%bcond_without LMDB %bcond_without JSON %bcond_with DNSTAP %bcond_with DLZ %bcond_with SYSTEMTEST %bcond_without UNITTEST %bcond_with SDB %bcond_without GSSTSIG %bcond_without PKCS11 %bcond_without EXPORT_LIBS %bcond_with TSAN %{?!bind_uid: %global bind_uid 25} %{?!bind_gid: %global bind_gid 25} %{!?_export_dir:%global _export_dir /bind9-export/} %undefine _strict_symbol_defs_build Name: bind Summary: Domain Name System (DNS) Server (named) License: MPLv2.0 Version: 9.11.21 Release: 11 Epoch: 32 Url: https://www.isc.org/downloads/bind/ Source0: https://ftp.isc.org/isc/bind9/9.11.21/bind-%{version}.tar.gz Source1: named.sysconfig Source2: named.logrotate Source3: bind-9.3.1rc1-sdb_tools-Makefile.in Source4: dnszone.schema Source5: README.sdb_pgsql Source6: named.conf.sample Source7: named.conf #Source8: config-18.tar.bz2 Source9: ldap2zone.c Source10: ldap2zone.1 Source11: named-sdb.8 Source12: zonetodb.1 Source13: zone2sqlite.1 Source14: bind.tmpfiles.d Source15: trusted-key.key Source16: named.service Source17: named-chroot.service Source18: named-sdb.service Source19: named-sdb-chroot.service Source20: setup-named-chroot.sh Source21: generate-rndc-key.sh Source22: named.rwtab Source23: named-chroot-setup.service Source24: named-sdb-chroot-setup.service Source25: named-setup-rndc.service Source26: named-pkcs11.service Source27: setup-named-softhsm.sh Source28: named-chroot.files Source29: random.data Source30: https://www.internic.net/domain/named.root Source31: named.rfc1912.zones Source32: named.empty Source33: named.localhost Source34: named.loopback Source35: named.root.key BuildRequires: openssl-devel libtool autoconf pkgconfig libcap-devel python3-devel python3-ply docbook-style-xsl BuildRequires: libidn2-devel libxml2-devel make systemd selinux-policy findutils sed libxslt gdb BuildRequires: chrpath %if %{with SDB} BuildRequires: openldap-devel libpq-devel sqlite-devel mariadb-connector-c-devel %endif %if %{with UNITTEST} BuildRequires: libcmocka-devel kyua %endif %if %{with PKCS11} BuildRequires: softhsm %endif %if %{with SYSTEMTEST} BuildRequires: net-tools perl(Net::DNS) perl(Net::DNS::Nameserver) %endif %if %{with GSSTSIG} BuildRequires: krb5-devel %endif %if %{with LMDB} BuildRequires: lmdb-devel %endif %if %{with JSON} BuildRequires: json-c-devel %endif %if %{with DNSTAP} BuildRequires: fstrm-devel protobuf-c-devel %endif %if %{with TSAN} BuildRequires: libtsan %endif Requires: systemd coreutils shadow-utils glibc-common grep policycoreutils-python-utils Requires: python3-bind = %{epoch}:%{version}-%{release} libselinux-utils selinux-policy bind-libs = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release} Provides: bind-config = 30:9.3.2-34.fc6 caching-nameserver = 31:9.4.1-7.fc8 dnssec-conf = 1.27-2 Provides: bind-license Obsoletes: bind-config < 30:9.3.2-34.fc6 caching-nameserver < 31:9.4.1-7.fc8 dnssec-conf < 1.27-2 Obsoletes: bind-license # Common patches Patch10: bind-9.5-PIE.patch Patch16: bind-9.3.2-redhat_doc.patch Patch72: bind-9.5-dlz-64bit.patch Patch101:bind-96-old-api.patch Patch102:bind-95-rh452060.patch Patch106:bind93-rh490837.patch Patch109:bind97-rh478718.patch Patch112:bind97-rh645544.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch Patch131:bind-9.9.1-P2-multlib-conflict.patch Patch133:bind99-rh640538.patch Patch134:bind97-rh669163.patch Patch136:bind-9.10-dist-native-pkcs11.patch Patch137:bind-9.10-use-of-strlcat.patch Patch140:bind-9.11-rh1410433.patch Patch145:bind-9.11-rh1205168.patch Patch149:bind-9.11-kyua-pkcs11.patch Patch150:bind-9.11-engine-pkcs11.patch Patch153:bind-9.11-export-suffix.patch Patch154:bind-9.11-oot-manual.patch Patch155:bind-9.11-pk11.patch Patch156:bind-9.11-fips-code.patch Patch157:bind-9.11-fips-tests.patch Patch158:bind-9.11-rt31459.patch Patch159:bind-9.11-rt46047.patch Patch160:bind-9.11-rh1624100.patch Patch161:bind-9.11-host-idn-disable.patch Patch163:bind-9.11-rh1663318.patch Patch164:bind-9.11-rh1666814.patch Patch168:bind-9.11-unit-disable-random.patch Patch170:bind-9.11-feature-test-named.patch Patch171:bind-9.11-tests-variants.patch Patch172:bind-9.11-tests-pkcs11.patch Patch173:bind-9.11-rh1732883.patch Patch174:bind-9.11-json-c.patch Patch175:bind-9.11-fips-disable.patch Patch177: bind-9.11-serve-stale.patch Patch178: bind-9.11-serve-stale-dbfix.patch Patch183: bind-9.11-rh1736762-5.patch Patch184: feature-bind99-euler-range-port.patch Patch185: bugfix-nslookup-norec.patch Patch186: bugfix-named-log-time.patch Patch187: dnssec-checkds-s.patch Patch188: do-not-treat-a-referral-with-a-non-empty-ANSWER-sect.patch Patch189: Add-some-DBC-checks-in-dighost-fix-race-between-clea.patch Patch190: Use-clock_gettime-instead-of-gettimeofday.patch Patch191: CVE-2020-8622.patch Patch192: CVE-2020-8623.patch Patch193: CVE-2020-8624.patch Patch194: Fix_the_difference_at_the_macro_definition_using_clock_gettime_instead_of_gettimeofda.patch Patch195: CVE-2020-8625.patch Patch196: backport-CVE-2021-25214.patch Patch197: backport-CVE-2021-25215.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch Patch12: bind-9.10-sdb.patch # needs inpection Patch13: bind-9.3.2b1-fix_sdb_ldap.patch %description Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. %if %{with PKCS11} %package pkcs11 Summary: Bind with native PKCS#11 functionality for crypto Requires: systemd bind-libs-lite = %{epoch}:%{version}-%{release} Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release} Recommends: softhsm Provides: bind-pkcs11-libs = %{epoch}:%{version}-%{release} bind-pkcs11-utils = %{epoch}:%{version}-%{release} Obsoletes:bind-pkcs11-libs < %{epoch}:%{version}-%{release} bind-pkcs11-utils < %{epoch}:%{version}-%{release} %description pkcs11 This is a version of BIND server built with native PKCS#11 functionality. It is important to have SoftHSM v2+ installed and some token initialized. For other supported HSM modules please check the BIND documentation. %package pkcs11-devel Summary: Development files for Bind libraries compiled with native PKCS#11 Requires: bind-pkcs11 = %{epoch}:%{version}-%{release} Requires: bind-devel = %{epoch}:%{version}-%{release} %description pkcs11-devel This a set of development files for BIND libraries (dns, isc) compiled with native PKCS#11 functionality. %endif %if %{with SDB} %package sdb Summary: BIND server with database backends and DLZ support Requires: systemd bind-libs = %{epoch}:%{version}-%{release} Requires: bind = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release} %description sdb BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named-sdb) which has compiled-in SDB (Simplified Database Backend) which includes support for using alternative Zone Databases stored in an LDAP server (ldapdb), a postgreSQL database (pgsqldb), an sqlite database (sqlitedb), or in the filesystem (dirdb), in addition to the standard in-memory RBT (Red Black Tree) zone database. It also includes support for DLZ (Dynamic Loadable Zones) %endif %package libs-lite Summary: Libraries for working with the DNS protocol Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7 Provides: bind-libbind-devel = 31:9.3.3-4.fc7 Requires: bind-license = %{epoch}:%{version}-%{release} %description libs-lite Lite libs of BIND. %package libs Summary: Libraries for BIND Requires: bind-license = %{epoch}:%{version}-%{release} Requires: bind-libs-lite = %{epoch}:%{version}-%{release} %description libs BIND suite libraries. %package utils Summary: Utilities for bind Requires: bind-libs = %{epoch}:%{version}-%{release} Requires: bind-libs-lite = %{epoch}:%{version}-%{release} Requires: python3-bind = %{epoch}:%{version}-%{release} %description utils Bind-utils contains a collection of utilities for querying DNS (Domain Name System) name servers to find out information about Internet hosts. These tools will provide you with the IP addresses for given host names, as well as other information about registered domains and network addresses. You should install bind-utils if you need to get information from DNS name servers. %package devel Summary: Header files and libraries needed for BIND DNS development Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release} Provides: bind-libbind-devel = 31:9.3.3-4.fc7 bind-lite-devel Obsoletes: bind-libbind-devel < 31:9.3.3-4.fc7 bind-lite-devel %description devel The bind-devel package contains full version of the header files and libraries required for development with ISC BIND 9. %package chroot Summary: A chroot runtime environment for the ISC BIND DNS server, named(8) Prefix: /var/named/chroot Requires: bind = %{epoch}:%{version}-%{release} grep %description chroot This package contains a tree of files which can be used as a chroot(2) jail for the named(8) program from the BIND package. Based on the code from Jan "Yenya" Kasprzak %if %{with SDB} %package sdb-chroot Summary: A chroot runtime environment for the ISC BIND DNS server, named-sdb(8) Prefix: /var/named/chroot_sdb Requires: bind-sdb = %{epoch}:%{version}-%{release} grep %description sdb-chroot This package contains a tree of files which can be used as a chroot(2) jail for the named-sdb(8) program from the BIND package. Based on the code from Jan "Yenya" Kasprzak %endif %package -n python3-bind Summary: A module allowing rndc commands to be sent from Python programs Requires: bind = %{epoch}:%{version}-%{release} Requires: python3 python3-ply %{?py3_dist:%py3_dist ply} BuildArch: noarch %{?python_provide:%python_provide python3-bind} %{?python_provide:%python_provide python3-isc} %description -n python3-bind This package provides a module which allows commands to be sent to rndc directly from Python programs. %if %{with EXPORT_LIBS} %package export-libs Summary: ISC libs for DHCP application Provides: bind99-libs = 9.9.11-4 Obsoletes: bind99-libs < 9.9.11-4 %description export-libs BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP. %package export-devel Summary: Header files and libraries needed for BIND export libraries Requires: bind-export-libs = %{epoch}:%{version}-%{release} openssl-devel libcap-devel Obsoletes: bind99-devel < 9.9.11-4 Conflicts: bind99-devel %description export-devel This package contains export version of the header files and libraries required for development with ISC BIND. These headers and libraries are used for building ISC DHCP. %endif %prep %setup -q -n %{name}-%{version} # Common patches %patch10 -p1 -b .PIE %patch16 -p1 -b .redhat_doc %patch72 -p1 -b .64bit %patch102 -p1 -b .rh452060 %patch106 -p1 -b .rh490837 %patch109 -p1 -b .rh478718 %patch112 -p1 -b .rh645544 %patch130 -p1 -b .libdb %patch131 -p1 -b .multlib-conflict %patch140 -p1 -b .rh1410433 %patch145 -p1 -b .rh1205168 %patch153 -p1 -b .export_suffix %patch154 -p1 -b .oot-man %patch155 -p1 -b .pk11-internal %patch156 -p1 -b .fips-code %patch157 -p1 -b .fips-tests %patch158 -p1 -b .rt31459 %patch159 -p1 -b .rt46047 %patch160 -p1 -b .rh1624100 %patch161 -p1 -b .host-idn-disable %patch163 -p1 -b .rh1663318 %patch164 -p1 -b .rh1666814 %patch168 -p1 -b .random_test-disable %patch170 -p1 -b .featuretest-named %patch171 -p1 -b .test-variant %patch172 -p1 -b .test-pkcs11 %patch173 -p1 -b .rh1732883 %patch174 -p1 -b .json-c %patch175 -p1 -b .rh1709553 %patch177 -p1 -b .serve-stale %patch178 -p1 -b .rh1770492 %patch183 -p1 -b .rh1736762-5 %patch184 -p1 %patch185 -p1 %patch186 -p1 %patch187 -p1 %patch188 -p1 %patch189 -p1 %patch190 -p1 %patch191 -p1 %patch192 -p1 %patch193 -p1 %patch194 -p1 %patch195 -p1 %patch196 -p1 %patch197 -p1 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data %if %{with PKCS11} cp -r bin/named{,-pkcs11} cp -r bin/dnssec{,-pkcs11} cp -r lib/isc{,-pkcs11} cp -r lib/dns{,-pkcs11} %patch136 -p1 -b .dist_pkcs11 %patch149 -p1 -b .kyua-pkcs11 %patch150 -p1 -b .engine-pkcs11 %endif %if %{with SDB} %patch101 -p1 -b .old-api mkdir bin/named-sdb cp -r bin/named/* bin/named-sdb %patch11 -p1 -b .sdbsrc # SDB ldap cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named-sdb # SDB postgreSQL cp -fp contrib/sdb/pgsql/pgsqldb.[ch] bin/named-sdb # SDB sqlite cp -fp contrib/sdb/sqlite/sqlitedb.[ch] bin/named-sdb # SDB Berkeley DB - needs to be ported to DB4! #cp -fp contrib/sdb/bdb/bdb.[ch] bin/named_sdb # SDB dir cp -fp contrib/sdb/dir/dirdb.[ch] bin/named-sdb # SDB tools mkdir -p bin/sdb_tools cp -fp %{SOURCE9} bin/sdb_tools/ldap2zone.c cp -fp %{SOURCE3} bin/sdb_tools/Makefile.in #cp -fp contrib/sdb/bdb/zone2bdb.c bin/sdb_tools cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/sdb_tools cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools %patch12 -p1 -b .sdb %patch13 -p1 -b .fix_sdb_ldap %patch137 -p1 -b .strlcat_fix %endif %patch133 -p1 -b .rh640538 %patch134 -p1 -b .rh669163 # Sparc and s390 arches need to use -fPIE %ifarch sparcv9 sparc64 s390 s390x for i in bin/named{,-sdb}/{,unix}/Makefile.in; do sed -i 's|fpie|fPIE|g' $i done %endif :; %build %define _configure "../configure" %define unit_prepare_build() \ cp -uv Kyuafile "%{1}/" \ find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \ find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \ %define systemtest_prepare_build() \ cp -Tuav bin/tests "%{1}/bin/tests/" \ cp -uv version "%{1}" CFLAGS="$CFLAGS $RPM_OPT_FLAGS" %if %{with TSAN} CFLAGS+=" -O1 -fsanitize=thread -fPIE -pie" %endif export CFLAGS export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE" export STD_CDEFINES="$CPPFLAGS" sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{version}-%{release}/' version libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f mkdir build pushd build export LIBDIR_SUFFIXi= %configure \ --with-python=%{__python3} --with-libtool --localstatedir=/var \ --enable-threads --enable-ipv6 --enable-filter-aaaa --with-pic \ --disable-static --includedir=%{_includedir}/bind9 \ --with-tuning=large --with-libidn2 --enable-openssl-hash \ --enable-fixed-rrset --enable-full-report \ --with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \ %if %{with PKCS11} --enable-native-pkcs11 --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \ %endif %if %{with SDB} --with-dlopen=yes --with-dlz-ldap=yes --with-dlz-postgres=yes \ --with-dlz-mysql=yes --with-dlz-filesystem=yes \ %endif %if %{with GSSTSIG} --with-gssapi=yes --disable-isc-spnego \ %endif %if %{with LMDB} --with-lmdb=yes \ %else --with-lmdb=no \ %endif %if %{with JSON} --with-libjson \ %endif %if %{with DNSTAP} --enable-dnstap \ %endif %if %{with UNITTEST} --with-cmocka \ %endif %if %{with DNSTAP} pushd lib SRCLIB="../../../lib" (cd dns && ln -s ${SRCLIB}/dns/dnstap.proto) %if %{with PKCS11} (cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto) %endif popd %endif %make_build cp -rv doc/* ../doc/ pushd bin/dig make man popd pushd bin/python make man popd popd # build %unit_prepare_build build %systemtest_prepare_build build %if %{with EXPORT_LIBS} cp isc-config.sh.1 isc-export-config.sh.1 mkdir export-libs pushd export-libs export LIBDIR_SUFFIX=%{_export_dir} %{configure} \ --with-libtool --disable-static --disable-epoll --disable-kqueue \ --libdir=%{_libdir}%{_export_dir} --enable-openssl-hash \ --includedir=%{_includedir}%{_export_dir}/ --disable-threads \ --enable-fixed-rrset --disable-rpz-nsip --disable-rpz-nsdname \ --without-lmdb --without-libxml2 --without-libjson \ --without-zlib --without-dlopen --enable-full-report \ %if %{with GSSTSIG} --with-gssapi=yes --disable-isc-spnego \ %endif %if %{with UNITTEST} --with-cmocka \ %endif mv isc-config.sh isc-export-config.sh sed -i \ -e '/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \ -e 's/isc-config.sh/isc-export-config.sh/g' \ -e 's/bind9-config/bind9-export-config/g' \ Makefile sed -i -e "/^SUBDIRS =/s/.*/SUBDIRS = isc dns isccfg irs/i" lib/Makefile for lib in isc dns isccfg irs; do find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \; sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \ -e "s/lib${lib}\./lib${lib}-export\./g" \ -i isc-export-config.sh done %make_build popd %unit_prepare_build export-libs # Test just compiled libraries for lib in %{bind_export_libs} do sed -e "s,^\s*include(.*${lib}/.*,-- use &," -i export-libs/lib/Kyuafile done sed -e "/^\s*include(/ d" -e 's/^-- use //' -i export-libs/lib/Kyuafile %endif #end EXPORT_LIBS %check %if %{with PKCS11} # Tests require initialization of pkcs11 token eval "$(bash %{SOURCE27} -A "`pwd`/softhsm-tokens")" %endif %if %{with TSAN} export TSAN_OPTIONS="log_exe_name=true log_path=ThreadSanitizer exitcode=0" %endif %if %{with UNITTEST} pushd build make unit e=$? if [ "$e" -ne 0 ]; then echo "ERROR: this build of BIND failed 'make unit'. Aborting." exit $e; fi; popd %if %{with EXPORT_LIBS} pushd export-libs make unit e=$? if [ "$e" -ne 0 ]; then echo "ERROR: this build of BIND export-libs failed 'make unit'. Aborting." exit $e; fi; popd %endif %endif %if %{with SYSTEMTEST} if [ "`whoami`" = 'root' ]; then set -e chmod -R a+rwX . pushd bin/tests pushd system ./ifconfig.sh up popd make test e=$? pushd system ./ifconfig.sh down popd popd if [ "$e" -ne 0 ]; then echo "ERROR: 'make test' failed. Aborting." exit $e; fi fi %endif %install mkdir -p ${RPM_BUILD_ROOT}/var/log mkdir -p ${RPM_BUILD_ROOT}/run/named mkdir -p ${RPM_BUILD_ROOT}/etc/logrotate.d mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8} mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/{dev,etc,var,run/named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/var/{log,named,tmp} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/crypto-policies/back-ends mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/{pki/dnssec-keys,named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/%{_libdir}/bind pushd ${RPM_BUILD_ROOT}/var/named/chroot/var ln -s ../run run popd touch ${RPM_BUILD_ROOT}/var/named/chroot/etc/named.conf %if %{with SDB} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/{dev,etc,var,run/named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var/{log,named,tmp} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/crypto-policies/back-ends mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/{pki/dnssec-keys,named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/%{_libdir}/bind pushd ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var ln -s ../run run popd touch ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/named.conf %endif pushd build %make_install popd %if %{with EXPORT_LIBS} pushd export-libs %make_install mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d echo "%{_libdir}%{_export_dir}" > ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf cp -fp config.h ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir} rm -rf ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pkcs11/ rm -f ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pk11/{constants,internal,pk11,result}.h popd %endif rm -f ${RPM_BUILD_ROOT}/etc/bind.keys install -d ${RPM_BUILD_ROOT}%{_unitdir} install -d ${RPM_BUILD_ROOT}%{_libexecdir} install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE23} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE25} ${RPM_BUILD_ROOT}%{_unitdir} install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named install -m 644 %{SOURCE28} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}/etc/logrotate.d/named %if %{with SDB} install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE24} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_mandir}/man1/ldap2zone.1 install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_mandir}/man8/named-sdb.8 install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_mandir}/man1/zonetodb.1 install -m 644 %{SOURCE13} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1 %endif %if %{with PKCS11} install -m 644 %{SOURCE26} ${RPM_BUILD_ROOT}%{_unitdir} install -m 755 %{SOURCE27} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh pushd ${RPM_BUILD_ROOT}%{_mandir}/man8 ln -s named.8.gz named-pkcs11.8.gz ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz ln -s dnssec-coverage.8.gz dnssec-coverage-pkcs11.8.gz ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz popd %endif %if %{with SDB} install -d ${RPM_BUILD_ROOT}/etc/openldap/schema install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema install -m 644 %{SOURCE5} contrib/sdb/pgsql/ %endif install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc cp -fp build/config.h ${RPM_BUILD_ROOT}/%{_includedir}/bind9 find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';'; touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log # configuration files install -m 640 %{SOURCE7} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf} install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named # data files mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named install -m 640 %{SOURCE30} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca install -m 640 %{SOURCE33} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost install -m 640 %{SOURCE34} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback install -m 640 %{SOURCE32} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty install -m 640 %{SOURCE31} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones mkdir -p sample/etc sample/var/named/{data,slaves} install -m 644 %{SOURCE6} sample/etc/named.conf install -m 644 %{SOURCE7} named.conf.default install -m 644 %{SOURCE31} sample/etc/named.rfc1912.zones install -m 644 %{SOURCE33} %{SOURCE34} %{SOURCE32} sample/var/named install -m 644 %{SOURCE30} sample/var/named/named.ca mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf install -m 644 %{SOURCE22} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named chrpath -d %{buildroot}/%{_libdir}/bind9-export/*.so* %pre if [ "$1" -eq 1 ]; then /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :; /usr/sbin/useradd -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :; fi %post /sbin/ldconfig %selinux_set_booleans named_write_master_zones=1 if [ "$1" -eq 1 ]; then [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ; [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key else if getent passwd named | grep ':/bin/false$' >/dev/null; then /sbin/usermod -s /sbin/nologin named fi fi %systemd_post named.service %preun %systemd_preun named.service %postun /sbin/ldconfig %selinux_unset_booleans named_write_master_zones=1 %systemd_postun_with_restart named.service %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %post libs-lite -p /sbin/ldconfig %postun libs-lite -p /sbin/ldconfig %if %{with SDB} %post sdb %systemd_post named-sdb.service %preun sdb %systemd_preun named-sdb.service %postun sdb %systemd_postun_with_restart named-sdb.service %endif #end SDB %if %{with PKCS11} %post pkcs11 /sbin/ldconfig %systemd_post named-pkcs11.service %preun pkcs11 %systemd_preun named-pkcs11.service %postun pkcs11 /sbin/ldconfig %systemd_postun_with_restart named-pkcs11.service %endif #end PKCS11 %triggerpostun -n bind -- bind <= 32:9.5.0-20.b1 if [ "$1" -gt 0 ]; then [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key fi %triggerun -- bind < 32:9.9.0-0.6.rc1 /sbin/chkconfig --del named >/dev/null 2>&1 || : /bin/systemctl try-restart named.service >/dev/null 2>&1 || : %if %{with EXPORT_LIBS} %post export-libs /sbin/ldconfig %end %postun export-libs /sbin/ldconfig %end %endif %define chroot_fix_devices() \ if [ $1 -gt 1 ]; then \ for DEV in "%{1}/dev"/{null,random,zero}; do \ if [ -e "$DEV" -a "$(/bin/stat --printf="%G %a" "$DEV")" = "root 644" ]; then \ /bin/chmod 0664 "$DEV" \ /bin/chgrp named "$DEV" \ fi \ done \ fi %post chroot %systemd_post named-chroot.service %chroot_fix_devices /var/named/chroot %posttrans chroot if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then [ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot/dev/* > /dev/null 2>&1; fi %preun chroot %systemd_preun named-chroot.service named-chroot-setup.service %postun chroot %systemd_postun_with_restart named-chroot.service %if %{with SDB} %post sdb-chroot %systemd_post named-sdb-chroot.service %chroot_fix_devices /var/named/chroot_sdb %posttrans sdb-chroot if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then [ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot_sdb/dev/* > /dev/null 2>&1; fi %preun sdb-chroot %systemd_preun named-sdb-chroot.service %postun sdb-chroot %systemd_postun_with_restart named-sdb-chroot.service %endif #end SDB %clean rm -rf ${RPM_BUILD_ROOT} %files %license COPYRIGHT %doc CHANGES README named.conf.default doc/arm/*html doc/arm/*pdf sample/ %{_libdir}/bind %{_bindir}/named-rrchecker %{_bindir}/mdig %{_sbindir}/named-journalprint %{_sbindir}/named-checkconf %{_sbindir}/lwresd %{_sbindir}/named %{_sbindir}/rndc* %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named %config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key %{_tmpfilesdir}/named.conf %{_sysconfdir}/rwtab.d/named %{_libexecdir}/generate-rndc-key.sh %{_unitdir}/named.service %{_unitdir}/named-setup-rndc.service %{_mandir}/man1/mdig.1* %{_mandir}/man1/named-rrchecker.1* %{_mandir}/man5/named.conf.5* %{_mandir}/man5/rndc.conf.5* %{_mandir}/man8/rndc.8* %{_mandir}/man8/named.8* %{_mandir}/man8/lwresd.8* %{_mandir}/man8/named-checkconf.8* %{_mandir}/man8/rndc-confgen.8* %{_mandir}/man8/named-journalprint.8* %defattr(0640,root,named,0750) %dir %{_sysconfdir}/named %config(noreplace) %verify(not link) %{_sysconfdir}/named.conf %config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones %defattr(0660,root,named,01770) %dir %{_localstatedir}/named %defattr(0660,named,named,0770) %dir %{_localstatedir}/named/slaves %dir %{_localstatedir}/named/data %dir %{_localstatedir}/named/dynamic %ghost %{_localstatedir}/log/named.log %defattr(0640,root,named,0750) %config %verify(not link) %{_localstatedir}/named/named.ca %config %verify(not link) %{_localstatedir}/named/named.localhost %config %verify(not link) %{_localstatedir}/named/named.loopback %config %verify(not link) %{_localstatedir}/named/named.empty %ghost %config(noreplace) %{_sysconfdir}/rndc.key %ghost %config(noreplace) %{_sysconfdir}/rndc.conf %config(noreplace) %{_sysconfdir}/logrotate.d/named %defattr(-,named,named,-) %dir /run/named %files libs %{_libdir}/libbind9.so.161* %{_libdir}/libisccc.so.161* %{_libdir}/liblwres.so.161* %files libs-lite %{_libdir}/libdns.so.1110* %{_libdir}/libirs.so.161* %{_libdir}/libisc.so.1105* %{_libdir}/libisccfg.so.163* %files utils %{_bindir}/dig %{_bindir}/delv %{_bindir}/host %{_bindir}/nslookup %{_bindir}/nsupdate %{_bindir}/arpaname %{_sbindir}/ddns-confgen %{_sbindir}/tsig-keygen %{_sbindir}/genrandom %{_sbindir}/nsec3hash %{_sbindir}/dnssec* %{_sbindir}/isc-hmac-fixup %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone %if %{with LMDB} %{_sbindir}/named-nzd2nzf %endif %if %{with PKCS11} %exclude %{_sbindir}/dnssec*pkcs11 %endif %{_mandir}/man1/host.1* %{_mandir}/man1/nsupdate.1* %{_mandir}/man1/dig.1* %{_mandir}/man1/delv.1* %{_mandir}/man1/nslookup.1* %{_mandir}/man1/arpaname.1* %{_mandir}/man8/ddns-confgen.8* %{_mandir}/man8/tsig-keygen.8* %{_mandir}/man8/genrandom.8* %{_mandir}/man8/nsec3hash.8* %{_mandir}/man8/dnssec*.8* %if %{with PKCS11} %exclude %{_mandir}/man8/dnssec*-pkcs11.8* %endif %{_mandir}/man8/isc-hmac-fixup.8* %{_mandir}/man8/named-checkzone.8* %{_mandir}/man8/named-compilezone.8* %if %{with LMDB} %{_mandir}/man8/named-nzd2nzf.8* %endif %if %{with DNSTAP} %{_bindir}/dnstap-read %{_mandir}/man1/dnstap-read.1* %endif %{_sysconfdir}/trusted-key.key %if %{with SDB} %files sdb %doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql %dir %{_sysconfdir}/openldap/schema %config(noreplace) %{_sysconfdir}/openldap/schema/dnszone.schema %{_sbindir}/named-sdb %{_sbindir}/zone2ldap %{_sbindir}/ldap2zone %{_sbindir}/zonetodb %{_sbindir}/zone2sqlite %{_unitdir}/named-sdb.service %{_mandir}/man1/zone2ldap.1* %{_mandir}/man1/ldap2zone.1* %{_mandir}/man1/zonetodb.1* %{_mandir}/man1/zone2sqlite.1* %{_mandir}/man8/named-sdb.8* %endif #end SDB %files devel %dir %{_includedir}/bind9 %dir %{_includedir}/bind9/pk11 %{_libdir}/libbind9.so %{_libdir}/libisccc.so %{_libdir}/liblwres.so %{_libdir}/libdns.so %{_libdir}/libirs.so %{_libdir}/libisc.so %{_libdir}/libisccfg.so %{_includedir}/bind9/config.h %{_includedir}/bind9/bind9 %{_includedir}/bind9/isccc %{_includedir}/bind9/lwres %{_includedir}/bind9/dns %{_includedir}/bind9/dst %{_includedir}/bind9/irs %{_includedir}/bind9/isc %{_includedir}/bind9/pk11/site.h %{_includedir}/bind9/isccfg %{_bindir}/isc-config.sh %{_bindir}/bind9-config %{_mandir}/man1/isc-config.sh.1* %{_mandir}/man1/bind9-config.1* %{_mandir}/man3/lwres* %files chroot %config(noreplace) %{_sysconfdir}/named-chroot.files %{_unitdir}/named-chroot.service %{_unitdir}/named-chroot-setup.service %{_libexecdir}/setup-named-chroot.sh %defattr(0664,root,named,-) %ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot/dev/null %ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot/dev/random %ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot/dev/urandom %ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot/dev/zero %defattr(0640,root,named,0750) %dir /var/named/chroot %dir /var/named/chroot/{dev,etc,var,run} %dir /var/named/chroot/etc/{named,pki} %dir /var/named/chroot/etc/pki/dnssec-keys %dir /var/named/chroot/etc/crypto-policies %dir /var/named/chroot/etc/crypto-policies/back-ends %ghost %config(noreplace) /var/named/chroot/etc/named.conf %defattr(-,root,root,-) %dir /var/named/chroot/{usr,%{_libdir}} %dir /var/named/chroot/%{_libdir}/bind %defattr(0660,root,named,01770) %dir /var/named/chroot/var/named %defattr(0660,named,named,0770) %dir /var/named/chroot/var/{tmp,log} %defattr(-,named,named,-) %dir /var/named/chroot/run/named /var/named/chroot/var/run %if %{with SDB} %files sdb-chroot %config(noreplace) %{_sysconfdir}/named-chroot.files %{_unitdir}/named-sdb-chroot.service %{_unitdir}/named-sdb-chroot-setup.service %{_libexecdir}/setup-named-chroot.sh %defattr(0664,root,named,-) %ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot_sdb/dev/null %ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot_sdb/dev/random %ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot_sdb/dev/urandom %ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot_sdb/dev/zero %defattr(0640,root,named,0750) %dir /var/named/chroot_sdb %dir /var/named/chroot_sdb/{dev,etc,var,run} %dir /var/named/chroot_sdb/etc/{named,pki} %dir /var/named/chroot_sdb/etc/pki/dnssec-keys %dir /var/named/chroot_sdb/etc/crypto-policies %dir /var/named/chroot_sdb/etc/crypto-policies/back-ends %ghost %config(noreplace) /var/named/chroot_sdb/etc/named.conf %defattr(0660,root,named,01770) %dir /var/named/chroot_sdb/var/named %defattr(-,root,root,-) %dir /var/named/chroot_sdb/{usr,%{_libdir}} %dir /var/named/chroot_sdb/%{_libdir}/bind %defattr(0660,named,named,0770) %dir /var/named/chroot_sdb/var/{tmp,log} %defattr(-,named,named,-) %dir /var/named/chroot_sdb/run/named /var/named/chroot_sdb/var/run %endif #end SDB %if %{with PKCS11} %files pkcs11 %{_sbindir}/named-pkcs11 %{_sbindir}/dnssec*pkcs11 %{_sbindir}/pkcs11-* %{_libdir}/libdns-pkcs11.so.1110* %{_libdir}/libisc-pkcs11.so.1105* %{_unitdir}/named-pkcs11.service %{_libexecdir}/setup-named-softhsm.sh %{_mandir}/man8/*pkcs11*.8* %files pkcs11-devel %{_libdir}/lib*-pkcs11.so %{_includedir}/bind9/pk11/*.h %{_includedir}/bind9/pkcs11 %exclude %{_includedir}/bind9/pk11/site.h %endif #end PKCS11 %if %{with EXPORT_LIBS} %files export-libs %dir %{_libdir}/%{_export_dir} %{_libdir}/%{_export_dir}/libdns-export.so.1110* %{_libdir}/%{_export_dir}/libirs-export.so.161* %{_libdir}/%{_export_dir}/libisc-export.so.1105* %{_libdir}/%{_export_dir}/libisccfg-export.so.163* %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf %files export-devel %{_libdir}/%{_export_dir}/lib*-export.so %{_includedir}/%{_export_dir}/{dns,dst,irs,isc,isccfg} %{_includedir}/%{_export_dir}/pk11/site.h %{_includedir}/%{_export_dir}/config.h %attr(0755,root,root) %{_bindir}/isc-export-config.sh %{_bindir}/bind9-export-config %{_mandir}/man1/*-export-config*.1* %endif #end EXPORT_LIBS %files -n python3-bind %{python3_sitelib}/*.egg-info %{python3_sitelib}/isc/ %changelog * Wed May 26 2021 jiangheng - 9.11.21-11 - Type:CVE - ID:NA - SUG:NA - DESC:fix CVE-2021-25214 CVE-2021-25215 * Thu May 22 2021 jiangheng - 9.11.21-10 - Type:bugfix - ID:NA - SUG:NA - DESC:remove unnecessary dependencies * Thu May 20 2021 jiangheng - 9.11.21-9 - Type:bugfix - ID:NA - SUG:NA - DESC:remove useless bind-sdb package * Thu Mar 25 2021 liulong - 9.11.21-8 - Type:bugfix - ID:NA - SUG:NA - DESC:remove sensitive words. * Thu Feb 18 2021 liulong - 9.11.21-7 - Type:CVE - ID:NA - SUG:NA - DESC:Fix CVE-2020-8625 * Thu Jan 7 2021 hanzhijun - 9.11.21-6 - Type:bugfix - ID:NA - SUG:NA - DESC:Fix the difference at the macro definition using clock gettime instead of gettimeofda * Tue Dec 15 2020 xihaochen - 9.11.21-5 - Type:requirement - ID:NA - SUG:NA - DESC: update url * Wed Dec 09 2020 gaihuiying - 9.11.21-4 - Type:requirement - ID:NA - SUG:NA - DESC:open UNITTEST * Wed Nov 18 2020 gaihuiying - 9.11.21-3 - Type:requirement - ID:NA - SUG:NA - DESC:remove geoip dependency from bind * Tue Sep 22 2020 lunankun - 9.11.21-2 - Type:CVE - ID:CVE-2020-8622CVE-2020-8623 CVE-2020-8624 - SUG:NA - DESC:fix CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 * Mon Jul 27 2020 gaihuiying - 9.11.21-1 - Type:requirement - ID:NA - SUG:NA - DESC:update c-ares version to 9.11.21 * Thu Mar 19 2020 songnannan - 9.11.4-13 - add gdb in buildrequires * Sat Dec 21 2019 openEuler Buildteam - 9.11.4-12 - Package init