install Knot utilities, such as kdig, kzonecheck, ...
+		</flag>
+		<flag name="whoami">
+			Enable the whoami response module.
 		</flag>
 	</use>
 </pkgmetadata>