pool/bind
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
709c0c9ee2
bind/bind.spec
Dirk Mueller 709c0c9ee2 Accepting request 577255 from home:bmwiedemann:branches:network 
Add /dev/urandom to chroot env 
note: it is not world writable to make our rpmlint security checker happy - and it is not required anyway

without this, named start shows warnings in journal:
Feb 16 13:28:35 testleap named[1514]: could not open entropy source /dev/urandom: file not found
Feb 16 13:28:35 testleap named[1514]: using pre-chroot entropy source /dev/urandom

OBS-URL: https://build.opensuse.org/request/show/577255
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=232
2018-02-16 14:01:14 +00:00

876 lines
31 KiB
RPMSpec
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#
# spec file for package bind
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# Don't forget to update the package names also in baselibs.conf
%define bind9_sonum 160
%define libbind9 libbind9-%{bind9_sonum}
%define dns_sonum 169
%define libdns libdns%{dns_sonum}
%define irs_sonum 160
%define libirs libirs%{irs_sonum}
%define isc_sonum 166
%define libisc libisc%{isc_sonum}
%define isccc_sonum 160
%define libisccc libisccc%{isccc_sonum}
%define isccfg_sonum 160
%define libisccfg libisccfg%{isccfg_sonum}
%define lwres_sonum 160
%define liblwres liblwres%{lwres_sonum}
%define VENDOR SUSE
# Defines for user and group add
%define NAMED_UID 44
%define NAMED_UID_NAME named
%define NAMED_GID 44
%define NAMED_GID_NAME named
%define NAMED_COMMENT Name server daemon
%define NAMED_HOMEDIR %{_localstatedir}/lib/named
%define NAMED_SHELL /bin/false
%define GROUPADD_NAMED getent group %{NAMED_GID_NAME} >/dev/null || %{_sbindir}/groupadd -g %{NAMED_GID} -o -r %{NAMED_GID_NAME}
%define USERADD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/useradd -r -o -g %{NAMED_GID_NAME} -u %{NAMED_UID} -s %{NAMED_SHELL} -c "%{NAMED_COMMENT}" -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME}
%define USERMOD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME}
%if 0%{?suse_version} >= 1500
%define with_systemd 1
%else
%define with_systemd 0
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
Version: 9.11.2
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
Group: Productivity/Networking/DNS/Servers
Url: http://isc.org/sw/bind/
Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz
Source1: vendor-files.tar.bz2
Source2: baselibs.conf
Source3: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz.asc
# from http://www.isc.org/about/openpgp/ ... changes yearly apparently.
Source4: %{name}.keyring
Source9: ftp://ftp.internic.net/domain/named.root
# url http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt no longer exists...
Source40: dnszone-schema.txt
Source60: dlz-schema.txt
Patch0: configure.in.diff
Patch1: Makefile.in.diff
Patch2: bind-99-libidn.patch
Patch4: perl-path.diff
Patch51: pie_compile.diff
Patch52: named-bootconf.diff
Patch53: bind-sdb-ldap.patch
Patch54: bind-CVE-2017-3145.patch
BuildRequires: libcap-devel
BuildRequires: libmysqlclient-devel
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: openldap2-devel
BuildRequires: openssl
BuildRequires: pkgconfig
BuildRequires: python3
BuildRequires: python3-ply
BuildRequires: update-desktop-files
BuildRequires: pkgconfig(geoip)
BuildRequires: pkgconfig(json)
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(libidn)
BuildRequires: pkgconfig(libxml-2.0)
Requires: %{name}-chrootenv
Requires: %{name}-utils
Requires(post): %fillup_prereq
Requires(post): bind-utils
Requires(post): coreutils
Requires(pre): shadow
Provides: bind8
Provides: bind9
Provides: dns_daemon
Obsoletes: bind8 < %{version}
Obsoletes: bind9 < %{version}
%if %{with_systemd}
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%else
Requires(post): %insserv_prereq
%endif
%description
Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols and provides an openly redistributable
reference implementation of the major components of the Domain Name
System. This package includes the components to operate a DNS server.
%package -n %{libbind9}
Summary: BIND9 shared library used by BIND
Group: System/Libraries
%description -n %{libbind9}
This library contains a few utility functions used by the BIND
server and utilities.
%package -n %{libdns}
Summary: DNS library used by BIND
Group: System/Libraries
%description -n %{libdns}
This subpackage contains the "DNS client" module. This is a higher
level API that provides an interface to name resolution, single DNS
transaction with a particular server, and dynamic update. Regarding
name resolution, it supports advanced features such as DNSSEC
validation and caching. This module supports both synchronous and
asynchronous mode.
It also contains the Advanced Database (ADB) and Simple Database
(SDB) APIs. ADB allows user-written routines to replace BINDs
internal database function for both nominated and all zones. SDB
allows a user-written driver to supply zone data either from
alternate data sources (for instance, a relational database) or using
specialized algorithms (for instance, for load-balancing).
[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress]
%package -n %{libirs}
Summary: The BIND Information Retrieval System library
Group: System/Libraries
%description -n %{libirs}
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file.
Specifically, it is intended to provide DNSSEC related configuration
parameters. By default, the path to this configuration file is %{_sysconfdir}/dns.conf.
%package -n libirs-devel
Summary: Development files for IRS
Group: Development/Libraries/C and C++
Requires: %{libirs} = %{version}
%description -n libirs-devel
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file. This
subpackage contains the header files needed for building programs with it.
%package -n %{libisc}
Summary: ISC shared library used by BIND
Group: System/Libraries
Provides: bind-libs = %{version}-%{release}
Obsoletes: bind-libs < %{version}-%{release}
%description -n %{libisc}
This library contains miscellaneous utility function used by the BIND
server and utilities. It includes functions for assertion handling,
balanced binary (AVL) trees, bit masks comparison, event based
programs, heap-based priority queues, memory handling, and program
logging.
%package -n %{libisccc}
Summary: Command Channel Library used by BIND
Group: System/Libraries
%description -n %{libisccc}
This library is used for communicating with BIND servers'
administrative command channel (port 953 by default).
%package -n %{libisccfg}
Summary: Exported ISC configuration shared library
Group: System/Libraries
%description -n %{libisccfg}
This BIND library contains the configuration file parser.
%package -n %{liblwres}
Summary: Lightweight Resolver API library
Group: System/Libraries
%description -n %{liblwres}
The BIND 9 lightweight resolver library is a name service independent
stub resolver library. It provides hostname-to-address and
address-to-hostname lookup services to applications by transmitting
lookup requests to a resolver daemon, lwresd, running on the local
host. The resover daemon performs the lookup using the DNS or
possibly other name service protocols, and returns the results to the
application through the library. The library and resolver daemon
communicate using a UDP-based protocol.
%package chrootenv
Summary: Chroot environment for BIND named and lwresd
Group: Productivity/Networking/DNS/Servers
Requires(pre): shadow
%description chrootenv
This package contains all directories and files which are common to the
chroot environment of BIND named and lwresd. Most is part of the
structure below %{_localstatedir}/lib/named.
%package devel
Summary: Development Libraries and Header Files of BIND
Group: Development/Libraries/C and C++
Requires: %{libbind9} = %{version}
Requires: %{libdns} = %{version}
Requires: %{libirs} = %{version}
Requires: %{libisccc} = %{version}
Requires: %{libisccfg} = %{version}
Requires: %{libisc} = %{version}
Requires: %{liblwres} = %{version}
Provides: bind8-devel
Provides: bind9-devel
Obsoletes: bind8-devel < %{version}
Obsoletes: bind9-devel < %{version}
%description devel
This package contains the header files, libraries, and documentation
for building programs using the libraries of the Berkeley Internet Name
Domain (BIND) Domain Name System implementation of the Domain Name
System (DNS) protocols.
%package doc
Summary: BIND documentation
Group: Documentation/Other
BuildArch: noarch
%description doc
Documentation of the Berkeley Internet Name Domain (BIND) Domain Name
System implementation of the Domain Name System (DNS) protocols. This
includes also the BIND Administrator Reference Manual (ARM).
%package lwresd
Summary: Lightweight Resolver Daemon
Group: Productivity/Networking/DNS/Utilities
Requires: %{name}-chrootenv
Requires(pre): shadow
Requires(pre): sysvinit(network)
Requires(pre): sysvinit(syslog)
Provides: dns_daemon
%if !%{with_systemd}
Requires(post): %insserv_prereq
%endif
%description lwresd
Bind-lwresd provides resolution services to local clients using a
combination of the lightweight resolver library liblwres and the
resolver daemon process lwresd running on the local host. These
communicate using a simple UDP-based protocol, the "lightweight
resolver protocol" that is distinct from and simpler than the full DNS
protocol.
%package utils
Summary: Utilities to query and test DNS
# Needed for dnssec parts
Group: Productivity/Networking/DNS/Utilities
Requires: python3-bind = %{version}
Provides: bind9-utils
Provides: bindutil
Provides: dns_utils
Obsoletes: bind9-utils < %{version}
Obsoletes: bindutil < %{version}
%description utils
This package includes the utilities "host", "dig", and "nslookup" used to
test and query the Domain Name System (DNS). The Berkeley Internet
Name Domain (BIND) DNS server is found in the package named bind.
%package -n python3-bind
Summary: A module allowing rndc commands to be sent from Python programs
Group: Development/Languages/Python
Requires: python3
Requires: python3-ply
BuildArch: noarch
%description -n python3-bind
This package provides a module which allows commands to be sent to rndc directly from Python programs.
%prep
%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch4
%patch51
%patch52
%patch53
%patch54 -p1
# use the year from source gzip header instead of current one to make reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" lib/dns/gen.c
# modify settings of some files regarding to OS version and vendor
function replaceStrings()
{
file="$1"
sed -e "s@__NSD__@/lib@g" \
-e "s@__BIND_PACKAGE_NAME__@%{name}@g" \
-e "s@__VENDOR__@%{VENDOR}@g" \
-e "s@__openssl__@$(pkg-config --variable=enginesdir libcrypto)@g" \
-i "${file}"
}
pushd vendor-files
for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} system/{named.init,lwresd.init} sysconfig/{named-common,named-named,syslog-named}; do
replaceStrings ${file}
done
popd
cp contrib/sdb/ldap/ldapdb.c bin/named/
cp contrib/sdb/ldap/ldapdb.h bin/named/include/
%build
autoreconf -fvi
export CFLAGS="%{optflags}"
%configure \
--with-python=%{_bindir}/python3 \
--includedir=%{_includedir}/bind \
--disable-static \
--with-openssl \
--enable-threads \
--with-libtool \
--with-libxml2 \
--with-libjson \
--with-dlz-mysql \
--with-dlz-ldap \
--with-randomdev=/dev/urandom \
--enable-ipv6 \
--with-pic \
--disable-openssl-version-check \
--with-tuning=large \
--with-geoip \
--with-dlopen \
--with-gssapi=yes \
--disable-isc-spnego \
--enable-fixed-rrset \
%if %{with_systemd}
--with-systemd \
%endif
--enable-full-report
# disable rpath
sed -i '
s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g
s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g
' libtool
make %{?_smp_mflags}
%install
mkdir -p \
%{buildroot}/%{_sysconfdir}/init.d \
%{buildroot}/%{_sysconfdir}/named.d \
%{buildroot}/%{_sysconfdir}/openldap/schema \
%{buildroot}/%{_sysconfdir}/slp.reg.d \
%{buildroot}%{_prefix}/{bin,%{_lib},sbin,include} \
%{buildroot}/%{_datadir}/bind \
%{buildroot}/%{_datadir}/susehelp/meta/Administration/System \
%{buildroot}/%{_defaultdocdir}/bind \
%{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \
%{buildroot}%{_mandir}/{man1,man3,man5,man8} \
%{buildroot}%{_fillupdir} \
%{buildroot}/%{_rundir} \
%{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services \
%{buildroot}%{_includedir}/bind/dns \
%{buildroot}%{_libexecdir}/bind
%make_install
# install errno2result.h, some dynamic DB plugins could use it.
install -m 0755 -d %{buildroot}%{_includedir}/isc/
install -m 0644 lib/isc/unix/errno2result.h %{buildroot}%{_includedir}/isc/
# remove useless .la files
rm -f %{buildroot}/%{_libdir}/lib*.{la,a}
mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir}
mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d
mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
for file in lwresd.conf named.conf.include rndc.key; do
touch %{buildroot}/%{_sysconfdir}/${file}
done
%if %{with_systemd}
for file in lwresd named; do
install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service
install -m 0755 vendor-files/system/${file}.init %{buildroot}/usr/sbin/${file}.init
ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file}
done
%else
for file in lwresd named; do
install -m 0754 vendor-files/init/${file} %{buildroot}%{_initddir}/${file}
ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file}
done
%endif
install -m 0644 ${RPM_SOURCE_DIR}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint
mv vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_localstatedir}/lib/named
install -m 0754 vendor-files/tools/createNamedConfInclude %{buildroot}/%{_datadir}/bind
install -m 0755 vendor-files/tools/bind.genDDNSkey %{buildroot}/%{_bindir}/genDDNSkey
cp -a vendor-files/docu/BIND.desktop %{buildroot}/%{_datadir}/susehelp/meta/Administration/System
cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema
cp -p "%{SOURCE60}" "%{buildroot}/%{_sysconfdir}/openldap/schema/dlz.schema"
install -m 0754 vendor-files/tools/ldapdump %{buildroot}/%{_datadir}/bind
find %{buildroot}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755
touch %{buildroot}%{_localstatedir}/lib/named%{_sysconfdir}/{localtime,named.conf.include,named.d/rndc.access.conf}
touch %{buildroot}%{_localstatedir}/lib/named/dev/log
ln -s ../.. %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}/lib/named
ln -s ../log %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}
ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/lwresd %{buildroot}/run
ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/named %{buildroot}/run
for file in named-common named-named syslog-named; do
install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file}
done
install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
# Cleanup doc
rm doc/misc/Makefile*
find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f
# Create doc as we want it in bind and not bind-doc
cp -a vendor-files/docu/README %{buildroot}/%{_defaultdocdir}/bind/README.%{VENDOR}
cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/
mkdir -p vendor-files/config/ISC-examples
cp -a bin/tests/*.conf* vendor-files/config/ISC-examples
for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do
basename=$( basename ${file})
cp -a ${file} %{buildroot}/%{_defaultdocdir}/bind/${basename}
echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc
done
# ---------------------------------------------------------------------------
install -m 0644 bind.keys %{buildroot}%{_localstatedir}/lib/named/named.root.key
%pre
# Are we updating from a package named bind9?
if test -d usr/share/doc/packages/bind9 && sbin/chkconfig -c named; then
NAMED_ACTIVE_FILE="var/adm/named.was.active"
test -f ${NAMED_ACTIVE_FILE} && old ${NAMED_ACTIVE_FILE}
ACTIVE_DIR=$( dirname ${NAMED_ACTIVE_FILE})
test -d ${ACTIVE_DIR} || mkdir -p ${ACTIVE_DIR}
touch ${NAMED_ACTIVE_FILE}
fi
%{GROUPADD_NAMED}
%{USERADD_NAMED}
# Might be an update.
%{USERMOD_NAMED}
# var/run/named is now a sym link pointing to the chroot jail
test -L var/run/named || rm -rf var/run/named
test -f etc/sysconfig/named && \
. etc/sysconfig/named
# Store NAMED_RUN_CHROOTED setting to a temp file.
TEMP_SYSCONFIG_FILE="var/adm/named-chroot"
TEMP_DIR=$( dirname ${TEMP_SYSCONFIG_FILE})
test -d ${TEMP_DIR} || \
mkdir -p ${TEMP_DIR}
test -e ${TEMP_SYSCONFIG_FILE} && \
old ${TEMP_SYSCONFIG_FILE}
echo "NAMED_RUN_CHROOTED=\"${NAMED_RUN_CHROOTED}\"" >${TEMP_SYSCONFIG_FILE}
%if %{with_systemd}
%service_add_pre named.service
%endif
%preun
%if %{with_systemd}
%service_del_preun named.service
%else
%stop_on_removal named
%endif
%post
%if !%{with_systemd}
%{fillup_and_insserv -nf named}
%endif
%{fillup_only -nsa named named}
if [ ! -f etc/rndc.key ]; then
usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
chmod 0640 etc/rndc.key
chown root:named etc/rndc.key
fi
TEMP_SYSCONFIG_FILE="var/adm/named-chroot"
# Are we in update mode?
if [ ${FIRST_ARG:-0} -gt 1 ]; then
# Is named.conf an old, /var/named configuration?
if [ -f etc/named.conf ] && grep -qi '^[[:space:]]*directory[[:space:]]*"%{_localstatedir}/named"[[:space:]]*;' etc/named.conf; then
test -d var/log || \
mkdir -p var/log
CONVLOG="%{_localstatedir}/log/named-move-to-var-lib"
# move zone files to new location
echo "Moving zone files to new location %{_localstatedir}/lib/named" | tee ${CONVLOG}
IFS="
"
for dir in var/named var/named/slave; do
for source in $( find ${dir} -maxdepth 1 ); do
case "${source#var/named/}" in
localhost.zone|127.0.0.zone|root.hint|slave|var/named) continue ;;
esac
sourcedir=$( echo "${source%/*}")
destdir=$( echo "${sourcedir#var/named}")
if [ -e "var/lib/named/${destdir}/${source##*/}" ]; then
echo "Warning: %{_localstatedir}/lib/named${destdir}/${source##*/} already exists; skipped." | tee -a ${CONVLOG}
else
echo "${source#var/named/}" | tee -a ${CONVLOG}
mv "${source}" "var/lib/named/${destdir}"
fi
done
done
# updating named.conf
echo -n "Backup old %{_sysconfdir}/named.conf to " | tee -a ${CONVLOG}
oldconfig=$( old etc/named.conf) 2>/dev/null
oldconfig=${oldconfig##*/}
echo -n "%{_sysconfdir}/${oldconfig}. Conversion " | tee -a ${CONVLOG}
sed -e "s@\"%{_localstatedir}/named\"@\"%{_localstatedir}/lib/named\"@" "etc/${oldconfig}" > etc/named.conf 2>/dev/null
conv_rc=$?
if [ ${conv_rc} -eq 0 ]; then
echo "succeded." | tee -a ${CONVLOG}
chmod --reference="etc/${oldconfig}" etc/named.conf
chown --reference="etc/${oldconfig}" etc/named.conf
else
echo "failed." | tee -a ${CONVLOG}
fi
if [ ${conv_rc} -eq 0 ]; then
cat << EOF >>${CONVLOG}
Result: named.conf conversion succeded. For details check the following
diff of the the old and new configuration.
EOF
diff -u etc/${oldconfig} etc/named.conf >>${CONVLOG}
else
cat << EOF >>${CONVLOG}
Result: Conversion failed. You must check your %{_sysconfdir}/named.conf
EOF
fi
else
rm -f var/lib/update-messages/bind.1
fi # End of 'Is named.conf an old, %{_localstatedir}/named configuration?'.
# Add include files to NAMED_CONF_INCLUDE_FILES if we have already a include
# file (SL Standard Server 8) and NAMED_RUN_CHROOTED from the
# TEMP_SYSCONFIG_FILE is empty.
if [ -f ${TEMP_SYSCONFIG_FILE} ]; then
. ${TEMP_SYSCONFIG_FILE}
fi
if [ -s etc/named.conf.include -a -z "${NAMED_RUN_CHROOTED}" ]; then
test -f etc/sysconfig/named && . etc/sysconfig/named
if [ "${NAMED_INITIALIZE_SCRIPTS}" = "createNamedConfInclude" -a \
-z "${NAMED_CONF_INCLUDE_FILES}" ]; then
# Get the included files from an existing meta include file.
INCLUDE_LINES=$( grep -e '^[[:space:]]*include' etc/named.conf.include | cut -f 2 -d '"')
if [ "${INCLUDE_LINES}" -a -z "${NAMED_CONF_INCLUDE_FILES}" ]; then
for file in ${INCLUDE_LINES}; do
# don't add a file a second time
echo "${INCLUDE_FILES}" | grep -qe "\<${file#%{_sysconfdir}/named.d/}\>" && continue
# don't add the meta include file as the init script copy it anyway
# to the chroot jail
test "${file}" = "%{_sysconfdir}/named.conf.include" && continue
test "${INCLUDE_FILES}" && INCLUDE_FILES="${INCLUDE_FILES} "
# strip off any leading %{_sysconfdir}/named.d/ as the init script takes care
# of relative file names
INCLUDE_FILES="${INCLUDE_FILES}${file#%{_sysconfdir}/named.d/}"
done
TMPFILE=$( mktemp %{_localstatedir}/tmp/named.sysconfig.XXXXXX)
if [ $? -ne 0 ]; then
echo "Can't create temp file. Please add your included files from %{_sysconfdir}/named.conf to"
echo "NAMED_CONF_INCLUDE_FILES of %{_sysconfdir}/sysconfig/named manually."
return
fi
chmod --reference=etc/sysconfig/named ${TMPFILE}
if sed "s+^NAMED_CONF_INCLUDE_FILES.*$+NAMED_CONF_INCLUDE_FILES=\"${INCLUDE_FILES}\"+" etc/sysconfig/named > "${TMPFILE}"; then
mv "${TMPFILE}" etc/sysconfig/named
else
echo "Can't set NAMED_CONF_INCLUDE_FILES of %{_sysconfdir}/sysconfig/named to \"${INCLUDE_FILES}\"."
fi
fi
fi
else
rm -f touch var/lib/update-messages/bind.3
fi # End of 'Add include files to NAMED_CONF_INCLUDE_FILES'
fi # End of 'Are we in update mode?'
# Remove TEMP_SYSCONFIG_FILE in any case.
rm -f ${TEMP_SYSCONFIG_FILE}
%if %{with_systemd}
%service_add_post named.service
%else
NAMED_ACTIVE_FILE="var/adm/named.was.active"
if [ -f ${NAMED_ACTIVE_FILE} ]; then
sbin/insserv named
test ! -s ${NAMED_ACTIVE_FILE} && rm -f ${NAMED_ACTIVE_FILE}
fi
if [ -x %{_bindir}/systemctl ]; then
# make sure systemctl knows about the service even though it's not a systemd service
# Without this, systemctl status named would return
# Unit named.service could not be found.
# until systemctl daemon-reload has been executed
%{_bindir}/systemctl daemon-reload || :
fi
%endif
%postun
%if %{with_systemd}
%service_del_postun named.service
%else
%restart_on_update named
%insserv_cleanup
%endif
%post -n %{libbind9} -p /sbin/ldconfig
%postun -n %{libbind9} -p /sbin/ldconfig
%post -n %{libdns} -p /sbin/ldconfig
%postun -n %{libdns} -p /sbin/ldconfig
%post -n %{libirs} -p /sbin/ldconfig
%postun -n %{libirs} -p /sbin/ldconfig
%post -n %{libisc} -p /sbin/ldconfig
%postun -n %{libisc} -p /sbin/ldconfig
%post -n %{libisccc} -p /sbin/ldconfig
%postun -n %{libisccc} -p /sbin/ldconfig
%post -n %{libisccfg} -p /sbin/ldconfig
%postun -n %{libisccfg} -p /sbin/ldconfig
%post -n %{liblwres} -p /sbin/ldconfig
%postun -n %{liblwres} -p /sbin/ldconfig
%pre chrootenv
%{GROUPADD_NAMED}
%{USERADD_NAMED}
%post chrootenv
%{fillup_only -nsa named common}
%{fillup_only -nsa syslog named}
%pre lwresd
%{GROUPADD_NAMED}
%{USERADD_NAMED}
%if %{with_systemd}
%service_add_pre lwresd.service
%endif
%post lwresd
# Create a key if usr/sbin/rndc-confgen is installed.
if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then
usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
chmod 0640 etc/rndc.key
chown root:named etc/rndc.key
fi
# delete an emtpy lwresd.conf file
if [ ! -s etc/lwresd.conf ]; then
rm -f etc/lwresd.conf
fi
%if %{with_systemd}
%service_add_post lwresd.service
%else
if [ $1 -le 1 ]; then
%{fillup_and_insserv -fy lwresd}
fi
%endif
%preun lwresd
%stop_on_removal lwresd
%if %{with_systemd}
%service_del_preun lwresd.service
%else
%stop_on_removal lwresd
%endif
%postun lwresd
%if %{with_systemd}
%service_del_postun lwresd.service
%else
%restart_on_update lwresd
%insserv_cleanup
%endif
%post utils
# Create a key if lwresd is installed.
if [ -x %{_sbindir}/lwresd -a ! -f %{_sysconfdir}/rndc.key ]; then
%{_sbindir}/rndc-confgen -a -b 512 -r dev/urandom
chmod 0640 %{_sysconfdir}/rndc.key
chown root:named %{_sysconfdir}/rndc.key
fi
%files
%attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf
%dir %{_sysconfdir}/slp.reg.d
%attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg
%attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include
%attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key
%if %{with_systemd}
%config %{_unitdir}/named.service
%{_sbindir}/named.init
%else
%config /%{_sysconfdir}/init.d/named
%endif
%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
%{_bindir}/bind9-config
%{_bindir}/named-rrchecker
%{_sbindir}/rcnamed
%{_sbindir}/named
%{_sbindir}/named-checkconf
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%{_mandir}/man1/bind9-config.1%{ext_man}
%{_mandir}/man1/named-rrchecker.1%{ext_man}
%{_mandir}/man5/named.conf.5%{ext_man}
%{_mandir}/man8/named-checkconf.8%{ext_man}
%{_mandir}/man8/named-checkzone.8%{ext_man}
%{_mandir}/man8/named.8%{ext_man}
%{_mandir}/man8/named-compilezone.8%{ext_man}
%dir %{_datadir}/bind
%{_datadir}/bind/createNamedConfInclude
%{_datadir}/bind/ldapdump
%ghost %{_rundir}/named
%{_fillupdir}/sysconfig.named-named
%dir %{_var}/lib/named/master
%attr(-,named,named) %dir %{_var}/lib/named/dyn
%attr(-,named,named) %dir %{_var}/lib/named/slave
%config %{_var}/lib/named/root.hint
%config %{_var}/lib/named/127.0.0.zone
%config %{_var}/lib/named/localhost.zone
%config %{_var}/lib/named/named.root.key
%ghost %{_var}/lib/named%{_sysconfdir}/localtime
%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include
%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named
%dir %{_libexecdir}/bind
%files -n %{libbind9}
%{_libdir}/libbind9.so.%{bind9_sonum}*
%files -n %{libdns}
%{_libdir}/libdns.so.%{dns_sonum}*
%files -n %{libirs}
%{_libdir}/libirs.so.%{irs_sonum}*
%files -n libirs-devel
%{_libdir}/libirs.so
%files -n %{libisc}
%{_libdir}/libisc.so.%{isc_sonum}*
%files -n %{libisccc}
%{_libdir}/libisccc.so.%{isccc_sonum}*
%files -n %{libisccfg}
%{_libdir}/libisccfg.so.%{isccfg_sonum}*
%files -n %{liblwres}
%{_libdir}/liblwres.so.%{lwres_sonum}*
%files chrootenv
%attr(-,named,named) %dir %{_var}/lib/named
%dir %{_var}/lib/named%{_sysconfdir}
%dir %{_var}/lib/named%{_sysconfdir}/named.d
%dir %{_var}/lib/named/dev
%dir %{_var}/lib/named%{_localstatedir}
%dir %{_var}/lib/named%{_localstatedir}/lib
%dir %{_var}/lib/named%{_localstatedir}/run
%attr(-,named,named) %dir %{_var}/lib/named/log
%ghost %{_var}/lib/named%{_sysconfdir}/named.d/rndc.access.conf
%ghost %{_var}/lib/named/dev/log
%attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null
%attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random
%attr(0664, root, root) %dev(c, 1, 9) %{_var}/lib/named/dev/urandom
%{_var}/lib/named%{_localstatedir}/lib/named
%{_var}/lib/named%{_localstatedir}/log
%{_fillupdir}/sysconfig.named-common
%{_fillupdir}/sysconfig.syslog-named
%files devel
%dir %{_includedir}/isc
%{_includedir}/isc/errno2result.h
%{_bindir}/isc-config.sh
%{_libdir}/libbind9.so
%{_libdir}/libdns.so
%{_libdir}/libisc*.so
%{_libdir}/liblwres.so
%{_includedir}/bind
%{_mandir}/man3/lwres*.3*
%files doc -f filelist-bind-doc
%dir %doc %{_defaultdocdir}/bind
%doc %{_datadir}/susehelp
%files lwresd
%ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf
%if %{with_systemd}
%config %{_unitdir}/lwresd.service
%{_sbindir}/lwresd.init
%else
%config %{_initddir}/lwresd
%endif
%{_sbindir}/rclwresd
%{_sbindir}/lwresd
%{_mandir}/man8/lwresd.8%{ext_man}
%ghost %{_rundir}/lwresd
%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/lwresd
%files utils
%dir %{_sysconfdir}/named.d
%config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf
%config(noreplace) %{_sysconfdir}/bind.keys
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dlz.schema
%{_bindir}/delv
%{_bindir}/dig
%{_bindir}/host
%{_bindir}/mdig
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_bindir}/genDDNSkey
%{_bindir}/arpaname
%{_sbindir}/ddns-confgen
%{_sbindir}/dnssec-dsfromkey
%{_sbindir}/dnssec-importkey
%{_sbindir}/dnssec-keyfromlabel
%{_sbindir}/dnssec-keygen
%{_sbindir}/dnssec-revoke
%{_sbindir}/dnssec-settime
%{_sbindir}/dnssec-signzone
%{_sbindir}/dnssec-verify
%{_sbindir}/dnssec-checkds
%{_sbindir}/dnssec-coverage
%{_sbindir}/dnssec-keymgr
%{_sbindir}/genrandom
%{_sbindir}/isc-hmac-fixup
%{_sbindir}/named-journalprint
%{_sbindir}/nsec3hash
%{_sbindir}/rndc
%{_sbindir}/rndc-confgen
%{_sbindir}/tsig-keygen
%dir %doc %{_defaultdocdir}/bind
%{_defaultdocdir}/bind/README.%{VENDOR}
%{_mandir}/man1/arpaname.1%{ext_man}
%{_mandir}/man1/delv.1%{ext_man}
%{_mandir}/man1/dig.1%{ext_man}
%{_mandir}/man1/host.1%{ext_man}
%{_mandir}/man1/isc-config.sh.1%{ext_man}
%{_mandir}/man1/mdig.1%{ext_man}
%{_mandir}/man1/nslookup.1%{ext_man}
%{_mandir}/man1/nsupdate.1%{ext_man}
%{_mandir}/man5/rndc.conf.5%{ext_man}
%{_mandir}/man8/ddns-confgen.8%{ext_man}
%{_mandir}/man8/dnssec-dsfromkey.8%{ext_man}
%{_mandir}/man8/dnssec-importkey.8%{ext_man}
%{_mandir}/man8/dnssec-keyfromlabel.8%{ext_man}
%{_mandir}/man8/dnssec-keygen.8%{ext_man}
%{_mandir}/man8/dnssec-revoke.8%{ext_man}
%{_mandir}/man8/dnssec-settime.8%{ext_man}
%{_mandir}/man8/dnssec-signzone.8%{ext_man}
%{_mandir}/man8/dnssec-verify.8%{ext_man}
%{_mandir}/man8/dnssec-checkds.8%{ext_man}
%{_mandir}/man8/dnssec-coverage.8%{ext_man}
%{_mandir}/man8/dnssec-keymgr.8%{ext_man}
%{_mandir}/man8/genrandom.8%{ext_man}
%{_mandir}/man8/isc-hmac-fixup.8%{ext_man}
%{_mandir}/man8/named-journalprint.8%{ext_man}
%{_mandir}/man8/nsec3hash.8%{ext_man}
%{_mandir}/man8/rndc.8%{ext_man}
%{_mandir}/man8/rndc-confgen.8%{ext_man}
%{_mandir}/man8/tsig-keygen.8%{ext_man}
%files -n python3-bind
%{python3_sitelib}/isc
%{python3_sitelib}/isc-*.egg-info
%changelog
Reference in New Issue View Git Blame Copy Permalink