packages/dnssec-trigger
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:fac6ec6e876070e59cea83e1555970ff9b80e52a
Branches Tags
packages:main
...
compare: packages:71c57b2ce1c8cd31957d10b3803e614defd055d8
Branches Tags
packages:main

10 Commits
fac6ec6e87 ... 71c57b2ce1

Author SHA1 Message Date
openeuler-ci-bot
71c57b2ce1
!17 [sync] PR-15: 【轻量级PR】用“%package_help”宏替换help子包声明 
From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333
 2024-09-19 01:10:57 +00:00
yangchunc
bcef746a14 Add 'Buildarch: noarch' to the help subpackage 
(cherry picked from commit 64937e36a88850dd468ed15e235f68098d429419)
 2024-09-05 10:14:38 +08:00
openeuler-ci-bot
6235a6bcb2
!7 [sync] PR-6: 注释dnssec-trigger.conf文件中的logfile参数 
From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2023-09-02 09:39:27 +00:00
wu-leilei
4358f5e40c Comment out the logfile parameter in the configuration file 
(cherry picked from commit 3c745313bc2774465a83db5fdda86216afb345cd)
 2023-09-02 17:12:08 +08:00
openeuler-ci-bot
7eb3680275
!4 dnssec-trigger在master进行升级,到0.17-1 
From: @json-book 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2023-03-13 01:38:40 +00:00
json_book
6555efbfdf update version 0.17 2023-02-26 22:50:21 +08:00
openeuler-ci-bot
99808b1f4d !2 add yaml file 
Merge pull request !2 from Captain.Wei/master
 2020-05-11 20:32:11 +08:00
Captain Wei
16c332a44e add yaml file 2020-05-11 09:29:55 +08:00
openeuler-ci-bot
b3e039674f !1 init package 
Merge pull request !1 from daidai_is_here/dqw_test
 2020-02-14 11:12:21 +08:00
daidai_is_here
bd137c4421 init package 2020-02-14 10:53:59 +08:00
5 changed files with 221 additions and 0 deletions
Show Stats Expand all files Collapse all files

BIN
dnssec-trigger-0.17.tar.gz Normal file
View File

Binary file not shown.

89
dnssec-trigger-default.conf Normal file
View File

@ -0,0 +1,89 @@
# config for dnssec-trigger 0.15.
# this is a comment. there must be one statement per line.
# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail.
# verbosity: 1
# pidfile location
pidfile: "/var/run/dnssec-triggerd.pid"
# log to a file instead of syslog, default is to syslog
# logfile: "/var/log/dnssec-trigger.log"
# log to syslog, or (log to to stderr or a logfile if specified). yes or no.
# use-syslog: yes
# chroot to this directory
# chroot: ""
# the unbound-control binary if not found in PATH.
# commandline options can be appended "unbound-control -c my.conf" if you wish.
# unbound-control: "/usr/sbin/unbound-control"
# where is resolv.conf to edit.
# resolvconf: "/etc/resolv.conf"
# the domain example.com line (if any) to add to resolv.conf(5). default none.
# domain: ""
# domain name search path to add to resolv.conf(5). default none.
# the search path from DHCP is not picked up, it could be used to misdirect.
# search: ""
# the command to run to open login pages on hot spots, a web browser.
# empty string runs no command.
# login-command: "xdg-open"
# the url to open to get hot spot login, it gets overridden by the hotspot.
# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger"
# do not perform actions (unbound-control or resolv.conf), for a dry-run.
# noaction: no
# port number to use for probe daemon.
# port: 8955
# these keys and certificates can be generated with the script
# dnssec-trigger-control-setup
server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key"
server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem"
control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key"
control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem"
# check for updates, download and ask to install them (for Windows, OSX).
# check-updates: no
# webservers that are probed to see if internet access is possible.
# They serve a simple static page over HTTP port 80. It probes a random url:
# after a space is the content expected on the page, (the page can contain
# whitespace before and after this code). Without urls it skips http probes.
# provided by NLnetLabs
# It is provided on a best effort basis, with no service guarantee.
url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
# provided by FedoraProject
# url: "http://fedoraproject.org/static/hotspot.txt OK"
# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443.
# These relay incoming DNS traffic on the other port numbers to the usual DNS
# the ssl443 adds an ssl server IP, you may also specify one or more hashes
# the following on one line: ssl443:<space><IP>{<space><HASHoutput>}
# hash is output of openssl x509 -sha256 -fingerprint -in server.pem
# You can add more with extra config lines.
# provided by NLnetLabs
# It is provided on a best effort basis, with no service guarantee.
tcp80: 185.49.140.67
tcp80: 2a04:b900::10:0:0:67
ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
# Use VPN servers for all traffic
# use-vpn-forwarders: no
# Forward RFC 1918 private addresses to global forwarders
# use-private-addresses: yes
# Add domains provided by VPN connections into Unbound forward zones
# add-wifi-provided-zones: no

127
dnssec-trigger.spec Normal file
View File

@ -0,0 +1,127 @@
Name: dnssec-trigger
Version: 0.17
Release: 3
Summary: Dnssec-trigger reconfigures the local Unbound DNS server
License: BSD
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
Source1: dnssec-trigger.tmpfiles.d
Source2: dnssec-trigger-default.conf
BuildRequires: openssl-devel ldns-devel python3-devel gcc NetworkManager-libnm-devel systemd
Requires: ldns >= 1.6.10 NetworkManager-libnm unbound openssl e2fsprogs NetworkManager >= 0.9.9.1-13
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Provides: variant_config(Workstation)
Obsoletes: %{name} < 0.12-22
Suggests: %{name}-panel
%description
Dnessc-Trigger relies on the Unbound DNS resolver running locally on your system,
which performs DNSSEC validation. It reconfigures Unbound in such a way that it
will signal it to to use the DHCP obtained forwarders if possible, fallback to doing
its own AUTH queries if that fails, and if that fails it will prompt the user with
the option to go with insecure DNS only.
%package panel
Summary: Program for user and dnssec-trigger interaction
BuildRequires: gtk2-devel desktop-file-utils
Requires: %{name} = %{version}-%{release} xdg-utils
Obsoletes: %{name} < 0.12-22
%description panel
The project will provide a GTK panel for users to interact with the dnssec-trigger daemon.
It can display the status and detection results of the dnssec-trigger daemon in real time.
At thesame time, if the user needs some input, the panel will create a dialog window.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
%build
%configure --with-keydir=%{_sysconfdir}/%{name} --with-hooks=networkmanager \
--with-python=%{__python3} --with-pidfile=%{_localstatedir}/run/%{name}d.pid
%make_build
%install
make DESTDIR=%{buildroot} install
install -d 755 %{buildroot}%{_unitdir}
install -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/
install -d %{buildroot}%{_libexecdir}
desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
install -d %{buildroot}%{_tmpfilesdir}
install -m644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/dnssec-trigger.conf
install -d %{buildroot}%{_localstatedir}/run
install -d -m755 %{buildroot}%{_localstatedir}/run/dnssec-trigger
ln -s %{name}-panel %{buildroot}%{_bindir}/%{name}
for all in %{name}-control %{name}-control-setup dnssec-triggerd; do
ln -s %{_mandir}/man8/%{name}.8 %{buildroot}/%{_mandir}/man8/"$all".8
done
ln -s %{_mandir}/man8/%{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.conf.8
%post
%systemd_post dnssec-triggerd.service
%preun
%systemd_preun dnssec-triggerd.service
%postun
%systemd_postun_with_restart dnssec-triggerd.service
%posttrans
if [ ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
ln -sf %{name}-default.conf %{_sysconfdir}/%{name}/%{name}.conf || :
fi
%files
%license LICENSE
%doc README
%{_bindir}/%{name}
%{_sbindir}/%{name}*
%{_libexecdir}/%{name}-script
%{_unitdir}/{%{name}d,%{name}d-keygen}.service
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-%{name}
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}-default.conf
%dir %{_localstatedir}/run/%{name}
%{_tmpfilesdir}/%{name}.conf
%files panel
%{_bindir}/%{name}-panel
%attr(0755,root,root) %dir %{_datadir}/%{name}
%attr(0644,root,root) %{_datadir}/{%{name}/*,applications/%{name}-panel.desktop}
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/%{name}-panel.desktop
%files help
%{_mandir}/man8/dnssec-trigger*
%changelog
* Mon Aug 19 2024 Chunchun Yang <yangchunchun@cqsoftware.com.cn> - 0.17-3
- Replaced declaration of subpackage with the 'package_help' macro.
* Sat Sep 02 2023 wulei <wu_lei@hoperun.com> - 0.17-2
- Comment out the logfile parameter in the configuration file
* Sat Feb 04 2023 wenchaofan <349464272@qq.com> - 0.17-1
* Update to 0.17 version
* Wed Nov 20 2019 duyeyu <duyeyu@huawei.com> - 0.15-9
- Package init

1
dnssec-trigger.tmpfiles.d Normal file
View File

@ -0,0 +1 @@
d /var/run/dnssec-trigger 0755 root root -

4
dnssec-trigger.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: github
src_repo: NLnetLabs/dnssec-trigger
tag_prefix: ^dnssec-trigger-
seperator: .