packages/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove buildin key

Browse Source 
add macros to contron if need key permissons to be 644
This commit is contained in:
eaglegai 2022-06-11 10:34:30 +08:00
parent 9283e04141
commit ed0bb600d5
2 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
unbound-remove-buildin-key.patch Normal file
View File

@ -0,0 +1,44 @@
From bd895d2d82990bfe059acfb0e078bb8d44207287 Mon Sep 17 00:00:00 2001
From: hanzhijun <hanzhijun1@huawei.com>
Date: Fri, 19 Feb 2021 16:20:53 +0800
Subject: [PATCH] remove buildin key
Conflict:NA
Reference:https://gitee.com/src-openeuler/unbound/blob/openEuler-20.03-LTS-SP1/unbound-remove-buildin-key.patch
---
unbound-1.7.3/smallapp/unbound-anchor.c | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/unbound-1.7.3/smallapp/unbound-anchor.c b/unbound-1.7.3/smallapp/unbound-anchor.c
index f398509..1ca062b 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -214,25 +214,6 @@ get_builtin_cert(void)
static const char ICANN_UPDATE_CA[] =
/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */
"-----BEGIN CERTIFICATE-----\n"
- "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
- "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
- "BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
- "DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
- "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
- "MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
- "cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
- "G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
- "ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
- "paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
- "MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
- "iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
- "Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
- "DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
- "6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
- "2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
- "15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
- "0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
- "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
"-----END CERTIFICATE-----\n";
static const char DS_TRUST_ANCHOR[] =
--
2.23.0

21
unbound.spec
View File

@ -2,7 +2,7 @@
Name: unbound Name: unbound
Version: 1.13.2 Version: 1.13.2
Release: 2 Release: 3
Summary: Unbound is a validating, recursive, caching DNS resolver Summary: Unbound is a validating, recursive, caching DNS resolver
License: BSD License: BSD
Url: https://nlnetlabs.nl/projects/unbound/about/ Url: https://nlnetlabs.nl/projects/unbound/about/
@ -22,6 +22,7 @@ Source12: unbound-anchor.timer
Source13: unbound-anchor.service Source13: unbound-anchor.service
Patch0: backport-fix-q-doesnt-work-when-use-with-unbound-control-stats_shm.patch Patch0: backport-fix-q-doesnt-work-when-use-with-unbound-control-stats_shm.patch
Patch1: unbound-remove-buildin-key.patch
BuildRequires: make flex swig pkgconfig systemd BuildRequires: make flex swig pkgconfig systemd
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@ -107,7 +108,11 @@ popd
install -d -m 0755 $RPM_BUILD_ROOT%{_tmpfilesdir} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound install -d -m 0755 $RPM_BUILD_ROOT%{_tmpfilesdir} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound
install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/ install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/
install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_tmpfilesdir}/unbound.conf install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_tmpfilesdir}/unbound.conf
%if %{?openEuler:1}0
install -m 0644 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key install -m 0644 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key
%else
install -m 0600 %{SOURCE10} $RPM_BUILD_ROOT%{_sharedstatedir}/unbound/root.key
%endif
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/unbound.service install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/unbound.service
install -p -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/unbound install -p -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/unbound
@ -201,10 +206,17 @@ popd
%files libs %files libs
%defattr(-,root,root) %defattr(-,root,root)
%dir %attr(0755,root,root) %{_sysconfdir}/%{name} %dir %attr(0755,root,root) %{_sysconfdir}/%{name}
%if %{?openEuler:1}0
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name} %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key %attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
%{_sysconfdir}/%{name}/icannbundle.pem %{_sysconfdir}/%{name}/icannbundle.pem
%else
%attr(0600,root,root) %config %{_sysconfdir}/%{name}/root.key
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0600,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
%attr(0600,root,root) %{_sysconfdir}/%{name}/icannbundle.pem
%endif
%{_sbindir}/unbound-anchor %{_sbindir}/unbound-anchor
%{_libdir}/libunbound.so.* %{_libdir}/libunbound.so.*
%{_unitdir}/unbound-anchor.timer %{_unitdir}/unbound-anchor.timer
@ -226,6 +238,13 @@ popd
%{_mandir}/man* %{_mandir}/man*
%changelog %changelog
* Sat Jun 11 2022 gaihuiying <eaglegai@163.com> - 1.13.2-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:remove buildin key
add macros to control if key files permissons is 600 or 644
* Mon Mar 21 2022 gaihuiying <eaglegai@163.com> - 1.13.2-2 * Mon Mar 21 2022 gaihuiying <eaglegai@163.com> - 1.13.2-2
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA