%bcond_with LMDB %bcond_with DLZ %bcond_with KYUA %bcond_with SYSTEMTEST %bcond_without UNITTEST %bcond_without SDB %bcond_without GSSTSIG %bcond_without PKCS11 %bcond_without EXPORT_LIBS %{?!bind_uid: %global bind_uid 25} %{?!bind_gid: %global bind_gid 25} %{!?_export_dir:%global _export_dir /bind9-export/} %undefine _strict_symbol_defs_build Name: bind Summary: Domain Name System (DNS) Server (named) License: MPLv2.0 Version: 9.11.4 Release: 12 Epoch: 32 Url: http://www.isc.org/products/BIND/ Source0: https://ftp.isc.org/isc/bind9/9.11.4/bind-%{version}-P2.tar.gz Source1: named.sysconfig Source2: named.logrotate Source3: bind-9.3.1rc1-sdb_tools-Makefile.in Source4: dnszone.schema Source5: README.sdb_pgsql Source6: named.conf.sample Source7: named.conf Source8: config-18.tar.bz2 Source9: ldap2zone.c Source10: ldap2zone.1 Source11: named-sdb.8 Source12: zonetodb.1 Source13: zone2sqlite.1 Source14: bind.tmpfiles.d Source15: trusted-key.key Source16: named.service Source17: named-chroot.service Source18: named-sdb.service Source19: named-sdb-chroot.service Source20: setup-named-chroot.sh Source21: generate-rndc-key.sh Source22: named.rwtab Source23: named-chroot-setup.service Source24: named-sdb-chroot-setup.service Source25: named-setup-rndc.service Source26: named-pkcs11.service Source27: setup-named-softhsm.sh Source28: named-chroot.files Source29: random.data BuildRequires: openssl-devel libtool autoconf pkgconfig libcap-devel python3-devel python3-ply docbook-style-xsl BuildRequires: libidn2-devel libxml2-devel GeoIP-devel make systemd selinux-policy findutils sed libxslt %if %{with SDB} BuildRequires: openldap-devel libpq-devel sqlite-devel mariadb-connector-c-devel libdb-devel %endif %if %{with KYUA} #BuildRequires: libatf-c-devel kyua %else BuildRequires: gcc-c++ %endif %if %{with PKCS11} BuildRequires: softhsm %endif %if %{with SYSTEMTEST} BuildRequires: net-tools perl(Net::DNS) perl(Net::DNS::Nameserver) %endif %if %{with GSSTSIG} BuildRequires: krb5-devel %endif %if %{with LMDB} BuildRequires: lmdb-devel %endif Requires: systemd coreutils shadow-utils glibc-common grep policycoreutils-python-utils Requires: python3-bind = %{epoch}:%{version}-%{release} libselinux-utils selinux-policy bind-libs = %{epoch}:%{version}-%{release} Provides: bind-config = 30:9.3.2-34.fc6 caching-nameserver = 31:9.4.1-7.fc8 dnssec-conf = 1.27-2 Provides: bind-license Obsoletes: bind-config < 30:9.3.2-34.fc6 caching-nameserver < 31:9.4.1-7.fc8 dnssec-conf < 1.27-2 Obsoletes: bind-license Patch0001: bind-9.5-PIE.patch Patch0003: bind-9.5-dlz-64bit.patch Patch0004: bind-95-rh452060.patch Patch0005: bind93-rh490837.patch Patch0006: bind97-rh478718.patch Patch0007: bind97-rh645544.patch Patch0008: bind-9.9.1-P2-dlz-libdb.patch Patch0009: bind-9.9.1-P2-multlib-conflict.patch Patch0010: bind-9.11-rh1410433.patch Patch0011: bind-9.11-rh1205168.patch Patch0012: bind-9.11-export-suffix.patch Patch0013: bind-9.11-oot-manual.patch Patch0014: bind-9.11-pk11.patch Patch0015: bind-9.11-fips-code.patch Patch0016: bind-9.11-fips-tests.patch Patch0017: bind-9.11-rt31459.patch Patch0018: bind-9.11-rt46047.patch Patch0019: bind-9.11-rh1624100.patch Patch0020: bind-9.11-host-idn-disable.patch Patch0021: bind-9.10-dist-native-pkcs11.patch Patch0022: bind-9.11-kyua-pkcs11.patch Patch0023: bind-96-old-api.patch Patch0024: bind-9.3.2b2-sdbsrc.patch Patch0025: bind-9.10-sdb.patch Patch0026: bind-9.3.2b1-fix_sdb_ldap.patch Patch0027: bind-9.10-use-of-strlcat.patch Patch0028: bind99-rh640538.patch Patch0029: bind97-rh669163.patch Patch6001: 1314-master-dnssec-checkds-s.patch Patch6002: 2432-check-param_template-i-.pValue-is-non-NULL.patch Patch6003: 2497-refcount-errors-on-error-paths.patch Patch6004: 2559-Do-not-remove-errors-from-the-OpenSSL-error-queue-in.patch Patch6005: 2574-Do-not-treat-a-referral-with-a-non-empty-ANSWER-sect.patch Patch6006: 2711-Align-CMSG-buffers-to-a-void-boundary-fixes-crash-on.patch Patch6007: 2776-Fix-crash-caused-by-race-condition-in-timer-creation.patch Patch6008: 2865-free-key-on-error.patch Patch6009: 2879-expand-the-pool-then-copy-over-the-old-entries-so-we.patch Patch6010: 2985-Add-some-DBC-checks-in-dighost-fix-race-between-clea.patch Patch6011: 2998-Use-larger-buffers-on-snprintf-buffer-overflow-false.patch Patch6012: 3022-Fix-a-shutdown-race-in-bin-dig-dighost.c.patch Patch6013: 3046-uninitalize-memory-read-on-error-path.patch Patch6014: 3318-Allow-unsupported-alg-in-zone-w-dnssec-signzone.patch Patch6015: 3543-fix-memory-leak.patch Patch6016: Use-clock_gettime-instead-of-gettimeofday.patch Patch6017: CVE-2018-5743.patch Patch6018: CVE-2018-5743-atomic-fix.patch Patch6019: CVE-2018-5745.patch Patch6020: CVE-2019-6465.patch Patch9000: feature-bind99-euler-range-port.patch Patch9001: bugfix-nslookup-norec.patch Patch9002: bugfix-named-log-time.patch %description Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. %if %{with PKCS11} %package pkcs11 Summary: Bind with native PKCS#11 functionality for crypto Requires: systemd bind-libs-lite = %{epoch}:%{version}-%{release} Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release} Recommends: softhsm Provides: bind-pkcs11-libs = %{epoch}:%{version}-%{release} bind-pkcs11-utils = %{epoch}:%{version}-%{release} Obsoletes:bind-pkcs11-libs < %{epoch}:%{version}-%{release} bind-pkcs11-utils < %{epoch}:%{version}-%{release} %description pkcs11 This is a version of BIND server built with native PKCS#11 functionality. It is important to have SoftHSM v2+ installed and some token initialized. For other supported HSM modules please check the BIND documentation. %package pkcs11-devel Summary: Development files for Bind libraries compiled with native PKCS#11 Requires: bind-pkcs11 = %{epoch}:%{version}-%{release} Requires: bind-devel = %{epoch}:%{version}-%{release} %description pkcs11-devel This a set of development files for BIND libraries (dns, isc) compiled with native PKCS#11 functionality. %endif %if %{with SDB} %package sdb Summary: BIND server with database backends and DLZ support Requires: systemd bind-libs = %{epoch}:%{version}-%{release} Requires: bind = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release} %description sdb BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named-sdb) which has compiled-in SDB (Simplified Database Backend) which includes support for using alternative Zone Databases stored in an LDAP server (ldapdb), a postgreSQL database (pgsqldb), an sqlite database (sqlitedb), or in the filesystem (dirdb), in addition to the standard in-memory RBT (Red Black Tree) zone database. It also includes support for DLZ (Dynamic Loadable Zones) %endif %package libs-lite Summary: Libraries for working with the DNS protocol Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7 Provides: bind-libbind-devel = 31:9.3.3-4.fc7 Requires: bind-license = %{epoch}:%{version}-%{release} %description libs-lite Lite libs of BIND. %package libs Summary: Libraries for BIND Requires: bind-license = %{epoch}:%{version}-%{release} Requires: bind-libs-lite = %{epoch}:%{version}-%{release} %description libs BIND suite libraries. %package utils Summary: Utilities for bind Requires: bind-libs = %{epoch}:%{version}-%{release} Requires: bind-libs-lite = %{epoch}:%{version}-%{release} Requires: python3-bind = %{epoch}:%{version}-%{release} %description utils Bind-utils contains a collection of utilities for querying DNS (Domain Name System) name servers to find out information about Internet hosts. These tools will provide you with the IP addresses for given host names, as well as other information about registered domains and network addresses. You should install bind-utils if you need to get information from DNS name servers. %package devel Summary: Header files and libraries needed for BIND DNS development Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release} Provides: bind-libbind-devel = 31:9.3.3-4.fc7 bind-lite-devel Obsoletes: bind-libbind-devel < 31:9.3.3-4.fc7 bind-lite-devel %description devel The bind-devel package contains full version of the header files and libraries required for development with ISC BIND 9. %package chroot Summary: A chroot runtime environment for the ISC BIND DNS server, named(8) Prefix: /var/named/chroot Requires: bind = %{epoch}:%{version}-%{release} grep %description chroot This package contains a tree of files which can be used as a chroot(2) jail for the named(8) program from the BIND package. Based on the code from Jan "Yenya" Kasprzak %if %{with SDB} %package sdb-chroot Summary: A chroot runtime environment for the ISC BIND DNS server, named-sdb(8) Prefix: /var/named/chroot_sdb Requires: bind-sdb = %{epoch}:%{version}-%{release} grep %description sdb-chroot This package contains a tree of files which can be used as a chroot(2) jail for the named-sdb(8) program from the BIND package. Based on the code from Jan "Yenya" Kasprzak %endif %package -n python3-bind Summary: A module allowing rndc commands to be sent from Python programs Requires: bind = %{epoch}:%{version}-%{release} Requires: python3 python3-ply %{py3_dist ply} BuildArch: noarch %{?python_provide:%python_provide python3-bind} %{?python_provide:%python_provide python3-isc} %description -n python3-bind This package provides a module which allows commands to be sent to rndc directly from Python programs. %if %{with EXPORT_LIBS} %package export-libs Summary: ISC libs for DHCP application Provides: bind99-libs = 9.9.11-4 Obsoletes: bind99-libs < 9.9.11-4 %description export-libs BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP. %package export-devel Summary: Header files and libraries needed for BIND export libraries Requires: bind-export-libs = %{epoch}:%{version}-%{release} openssl-devel libcap-devel Obsoletes: bind99-devel < 9.9.11-4 Conflicts: bind99-devel %description export-devel This package contains export version of the header files and libraries required for development with ISC BIND. These headers and libraries are used for building ISC DHCP. %endif %prep %setup -q -n %{name}-%{version}-P2 %patch0001 -p1 %patch0003 -p1 %patch0004 -p1 %patch0005 -p0 %patch0006 -p1 %patch0007 -p1 %patch0008 -p1 %patch0009 -p1 %patch0010 -p1 %patch0011 -p1 %patch0012 -p1 %patch0013 -p1 %patch0014 -p1 %patch0015 -p1 %patch0016 -p1 %patch0017 -p1 %patch0018 -p1 %patch0019 -p1 %patch0020 -p1 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data %if %{with PKCS11} cp -r bin/named bin/named-pkcs11 cp -r bin/dnssec bin/dnssec-pkcs11 cp -r lib/isc lib/isc-pkcs11 cp -r lib/dns lib/dns-pkcs11 %patch0021 -p1 %patch0022 -p1 %endif %if %{with SDB} %patch0023 -p1 mkdir bin/named-sdb mkdir bin/sdb_tools cp -r bin/named/* bin/named-sdb %patch0024 -p1 cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named-sdb cp -fp contrib/sdb/pgsql/pgsqldb.[ch] bin/named-sdb cp -fp contrib/sdb/sqlite/sqlitedb.[ch] bin/named-sdb cp -fp contrib/sdb/dir/dirdb.[ch] bin/named-sdb cp -fp %{SOURCE9} bin/sdb_tools/ldap2zone.c cp -fp %{SOURCE3} bin/sdb_tools/Makefile.in cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/sdb_tools cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools %patch0025 -p1 %patch0026 -p1 %patch0027 -p1 %endif %patch0028 -p1 %patch0029 -p1 %patch9000 -p1 %patch9001 -p1 %patch6001 -p1 %patch6002 -p1 %patch6003 -p1 %patch6004 -p1 %patch6005 -p1 %patch6006 -p1 %patch6007 -p1 %patch6008 -p1 %patch6009 -p1 %patch6010 -p1 %patch6011 -p1 %patch6012 -p1 %patch6013 -p1 %patch6014 -p1 %patch6015 -p1 %patch6016 -p1 %patch6017 -p1 %patch6018 -p1 %patch6019 -p1 %patch6020 -p1 %patch9002 -p1 %build %define _configure "../configure" %define unit_prepare_build() \ cp -uv Kyuafile Atffile "%{1}/" \ find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'Atffile' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \ find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \ %define systemtest_prepare_build() \ cp -Tuav bin/tests "%{1}/bin/tests/" \ cp -uv version "%{1}" %if %{with KYUA} ATF_PATH=/usr %else ATF_PATH=yes %endif export CFLAGS="$CFLAGS $RPM_OPT_FLAGS" export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE" export STD_CDEFINES="$CPPFLAGS" sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{version}-%{release}/' version libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f mkdir build pushd build export LIBDIR_SUFFIXi= %configure \ --with-python=%{__python3} --with-libtool --localstatedir=/var \ --enable-threads --enable-ipv6 --enable-filter-aaaa --with-pic \ --disable-static --includedir=%{_includedir}/bind9 --with-geoip \ --with-tuning=large --with-libidn2 --enable-openssl-hash \ --enable-fixed-rrset --enable-full-report \ --with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \ %if %{with PKCS11} --enable-native-pkcs11 --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \ %endif %if %{with SDB} --with-dlopen=yes --with-dlz-ldap=yes --with-dlz-postgres=yes \ --with-dlz-mysql=yes --with-dlz-filesystem=yes --with-dlz-bdb=yes \ %endif %if %{with GSSTSIG} --with-gssapi=yes --disable-isc-spnego \ %endif %if %{with LMDB} --with-lmdb=yes \ %else --with-lmdb=no \ %endif %if %{with UNITTEST} --with-atf=${ATF_PATH} %endif make -j32 cp -rv doc/* ../doc/ pushd bin/dig make man popd pushd bin/python make man popd %if ! %{with KYUA} ATF_PATH="`pwd`/unit/atf" sed -i -e '/^SUBDIRS =/s/atf-src//i' unit/Makefile %endif popd # build %unit_prepare_build build %systemtest_prepare_build build %if %{with EXPORT_LIBS} cp isc-config.sh.1 isc-export-config.sh.1 mkdir export-libs pushd export-libs export LIBDIR_SUFFIX=%{_export_dir} %{configure} \ --with-libtool --disable-static --disable-epoll --disable-kqueue \ --libdir=%{_libdir}%{_export_dir} --enable-openssl-hash \ --includedir=%{_includedir}%{_export_dir}/ --disable-threads \ --enable-fixed-rrset --disable-rpz-nsip --disable-rpz-nsdname \ --without-lmdb --without-libxml2 --without-libjson \ --without-zlib --without-dlopen --enable-full-report \ %if %{with GSSTSIG} --with-gssapi=yes --disable-isc-spnego \ %endif %if %{with UNITTEST} --with-atf=${ATF_PATH} %endif mv isc-config.sh isc-export-config.sh sed -i \ -e '/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \ -e 's/isc-config.sh/isc-export-config.sh/g' \ -e 's/bind9-config/bind9-export-config/g' \ Makefile sed -i -e "/^SUBDIRS =/s/.*/SUBDIRS = isc dns isccfg irs/i" lib/Makefile sed -i -e '/^SUBDIRS =/s/atf-src//i' unit/Makefile for lib in isc dns isccfg irs; do find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \; sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \ -e "s/lib${lib}\./lib${lib}-export\./g" \ -i isc-export-config.sh done make -j32 popd %unit_prepare_build export-libs sed -e '/^\s*include(.*-pkcs11/ d' -e '/^\s*include(.*lwres/ d' -i export-libs/lib/Kyuafile %endif #end EXPORT_LIBS %check %if %{with SYSTEMTEST} if [ "`whoami`" = 'root' ]; then set -e chmod -R a+rwX . pushd bin/tests pushd system ./ifconfig.sh up popd make test e=$? pushd system ./ifconfig.sh down popd popd if [ "$e" -ne 0 ]; then echo "ERROR: 'make test' failed. Aborting." exit $e; fi fi %endif %install mkdir -p ${RPM_BUILD_ROOT}/var/log mkdir -p ${RPM_BUILD_ROOT}/run/named mkdir -p ${RPM_BUILD_ROOT}/etc/logrotate.d mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8} mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/{dev,etc,var,run/named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/var/{log,named,tmp} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/crypto-policies/back-ends mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/{pki/dnssec-keys,named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/%{_libdir}/bind pushd ${RPM_BUILD_ROOT}/var/named/chroot/var ln -s ../run run popd touch ${RPM_BUILD_ROOT}/var/named/chroot/etc/named.conf %if %{with SDB} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/{dev,etc,var,run/named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var/{log,named,tmp} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/crypto-policies/back-ends mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/{pki/dnssec-keys,named} mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/%{_libdir}/bind pushd ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var ln -s ../run run popd touch ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/named.conf %endif pushd build %make_install popd %if %{with EXPORT_LIBS} pushd export-libs %make_install mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d echo "%{_libdir}%{_export_dir}" > ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf cp -fp config.h ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir} rm -rf ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pkcs11/ rm -f ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pk11/{constants,internal,pk11,result}.h popd %endif rm -f ${RPM_BUILD_ROOT}/etc/bind.keys install -d ${RPM_BUILD_ROOT}%{_unitdir} install -d ${RPM_BUILD_ROOT}%{_libexecdir} install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE23} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE25} ${RPM_BUILD_ROOT}%{_unitdir} install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named install -m 644 %{SOURCE28} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}/etc/logrotate.d/named %if %{with SDB} install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE24} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_mandir}/man1/ldap2zone.1 install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_mandir}/man8/named-sdb.8 install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_mandir}/man1/zonetodb.1 install -m 644 %{SOURCE13} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1 %endif %if %{with PKCS11} install -m 644 %{SOURCE26} ${RPM_BUILD_ROOT}%{_unitdir} install -m 755 %{SOURCE27} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh pushd ${RPM_BUILD_ROOT}%{_mandir}/man8 ln -s named.8.gz named-pkcs11.8.gz ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz ln -s dnssec-coverage.8.gz dnssec-coverage-pkcs11.8.gz ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz popd %endif %if %{with SDB} install -d ${RPM_BUILD_ROOT}/etc/openldap/schema install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema install -m 644 %{SOURCE5} contrib/sdb/pgsql/ %endif install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc cp -fp build/config.h ${RPM_BUILD_ROOT}/%{_includedir}/bind9 find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';'; touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE8} touch ${RPM_BUILD_ROOT}/etc/rndc.key touch ${RPM_BUILD_ROOT}/etc/rndc.conf install -m 640 %{SOURCE7} ${RPM_BUILD_ROOT}/etc/named.conf mkdir -p sample/etc sample/var/named/{data,slaves} mkdir ${RPM_BUILD_ROOT}/etc/named install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/trusted-key.key install -m 644 %{SOURCE6} sample/etc/named.conf install -m 644 %{SOURCE7} named.conf.default install -m 644 ${RPM_BUILD_ROOT}/etc/named.rfc1912.zones sample/etc/named.rfc1912.zones install -m 644 ${RPM_BUILD_ROOT}/var/named/{named.ca,named.localhost,named.loopback,named.empty} sample/var/named mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf install -m 644 %{SOURCE22} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named %pre if [ "$1" -eq 1 ]; then /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :; /usr/sbin/useradd -u %{bind_uid} -r -N -M -g named -s /bin/false -d /var/named -c Named named >/dev/null 2>&1 || :; fi %post /sbin/ldconfig %selinux_set_booleans named_write_master_zones=1 if [ "$1" -eq 1 ]; then [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ; [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key else if getent passwd named | grep ':/sbin/nologin$' >/dev/null; then usermod -s /bin/false named fi fi %systemd_post named.service %preun %systemd_preun named.service %postun /sbin/ldconfig %selinux_unset_booleans named_write_master_zones=1 %systemd_postun_with_restart named.service %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %post libs-lite -p /sbin/ldconfig %postun libs-lite -p /sbin/ldconfig %if %{with SDB} %post sdb %systemd_post named-sdb.service %preun sdb %systemd_preun named-sdb.service %postun sdb %systemd_postun_with_restart named-sdb.service %endif #end SDB %if %{with PKCS11} %post pkcs11 /sbin/ldconfig %systemd_post named-pkcs11.service %preun pkcs11 %systemd_preun named-pkcs11.service %postun pkcs11 /sbin/ldconfig %systemd_postun_with_restart named-pkcs11.service %endif #end PKCS11 %triggerpostun -n bind -- bind <= 32:9.5.0-20.b1 if [ "$1" -gt 0 ]; then [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key fi %triggerun -- bind < 32:9.9.0-0.6.rc1 /sbin/chkconfig --del named >/dev/null 2>&1 || : /bin/systemctl try-restart named.service >/dev/null 2>&1 || : %if %{with EXPORT_LIBS} %post export-libs /sbin/ldconfig %postun export-libs /sbin/ldconfig %endif %define chroot_fix_devices() \ if [ $1 -gt 1 ]; then \ for DEV in "%{1}/dev"/{null,random,zero}; do \ if [ -e "$DEV" -a "$(/bin/stat --printf="%G %a" "$DEV")" = "root 644" ]; then \ /bin/chmod 0664 "$DEV" \ /bin/chgrp named "$DEV" \ fi \ done \ fi %post chroot %systemd_post named-chroot.service %chroot_fix_devices /var/named/chroot %posttrans chroot if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then [ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot/dev/* > /dev/null 2>&1; fi %preun chroot %systemd_preun named-chroot.service named-chroot-setup.service %postun chroot %systemd_postun_with_restart named-chroot.service %if %{with SDB} %post sdb-chroot %systemd_post named-sdb-chroot.service %chroot_fix_devices /var/named/chroot_sdb %posttrans sdb-chroot if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then [ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot_sdb/dev/* > /dev/null 2>&1; fi %preun sdb-chroot %systemd_preun named-sdb-chroot.service %postun sdb-chroot %systemd_postun_with_restart named-sdb-chroot.service %endif #end SDB %clean rm -rf ${RPM_BUILD_ROOT} %files %license COPYRIGHT %doc CHANGES README named.conf.default doc/arm/*html doc/arm/*pdf sample/ %{_libdir}/bind %{_bindir}/named-rrchecker %{_bindir}/mdig %{_sbindir}/named-journalprint %{_sbindir}/named-checkconf %{_sbindir}/lwresd %{_sbindir}/named %{_sbindir}/rndc* %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named %config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key %{_tmpfilesdir}/named.conf %{_sysconfdir}/rwtab.d/named %{_libexecdir}/generate-rndc-key.sh %{_unitdir}/named.service %{_unitdir}/named-setup-rndc.service %{_mandir}/man1/mdig.1* %{_mandir}/man1/named-rrchecker.1* %{_mandir}/man5/named.conf.5* %{_mandir}/man5/rndc.conf.5* %{_mandir}/man8/rndc.8* %{_mandir}/man8/named.8* %{_mandir}/man8/lwresd.8* %{_mandir}/man8/named-checkconf.8* %{_mandir}/man8/rndc-confgen.8* %{_mandir}/man8/named-journalprint.8* %defattr(0640,root,named,0750) %dir %{_sysconfdir}/named %config(noreplace) %verify(not link) %{_sysconfdir}/named.conf %config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones %defattr(0660,root,named,01770) %dir %{_localstatedir}/named %defattr(0660,named,named,0770) %dir %{_localstatedir}/named/slaves %dir %{_localstatedir}/named/data %dir %{_localstatedir}/named/dynamic %ghost %{_localstatedir}/log/named.log %defattr(0640,root,named,0750) %config %verify(not link) %{_localstatedir}/named/named.ca %config %verify(not link) %{_localstatedir}/named/named.localhost %config %verify(not link) %{_localstatedir}/named/named.loopback %config %verify(not link) %{_localstatedir}/named/named.empty %ghost %config(noreplace) %{_sysconfdir}/rndc.key %ghost %config(noreplace) %{_sysconfdir}/rndc.conf %config(noreplace) %{_sysconfdir}/logrotate.d/named %defattr(-,named,named,-) %dir /run/named %files libs %{_libdir}/libbind9.so.160* %{_libdir}/libisccc.so.160* %{_libdir}/liblwres.so.160* %files libs-lite %{_libdir}/libdns.so.1102* %{_libdir}/libirs.so.160* %{_libdir}/libisc.so.169* %{_libdir}/libisccfg.so.160* %files utils %{_bindir}/dig %{_bindir}/delv %{_bindir}/host %{_bindir}/nslookup %{_bindir}/nsupdate %{_bindir}/arpaname %{_sbindir}/ddns-confgen %{_sbindir}/tsig-keygen %{_sbindir}/genrandom %{_sbindir}/nsec3hash %{_sbindir}/dnssec* %{_sbindir}/isc-hmac-fixup %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone %if %{with LMDB} %{_sbindir}/named-nzd2nzf %endif %if %{with PKCS11} %exclude %{_sbindir}/dnssec*pkcs11 %endif %{_mandir}/man1/host.1* %{_mandir}/man1/nsupdate.1* %{_mandir}/man1/dig.1* %{_mandir}/man1/delv.1* %{_mandir}/man1/nslookup.1* %{_mandir}/man1/arpaname.1* %{_mandir}/man8/ddns-confgen.8* %{_mandir}/man8/tsig-keygen.8* %{_mandir}/man8/genrandom.8* %{_mandir}/man8/nsec3hash.8* %{_mandir}/man8/dnssec*.8* %if %{with PKCS11} %exclude %{_mandir}/man8/dnssec*-pkcs11.8* %endif %{_mandir}/man8/isc-hmac-fixup.8* %{_mandir}/man8/named-checkzone.8* %{_mandir}/man8/named-compilezone.8* %if %{with LMDB} %{_mandir}/man8/named-nzd2nzf.8* %endif %{_sysconfdir}/trusted-key.key %if %{with SDB} %files sdb %doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql %dir %{_sysconfdir}/openldap/schema %config(noreplace) %{_sysconfdir}/openldap/schema/dnszone.schema %{_sbindir}/named-sdb %{_sbindir}/zone2ldap %{_sbindir}/ldap2zone %{_sbindir}/zonetodb %{_sbindir}/zone2sqlite %{_unitdir}/named-sdb.service %{_mandir}/man1/zone2ldap.1* %{_mandir}/man1/ldap2zone.1* %{_mandir}/man1/zonetodb.1* %{_mandir}/man1/zone2sqlite.1* %{_mandir}/man1/isc-config.sh.1* %{_mandir}/man1/bind9-config.1* %{_mandir}/man3/lwres* %{_mandir}/man8/named-sdb.8* %endif #end SDB %files devel %dir %{_includedir}/bind9 %dir %{_includedir}/bind9/pk11 %{_libdir}/libbind9.so %{_libdir}/libisccc.so %{_libdir}/liblwres.so %{_libdir}/libdns.so %{_libdir}/libirs.so %{_libdir}/libisc.so %{_libdir}/libisccfg.so %{_includedir}/bind9/config.h %{_includedir}/bind9/bind9 %{_includedir}/bind9/isccc %{_includedir}/bind9/lwres %{_includedir}/bind9/dns %{_includedir}/bind9/dst %{_includedir}/bind9/irs %{_includedir}/bind9/isc %{_includedir}/bind9/pk11/site.h %{_includedir}/bind9/isccfg %{_bindir}/isc-config.sh %{_bindir}/bind9-config %files chroot %config(noreplace) %{_sysconfdir}/named-chroot.files %{_unitdir}/named-chroot.service %{_unitdir}/named-chroot-setup.service %{_libexecdir}/setup-named-chroot.sh %defattr(0664,root,named,-) %ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot/dev/null %ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot/dev/random %ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot/dev/urandom %ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot/dev/zero %defattr(0640,root,named,0750) %dir /var/named/chroot %dir /var/named/chroot/{dev,etc,var,run} %dir /var/named/chroot/etc/{named,pki} %dir /var/named/chroot/etc/pki/dnssec-keys %dir /var/named/chroot/etc/crypto-policies %dir /var/named/chroot/etc/crypto-policies/back-ends %ghost %config(noreplace) /var/named/chroot/etc/named.conf %defattr(-,root,root,-) %dir /var/named/chroot/{usr,%{_libdir}} %dir /var/named/chroot/%{_libdir}/bind %defattr(0660,root,named,01770) %dir /var/named/chroot/var/named %defattr(0660,named,named,0770) %dir /var/named/chroot/var/{tmp,log} %defattr(-,named,named,-) %dir /var/named/chroot/run/named /var/named/chroot/var/run %if %{with SDB} %files sdb-chroot %config(noreplace) %{_sysconfdir}/named-chroot.files %{_unitdir}/named-sdb-chroot.service %{_unitdir}/named-sdb-chroot-setup.service %{_libexecdir}/setup-named-chroot.sh %defattr(0664,root,named,-) %ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot_sdb/dev/null %ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot_sdb/dev/random %ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot_sdb/dev/urandom %ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot_sdb/dev/zero %defattr(0640,root,named,0750) %dir /var/named/chroot_sdb %dir /var/named/chroot_sdb/{dev,etc,var,run} %dir /var/named/chroot_sdb/etc/{named,pki} %dir /var/named/chroot_sdb/etc/pki/dnssec-keys %dir /var/named/chroot_sdb/etc/crypto-policies %dir /var/named/chroot_sdb/etc/crypto-policies/back-ends %ghost %config(noreplace) /var/named/chroot_sdb/etc/named.conf %defattr(0660,root,named,01770) %dir /var/named/chroot_sdb/var/named %defattr(-,root,root,-) %dir /var/named/chroot_sdb/{usr,%{_libdir}} %dir /var/named/chroot_sdb/%{_libdir}/bind %defattr(0660,named,named,0770) %dir /var/named/chroot_sdb/var/{tmp,log} %defattr(-,named,named,-) %dir /var/named/chroot_sdb/run/named /var/named/chroot_sdb/var/run %endif #end SDB %if %{with PKCS11} %files pkcs11 %{_sbindir}/named-pkcs11 %{_sbindir}/dnssec*pkcs11 %{_sbindir}/pkcs11-* %{_libdir}/libdns-pkcs11.so.1102* %{_libdir}/libisc-pkcs11.so.169* %{_unitdir}/named-pkcs11.service %{_libexecdir}/setup-named-softhsm.sh %{_mandir}/man8/*pkcs11*.8* %files pkcs11-devel %{_libdir}/lib*-pkcs11.so %{_includedir}/bind9/pk11/*.h %{_includedir}/bind9/pkcs11 %exclude %{_includedir}/bind9/pk11/site.h %endif #end PKCS11 %if %{with EXPORT_LIBS} %files export-libs %dir %{_libdir}/%{_export_dir} %{_libdir}/%{_export_dir}/libdns-export.so.1102* %{_libdir}/%{_export_dir}/libirs-export.so.160* %{_libdir}/%{_export_dir}/libisc-export.so.169* %{_libdir}/%{_export_dir}/libisccfg-export.so.160* %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf %files export-devel %{_libdir}/%{_export_dir}/lib*-export.so %{_includedir}/%{_export_dir}/{dns,dst,irs,isc,isccfg} %{_includedir}/%{_export_dir}/pk11/site.h %{_includedir}/%{_export_dir}/config.h %attr(0755,root,root) %{_bindir}/isc-export-config.sh %{_bindir}/bind9-export-config %{_mandir}/man1/*-export-config*.1* %endif #end EXPORT_LIBS %files -n python3-bind %{python3_sitelib}/*.egg-info %{python3_sitelib}/isc/ %changelog * Sat Dec 21 2019 openEuler Buildteam - 9.11.4-12 - Package init