Compare commits
No commits in common. "71c57b2ce1c8cd31957d10b3803e614defd055d8" and "fac6ec6e876070e59cea83e1555970ff9b80e52a" have entirely different histories.
71c57b2ce1
...
fac6ec6e87
Binary file not shown.
@ -1,89 +0,0 @@
|
||||
# config for dnssec-trigger 0.15.
|
||||
# this is a comment. there must be one statement per line.
|
||||
|
||||
# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail.
|
||||
# verbosity: 1
|
||||
|
||||
# pidfile location
|
||||
pidfile: "/var/run/dnssec-triggerd.pid"
|
||||
|
||||
# log to a file instead of syslog, default is to syslog
|
||||
# logfile: "/var/log/dnssec-trigger.log"
|
||||
|
||||
# log to syslog, or (log to to stderr or a logfile if specified). yes or no.
|
||||
# use-syslog: yes
|
||||
|
||||
# chroot to this directory
|
||||
# chroot: ""
|
||||
|
||||
# the unbound-control binary if not found in PATH.
|
||||
# commandline options can be appended "unbound-control -c my.conf" if you wish.
|
||||
# unbound-control: "/usr/sbin/unbound-control"
|
||||
|
||||
# where is resolv.conf to edit.
|
||||
# resolvconf: "/etc/resolv.conf"
|
||||
|
||||
# the domain example.com line (if any) to add to resolv.conf(5). default none.
|
||||
# domain: ""
|
||||
|
||||
# domain name search path to add to resolv.conf(5). default none.
|
||||
# the search path from DHCP is not picked up, it could be used to misdirect.
|
||||
# search: ""
|
||||
|
||||
# the command to run to open login pages on hot spots, a web browser.
|
||||
# empty string runs no command.
|
||||
# login-command: "xdg-open"
|
||||
|
||||
# the url to open to get hot spot login, it gets overridden by the hotspot.
|
||||
# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger"
|
||||
|
||||
# do not perform actions (unbound-control or resolv.conf), for a dry-run.
|
||||
# noaction: no
|
||||
|
||||
# port number to use for probe daemon.
|
||||
# port: 8955
|
||||
|
||||
# these keys and certificates can be generated with the script
|
||||
# dnssec-trigger-control-setup
|
||||
server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key"
|
||||
server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem"
|
||||
control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key"
|
||||
control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem"
|
||||
|
||||
# check for updates, download and ask to install them (for Windows, OSX).
|
||||
# check-updates: no
|
||||
|
||||
# webservers that are probed to see if internet access is possible.
|
||||
# They serve a simple static page over HTTP port 80. It probes a random url:
|
||||
# after a space is the content expected on the page, (the page can contain
|
||||
# whitespace before and after this code). Without urls it skips http probes.
|
||||
|
||||
# provided by NLnetLabs
|
||||
# It is provided on a best effort basis, with no service guarantee.
|
||||
url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
|
||||
|
||||
# provided by FedoraProject
|
||||
# url: "http://fedoraproject.org/static/hotspot.txt OK"
|
||||
|
||||
# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443.
|
||||
# These relay incoming DNS traffic on the other port numbers to the usual DNS
|
||||
# the ssl443 adds an ssl server IP, you may also specify one or more hashes
|
||||
# the following on one line: ssl443:<space><IP>{<space><HASHoutput>}
|
||||
# hash is output of openssl x509 -sha256 -fingerprint -in server.pem
|
||||
# You can add more with extra config lines.
|
||||
|
||||
# provided by NLnetLabs
|
||||
# It is provided on a best effort basis, with no service guarantee.
|
||||
tcp80: 185.49.140.67
|
||||
tcp80: 2a04:b900::10:0:0:67
|
||||
ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
|
||||
ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
|
||||
|
||||
# Use VPN servers for all traffic
|
||||
# use-vpn-forwarders: no
|
||||
|
||||
# Forward RFC 1918 private addresses to global forwarders
|
||||
# use-private-addresses: yes
|
||||
|
||||
# Add domains provided by VPN connections into Unbound forward zones
|
||||
# add-wifi-provided-zones: no
|
||||
@ -1,127 +0,0 @@
|
||||
Name: dnssec-trigger
|
||||
Version: 0.17
|
||||
Release: 3
|
||||
Summary: Dnssec-trigger reconfigures the local Unbound DNS server
|
||||
License: BSD
|
||||
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
|
||||
Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
|
||||
Source1: dnssec-trigger.tmpfiles.d
|
||||
Source2: dnssec-trigger-default.conf
|
||||
|
||||
|
||||
BuildRequires: openssl-devel ldns-devel python3-devel gcc NetworkManager-libnm-devel systemd
|
||||
Requires: ldns >= 1.6.10 NetworkManager-libnm unbound openssl e2fsprogs NetworkManager >= 0.9.9.1-13
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
||||
Provides: variant_config(Workstation)
|
||||
Obsoletes: %{name} < 0.12-22
|
||||
Suggests: %{name}-panel
|
||||
|
||||
%description
|
||||
Dnessc-Trigger relies on the Unbound DNS resolver running locally on your system,
|
||||
which performs DNSSEC validation. It reconfigures Unbound in such a way that it
|
||||
will signal it to to use the DHCP obtained forwarders if possible, fallback to doing
|
||||
its own AUTH queries if that fails, and if that fails it will prompt the user with
|
||||
the option to go with insecure DNS only.
|
||||
|
||||
%package panel
|
||||
Summary: Program for user and dnssec-trigger interaction
|
||||
BuildRequires: gtk2-devel desktop-file-utils
|
||||
Requires: %{name} = %{version}-%{release} xdg-utils
|
||||
Obsoletes: %{name} < 0.12-22
|
||||
|
||||
%description panel
|
||||
The project will provide a GTK panel for users to interact with the dnssec-trigger daemon.
|
||||
It can display the status and detection results of the dnssec-trigger daemon in real time.
|
||||
At thesame time, if the user needs some input, the panel will create a dialog window.
|
||||
|
||||
%package_help
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
|
||||
sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
|
||||
|
||||
|
||||
%build
|
||||
%configure --with-keydir=%{_sysconfdir}/%{name} --with-hooks=networkmanager \
|
||||
--with-python=%{__python3} --with-pidfile=%{_localstatedir}/run/%{name}d.pid
|
||||
|
||||
%make_build
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
|
||||
install -d 755 %{buildroot}%{_unitdir}
|
||||
install -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/
|
||||
|
||||
install -d %{buildroot}%{_libexecdir}
|
||||
|
||||
desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
|
||||
|
||||
install -d %{buildroot}%{_tmpfilesdir}
|
||||
install -m644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/dnssec-trigger.conf
|
||||
|
||||
install -d %{buildroot}%{_localstatedir}/run
|
||||
install -d -m755 %{buildroot}%{_localstatedir}/run/dnssec-trigger
|
||||
|
||||
ln -s %{name}-panel %{buildroot}%{_bindir}/%{name}
|
||||
|
||||
for all in %{name}-control %{name}-control-setup dnssec-triggerd; do
|
||||
ln -s %{_mandir}/man8/%{name}.8 %{buildroot}/%{_mandir}/man8/"$all".8
|
||||
done
|
||||
ln -s %{_mandir}/man8/%{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.conf.8
|
||||
|
||||
%post
|
||||
%systemd_post dnssec-triggerd.service
|
||||
|
||||
%preun
|
||||
%systemd_preun dnssec-triggerd.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart dnssec-triggerd.service
|
||||
|
||||
%posttrans
|
||||
if [ ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
|
||||
ln -sf %{name}-default.conf %{_sysconfdir}/%{name}/%{name}.conf || :
|
||||
fi
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README
|
||||
%{_bindir}/%{name}
|
||||
%{_sbindir}/%{name}*
|
||||
%{_libexecdir}/%{name}-script
|
||||
%{_unitdir}/{%{name}d,%{name}d-keygen}.service
|
||||
|
||||
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-%{name}
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf
|
||||
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
|
||||
%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}-default.conf
|
||||
%dir %{_localstatedir}/run/%{name}
|
||||
%{_tmpfilesdir}/%{name}.conf
|
||||
|
||||
%files panel
|
||||
%{_bindir}/%{name}-panel
|
||||
%attr(0755,root,root) %dir %{_datadir}/%{name}
|
||||
%attr(0644,root,root) %{_datadir}/{%{name}/*,applications/%{name}-panel.desktop}
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/%{name}-panel.desktop
|
||||
|
||||
%files help
|
||||
%{_mandir}/man8/dnssec-trigger*
|
||||
|
||||
%changelog
|
||||
* Mon Aug 19 2024 Chunchun Yang <yangchunchun@cqsoftware.com.cn> - 0.17-3
|
||||
- Replaced declaration of subpackage with the 'package_help' macro.
|
||||
|
||||
* Sat Sep 02 2023 wulei <wu_lei@hoperun.com> - 0.17-2
|
||||
- Comment out the logfile parameter in the configuration file
|
||||
|
||||
* Sat Feb 04 2023 wenchaofan <349464272@qq.com> - 0.17-1
|
||||
* Update to 0.17 version
|
||||
|
||||
* Wed Nov 20 2019 duyeyu <duyeyu@huawei.com> - 0.15-9
|
||||
- Package init
|
||||
@ -1 +0,0 @@
|
||||
d /var/run/dnssec-trigger 0755 root root -
|
||||
@ -1,4 +0,0 @@
|
||||
version_control: github
|
||||
src_repo: NLnetLabs/dnssec-trigger
|
||||
tag_prefix: ^dnssec-trigger-
|
||||
seperator: .
|
||||
Loading…
x
Reference in New Issue
Block a user