security/gnutls: link against libunbound for DANE support (patch)

[ng0 <ng0%n0.is@localhost>]

Hi,

I have not really maintained wip/gnutls, back when I added it
someone proposed I try and get this into security/gnutls proper.

In a set of software I work on, we highly prefer GnuTLS built
against libunbound to get DANE functionality. Right now this
pulls in at least unbound (and flex via unbound).
There are plans to eventually not depend on unbound for this
in GnuTLS itself.

Would we as pkgsrc prefer for this to be opt-in or opt-out?
My patch is opt-in but adds a keyword.

Replies welcome, cvs diff pasted in.

This is required at least for (as far as I am aware of, the
projects I work on): gnurl, gnunet, some parts of the software
suite of Taler maybe, libmicrohttpd. curl can make use of it
as well (gnurl is a curl micro'ish fork).


security/gnutls: Add ability to link against libunbound for DANE
support.

Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/gnutls/Makefile,v
retrieving revision 1.199
diff -u -p -r1.199 Makefile
--- Makefile	16 Sep 2019 00:28:48 -0000	1.199
+++ Makefile	16 Sep 2019 14:36:00 -0000
@@ -1,6 +1,7 @@
 # $NetBSD: Makefile,v 1.199 2019/09/16 00:28:48 nia Exp $
 
 DISTNAME=	gnutls-3.6.9
+PKGREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=	.tar.xz
@@ -31,6 +32,8 @@ CONFIGURE_ARGS+=		--enable-local-libopts
 CONFIGURE_ARGS.SunOS+=		--disable-hardware-acceleration
 CONFIGURE_ARGS.FreeBSD+=	ac_cv_type_max_align_t=yes
 
+.include "options.mk"
+
 TEST_TARGET=		check
 
 INFO_FILES=		yes
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/gnutls/PLIST,v
retrieving revision 1.65
diff -u -p -r1.65 PLIST
--- PLIST	16 Sep 2019 00:28:48 -0000	1.65
+++ PLIST	16 Sep 2019 14:36:00 -0000
@@ -1,5 +1,6 @@
 @comment $NetBSD: PLIST,v 1.65 2019/09/16 00:28:48 nia Exp $
 bin/certtool
+${PLIST.unbound}bin/danetool
 bin/gnutls-cli
 bin/gnutls-cli-debug
 bin/gnutls-serv
@@ -10,6 +11,7 @@ bin/srptool
 include/gnutls/abstract.h
 include/gnutls/compat.h
 include/gnutls/crypto.h
+${PLIST.unbound}include/gnutls/dane.h
 include/gnutls/dtls.h
 include/gnutls/gnutls.h
 include/gnutls/gnutlsxx.h
@@ -36,10 +38,17 @@ info/gnutls-modauth.png
 info/gnutls-x509.png
 info/gnutls.info
 info/pkcs11-vision.png
+${PLIST.unbound}lib/libgnutls-dane.a
+${PLIST.unbound}lib/libgnutls-dane.la
+${PLIST.unbound}lib/libgnutls-dane.so
+${PLIST.unbound}lib/libgnutls-dane.so.0
+${PLIST.unbound}lib/libgnutls-dane.so.0.4.1
 lib/libgnutls.la
 lib/libgnutlsxx.la
+${PLIST.unbound}lib/pkgconfig/gnutls-dane.pc
 lib/pkgconfig/gnutls.pc
 man/man1/certtool.1
+${PLIST.unbound}man/man1/danetool.1
 man/man1/gnutls-cli-debug.1
 man/man1/gnutls-cli.1
 man/man1/gnutls-serv.1
Index: options.mk
===================================================================
RCS file: options.mk
diff -N options.mk
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ options.mk	16 Sep 2019 14:36:00 -0000
@@ -0,0 +1,15 @@
+# $NetBSD$
+
+PKG_OPTIONS_VAR=	PKG_OPTIONS.gnutls
+PKG_SUPPORTED_OPTIONS=	unbound
+PLIST_VARS+=		unbound
+
+.include "../../mk/bsd.options.mk"
+
+.if !empty(PKG_OPTIONS:Munbound)
+.include "../../net/unbound/buildlink3.mk"
+CONFIGURE_ARGS+=	--enable-libdane
+PLIST.unbound=		yes
+.else
+CONFIGURE_ARGS+=	--disable-libdane
+.endif