remove buildin key
add macros to contron if need key permissons to be 644
This commit is contained in:
eaglegai
parent
9283e04141
commit
ed0bb600d5
44
unbound-remove-buildin-key.patch
Normal file
44
unbound-remove-buildin-key.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From bd895d2d82990bfe059acfb0e078bb8d44207287 Mon Sep 17 00:00:00 2001
|
||||
From: hanzhijun <hanzhijun1@huawei.com>
|
||||
Date: Fri, 19 Feb 2021 16:20:53 +0800
|
||||
Subject: [PATCH] remove buildin key
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://gitee.com/src-openeuler/unbound/blob/openEuler-20.03-LTS-SP1/unbound-remove-buildin-key.patch
|
||||
|
||||
---
|
||||
unbound-1.7.3/smallapp/unbound-anchor.c | 19 -------------------
|
||||
1 file changed, 19 deletions(-)
|
||||
|
||||
diff --git a/unbound-1.7.3/smallapp/unbound-anchor.c b/unbound-1.7.3/smallapp/unbound-anchor.c
|
||||
index f398509..1ca062b 100644
|
||||
--- a/smallapp/unbound-anchor.c
|
||||
+++ b/smallapp/unbound-anchor.c
|
||||
@@ -214,25 +214,6 @@ get_builtin_cert(void)
|
||||
static const char ICANN_UPDATE_CA[] =
|
||||
/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
- "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
|
||||
- "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
|
||||
- "BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
|
||||
- "DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
|
||||
- "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
|
||||
- "MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
|
||||
- "cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
|
||||
- "G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
|
||||
- "ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
|
||||
- "paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
|
||||
- "MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
|
||||
- "iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
|
||||
- "Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
|
||||
- "DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
|
||||
- "6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
|
||||
- "2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
|
||||
- "15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
|
||||
- "0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
|
||||
- "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
static const char DS_TRUST_ANCHOR[] =
|
||||
--
|
||||
2.23.0
|
||||
21
unbound.spec
21
unbound.spec
@ -2,7 +2,7 @@
|
||||
|
||||
Name: unbound
|
||||
Version: 1.13.2
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: Unbound is a validating, recursive, caching DNS resolver
|
||||
License: BSD
|
||||
Url: https://nlnetlabs.nl/projects/unbound/about/
|
||||
@ -22,6 +22,7 @@ Source12: unbound-anchor.timer
|
||||
Source13: unbound-anchor.service
|
||||
|
||||
Patch0: backport-fix-q-doesnt-work-when-use-with-unbound-control-stats_shm.patch
|
||||
Patch1: unbound-remove-buildin-key.patch
|
||||
|
||||
BuildRequires: make flex swig pkgconfig systemd
|
||||
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
|
||||
@ -107,7 +108,11 @@ popd
|
||||
install -d -m 0755 $RPM_BUILD_ROOT%{_tmpfilesdir} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound
|
||||
install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/
|
||||
install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_tmpfilesdir}/unbound.conf
|
||||
%if %{?openEuler:1}0
|
||||
install -m 0644 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key
|
||||
%else
|
||||
install -m 0600 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key
|
||||
%endif
|
||||
|
||||
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/unbound.service
|
||||
install -p -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/unbound
|
||||
@ -201,10 +206,17 @@ popd
|
||||
%files libs
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}
|
||||
%if %{?openEuler:1}0
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
|
||||
%{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%else
|
||||
%attr(0600,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||
%attr(0600,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
|
||||
%attr(0600,root,root) %{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%endif
|
||||
%{_sbindir}/unbound-anchor
|
||||
%{_libdir}/libunbound.so.*
|
||||
%{_unitdir}/unbound-anchor.timer
|
||||
@ -226,6 +238,13 @@ popd
|
||||
%{_mandir}/man*
|
||||
|
||||
%changelog
|
||||
* Sat Jun 11 2022 gaihuiying <eaglegai@163.com> - 1.13.2-3
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:remove buildin key
|
||||
add macros to control if key files permissons is 600 or 644
|
||||
|
||||
* Mon Mar 21 2022 gaihuiying <eaglegai@163.com> - 1.13.2-2
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user