Hi, you cannot drop the DNS root key because tools like dig and other software like unbound depend on it. Could you re-add that please? -Michael On Thu, 2017-02-23 at 12:51 +0100, Stefan Schantl wrote: > This commit rapidely slims down the bind package. It now only > provides the libraries and development files, which are needed > to build the isc-dhcp server and in a subpackage some very handy > utils like dig, host and some more. > > Signed-off-by: Stefan Schantl > --- >  bind/bind.nm                                       | 142 ++++----- >  bind/named.tmpfiles                                |   1 - >  bind/patches/bind-9.5-PIE.patch                    |  27 -- >  bind/patches/bind-9.5-parallel-build.patch         |  14 - >  bind/patches/bind-9.9-libidn.patch                 | 326 -------------------- > - >  ...-9.7-exportlib.patch => bind97-exportlib.patch} |   0 >  bind/patches/bind99-dont-build-bin.patch           |  13 + >  bind/trusted-key.key                               |   1 - >  8 files changed, 69 insertions(+), 455 deletions(-) >  delete mode 100644 bind/named.tmpfiles >  delete mode 100644 bind/patches/bind-9.5-PIE.patch >  delete mode 100644 bind/patches/bind-9.5-parallel-build.patch >  delete mode 100644 bind/patches/bind-9.9-libidn.patch >  rename bind/patches/{bind-9.7-exportlib.patch => bind97-exportlib.patch} > (100%) >  create mode 100644 bind/patches/bind99-dont-build-bin.patch >  delete mode 100644 bind/trusted-key.key > > diff --git a/bind/bind.nm b/bind/bind.nm > index 7b6344f..4775c14 100644 > --- a/bind/bind.nm > +++ b/bind/bind.nm > @@ -4,8 +4,8 @@ >  ############################################################################# > ## >   >  name       = bind > -version    = 9.9.6-P1 > -release    = 2 > +version    = 9.9.9-P6 > +release    = 1 >   >  groups     = Networking/Tools >  url        = http://www.isc.org/products/BIND/ > @@ -19,14 +19,10 @@ end >   >  source_dl  = ftp://ftp.isc.org/isc/bind/%{version}/ >   > -sources += \ > - %{name}-config-12.tar.bz2 > - >  build >   requires >   autoconf >   automake > - chrpath >   libcap-devel >   libidn-devel >   libtool > @@ -43,116 +39,88 @@ build >   --disable-static \ >   --disable-openssl-version-check \ >   --enable-exportlib \ > - --with-export-libdir=/%{lib}/ \ > - --with-export-includedir=/usr/include/ \ > - --includedir=/usr/include/bind9/ \ > - --with-pkcs11=%{libdir}/pkcs11/PKCS11_API.so \ > + --with-export-libdir=%{libdir}/ \ > + --with-export-includedir=%{includedir} \ > + --includedir=%{includedir}/bind9/ \ >   --with-gssapi \ >   --enable-rrl \ >   --disable-isc-spnego >   > - prepare > - cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz > - > + prepare_cmds >   # Create m4 directory. >   cd %{DIR_APP} && mkdir -pv m4 >   > - # Apply all patches. > - %{MACRO_PATCHES} > - >   # Branding. >   sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{DISTRO_NAME}- > %{version}-%{release}/' version >   >   # Regenerate build environment > - libtoolize -c -f > - aclocal -I m4 --force > - autoconf -f > + autoreconf -vfi >   > - # Create user and group for /run directory. > - %{create_user} >   end >   > - install > - # Create directory layout. > - mkdir -pv %{BUILDROOT}%{libdir}/bind > - mkdir -pv %{BUILDROOT}/var/named/{slaves,data,dynamic} > - mkdir -pv %{BUILDROOT}/usr/share/man/{man1,man5,man8} > - mkdir -pv %{BUILDROOT}/run/named > - mkdir -pv %{BUILDROOT}/var/log > - > - # Create named chroot environment. > - mkdir -pv %{BUILDROOT}/var/named/chroot/{dev,etc,var} > - mkdir -pv > %{BUILDROOT}/var/named/chroot/var/{log,named,run/named,tmp} > - mkdir -pv %{BUILDROOT}/var/named/chroot/etc/{pki/dnssec- > keys,named} > - mkdir -pv %{BUILDROOT}/var/named/chroot/usr/lib/bind > - mkdir -pv %{BUILDROOT}/var/named/chroot/dev/null > - mkdir -pv %{BUILDROOT}/var/named/chroot/dev/random > - mkdir -pv %{BUILDROOT}/var/named/chroot/dev/zero > - mkdir -pv %{BUILDROOT}/var/named/chroot/etc/localtime > + build_cmds > + # Build some typical system tools (dig, host, nslookup) > + make -C bin/dig -j %{PARALLELISMFLAGS} >   > - touch %{BUILDROOT}/var/named/chroot/etc/named.conf > - > - # Run make install > - make DESTDIR=%{BUILDROOT} install > + # Build nsupdate > + make -C bin/nsupdate -j %{PARALLELISMFLAGS} > + end >   > - # Remove RPATH from libraries. > - chrpath --delete %{BUILDROOT}/lib*/*export*.so.* > + install_cmds > + # Install typical system tools > + make -C bin/dig install DESTDIR=%{BUILDROOT} >   > - # Remove unwanted files > - rm -rvf %{BUILDROOT}/etc/bind.keys > + # Install nsupdate > + make -C bin/nsupdate install DESTDIR=%{BUILDROOT} >   > - # Create ghost config files > - touch %{BUILDROOT}/var/log/named.log > + # Install isc/errno2result.h header > + install -m 644 lib/isc/unix/errno2result.h > %{BUILDROOT}%{includedir}/isc >   > - # Configuration files > - tar -C %{BUILDROOT} -xaf %{DIR_DL}/bind-config-12.tar.bz2 > - touch %{BUILDROOT}/etc/rndc.key > - touch %{BUILDROOT}/etc/rndc.conf > + # Remove development libraries and headers except *-export > ones > + rm -rvf %{BUILDROOT}%{libdir}/libbind9.so > + rm -rvf %{BUILDROOT}%{libdir}/libdns.so > + rm -rvf %{BUILDROOT}%{libdir}/libisccc.so > + rm -rvf %{BUILDROOT}%{libdir}/libisccfg.so > + rm -rvf %{BUILDROOT}%{libdir}/libisc.so > + rm -rvf %{BUILDROOT}%{libdir}/liblwres.so > + rm -rvf %{BUILDROOT}%{includedir}/bind9 >   > - mkdir %{BUILDROOT}/etc/named > - install -m 644 bind.keys %{BUILDROOT}/etc/named.iscdlv.key > - install -m 644 %{DIR_SOURCE}/trusted-key.key > %{BUILDROOT}/etc/trusted-key.key > + # Remove unwanted files > + rm -rvf %{BUILDROOT}/etc > + rm -rvf %{BUILDROOT}/var >   > - # Recreate symlinks for export libraries > - rm -rf %{BUILDROOT}/%{lib}/lib*-export.so > + # Remove unneeded tools > + rm -rvf %{BUILDROOT}%{bindir}/isc-config.sh > + rm -rvf %{BUILDROOT}%{bindir}/bind9-config >   > - ln -svf ../../%{lib}/libdns-export.so.104 > %{BUILDROOT}%{libdir}/libdns-export.so > - ln -svf ../../%{lib}/libirs-export.so.91 > %{BUILDROOT}%{libdir}/libirs-export.so > - ln -svf ../../%{lib}/libisccfg-export.so.90 > %{BUILDROOT}%{libdir}/libisccfg-export.so > - ln -svf ../../%{lib}/libisc-export.so.95 > %{BUILDROOT}%{libdir}/libisc-export.so > + # Remove manpages for the unneeded tools > + rm -rvf %{BUILDROOT}%{mandir}/man1/isc-config.sh.1 > + rm -rvf %{BUILDROOT}%{mandir}/man1/bind9-config.1 >   > - # Create /run/named. > - mkdir -pv %{BUILDROOT}/run/named > - chown -Rv named.named %{BUILDROOT}/run/named/ > + # Remove documentation for liblwres and tools > + rm -rvf %{BUILDROOT}%{mandir}/man3 >   end >  end >   > -create_user > - getent group named >/dev/null || /usr/sbin/groupadd -r named > - getent passwd named >/dev/null || /usr/sbin/useradd -r -g named \ > - -d /var/named -c "User for bind DNS server" -s /sbin/nologin > named > -end > - >  packages >   package %{name} > + # The bind package is just an umbrella package for the utils > + # and libs package. >   requires > - bind-utils > - bind-chroot > - end > - > - prerequires += shadow-utils > - > - script prein > - %{create_user} > + %{name}-libs = %{thisver} > + %{name}-utils = %{thisver} > + %{name}-utils-libs = %{thisver} >   end > - > - # XXX Add systemd scriptlet if a service file becomes > available >   end >   >   package %{name}-utils >   summary = Utilities for querying bind DNS name server. >   description = %{summary} >   > + requires > + %{name}-utils-libs = %{thisver} > + end > + >   files >   /usr/bin/dig >   /usr/bin/host > @@ -165,17 +133,19 @@ packages >   end >   end >   > - package %{name}-chroot > - summary = Chroot environment for bind DNS servers. > - description = %{summary} > + package %{name}-utils-libs > + template LIBS >   > - files > - /var/named/chroot > - end > + summary = Required libraries for the tools in the bind-utils > package. > + description = %{summary} >   end >   >   package %{name}-libs >   template LIBS > + > + files > + %{libdir}/*export.so.* > + end >   end >   >   package %{name}-devel > diff --git a/bind/named.tmpfiles b/bind/named.tmpfiles > deleted file mode 100644 > index 640a656..0000000 > --- a/bind/named.tmpfiles > +++ /dev/null > @@ -1 +0,0 @@ > -d /run/named 0755 named named - > diff --git a/bind/patches/bind-9.5-PIE.patch b/bind/patches/bind-9.5-PIE.patch > deleted file mode 100644 > index a525b9b..0000000 > --- a/bind/patches/bind-9.5-PIE.patch > +++ /dev/null > @@ -1,27 +0,0 @@ > ---- bind-9.5.0b2/bin/named/Makefile.in.pie 2008-02-11 > 17:21:47.000000000 +0100 > -+++ bind-9.5.0b2/bin/named/Makefile.in 2008-02-11 17:22:10.000000000 > +0100 > -@@ -100,8 +100,12 @@ HTMLPAGES = named.html lwresd.html named > -  > - MANOBJS = ${MANPAGES} ${HTMLPAGES} > -  > -+EXT_CFLAGS = -fpie > -+ > - @BIND9_MAKE_RULES@ > -  > -+LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack > -+ > - main.(a)O@: main.c > -  ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ > -  -DVERSION=\"${VERSION}\" \ > -diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind- > 9.5.0b2/bin/named/unix/Makefile.in > ---- bind-9.5.0b2/bin/named/unix/Makefile.in.pie 2008-02-11 > 17:22:21.000000000 +0100 > -+++ bind-9.5.0b2/bin/named/unix/Makefile.in 2008-02-11 > 17:23:00.000000000 +0100 > -@@ -19,6 +19,8 @@ srcdir = @srcdir@ > - VPATH = @srcdir@ > - top_srcdir = @top_srcdir@ > -  > -+EXT_CFLAGS = -fpie > -+ > - @BIND9_MAKE_INCLUDES@ > -  > - CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \ > diff --git a/bind/patches/bind-9.5-parallel-build.patch b/bind/patches/bind- > 9.5-parallel-build.patch > deleted file mode 100644 > index 53e34ca..0000000 > --- a/bind/patches/bind-9.5-parallel-build.patch > +++ /dev/null > @@ -1,14 +0,0 @@ > -diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind- > 9.5.0b1/lib/dns/Makefile.in > ---- bind-9.5.0b1/lib/dns/Makefile.in.parallel 2008-01-17 > 18:27:38.000000000 +0100 > -+++ bind-9.5.0b1/lib/dns/Makefile.in 2008-01-17 18:27:45.000000000 > +0100 > -@@ -19,10 +19,6 @@ srcdir = @srcdir@ > - VPATH = @srcdir@ > - top_srcdir = @top_srcdir@ > -  > --# Attempt to disable parallel processing. > --.NOTPARALLEL: > --.NO_PARALLEL: > -- > - @BIND9_VERSION@ > -  > - @LIBDNS_API@ > diff --git a/bind/patches/bind-9.9-libidn.patch b/bind/patches/bind-9.9- > libidn.patch > deleted file mode 100644 > index fca8665..0000000 > --- a/bind/patches/bind-9.9-libidn.patch > +++ /dev/null > @@ -1,326 +0,0 @@ > -From 19809fe6154ea0471a2c4fa3bd66787facf7704a Mon Sep 17 00:00:00 2001 > -From: Tomas Hozza > -Date: Mon, 26 May 2014 15:25:34 +0200 > -Subject: [PATCH] Use libidn instead of bundled idnkit > - > -Signed-off-by: Tomas Hozza > ---- > - bin/dig/Makefile.in |   6 +- > - bin/dig/dig.docbook |   4 +- > - bin/dig/dighost.c   | 168 ++++++++++++++++++++++++++++++++++++++++++++++++ > ---- > - 3 files changed, 162 insertions(+), 16 deletions(-) > - > -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in > -index 5bc4db0..3864e06 100644 > ---- a/bin/dig/Makefile.in > -+++ b/bin/dig/Makefile.in > -@@ -48,10 +48,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} > ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \ > -  ${LWRESDEPLIBS} > -  > - LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ > -- ${ISCLIBS} @IDNLIBS@ @LIBS@ > -+ ${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn > -  > - NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ > -- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ > -+ ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn > -  > - SUBDIRS = > -  > -@@ -69,6 +69,8 @@ HTMLPAGES = dig.html host.html nslookup.html > -  > - MANOBJS = ${MANPAGES} ${HTMLPAGES} > -  > -+EXT_CFLAGS = -DWITH_LIBIDN > -+ > - @BIND9_MAKE_RULES@ > -  > - dig(a)EXEEXT@: dig.(a)O@ dighost.(a)O@ ${UOBJS} ${DEPLIBS} > -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook > -index 7a01ec0..c3a7976 100644 > ---- a/bin/dig/dig.docbook > -+++ b/bin/dig/dig.docbook > -@@ -970,8 +970,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr > -       dig appropriately converts character encoding of > -       domain name before sending a request to DNS server or displaying a > -       reply from the server. > --      If you'd like to turn off the IDN support for some reason, defines > --      the IDN_DISABLE environment variable. > -+      If you'd like to turn off the IDN support for some reason, define > -+      the CHARSET=ASCII environment variable. > -       The IDN support is disabled if the variable is set when  > -       dig runs. > -      > -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c > -index 56d763c..5a40051 100644 > ---- a/bin/dig/dighost.c > -+++ b/bin/dig/dighost.c > -@@ -44,6 +44,11 @@ > - #include > - #endif > -  > -+#ifdef WITH_LIBIDN > -+#include > -+#include > -+#endif > -+ > - #include > - #ifdef DIG_SIGCHASE > - #include > -@@ -158,6 +163,14 @@ static void idn_check_result(idn_result_t > r, const char *msg); > - int  idnoptions = 0; > - #endif > -  > -+#ifdef WITH_LIBIDN > -+static isc_result_t libidn_locale_to_utf8 (const char* from, char > *to); > -+static isc_result_t libidn_utf8_to_ascii (const char* from, char > *to); > -+static isc_result_t output_filter (isc_buffer_t *buffer, > -+        unsigned int used_org, > -+        isc_boolean_t absolute); > -+#endif > -+ > - isc_socket_t *keep = NULL; > - isc_sockaddr_t keepaddr; > -  > -@@ -1210,6 +1223,9 @@ setup_system(void) { > -  dig_searchlist_t *domain = NULL; > -  lwres_result_t lwresult; > -  unsigned int lwresflags; > -+#ifdef WITH_LIBIDN > -+ isc_result_t result; > -+#endif > -  > -  debug("setup_system()"); > -  > -@@ -1268,8 +1284,15 @@ setup_system(void) { > -  > - #ifdef WITH_IDN > -  initialize_idn(); > -+ > -+#endif > -+#ifdef WITH_LIBIDN > -+ result = dns_name_settotextfilter(output_filter); > -+ check_result(result, "dns_name_settotextfilter"); > -+#ifdef HAVE_SETLOCALE > -+ setlocale (LC_ALL, ""); > -+#endif > - #endif > -- > -  if (keyfile[0] != 0) > -  setup_file_key(); > -  else if (keysecret[0] != 0) > -@@ -2028,12 +2051,14 @@ setup_lookup(dig_lookup_t *lookup) { > -  idn_result_t mr; > -  char utf8_textname[MXNAME], utf8_origin[MXNAME], > idn_textname[MXNAME]; > - #endif > -+#ifdef WITH_LIBIDN > -+ char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME]; > -+#endif > -  > --#ifdef WITH_IDN > -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) > -  result = dns_name_settotextfilter(output_filter); > -  check_result(result, "dns_name_settotextfilter"); > - #endif > -- > -  REQUIRE(lookup != NULL); > -  INSIST(!free_now); > -  > -@@ -2070,6 +2095,14 @@ setup_lookup(dig_lookup_t *lookup) { > -  mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, > -      utf8_textname, sizeof(utf8_textname)); > -  idn_check_result(mr, "convert textname to UTF-8"); > -+#elif defined (WITH_LIBIDN) > -+ result = libidn_locale_to_utf8 (lookup->textname, utf8_str); > -+ check_result (result, "convert textname to UTF-8"); > -+ len = strlen (utf8_str); > -+ if (len < MXNAME) > -+ (void) strcpy (utf8_name, utf8_str); > -+ else > -+ fatal ("Too long name"); > - #endif > -  > -  /* > -@@ -2082,15 +2115,11 @@ setup_lookup(dig_lookup_t *lookup) { > -  if (lookup->new_search) { > - #ifdef WITH_IDN > -  if ((count_dots(utf8_textname) >= ndots) || !usesearch) { > -- lookup->origin = NULL; /* Force abs lookup */ > -- lookup->done_as_is = ISC_TRUE; > -- lookup->need_search = usesearch; > -- } else if (lookup->origin == NULL && usesearch) { > -- lookup->origin = ISC_LIST_HEAD(search_list); > -- lookup->need_search = ISC_FALSE; > -- } > -+#elif defined (WITH_LIBIDN) > -+ if ((count_dots(utf8_name) >= ndots) || !usesearch) { > - #else > -  if ((count_dots(lookup->textname) >= ndots) || !usesearch) { > -+#endif > -  lookup->origin = NULL; /* Force abs lookup */ > -  lookup->done_as_is = ISC_TRUE; > -  lookup->need_search = usesearch; > -@@ -2098,7 +2127,6 @@ setup_lookup(dig_lookup_t *lookup) { > -  lookup->origin = ISC_LIST_HEAD(search_list); > -  lookup->need_search = ISC_FALSE; > -  } > --#endif > -  } > -  > - #ifdef WITH_IDN > -@@ -2115,6 +2143,20 @@ setup_lookup(dig_lookup_t *lookup) { > -      IDN_IDNCONV | IDN_LENCHECK, utf8_textname, > -      idn_textname, sizeof(idn_textname)); > -  idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); > -+#elif defined (WITH_LIBIDN) > -+ if (lookup->origin != NULL) { > -+ result = libidn_locale_to_utf8 (lookup->origin->origin, > utf8_str); > -+ check_result (result, "convert origin to UTF-8"); > -+ if (len > 0 && utf8_name[len - 1] != '.') { > -+ utf8_name[len++] = '.'; > -+ if (len + strlen (utf8_str) < MXNAME) > -+ (void) strcpy (utf8_name + len, utf8_str); > -+ else > -+ fatal ("Too long name + origin"); > -+ } > -+ } > -+ > -+ result = libidn_utf8_to_ascii (utf8_name, ascii_name); > - #else > -  if (lookup->origin != NULL) { > -  debug("trying origin %s", lookup->origin->origin); > -@@ -2170,6 +2212,13 @@ setup_lookup(dig_lookup_t *lookup) { > -  result = dns_name_fromtext(lookup->name, &b, > -     dns_rootname, 0, > -     &lookup->namebuf); > -+#elif defined (WITH_LIBIDN) > -+ len = strlen (ascii_name); > -+ isc_buffer_init(&b, ascii_name, len); > -+ isc_buffer_add(&b, len); > -+ result = dns_name_fromtext(lookup->name, &b, > -+    dns_rootname, 0, > -+    &lookup->namebuf); > - #else > -  len = strlen(lookup->textname); > -  isc_buffer_init(&b, lookup->textname, len); > -@@ -3788,7 +3837,7 @@ destroy_libs(void) { > -  void * ptr; > -  dig_message_t *chase_msg; > - #endif > --#ifdef WITH_IDN > -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) > -  isc_result_t result; > - #endif > -  > -@@ -3829,6 +3878,10 @@ destroy_libs(void) { > -  result = dns_name_settotextfilter(NULL); > -  check_result(result, "dns_name_settotextfilter"); > - #endif > -+#ifdef WITH_LIBIDN > -+ result = dns_name_settotextfilter (NULL); > -+ check_result(result, "clearing dns_name_settotextfilter"); > -+#endif > -  dns_name_destroy(); > -  > -  if (commctx != NULL) { > -@@ -4008,6 +4061,97 @@ idn_check_result(idn_result_t r, const char *msg) { > -  } > - } > - #endif /* WITH_IDN */ > -+#ifdef WITH_LIBIDN > -+static isc_result_t > -+libidn_locale_to_utf8 (const char *from, char *to) { > -+ char *utf8_str; > -+ > -+ debug ("libidn_locale_to_utf8"); > -+ utf8_str = stringprep_locale_to_utf8 (from); > -+ if (utf8_str != NULL) { > -+ (void) strcpy (to, utf8_str); > -+ free (utf8_str); > -+ return ISC_R_SUCCESS; > -+ } > -+ > -+ debug ("libidn_locale_to_utf8: failure"); > -+ return ISC_R_FAILURE; > -+} > -+static isc_result_t > -+libidn_utf8_to_ascii (const char *from, char *to) { > -+ char *ascii; > -+ int iresult; > -+ > -+ debug ("libidn_utf8_to_ascii"); > -+ iresult = idna_to_ascii_8z (from, &ascii, 0); > -+ if (iresult != IDNA_SUCCESS) { > -+ debug ("idna_to_ascii_8z: %s", idna_strerror (iresult)); > -+ return ISC_R_FAILURE; > -+ } > -+ > -+ (void) strcpy (to, ascii); > -+ free (ascii); > -+ return ISC_R_SUCCESS; > -+} > -+ > -+static isc_result_t > -+output_filter (isc_buffer_t *buffer, unsigned int used_org, > -+        isc_boolean_t absolute) { > -+ > -+ char tmp1[MXNAME], *tmp2; > -+        size_t fromlen, tolen; > -+        isc_boolean_t end_with_dot; > -+ int iresult; > -+ > -+ debug ("output_filter"); > -+ > -+        fromlen = isc_buffer_usedlength (buffer) - used_org; > -+ if (fromlen >= MXNAME) > -+ return ISC_R_SUCCESS; > -+        memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org, > fromlen); > -+        end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; > -+        if (absolute && !end_with_dot) { > -+                fromlen++; > -+ if (fromlen >= MXNAME) > -+ return ISC_R_SUCCESS; > -+                tmp1[fromlen - 1] = '.'; > -+        } > -+        tmp1[fromlen] = '\0'; > -+ > -+ iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0); > -+ if (iresult != IDNA_SUCCESS) { > -+ debug ("output_filter: %s", idna_strerror (iresult)); > -+ return ISC_R_SUCCESS; > -+ } > -+ > -+ (void) strcpy (tmp1, tmp2); > -+ free (tmp2); > -+ > -+ tmp2 = stringprep_utf8_to_locale (tmp1); > -+ if (tmp2 == NULL) { > -+ debug ("output_filter: stringprep_utf8_to_locale failed"); > -+ return ISC_R_SUCCESS; > -+ } > -+ > -+ (void) strcpy (tmp1, tmp2); > -+ free (tmp2); > -+ > -+        tolen = strlen (tmp1); > -+        if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') > -+                tolen--; > -+ > -+        if (isc_buffer_length (buffer) < used_org + tolen) > -+                return ISC_R_NOSPACE; > -+ > -+ debug ("%s", tmp1); > -+ > -+        isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) - > used_org); > -+        memcpy (isc_buffer_used (buffer), tmp1, tolen); > -+        isc_buffer_add (buffer, tolen); > -+ > -+        return ISC_R_SUCCESS; > -+} > -+#endif /* WITH_LIBIDN*/ > -  > - #ifdef DIG_SIGCHASE > - void > ---  > -1.9.0 > - > diff --git a/bind/patches/bind-9.7-exportlib.patch b/bind/patches/bind97- > exportlib.patch > similarity index 100% > rename from bind/patches/bind-9.7-exportlib.patch > rename to bind/patches/bind97-exportlib.patch > diff --git a/bind/patches/bind99-dont-build-bin.patch b/bind/patches/bind99- > dont-build-bin.patch > new file mode 100644 > index 0000000..ae50372 > --- /dev/null > +++ b/bind/patches/bind99-dont-build-bin.patch > @@ -0,0 +1,13 @@ > +diff --git a/Makefile.in b/Makefile.in > +index 4f7f5a6..d59b9b1 100644 > +--- a/Makefile.in > ++++ b/Makefile.in > +@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@ > +  > + VERSION=@BIND9_VERSION@ > +  > +-SUBDIRS = make unit lib bin doc @LIBEXPORT@ > ++SUBDIRS = make lib doc @LIBEXPORT@ > + TARGETS = > +  > + MANPAGES = isc-config.sh.1 > diff --git a/bind/trusted-key.key b/bind/trusted-key.key > deleted file mode 100644 > index ea07836..0000000 > --- a/bind/trusted-key.key > +++ /dev/null > @@ -1 +0,0 @@ > -. 3600 IN DNSKEY 257 3 8 > AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0Ez > rAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkj > f5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCT > MjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqr > AmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=