7 files changed, 218 insertions, 0 deletions

diff --git a/dns/Makefile b/dns/Makefile
index d770efbbe216..45d860bff13c 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -105,6 +105,7 @@
     SUBDIR += opendd
     SUBDIR += opendnssec
     SUBDIR += opendnssec13
+    SUBDIR += opendnssec2
     SUBDIR += openresolv
     SUBDIR += p5-AnyEvent-CacheDNS
     SUBDIR += p5-AnyEvent-DNS-EtcHosts
diff --git a/dns/opendnssec2/Makefile b/dns/opendnssec2/Makefile
new file mode 100644
index 000000000000..8239863eddf8
--- /dev/null
+++ b/dns/opendnssec2/Makefile
@@ -0,0 +1,84 @@
+# Created by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
+# $FreeBSD$
+
+PORTNAME=	opendnssec
+PORTVERSION=	2.0.0
+CATEGORIES=	dns
+MASTER_SITES=	http://dist.opendnssec.org/source/
+PKGNAMESUFFIX=	2
+
+MAINTAINER=	jaap@NLnetLabs.nl
+COMMENT=	Tool suite for maintaining DNSSEC
+
+LICENSE=	BSD3CLAUSE
+
+BUILD_DEPENDS=	ldns>=1.6.16:dns/ldns
+LIB_DEPENDS=	libldns.so:dns/ldns
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--localstatedir="${PREFIX}/var"
+USE_RC_SUBR=	opendnssec
+USE_GNOME=	libxml2
+USES=		perl5
+USES=		ssl
+USE_LDCONFIG=	yes
+
+SUB_FILES+=	pkg-message
+
+CONFLICTS=	opendnssec-1.[0-4]*
+
+USERS=		opendnssec
+GROUPS=		opendnssec
+
+PORTDOCS=	MIGRATION NEWS README.md
+MIGRATE=	README.md find_problematic_zones.sql \
+		convert_mysql mysql_convert.sql \
+		convert_sqlite sqlite_convert.sql
+
+OPTIONS_DEFINE=		SOFTHSM DOCS
+OPTIONS_SUB=		yes
+
+OPTIONS_SINGLE=		DB
+OPTIONS_SINGLE_DB=	SQLITE MYSQL
+
+OPTIONS_DEFAULT=	DOCS SQLITE
+
+SOFTHSM_DESC=		SoftHSM cryptographic store for PKCS \#11 interface
+
+MYSQL_DESC=		Use MYSQL backend
+SQLITE_DESC=		Use SQLite backend
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MMYSQL}
+CONFIGURE_ARGS+=	--with-enforcer-database=mysql
+USES+=		mysql
+.endif
+
+.if ${PORT_OPTIONS:MSQLITE}
+USES=		sqlite
+CONFIGURE_ARGS+=	--with-enforcer-database=sqlite3
+BUILD_DEPENDS+=	sqlite3>=3.3.9:databases/sqlite3
+.endif
+
+.if ${PORT_OPTIONS:MSOFTHSM}
+CONFIGURE_ARGS+=	--with-pkcs11-softhsm=${LOCALBASE}/lib/softhsm/libsofthsm.so
+RUN_DEPENDS+=	softhsm>=1.2.0:security/softhsm
+.endif
+
+pre-install:
+.if ${PORT_OPTIONS:MMYSQL}
+	${REINPLACE_CMD} -e '/REQUIRE:/ s|$$| mysql|' ${WRKDIR}/opendnssec
+.endif
+
+post-install:
+.if ${PORT_OPTIONS:MDOCS}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/1.4-2.0_db_convert
+	${INSTALL_DATA} \
+		${MIGRATE:S|^|${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/|} \
+		${STAGEDIR}${DOCSDIR}/1.4-2.0_db_convert
+.endif
+
+.include <bsd.port.mk>
diff --git a/dns/opendnssec2/distinfo b/dns/opendnssec2/distinfo
new file mode 100644
index 000000000000..ede7eed0ebfd
--- /dev/null
+++ b/dns/opendnssec2/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1467876838
+SHA256 (opendnssec-2.0.0.tar.gz) = 3f3087ee1f2dee8b55d823d4b6825dc0212ea5162965382df11b2de36b888b7f
+SIZE (opendnssec-2.0.0.tar.gz) = 1072734
diff --git a/dns/opendnssec2/files/opendnssec.in b/dns/opendnssec2/files/opendnssec.in
new file mode 100644
index 000000000000..63320707366d
--- /dev/null
+++ b/dns/opendnssec2/files/opendnssec.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: opendnssec
+# REQUIRE: LOGIN DAEMON
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable opendnssec:
+#
+# opendnssec_enable="YES"
+
+. /etc/rc.subr
+
+name=opendnssec
+rcvar=opendnssec_enable
+
+load_rc_config $name
+
+opendnssec_enable=${opendnssec_enable:-"NO"}
+
+start_cmd="${name}_run start"
+stop_cmd="${name}_run stop"
+extra_commands="reload ksm hsm signer enforcer"
+
+procname=${opendnssec_procname}
+
+opendnssec_run()
+{
+    %%PREFIX%%/sbin/ods-control $1
+}
+
+run_rc_command "$1"
diff --git a/dns/opendnssec2/files/pkg-message.in b/dns/opendnssec2/files/pkg-message.in
new file mode 100644
index 000000000000..389bde5fcb4d
--- /dev/null
+++ b/dns/opendnssec2/files/pkg-message.in
@@ -0,0 +1,27 @@
+######
+# A manual migration step is needed to migration from 1.4 to 2.0.
+#
+# First migrate to at least the 1.4.10 release if you have not already done
+# so.
+#
+# Review the documentation on the OpenDNSSEC site.  This can be
+# updated in between releases to provide more help.  Especially if
+# you have tooling around OpenDNSSEC you should be aware that some
+# command line utilities have changed.  A fair amount of backward
+# compatibility has been respected, but changes are present.
+# 
+# The enforcer does require a full migration, as the internal database has
+# been completely revised.  See the documentation in 
+# %%DOCSDIR%%/1.4-2.0_db_convert/README.md for a description.
+# 
+# Migration scripts are installed in %%DOCSDIR%%.
+#
+# The signer does not require any migration.  Backward compatibility is
+# respected from earlier 1.4 release.  The signer should not require a
+# full resign of your zone when upgrading, however if you decide to downgrade
+# a full resign is required.
+######
+
+An HowTo is provided at
+<https://wiki.opendnssec.org/display/DOCS20/Quick+start+guide>
+
diff --git a/dns/opendnssec2/pkg-descr b/dns/opendnssec2/pkg-descr
new file mode 100644
index 000000000000..147cc627fd96
--- /dev/null
+++ b/dns/opendnssec2/pkg-descr
@@ -0,0 +1,5 @@
+OpenDNSSEC was created as an open-source turn-key solution for
+DNSSEC. It secures zone data just before it is published in an
+authoritative name server.
+
+WWW: http://www.opendnssec.org
diff --git a/dns/opendnssec2/pkg-plist b/dns/opendnssec2/pkg-plist
new file mode 100644
index 000000000000..1b42598173c9
--- /dev/null
+++ b/dns/opendnssec2/pkg-plist
@@ -0,0 +1,65 @@
+bin/ods-hsmspeed
+bin/ods-hsmutil
+bin/ods-kasp2html
+bin/ods-kaspcheck
+bin/ods-ksmutil
+@sample %%ETCDIR%%/addns.xml.sample
+@sample %%ETCDIR%%/conf.xml.sample
+@sample %%ETCDIR%%/kasp.xml.sample
+@sample %%ETCDIR%%/zonelist.xml.sample
+man/man1/ods-hsmspeed.1.gz
+man/man1/ods-hsmutil.1.gz
+man/man1/ods-kaspcheck.1.gz
+man/man1/ods-ksmutil.1.gz
+man/man5/ods-kasp.5.gz
+man/man5/ods-timing.5.gz
+man/man7/opendnssec.7.gz
+man/man8/ods-control.8.gz
+man/man8/ods-enforcer-db-setup.8.gz
+man/man8/ods-enforcer.8.gz
+man/man8/ods-enforcerd.8.gz
+man/man8/ods-signer.8.gz
+man/man8/ods-signerd.8.gz
+sbin/ods-control
+sbin/ods-enforcer
+sbin/ods-enforcer-db-setup
+sbin/ods-enforcerd
+sbin/ods-migrate
+sbin/ods-signer
+sbin/ods-signerd
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/README.md
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/convert_mysql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/convert_sqlite
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/find_problematic_zones.sql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/mysql_convert.sql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/sqlite_convert.sql
+%%DATADIR%%/addns.rnc
+%%DATADIR%%/addns.rng
+%%DATADIR%%/conf.rnc
+%%DATADIR%%/conf.rng
+%%DATADIR%%/enforcerstate.rnc
+%%DATADIR%%/enforcerstate.rng
+%%DATADIR%%/kasp.rnc
+%%DATADIR%%/kasp.rng
+%%DATADIR%%/kasp2html.xsl
+@comment %%SQLITE%%%%DATADIR%%/migrate_1_4_8.sqlite3
+@comment %%SQLITE%%%%DATADIR%%/migrate_adapters_1.sqlite3
+@comment %%SQLITE%%%%DATADIR%%/migrate_keyshare_sqlite3.pl
+@comment %%SQLITE%%%%DATADIR%%/migrate_to_ng_sqlite.pl
+@comment %%MYSQL%%%%DATADIR%%/migrate_1_4_8.mysql
+@comment %%MYSQL%%%%DATADIR%%/migrate_adapters_1.mysql
+@comment %%MYSQL%%%%DATADIR%%/migrate_keyshare_mysql.pl
+@comment %%MYSQL%%%%DATADIR%%/migrate_zone_delete.mysql
+@comment %%MYSQL%%%%DATADIR%%/migrate_id_mysql.pl
+@comment %%MYSQL%%%%DATADIR%%/migrate_to_ng_mysql.pl
+%%DATADIR%%/signconf.rnc
+%%DATADIR%%/signconf.rng
+%%DATADIR%%/zonelist.rnc
+%%DATADIR%%/zonelist.rng
+@dir(opendnssec,opendnssec,) var/opendnssec
+@dir(opendnssec,opendnssec,) var/opendnssec/enforcer
+@dir(opendnssec,opendnssec,) var/opendnssec/signconf
+@dir(opendnssec,opendnssec,) var/opendnssec/signed
+@dir(opendnssec,opendnssec,) var/opendnssec/signer
+@dir(opendnssec,opendnssec,) var/opendnssec/unsigned
+@dir(opendnssec,opendnssec,) var/run/opendnssec