Credns is a software program aimed at fortifying DNSSEC by performing

validation in the DNS notify/transfer-chain.

WWW:	http://www.nlnetlabs.nl/projects/credns/

PR:		ports/169732
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>

9 files changed, 206 insertions, 0 deletions

diff --git a/dns/Makefile b/dns/Makefile
index 256b444f8dbd..33924b8d55bf 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -16,6 +16,7 @@
     SUBDIR += bindgraph
     SUBDIR += c-ares
     SUBDIR += checkdns
+    SUBDIR += credns
     SUBDIR += crossip
     SUBDIR += curvedns
     SUBDIR += ddclient
diff --git a/dns/credns/Makefile b/dns/credns/Makefile
new file mode 100644
index 000000000000..1d270d2f7c53
--- /dev/null
+++ b/dns/credns/Makefile
@@ -0,0 +1,87 @@
+# New ports collection makefile for:	credns
+# Date created:	9 July 2012
+# Whom:		jaap
+#
+# $FreeBSD$
+#
+
+PORTNAME=	credns
+PORTVERSION=	0.2.10
+CATEGORIES=	dns security
+MASTER_SITES=	http://www.nlnetlabs.nl/downloads/credns/
+
+MAINTAINER=	jaap@NLnetLab.nl
+COMMENT=	A verifier performing validation in the DNS notify/transfer-chain
+
+USE_RC_SUBR=	credns
+
+CREDNSUSER?=	bind
+CREDNSGROUP?=	bind
+CREDNSLSDIR=	/var
+CREDNSDBDIR=	/var/db/nsd
+CREDNSRUNDIR=	/var/run/nsd
+NSDMAX_IPS?=	512
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-user=${CREDNSUSER} \
+		--localstatedir=${CREDNSLSDIR} \
+		--with-dbfile=${CREDNSDBDIR}/nsd.db \
+		--with-pidfile=${CREDNSRUNDIR}/nsd.pid
+
+SUB_FILES=	pkg-install pkg-deinstall
+SUB_LIST+=	CREDNSUSER=${CREDNSUSER} \
+		CREDNSGROUP=${CREDNSGROUP} \
+		CREDNSDBDIR=${CREDNSDBDIR} \
+		CREDNSRUNDIR=${CREDNSRUNDIR}
+
+USE_OPENSSL=	yes
+
+MAN5=		credns.conf.5
+MAN8=		credns-notify.8 credns-checkconf.8 credns-patch.8 \
+		credns-xfer.8 credns.8 crednsc.8
+
+PORTDOCS=	CREDITS ChangeLog LICENSE NSD-DATABASE NSD-DIFFFILE \
+		NSD-CREDNS-MODS NSD-FOR-BIND-USERS NSD-README README \
+		README.icc README.svn RELNOTES REQUIREMENTS TESTPLAN \
+		TODO UPGRADING coding-style differences.pdf differences.tex
+
+OPTIONS=	ROOT_SERVER	"Dnssexy as proxy for a (local) root" Off \
+		IPV6		"Enable IPv6 support" On \
+		CHECKING	"Enable internal runtime checks" Off \
+		MMAP		"Use mmap instead of malloc(experimental)" Off \
+		MAXIPS		"Raise max-ips from 8 to ${NSDMAX_IPS}" Off
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_ROOT_SERVER)
+CONFIGURE_ARGS+=	--enable-root-server
+.endif
+
+.if defined(WITHOUT_IPV6)
+CONFIGURE_ARGS+=	--disable-ipv6
+.endif
+
+.if defined(WITH_CHECKING)
+CONFIGURE_ARGS+=	--enable-checking
+.endif
+
+.if defined(WITH_MMAP)
+CONFIGURE_ARGS+=	--enable-mmap
+.endif
+
+.if defined(WITH_MAXIPS)
+CONFIGURE_ARGS+=	--with-max-ips=${NSDMAX_IPS}
+.endif
+
+post-install:
+	${INSTALL_DATA} ${WRKSRC}/credns.conf.sample \
+		${PREFIX}/etc/credns/credns.conf.sample
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.for f in ${PORTDOCS}
+	${INSTALL_DATA} ${WRKSRC}/doc/${f} ${DOCSDIR}/${f}
+.endfor
+.endif
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+
+.include <bsd.port.post.mk>
diff --git a/dns/credns/distinfo b/dns/credns/distinfo
new file mode 100644
index 000000000000..a5e0c1bead26
--- /dev/null
+++ b/dns/credns/distinfo
@@ -0,0 +1,2 @@
+SHA256 (credns-0.2.10.tar.gz) = f9bceafbeb447673de18afec52d29b7d2d30f811b52c141592c7658f8a4444cb
+SIZE (credns-0.2.10.tar.gz) = 957981
diff --git a/dns/credns/files/credns.in b/dns/credns/files/credns.in
new file mode 100644
index 000000000000..9f2d9c15ae04
--- /dev/null
+++ b/dns/credns/files/credns.in
@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: credns
+# REQUIRE: DAEMON
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable credns
+#
+# credns_enable="YES"
+#
+
+. /etc/rc.subr
+
+name=credns
+rcvar=credns_enable
+
+required_files=%%PREFIX%%/etc/credns/credns.conf
+
+command=%%PREFIX%%/sbin/crednsc
+command_args="start"
+pidfile=`%%PREFIX%%/sbin/credns-checkconf -o pidfile %%PREFIX%%/etc/credns/credns.conf`
+procname=%%PREFIX%%/sbin/${name}
+
+load_rc_config ${name}
+
+credns_enable=${credns_enable-"NO"}
+
+extra_commands="reload"
+start_precmd="credns_precmd"
+reload_cmd="credns_reload"
+stop_cmd="credns_stop"
+
+credns_precmd()
+{
+	db=`%%PREFIX%%/sbin/credns-checkconf -o database %%PREFIX%%/etc/credns/credns.conf`
+	if [ ! -f "$db" ]; then
+		${command} rebuild
+	fi
+}
+
+credns_reload()
+{
+	${command} rebuild && ${command} reload
+}
+
+credns_stop()
+{
+	echo "Merging credns zone transfer changes to zone files."
+	${command} patch
+
+	echo "Stopping ${name}."
+	${command} stop
+}
+
+run_rc_command "$1"
+
diff --git a/dns/credns/files/pkg-deinstall.in b/dns/credns/files/pkg-deinstall.in
new file mode 100644
index 000000000000..551e1e6e3bfb
--- /dev/null
+++ b/dns/credns/files/pkg-deinstall.in
@@ -0,0 +1,16 @@
+#!/bin/sh
+# $FreeBSD$
+
+PATH="/bin:/sbin:/usr/bin:/usr/sbin"
+
+CREDNSDBDIR=%%CREDNSDBDIR%%
+CREDNSRUNDIR=%%CREDNSRUNDIR%%
+
+if [ "$2" = "POST-DEINSTALL" ]; then
+	echo "=> Deleting ${CREDNSDBDIR} if empty..."
+	rm -d ${CREDNSDBDIR}  2>/dev/null || true
+	echo "=> Deleting ${CREDNSRUNDIR} if empty..."
+	rm -d ${CREDNSRUNDIR} 2>/dev/null || true
+fi
+
+exit 0
diff --git a/dns/credns/files/pkg-install.in b/dns/credns/files/pkg-install.in
new file mode 100644
index 000000000000..753f17ed7543
--- /dev/null
+++ b/dns/credns/files/pkg-install.in
@@ -0,0 +1,19 @@
+#!/bin/sh
+# $FreeBSD: ports/dns/nsd/files/pkg-install.in,v 1.1 2010/02/11 19:37:10 pgollucci Exp $
+
+PATH="/bin:/sbin:/usr/bin:/usr/sbin"
+
+CREDNSUSER=%%CREDNSUSER%%
+CREDNSGROUP=%%CREDNSGROUP%%
+CREDNSDBDIR=%%CREDNSDBDIR%%
+CREDNSRUNDIR=%%CREDNSRUNDIR%%
+
+CHOWN="chown"
+INSTALL_DIR="install -d -o ${CREDNSUSER} -g ${CREDNSGROUP} -m 0755"
+
+if [ "$2" = "POST-INSTALL" ]; then
+	${INSTALL_DIR} ${CREDNSDBDIR} ${CREDNSRUNDIR}
+	${CHOWN} -R ${CREDNSUSER}:${CREDNSGROUP} ${CREDNSDBDIR} ${CREDNSRUNDIR}
+fi
+
+exit 0
diff --git a/dns/credns/pkg-descr b/dns/credns/pkg-descr
new file mode 100644
index 000000000000..779972d1743e
--- /dev/null
+++ b/dns/credns/pkg-descr
@@ -0,0 +1,4 @@
+Credns is a software program aimed at fortifying DNSSEC by performing
+validation in the DNS notify/transfer-chain.
+
+WWW:	http://www.nlnetlabs.nl/projects/credns/
diff --git a/dns/credns/pkg-message b/dns/credns/pkg-message
new file mode 100644
index 000000000000..8f63a4185dd7
--- /dev/null
+++ b/dns/credns/pkg-message
@@ -0,0 +1,10 @@
+**************************************************************************
+*                                                                        *
+*   To run credns from startup, add credns_enable="YES"                  *
+*   to your /etc/rc.conf                                                 *
+*                                                                        *
+*   Take good care when using credns commands, since they often need to  *
+*   be executed as user dedicated to credns, in order for the files it   *
+*   touches or creates to have the proper permissions.                   *
+*                                                                        *
+**************************************************************************
diff --git a/dns/credns/pkg-plist b/dns/credns/pkg-plist
new file mode 100644
index 000000000000..3cd214debb5e
--- /dev/null
+++ b/dns/credns/pkg-plist
@@ -0,0 +1,8 @@
+sbin/credns
+sbin/credns-checkconf
+sbin/credns-notify
+sbin/credns-patch
+sbin/credns-xfer
+sbin/crednsc
+etc/credns/credns.conf.sample
+@dirrmtry etc/credns