!1 init package

Merge pull request !1 from daidai_is_here/dqw_test

0001-dnssec-trigger-script-port-to-libnm.patch

@@ -0,0 +1,108 @@
+From ef18b39abdb5e8bf870ada3c108ab7f083405d2c Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Thu, 15 Feb 2018 17:57:52 +0100
+Subject: [PATCH] dnssec-trigger-script: port to libnm
+
+The libnm-glib is depreacted for a long time already and is eventually
+going away.
+---
+ dnssec-trigger-script.in | 51 ++++++++++++++----------------------------------
+ 1 file changed, 15 insertions(+), 36 deletions(-)
+
+diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in
+index 5f70580..14d9278 100644
+--- a/dnssec-trigger-script.in
++++ b/dnssec-trigger-script.in
+@@ -13,14 +13,13 @@ import glob
+ import subprocess
+ import logging
+ import logging.handlers
+-import socket
+ import struct
+ import signal
+ 
+ import gi
+-gi.require_version('NMClient', '1.0')
++gi.require_version('NM', '1.0')
+ 
+-from gi.repository import NMClient
++from gi.repository import NM
+ 
+ # Python compatibility stuff
+ if not hasattr(os, "O_CLOEXEC"):
+@@ -132,7 +131,7 @@ class ConnectionList:
+ 
+     def __init__(self, client, only_default=False, only_vpn=False, skip_wifi=False):
+         # Cache the active connection list in the class
+-        if not client.get_manager_running():
++        if not client.get_nm_running():
+             raise UserError("NetworkManager is not running.")
+         if self.nm_connections is None:
+             self.__class__.nm_connections = client.get_active_connections()
+@@ -208,40 +207,20 @@ class Connection:
+         self.uuid = connection.get_uuid()
+ 
+         self.zones = []
+-        try:
+-            self.zones += connection.get_ip4_config().get_domains()
+-        except AttributeError:
+-            pass
+-        try:
+-            self.zones += connection.get_ip6_config().get_domains()
+-        except AttributeError:
+-            pass
+-
+         self.servers = []
+-        try:
+-            self.servers += [self.ip4_to_str(server) for server in connection.get_ip4_config().get_nameservers()]
+-        except AttributeError:
+-            pass
+-        try:
+-            self.servers += [self.ip6_to_str(connection.get_ip6_config().get_nameserver(i))
+-                for i in range(connection.get_ip6_config().get_num_nameservers())]
+-        except AttributeError:
+-            pass
+-
+-    def __repr__(self):
+-        return "<Connection(uuid={uuid}, type={type}, default={is_default}, zones={zones}, servers={servers})>".format(**vars(self))
+ 
+-    @staticmethod
+-    def ip4_to_str(ip4):
+-        """Converts IPv4 address from integer to string."""
+-
+-        return socket.inet_ntop(socket.AF_INET, struct.pack("=I", ip4))
++        ip4_config = connection.get_ip4_config()
++        if ip4_config is not None:
++            self.zones += ip4_config.get_domains()
++            self.servers += ip4_config.get_nameservers()
+ 
+-    @staticmethod
+-    def ip6_to_str(ip6):
+-        """Converts IPv6 address from integer to string."""
++        ip6_config = connection.get_ip6_config()
++        if ip6_config is not None:
++            self.zones += ip6_config.get_domains()
++            self.servers += ip6_config.get_nameservers()
+ 
+-        return socket.inet_ntop(socket.AF_INET6, ip6)
++    def __repr__(self):
++        return "<Connection(uuid={uuid}, type={type}, default={is_default}, zones={zones}, servers={servers})>".format(**vars(self))
+ 
+     @property
+     def ignore(self):
+@@ -466,10 +445,10 @@ class Application:
+         except AttributeError:
+             self.usage()
+ 
+-        self.client = NMClient.Client().new()
++        self.client = NM.Client().new()
+ 
+     def nm_handles_resolv_conf(self):
+-        if not self.client.get_manager_running():
++        if not self.client.get_nm_running():
+             log.debug("NetworkManager is not running")
+             return False
+         try:
+-- 
+2.13.6
+

0002-Fix-that-NXDOMAIN-for-_probe.uk.uk-is-deemed-allrigh.patch

@@ -0,0 +1,27 @@
+From 871f36410b93abc2a2e583043665337d25d66c1e Mon Sep 17 00:00:00 2001
+From: Wouter Wijngaards <wouter@nlnetlabs.nl>
+Date: Mon, 26 Feb 2018 13:48:26 +0000
+Subject: [PATCH] - Fix that NXDOMAIN for _probe.uk.uk is deemed allright.
+
+git-svn-id: file:///svn/dnssec-trigger/trunk@764 14dc9c71-5cc2-e011-b339-0019d10b89f4
+---
+ riggerd/probe.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/riggerd/probe.c b/riggerd/probe.c
+index 4781e01..0954766 100644
+--- a/riggerd/probe.c
++++ b/riggerd/probe.c
+@@ -490,7 +490,8 @@ outq_check_packet(struct outq* outq, uint8_t* wire, size_t len)
+ 	}
+ 
+ 	/* does DNS work? */
+-	if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
++	if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR &&
++		ldns_pkt_get_rcode(p) != LDNS_RCODE_NXDOMAIN) {
+ 		char* r = ldns_pkt_rcode2str(ldns_pkt_get_rcode(p));
+ 		snprintf(reason, sizeof(reason), "no answer, %s",
+ 			r?r:"(out of memory)");
+-- 
+2.14.3
+

dnssec-trigger-default.conf

@@ -0,0 +1,89 @@
+# config for dnssec-trigger 0.15.
+# this is a comment. there must be one statement per line.
+
+# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail.
+# verbosity: 1
+
+# pidfile location
+pidfile: "/var/run/dnssec-triggerd.pid"
+
+# log to a file instead of syslog, default is to syslog
+logfile: "/var/log/dnssec-trigger.log"
+
+# log to syslog, or (log to to stderr or a logfile if specified). yes or no.
+# use-syslog: yes
+
+# chroot to this directory
+# chroot: ""
+
+# the unbound-control binary if not found in PATH.
+# commandline options can be appended "unbound-control -c my.conf" if you wish.
+# unbound-control: "/usr/sbin/unbound-control"
+
+# where is resolv.conf to edit.
+# resolvconf: "/etc/resolv.conf"
+
+# the domain example.com line (if any) to add to resolv.conf(5). default none.
+# domain: ""
+
+# domain name search path to add to resolv.conf(5). default none.
+# the search path from DHCP is not picked up, it could be used to misdirect.
+# search: ""
+
+# the command to run to open login pages on hot spots, a web browser.
+# empty string runs no command.
+# login-command: "xdg-open"
+
+# the url to open to get hot spot login, it gets overridden by the hotspot.
+# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger"
+
+# do not perform actions (unbound-control or resolv.conf), for a dry-run.
+# noaction: no
+
+# port number to use for probe daemon.
+# port: 8955
+
+# these keys and certificates can be generated with the script
+# dnssec-trigger-control-setup
+server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key"
+server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem"
+control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key"
+control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem"
+
+# check for updates, download and ask to install them (for Windows, OSX).
+# check-updates: no
+
+# webservers that are probed to see if internet access is possible.
+# They serve a simple static page over HTTP port 80.  It probes a random url:
+# after a space is the content expected on the page, (the page can contain
+# whitespace before and after this code).  Without urls it skips http probes.
+
+# provided by NLnetLabs
+# It is provided on a best effort basis, with no service guarantee.
+url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
+
+# provided by FedoraProject
+# url: "http://fedoraproject.org/static/hotspot.txt OK"
+
+# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443.
+# These relay incoming DNS traffic on the other port numbers to the usual DNS
+# the ssl443 adds an ssl server IP, you may also specify one or more hashes
+# the following on one line: ssl443:<space><IP>{<space><HASHoutput>}
+# hash is output of openssl x509 -sha256 -fingerprint -in server.pem
+# You can add more with extra config lines.
+
+# provided by NLnetLabs
+# It is provided on a best effort basis, with no service guarantee.
+tcp80: 185.49.140.67
+tcp80: 2a04:b900::10:0:0:67
+ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
+ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
+
+# Use VPN servers for all traffic
+# use-vpn-forwarders: no
+
+# Forward RFC 1918 private addresses to global forwarders
+# use-private-addresses: yes
+
+# Add domains provided by VPN connections into Unbound forward zones
+# add-wifi-provided-zones: no

dnssec-trigger.spec

@@ -0,0 +1,124 @@
+Name:             dnssec-trigger
+Version:          0.15
+Release:          9
+Summary:          Dnssec-trigger reconfigures the local Unbound DNS server
+License:          BSD
+Url:              http://www.nlnetlabs.nl/downloads/dnssec-trigger/
+Source0:          http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
+Source1:          dnssec-trigger.tmpfiles.d
+Source2:          dnssec-trigger-default.conf
+
+Patch0001:        0001-dnssec-trigger-script-port-to-libnm.patch
+Patch0002:        0002-Fix-that-NXDOMAIN-for-_probe.uk.uk-is-deemed-allrigh.patch
+
+BuildRequires:    openssl-devel ldns-devel python3-devel gcc NetworkManager-libnm-devel systemd
+Requires:         ldns >= 1.6.10 NetworkManager-libnm unbound openssl e2fsprogs NetworkManager >= 0.9.9.1-13
+Requires(post):   systemd
+Requires(preun):  systemd
+Requires(postun): systemd
+
+Provides:         variant_config(Workstation)
+Obsoletes:        %{name} < 0.12-22
+Suggests:         %{name}-panel
+
+%description
+Dnessc-Trigger relies on the Unbound DNS resolver running locally on your system,
+which performs DNSSEC validation. It reconfigures Unbound in such a way that it
+will signal it to to use the DHCP obtained forwarders if possible, fallback to doing
+its own AUTH queries if that fails, and if that fails it will prompt the user with
+the option to go with insecure DNS only.
+
+%package panel
+Summary:       Program for user and dnssec-trigger interaction
+BuildRequires: gtk2-devel desktop-file-utils
+Requires:      %{name} = %{version}-%{release} xdg-utils
+Obsoletes:     %{name} < 0.12-22
+
+%description panel
+The project will provide a GTK panel for users to interact with the dnssec-trigger daemon.
+It can display the status and detection results of the dnssec-trigger daemon in real time.
+At thesame time, if the user needs some input, the panel will create a dialog window.
+
+%package help
+Summary: Help documents for dnssec-trigger
+
+%description help
+Man pages and other related help documents for dnssec-trigger.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
+
+
+%build
+%configure --with-keydir=%{_sysconfdir}/%{name} --with-hooks=networkmanager \
+           --with-python=%{__python3} --with-pidfile=%{_localstatedir}/run/%{name}d.pid
+
+%make_build
+
+%install
+make DESTDIR=%{buildroot} install
+
+install -d 755 %{buildroot}%{_unitdir}
+install -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/
+
+install -d %{buildroot}%{_libexecdir}
+
+desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
+
+install -d %{buildroot}%{_tmpfilesdir}
+install -m644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/dnssec-trigger.conf
+
+install -d %{buildroot}%{_localstatedir}/run
+install -d -m755 %{buildroot}%{_localstatedir}/run/dnssec-trigger
+
+ln -s %{name}-panel %{buildroot}%{_bindir}/%{name}
+
+for all in %{name}-control %{name}-control-setup dnssec-triggerd; do
+    ln -s %{_mandir}/man8/%{name}.8 %{buildroot}/%{_mandir}/man8/"$all".8
+done
+ln -s %{_mandir}/man8/%{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.conf.8
+
+%post
+%systemd_post dnssec-triggerd.service
+
+%preun
+%systemd_preun dnssec-triggerd.service
+
+%postun
+%systemd_postun_with_restart dnssec-triggerd.service
+
+%posttrans
+if [ ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
+     ln -sf %{name}-default.conf %{_sysconfdir}/%{name}/%{name}.conf || :
+fi
+
+%files
+%license LICENSE
+%doc README
+%{_bindir}/%{name}
+%{_sbindir}/%{name}*
+%{_libexecdir}/%{name}-script
+%{_unitdir}/{%{name}d,%{name}d-keygen}.service
+
+%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-%{name}
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf
+%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
+%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}-default.conf
+%dir %{_localstatedir}/run/%{name}
+%{_tmpfilesdir}/%{name}.conf
+
+%files panel
+%{_bindir}/%{name}-panel
+%attr(0755,root,root) %dir %{_datadir}/%{name}
+%attr(0644,root,root) %{_datadir}/{%{name}/*,applications/%{name}-panel.desktop}
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/%{name}-panel.desktop
+
+%files help
+%{_mandir}/man8/dnssec-trigger*
+
+%changelog
+* Wed Nov 20 2019 duyeyu <duyeyu@huawei.com> - 0.15-9
+- Package init

dnssec-trigger.tmpfiles.d

@@ -0,0 +1 @@
+d /var/run/dnssec-trigger 0755 root root -