packages/bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bind/bind.spec

1050 lines
32 KiB
RPMSpec
Raw Normal View History

init
2019-12-28 09:41:34 +08:00
%bcond_with LMDB
%bcond_with DLZ
%bcond_with KYUA
%bcond_with SYSTEMTEST
%bcond_without UNITTEST
%bcond_without SDB
%bcond_without GSSTSIG
%bcond_without PKCS11
%bcond_without EXPORT_LIBS
%{?!bind_uid: %global bind_uid 25}
%{?!bind_gid: %global bind_gid 25}
%{!?_export_dir:%global _export_dir /bind9-export/}
%undefine _strict_symbol_defs_build
Name: bind
Summary: Domain Name System (DNS) Server (named)
License: MPLv2.0
Version: 9.11.4
Release: 12
Epoch: 32
Url: http://www.isc.org/products/BIND/
Source0: https://ftp.isc.org/isc/bind9/9.11.4/bind-%{version}-P2.tar.gz
Source1: named.sysconfig
Source2: named.logrotate
Source3: bind-9.3.1rc1-sdb_tools-Makefile.in
Source4: dnszone.schema
Source5: README.sdb_pgsql
Source6: named.conf.sample
Source7: named.conf
Source8: config-18.tar.bz2
Source9: ldap2zone.c
Source10: ldap2zone.1
Source11: named-sdb.8
Source12: zonetodb.1
Source13: zone2sqlite.1
Source14: bind.tmpfiles.d
Source15: trusted-key.key
Source16: named.service
Source17: named-chroot.service
Source18: named-sdb.service
Source19: named-sdb-chroot.service
Source20: setup-named-chroot.sh
Source21: generate-rndc-key.sh
Source22: named.rwtab
Source23: named-chroot-setup.service
Source24: named-sdb-chroot-setup.service
Source25: named-setup-rndc.service
Source26: named-pkcs11.service
Source27: setup-named-softhsm.sh
Source28: named-chroot.files
Source29: random.data
BuildRequires: openssl-devel libtool autoconf pkgconfig libcap-devel python3-devel python3-ply docbook-style-xsl
BuildRequires: libidn2-devel libxml2-devel GeoIP-devel make systemd selinux-policy findutils sed libxslt
%if %{with SDB}
BuildRequires: openldap-devel libpq-devel sqlite-devel mariadb-connector-c-devel libdb-devel
%endif
%if %{with KYUA}
#BuildRequires: libatf-c-devel kyua
%else
BuildRequires: gcc-c++
%endif
%if %{with PKCS11}
BuildRequires: softhsm
%endif
%if %{with SYSTEMTEST}
BuildRequires: net-tools perl(Net::DNS) perl(Net::DNS::Nameserver)
%endif
%if %{with GSSTSIG}
BuildRequires: krb5-devel
%endif
%if %{with LMDB}
BuildRequires: lmdb-devel
%endif
Requires: systemd coreutils shadow-utils glibc-common grep policycoreutils-python-utils
Requires: python3-bind = %{epoch}:%{version}-%{release} libselinux-utils selinux-policy bind-libs = %{epoch}:%{version}-%{release}
Provides: bind-config = 30:9.3.2-34.fc6 caching-nameserver = 31:9.4.1-7.fc8 dnssec-conf = 1.27-2
Provides: bind-license
Obsoletes: bind-config < 30:9.3.2-34.fc6 caching-nameserver < 31:9.4.1-7.fc8 dnssec-conf < 1.27-2
Obsoletes: bind-license
Patch0001: bind-9.5-PIE.patch
Patch0003: bind-9.5-dlz-64bit.patch
Patch0004: bind-95-rh452060.patch
Patch0005: bind93-rh490837.patch
Patch0006: bind97-rh478718.patch
Patch0007: bind97-rh645544.patch
Patch0008: bind-9.9.1-P2-dlz-libdb.patch
Patch0009: bind-9.9.1-P2-multlib-conflict.patch
Patch0010: bind-9.11-rh1410433.patch
Patch0011: bind-9.11-rh1205168.patch
Patch0012: bind-9.11-export-suffix.patch
Patch0013: bind-9.11-oot-manual.patch
Patch0014: bind-9.11-pk11.patch
Patch0015: bind-9.11-fips-code.patch
Patch0016: bind-9.11-fips-tests.patch
Patch0017: bind-9.11-rt31459.patch
Patch0018: bind-9.11-rt46047.patch
Patch0019: bind-9.11-rh1624100.patch
Patch0020: bind-9.11-host-idn-disable.patch
Patch0021: bind-9.10-dist-native-pkcs11.patch
Patch0022: bind-9.11-kyua-pkcs11.patch
Patch0023: bind-96-old-api.patch
Patch0024: bind-9.3.2b2-sdbsrc.patch
Patch0025: bind-9.10-sdb.patch
Patch0026: bind-9.3.2b1-fix_sdb_ldap.patch
Patch0027: bind-9.10-use-of-strlcat.patch
Patch0028: bind99-rh640538.patch
Patch0029: bind97-rh669163.patch
Patch6001: 1314-master-dnssec-checkds-s.patch
Patch6002: 2432-check-param_template-i-.pValue-is-non-NULL.patch
Patch6003: 2497-refcount-errors-on-error-paths.patch
Patch6004: 2559-Do-not-remove-errors-from-the-OpenSSL-error-queue-in.patch
Patch6005: 2574-Do-not-treat-a-referral-with-a-non-empty-ANSWER-sect.patch
Patch6006: 2711-Align-CMSG-buffers-to-a-void-boundary-fixes-crash-on.patch
Patch6007: 2776-Fix-crash-caused-by-race-condition-in-timer-creation.patch
Patch6008: 2865-free-key-on-error.patch
Patch6009: 2879-expand-the-pool-then-copy-over-the-old-entries-so-we.patch
Patch6010: 2985-Add-some-DBC-checks-in-dighost-fix-race-between-clea.patch
Patch6011: 2998-Use-larger-buffers-on-snprintf-buffer-overflow-false.patch
Patch6012: 3022-Fix-a-shutdown-race-in-bin-dig-dighost.c.patch
Patch6013: 3046-uninitalize-memory-read-on-error-path.patch
Patch6014: 3318-Allow-unsupported-alg-in-zone-w-dnssec-signzone.patch
Patch6015: 3543-fix-memory-leak.patch
Patch6016: Use-clock_gettime-instead-of-gettimeofday.patch
Patch6017: CVE-2018-5743.patch
Patch6018: CVE-2018-5743-atomic-fix.patch
Patch6019: CVE-2018-5745.patch
Patch6020: CVE-2019-6465.patch
Patch9000: feature-bind99-euler-range-port.patch
Patch9001: bugfix-nslookup-norec.patch
Patch9002: bugfix-named-log-time.patch
%description
Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols and provides an openly redistributable reference
implementation of the major components of the Domain Name System.
This package includes the components to operate a DNS server.
%if %{with PKCS11}
%package pkcs11
Summary: Bind with native PKCS#11 functionality for crypto
Requires: systemd bind-libs-lite = %{epoch}:%{version}-%{release}
Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release}
Recommends: softhsm
Provides: bind-pkcs11-libs = %{epoch}:%{version}-%{release} bind-pkcs11-utils = %{epoch}:%{version}-%{release}
Obsoletes:bind-pkcs11-libs < %{epoch}:%{version}-%{release} bind-pkcs11-utils < %{epoch}:%{version}-%{release}
%description pkcs11
This is a version of BIND server built with native PKCS#11 functionality.
It is important to have SoftHSM v2+ installed and some token initialized.
For other supported HSM modules please check the BIND documentation.
%package pkcs11-devel
Summary: Development files for Bind libraries compiled with native PKCS#11
Requires: bind-pkcs11 = %{epoch}:%{version}-%{release}
Requires: bind-devel = %{epoch}:%{version}-%{release}
%description pkcs11-devel
This a set of development files for BIND libraries (dns, isc) compiled
with native PKCS#11 functionality.
%endif
%if %{with SDB}
%package sdb
Summary: BIND server with database backends and DLZ support
Requires: systemd bind-libs = %{epoch}:%{version}-%{release}
Requires: bind = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release}
%description sdb
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named-sdb)
which has compiled-in SDB (Simplified Database Backend) which includes
support for using alternative Zone Databases stored in an LDAP server
(ldapdb), a postgreSQL database (pgsqldb), an sqlite database (sqlitedb),
or in the filesystem (dirdb), in addition to the standard in-memory RBT
(Red Black Tree) zone database. It also includes support for DLZ
(Dynamic Loadable Zones)
%endif
%package libs-lite
Summary: Libraries for working with the DNS protocol
Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7
Provides: bind-libbind-devel = 31:9.3.3-4.fc7
Requires: bind-license = %{epoch}:%{version}-%{release}
%description libs-lite
Lite libs of BIND.
%package libs
Summary: Libraries for BIND
Requires: bind-license = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite = %{epoch}:%{version}-%{release}
%description libs
BIND suite libraries.
%package utils
Summary: Utilities for bind
Requires: bind-libs = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite = %{epoch}:%{version}-%{release}
Requires: python3-bind = %{epoch}:%{version}-%{release}
%description utils
Bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.
You should install bind-utils if you need to get information from DNS name
servers.
%package devel
Summary: Header files and libraries needed for BIND DNS development
Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release}
Provides: bind-libbind-devel = 31:9.3.3-4.fc7 bind-lite-devel
Obsoletes: bind-libbind-devel < 31:9.3.3-4.fc7 bind-lite-devel
%description devel
The bind-devel package contains full version of the header files and libraries
required for development with ISC BIND 9.
%package chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named(8)
Prefix: /var/named/chroot
Requires: bind = %{epoch}:%{version}-%{release} grep
%description chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%if %{with SDB}
%package sdb-chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named-sdb(8)
Prefix: /var/named/chroot_sdb
Requires: bind-sdb = %{epoch}:%{version}-%{release} grep
%description sdb-chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named-sdb(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%endif
%package -n python3-bind
Summary: A module allowing rndc commands to be sent from Python programs
Requires: bind = %{epoch}:%{version}-%{release}
Requires: python3 python3-ply %{py3_dist ply}
BuildArch: noarch
%{?python_provide:%python_provide python3-bind}
%{?python_provide:%python_provide python3-isc}
%description -n python3-bind
This package provides a module which allows commands to be sent to rndc directly from Python programs.
%if %{with EXPORT_LIBS}
%package export-libs
Summary: ISC libs for DHCP application
Provides: bind99-libs = 9.9.11-4
Obsoletes: bind99-libs < 9.9.11-4
%description export-libs
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. This package set contains only export
version of BIND libraries, that are used for building ISC DHCP.
%package export-devel
Summary: Header files and libraries needed for BIND export libraries
Requires: bind-export-libs = %{epoch}:%{version}-%{release} openssl-devel libcap-devel
Obsoletes: bind99-devel < 9.9.11-4
Conflicts: bind99-devel
%description export-devel
This package contains export version of the header files and libraries
required for development with ISC BIND. These headers and libraries
are used for building ISC DHCP.
%endif
%prep
%setup -q -n %{name}-%{version}-P2
%patch0001 -p1
%patch0003 -p1
%patch0004 -p1
%patch0005 -p0
%patch0006 -p1
%patch0007 -p1
%patch0008 -p1
%patch0009 -p1
%patch0010 -p1
%patch0011 -p1
%patch0012 -p1
%patch0013 -p1
%patch0014 -p1
%patch0015 -p1
%patch0016 -p1
%patch0017 -p1
%patch0018 -p1
%patch0019 -p1
%patch0020 -p1
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data
%if %{with PKCS11}
cp -r bin/named bin/named-pkcs11
cp -r bin/dnssec bin/dnssec-pkcs11
cp -r lib/isc lib/isc-pkcs11
cp -r lib/dns lib/dns-pkcs11
%patch0021 -p1
%patch0022 -p1
%endif
%if %{with SDB}
%patch0023 -p1
mkdir bin/named-sdb
mkdir bin/sdb_tools
cp -r bin/named/* bin/named-sdb
%patch0024 -p1
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named-sdb
cp -fp contrib/sdb/pgsql/pgsqldb.[ch] bin/named-sdb
cp -fp contrib/sdb/sqlite/sqlitedb.[ch] bin/named-sdb
cp -fp contrib/sdb/dir/dirdb.[ch] bin/named-sdb
cp -fp %{SOURCE9} bin/sdb_tools/ldap2zone.c
cp -fp %{SOURCE3} bin/sdb_tools/Makefile.in
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/sdb_tools
cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools
cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools
%patch0025 -p1
%patch0026 -p1
%patch0027 -p1
%endif
%patch0028 -p1
%patch0029 -p1
%patch9000 -p1
%patch9001 -p1
%patch6001 -p1
%patch6002 -p1
%patch6003 -p1
%patch6004 -p1
%patch6005 -p1
%patch6006 -p1
%patch6007 -p1
%patch6008 -p1
%patch6009 -p1
%patch6010 -p1
%patch6011 -p1
%patch6012 -p1
%patch6013 -p1
%patch6014 -p1
%patch6015 -p1
%patch6016 -p1
%patch6017 -p1
%patch6018 -p1
%patch6019 -p1
%patch6020 -p1
%patch9002 -p1
%build
%define _configure "../configure"
%define unit_prepare_build() \
cp -uv Kyuafile Atffile "%{1}/" \
find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'Atffile' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
%define systemtest_prepare_build() \
cp -Tuav bin/tests "%{1}/bin/tests/" \
cp -uv version "%{1}"
%if %{with KYUA}
ATF_PATH=/usr
%else
ATF_PATH=yes
%endif
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE"
export STD_CDEFINES="$CPPFLAGS"
sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{version}-%{release}/' version
libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
mkdir build
pushd build
export LIBDIR_SUFFIXi=
%configure \
--with-python=%{__python3} --with-libtool --localstatedir=/var \
--enable-threads --enable-ipv6 --enable-filter-aaaa --with-pic \
--disable-static --includedir=%{_includedir}/bind9 --with-geoip \
--with-tuning=large --with-libidn2 --enable-openssl-hash \
--enable-fixed-rrset --enable-full-report \
--with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \
%if %{with PKCS11}
--enable-native-pkcs11 --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
%endif
%if %{with SDB}
--with-dlopen=yes --with-dlz-ldap=yes --with-dlz-postgres=yes \
--with-dlz-mysql=yes --with-dlz-filesystem=yes --with-dlz-bdb=yes \
%endif
%if %{with GSSTSIG}
--with-gssapi=yes --disable-isc-spnego \
%endif
%if %{with LMDB}
--with-lmdb=yes \
%else
--with-lmdb=no \
%endif
%if %{with UNITTEST}
--with-atf=${ATF_PATH}
%endif
make -j32
cp -rv doc/* ../doc/
pushd bin/dig
make man
popd
pushd bin/python
make man
popd
%if ! %{with KYUA}
ATF_PATH="`pwd`/unit/atf"
sed -i -e '/^SUBDIRS =/s/atf-src//i' unit/Makefile
%endif
popd # build
%unit_prepare_build build
%systemtest_prepare_build build
%if %{with EXPORT_LIBS}
cp isc-config.sh.1 isc-export-config.sh.1
mkdir export-libs
pushd export-libs
export LIBDIR_SUFFIX=%{_export_dir}
%{configure} \
--with-libtool --disable-static --disable-epoll --disable-kqueue \
--libdir=%{_libdir}%{_export_dir} --enable-openssl-hash \
--includedir=%{_includedir}%{_export_dir}/ --disable-threads \
--enable-fixed-rrset --disable-rpz-nsip --disable-rpz-nsdname \
--without-lmdb --without-libxml2 --without-libjson \
--without-zlib --without-dlopen --enable-full-report \
%if %{with GSSTSIG}
--with-gssapi=yes --disable-isc-spnego \
%endif
%if %{with UNITTEST}
--with-atf=${ATF_PATH}
%endif
mv isc-config.sh isc-export-config.sh
sed -i \
-e '/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \
-e 's/isc-config.sh/isc-export-config.sh/g' \
-e 's/bind9-config/bind9-export-config/g' \
Makefile
sed -i -e "/^SUBDIRS =/s/.*/SUBDIRS = isc dns isccfg irs/i" lib/Makefile
sed -i -e '/^SUBDIRS =/s/atf-src//i' unit/Makefile
for lib in isc dns isccfg irs; do
find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \;
sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \
-e "s/lib${lib}\./lib${lib}-export\./g" \
-i isc-export-config.sh
done
make -j32
popd
%unit_prepare_build export-libs
sed -e '/^\s*include(.*-pkcs11/ d' -e '/^\s*include(.*lwres/ d' -i export-libs/lib/Kyuafile
%endif #end EXPORT_LIBS
%check
%if %{with SYSTEMTEST}
if [ "`whoami`" = 'root' ]; then
set -e
chmod -R a+rwX .
pushd bin/tests
pushd system
./ifconfig.sh up
popd
make test
e=$?
pushd system
./ifconfig.sh down
popd
popd
if [ "$e" -ne 0 ]; then
echo "ERROR: 'make test' failed. Aborting."
exit $e;
fi
fi
%endif
%install
mkdir -p ${RPM_BUILD_ROOT}/var/log
mkdir -p ${RPM_BUILD_ROOT}/run/named
mkdir -p ${RPM_BUILD_ROOT}/etc/logrotate.d
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/{dev,etc,var,run/named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/var/{log,named,tmp}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/crypto-policies/back-ends
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/{pki/dnssec-keys,named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/%{_libdir}/bind
pushd ${RPM_BUILD_ROOT}/var/named/chroot/var
ln -s ../run run
popd
touch ${RPM_BUILD_ROOT}/var/named/chroot/etc/named.conf
%if %{with SDB}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/{dev,etc,var,run/named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var/{log,named,tmp}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/crypto-policies/back-ends
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/{pki/dnssec-keys,named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/%{_libdir}/bind
pushd ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var
ln -s ../run run
popd
touch ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/named.conf
%endif
pushd build
%make_install
popd
%if %{with EXPORT_LIBS}
pushd export-libs
%make_install
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d
echo "%{_libdir}%{_export_dir}" > ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf
cp -fp config.h ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}
rm -rf ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pkcs11/
rm -f ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pk11/{constants,internal,pk11,result}.h
popd
%endif
rm -f ${RPM_BUILD_ROOT}/etc/bind.keys
install -d ${RPM_BUILD_ROOT}%{_unitdir}
install -d ${RPM_BUILD_ROOT}%{_libexecdir}
install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE23} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE25} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
install -m 644 %{SOURCE28} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}/etc/logrotate.d/named
%if %{with SDB}
install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE24} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_mandir}/man1/ldap2zone.1
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_mandir}/man8/named-sdb.8
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_mandir}/man1/zonetodb.1
install -m 644 %{SOURCE13} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1
%endif
%if %{with PKCS11}
install -m 644 %{SOURCE26} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 755 %{SOURCE27} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -s named.8.gz named-pkcs11.8.gz
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
ln -s dnssec-coverage.8.gz dnssec-coverage-pkcs11.8.gz
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
popd
%endif
%if %{with SDB}
install -d ${RPM_BUILD_ROOT}/etc/openldap/schema
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema
install -m 644 %{SOURCE5} contrib/sdb/pgsql/
%endif
install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc
cp -fp build/config.h ${RPM_BUILD_ROOT}/%{_includedir}/bind9
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE8}
touch ${RPM_BUILD_ROOT}/etc/rndc.key
touch ${RPM_BUILD_ROOT}/etc/rndc.conf
install -m 640 %{SOURCE7} ${RPM_BUILD_ROOT}/etc/named.conf
mkdir -p sample/etc sample/var/named/{data,slaves}
mkdir ${RPM_BUILD_ROOT}/etc/named
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/trusted-key.key
install -m 644 %{SOURCE6} sample/etc/named.conf
install -m 644 %{SOURCE7} named.conf.default
install -m 644 ${RPM_BUILD_ROOT}/etc/named.rfc1912.zones sample/etc/named.rfc1912.zones
install -m 644 ${RPM_BUILD_ROOT}/var/named/{named.ca,named.localhost,named.loopback,named.empty} sample/var/named
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
install -m 644 %{SOURCE22} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
%pre
if [ "$1" -eq 1 ]; then
/usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
/usr/sbin/useradd -u %{bind_uid} -r -N -M -g named -s /bin/false -d /var/named -c Named named >/dev/null 2>&1 || :;
fi
%post
/sbin/ldconfig
%selinux_set_booleans named_write_master_zones=1
if [ "$1" -eq 1 ]; then
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
else
if getent passwd named | grep ':/sbin/nologin$' >/dev/null; then
usermod -s /bin/false named
fi
fi
%systemd_post named.service
%preun
%systemd_preun named.service
%postun
/sbin/ldconfig
%selinux_unset_booleans named_write_master_zones=1
%systemd_postun_with_restart named.service
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%post libs-lite -p /sbin/ldconfig
%postun libs-lite -p /sbin/ldconfig
%if %{with SDB}
%post sdb
%systemd_post named-sdb.service
%preun sdb
%systemd_preun named-sdb.service
%postun sdb
%systemd_postun_with_restart named-sdb.service
%endif #end SDB
%if %{with PKCS11}
%post pkcs11
/sbin/ldconfig
%systemd_post named-pkcs11.service
%preun pkcs11
%systemd_preun named-pkcs11.service
%postun pkcs11
/sbin/ldconfig
%systemd_postun_with_restart named-pkcs11.service
%endif #end PKCS11
%triggerpostun -n bind -- bind <= 32:9.5.0-20.b1
if [ "$1" -gt 0 ]; then
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
%triggerun -- bind < 32:9.9.0-0.6.rc1
/sbin/chkconfig --del named >/dev/null 2>&1 || :
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
%if %{with EXPORT_LIBS}
%post export-libs
/sbin/ldconfig
%postun export-libs
/sbin/ldconfig
%endif
%define chroot_fix_devices() \
if [ $1 -gt 1 ]; then \
for DEV in "%{1}/dev"/{null,random,zero}; do \
if [ -e "$DEV" -a "$(/bin/stat --printf="%G %a" "$DEV")" = "root 644" ]; then \
/bin/chmod 0664 "$DEV" \
/bin/chgrp named "$DEV" \
fi \
done \
fi
%post chroot
%systemd_post named-chroot.service
%chroot_fix_devices /var/named/chroot
%posttrans chroot
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
[ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot/dev/* > /dev/null 2>&1;
fi
%preun chroot
%systemd_preun named-chroot.service named-chroot-setup.service
%postun chroot
%systemd_postun_with_restart named-chroot.service
%if %{with SDB}
%post sdb-chroot
%systemd_post named-sdb-chroot.service
%chroot_fix_devices /var/named/chroot_sdb
%posttrans sdb-chroot
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
[ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot_sdb/dev/* > /dev/null 2>&1;
fi
%preun sdb-chroot
%systemd_preun named-sdb-chroot.service
%postun sdb-chroot
%systemd_postun_with_restart named-sdb-chroot.service
%endif #end SDB
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%license COPYRIGHT
%doc CHANGES README named.conf.default doc/arm/*html doc/arm/*pdf sample/
%{_libdir}/bind
%{_bindir}/named-rrchecker
%{_bindir}/mdig
%{_sbindir}/named-journalprint
%{_sbindir}/named-checkconf
%{_sbindir}/lwresd
%{_sbindir}/named
%{_sbindir}/rndc*
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
%{_tmpfilesdir}/named.conf
%{_sysconfdir}/rwtab.d/named
%{_libexecdir}/generate-rndc-key.sh
%{_unitdir}/named.service
%{_unitdir}/named-setup-rndc.service
%{_mandir}/man1/mdig.1*
%{_mandir}/man1/named-rrchecker.1*
%{_mandir}/man5/named.conf.5*
%{_mandir}/man5/rndc.conf.5*
%{_mandir}/man8/rndc.8*
%{_mandir}/man8/named.8*
%{_mandir}/man8/lwresd.8*
%{_mandir}/man8/named-checkconf.8*
%{_mandir}/man8/rndc-confgen.8*
%{_mandir}/man8/named-journalprint.8*
%defattr(0640,root,named,0750)
%dir %{_sysconfdir}/named
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
%defattr(0660,root,named,01770)
%dir %{_localstatedir}/named
%defattr(0660,named,named,0770)
%dir %{_localstatedir}/named/slaves
%dir %{_localstatedir}/named/data
%dir %{_localstatedir}/named/dynamic
%ghost %{_localstatedir}/log/named.log
%defattr(0640,root,named,0750)
%config %verify(not link) %{_localstatedir}/named/named.ca
%config %verify(not link) %{_localstatedir}/named/named.localhost
%config %verify(not link) %{_localstatedir}/named/named.loopback
%config %verify(not link) %{_localstatedir}/named/named.empty
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/named
%defattr(-,named,named,-)
%dir /run/named
%files libs
%{_libdir}/libbind9.so.160*
%{_libdir}/libisccc.so.160*
%{_libdir}/liblwres.so.160*
%files libs-lite
%{_libdir}/libdns.so.1102*
%{_libdir}/libirs.so.160*
%{_libdir}/libisc.so.169*
%{_libdir}/libisccfg.so.160*
%files utils
%{_bindir}/dig
%{_bindir}/delv
%{_bindir}/host
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_bindir}/arpaname
%{_sbindir}/ddns-confgen
%{_sbindir}/tsig-keygen
%{_sbindir}/genrandom
%{_sbindir}/nsec3hash
%{_sbindir}/dnssec*
%{_sbindir}/isc-hmac-fixup
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%if %{with LMDB}
%{_sbindir}/named-nzd2nzf
%endif
%if %{with PKCS11}
%exclude %{_sbindir}/dnssec*pkcs11
%endif
%{_mandir}/man1/host.1*
%{_mandir}/man1/nsupdate.1*
%{_mandir}/man1/dig.1*
%{_mandir}/man1/delv.1*
%{_mandir}/man1/nslookup.1*
%{_mandir}/man1/arpaname.1*
%{_mandir}/man8/ddns-confgen.8*
%{_mandir}/man8/tsig-keygen.8*
%{_mandir}/man8/genrandom.8*
%{_mandir}/man8/nsec3hash.8*
%{_mandir}/man8/dnssec*.8*
%if %{with PKCS11}
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
%endif
%{_mandir}/man8/isc-hmac-fixup.8*
%{_mandir}/man8/named-checkzone.8*
%{_mandir}/man8/named-compilezone.8*
%if %{with LMDB}
%{_mandir}/man8/named-nzd2nzf.8*
%endif
%{_sysconfdir}/trusted-key.key
%if %{with SDB}
%files sdb
%doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql
%dir %{_sysconfdir}/openldap/schema
%config(noreplace) %{_sysconfdir}/openldap/schema/dnszone.schema
%{_sbindir}/named-sdb
%{_sbindir}/zone2ldap
%{_sbindir}/ldap2zone
%{_sbindir}/zonetodb
%{_sbindir}/zone2sqlite
%{_unitdir}/named-sdb.service
%{_mandir}/man1/zone2ldap.1*
%{_mandir}/man1/ldap2zone.1*
%{_mandir}/man1/zonetodb.1*
%{_mandir}/man1/zone2sqlite.1*
%{_mandir}/man1/isc-config.sh.1*
%{_mandir}/man1/bind9-config.1*
%{_mandir}/man3/lwres*
%{_mandir}/man8/named-sdb.8*
%endif #end SDB
%files devel
%dir %{_includedir}/bind9
%dir %{_includedir}/bind9/pk11
%{_libdir}/libbind9.so
%{_libdir}/libisccc.so
%{_libdir}/liblwres.so
%{_libdir}/libdns.so
%{_libdir}/libirs.so
%{_libdir}/libisc.so
%{_libdir}/libisccfg.so
%{_includedir}/bind9/config.h
%{_includedir}/bind9/bind9
%{_includedir}/bind9/isccc
%{_includedir}/bind9/lwres
%{_includedir}/bind9/dns
%{_includedir}/bind9/dst
%{_includedir}/bind9/irs
%{_includedir}/bind9/isc
%{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/isccfg
%{_bindir}/isc-config.sh
%{_bindir}/bind9-config
%files chroot
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-chroot.service
%{_unitdir}/named-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%defattr(0664,root,named,-)
%ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot/dev/null
%ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot/dev/random
%ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot/dev/urandom
%ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot/dev/zero
%defattr(0640,root,named,0750)
%dir /var/named/chroot
%dir /var/named/chroot/{dev,etc,var,run}
%dir /var/named/chroot/etc/{named,pki}
%dir /var/named/chroot/etc/pki/dnssec-keys
%dir /var/named/chroot/etc/crypto-policies
%dir /var/named/chroot/etc/crypto-policies/back-ends
%ghost %config(noreplace) /var/named/chroot/etc/named.conf
%defattr(-,root,root,-)
%dir /var/named/chroot/{usr,%{_libdir}}
%dir /var/named/chroot/%{_libdir}/bind
%defattr(0660,root,named,01770)
%dir /var/named/chroot/var/named
%defattr(0660,named,named,0770)
%dir /var/named/chroot/var/{tmp,log}
%defattr(-,named,named,-)
%dir /var/named/chroot/run/named
/var/named/chroot/var/run
%if %{with SDB}
%files sdb-chroot
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-sdb-chroot.service
%{_unitdir}/named-sdb-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%defattr(0664,root,named,-)
%ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot_sdb/dev/null
%ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot_sdb/dev/random
%ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot_sdb/dev/urandom
%ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot_sdb/dev/zero
%defattr(0640,root,named,0750)
%dir /var/named/chroot_sdb
%dir /var/named/chroot_sdb/{dev,etc,var,run}
%dir /var/named/chroot_sdb/etc/{named,pki}
%dir /var/named/chroot_sdb/etc/pki/dnssec-keys
%dir /var/named/chroot_sdb/etc/crypto-policies
%dir /var/named/chroot_sdb/etc/crypto-policies/back-ends
%ghost %config(noreplace) /var/named/chroot_sdb/etc/named.conf
%defattr(0660,root,named,01770)
%dir /var/named/chroot_sdb/var/named
%defattr(-,root,root,-)
%dir /var/named/chroot_sdb/{usr,%{_libdir}}
%dir /var/named/chroot_sdb/%{_libdir}/bind
%defattr(0660,named,named,0770)
%dir /var/named/chroot_sdb/var/{tmp,log}
%defattr(-,named,named,-)
%dir /var/named/chroot_sdb/run/named
/var/named/chroot_sdb/var/run
%endif #end SDB
%if %{with PKCS11}
%files pkcs11
%{_sbindir}/named-pkcs11
%{_sbindir}/dnssec*pkcs11
%{_sbindir}/pkcs11-*
%{_libdir}/libdns-pkcs11.so.1102*
%{_libdir}/libisc-pkcs11.so.169*
%{_unitdir}/named-pkcs11.service
%{_libexecdir}/setup-named-softhsm.sh
%{_mandir}/man8/*pkcs11*.8*
%files pkcs11-devel
%{_libdir}/lib*-pkcs11.so
%{_includedir}/bind9/pk11/*.h
%{_includedir}/bind9/pkcs11
%exclude %{_includedir}/bind9/pk11/site.h
%endif #end PKCS11
%if %{with EXPORT_LIBS}
%files export-libs
%dir %{_libdir}/%{_export_dir}
%{_libdir}/%{_export_dir}/libdns-export.so.1102*
%{_libdir}/%{_export_dir}/libirs-export.so.160*
%{_libdir}/%{_export_dir}/libisc-export.so.169*
%{_libdir}/%{_export_dir}/libisccfg-export.so.160*
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf
%files export-devel
%{_libdir}/%{_export_dir}/lib*-export.so
%{_includedir}/%{_export_dir}/{dns,dst,irs,isc,isccfg}
%{_includedir}/%{_export_dir}/pk11/site.h
%{_includedir}/%{_export_dir}/config.h
%attr(0755,root,root) %{_bindir}/isc-export-config.sh
%{_bindir}/bind9-export-config
%{_mandir}/man1/*-export-config*.1*
%endif #end EXPORT_LIBS
%files -n python3-bind
%{python3_sitelib}/*.egg-info
%{python3_sitelib}/isc/
%changelog
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 9.11.4-12
- Package init
Reference in New Issue Copy Permalink