bind/bind.spec
Reinhard Max abbe73be65 - Security update 9.10.3-P3 fixes two assertion failures that can
lead to remote DoS:
  * CVE-2016-1285, bsc#970072
  * CVE-2016-1286, bsc#970073

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=189
2016-03-11 13:55:29 +00:00

1027 lines
35 KiB
RPMSpec
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#
# spec file for package bind
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: bind
%define pkg_name bind
%define pkg_vers 9.10.3-P4
%define rpm_vers 9.10.3P4
%define idn_vers 1.0
Summary: Domain Name System (DNS) Server (named)
License: ISC
Group: Productivity/Networking/DNS/Servers
Version: %rpm_vers
Release: 0
Source: ftp://ftp.isc.org/isc/bind9/%{pkg_vers}/bind-%{pkg_vers}.tar.gz
Source3: ftp://ftp.isc.org/isc/bind9/%{pkg_vers}/bind-%{pkg_vers}.tar.gz.asc
# from http://www.isc.org/about/openpgp/ ... changes yearly apparently.
Source4: %name.keyring
Source1: vendor-files.tar.bz2
Source2: baselibs.conf
Source9: ftp://ftp.internic.net/domain/named.root
# url http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt no longer exists...
Source40: dnszone-schema.txt
Patch: configure.in.diff
Patch1: Makefile.in.diff
Patch4: perl-path.diff
Patch5: dns_dynamic_db.patch
Patch51: pie_compile.diff
Patch52: named-bootconf.diff
Patch53: bind-sdb-ldap.patch
Patch101: runidn.diff
Patch102: idnkit-powerpc-ltconfig.patch
BuildRequires: krb5-devel
BuildRequires: libcap
BuildRequires: libcap-devel
BuildRequires: libmysqlclient-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
BuildRequires: openldap2-devel
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: python-base
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
BuildRequires: systemd-rpm-macros
%endif
BuildRequires: update-desktop-files
Provides: bind8
Provides: bind9
Provides: dns_daemon
Obsoletes: bind8 < %version
Obsoletes: bind9 < %version
Requires: %{name}-chrootenv
Requires: %{name}-utils
PreReq: %fillup_prereq %insserv_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old
Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod
Url: http://isc.org/sw/bind/
Source60: dlz-schema.txt
%if "%{_vendor}" == "suse"
%define VENDOR SUSE
%else
%define VENDOR %_vendor
%endif
# Defines for user and group add
%define NAMED_UID 44
%define NAMED_UID_NAME named
%define NAMED_GID 44
%define NAMED_GID_NAME named
%define NAMED_COMMENT Name server daemon
%define NAMED_HOMEDIR /var/lib/named
%define NAMED_SHELL /bin/false
%define GROUPADD_NAMED /usr/sbin/groupadd -g %{NAMED_GID} -o -r %{NAMED_GID_NAME} 2> /dev/null || :
%define USERADD_NAMED /usr/sbin/useradd -r -o -g %{NAMED_GID_NAME} -u %{NAMED_UID} -s %{NAMED_SHELL} -c "%{NAMED_COMMENT}" -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} 2> /dev/null || :
%define USERMOD_NAMED /usr/sbin/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} 2>/dev/null || :
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if ! %{defined _rundir}
%define _rundir %{_localstatedir}/run
%endif
%description
Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols and provides an openly redistributable
reference implementation of the major components of the Domain Name
System. This package includes the components to operate a DNS server.
%package -n idnkit
Summary: Toolkit for internationalized domain names
Group: Productivity/Networking/DNS/Utilities
Version: %idn_vers
Release: 0
# Added on 2014-10-01
Provides: bind-utils:%_bindir/idnconv
Provides: bind-utils:%_bindir/runidn
%description -n idnkit
idnkit is a toolkit for handling internationalized domain names. It
consists of the following components.
* library for handling internationalized domain names (libidnkit)
* codeset conversion utility (idnconv)
* a command which adds IDN feature dynamically to Unix applications
(runidn)
%package -n idnkit-devel
Summary: Development files for idnkit
Group: Development/Libraries/C and C++
Version: %idn_vers
Release: 0
Provides: bind-devel:%_includedir/bind/idn
Requires: libidnkit1 = %idn_vers
Requires: libidnkitlite1 = %idn_vers
Requires: libidnkitres1 = %idn_vers
%description -n idnkit-devel
idnkit is a toolkit for handling internationalized domain names. This
subpackage contains the header files needed for building programs
with it.
%package -n libbind9-140
Summary: BIND9 shared library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libbind9-140
This library contains a few utility functions used by the BIND
server and utilities.
%package -n libdns162
Summary: DNS library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libdns162
This subpackage contains the "DNS client" module. This is a higher
level API that provides an interface to name resolution, single DNS
transaction with a particular server, and dynamic update. Regarding
name resolution, it supports advanced features such as DNSSEC
validation and caching. This module supports both synchronous and
asynchronous mode.
It also contains the Advanced Database (ADB) and Simple Database
(SDB) APIs. ADB allows user-written routines to replace BINDs
internal database function for both nominated and all zones. SDB
allows a user-written driver to supply zone data either from
alternate data sources (for instance, a relational database) or using
specialized algorithms (for instance, for load-balancing).
[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress]
%package -n libidnkit1
Summary: BIND Internationalized Domain Names library
Group: System/Libraries
Version: %idn_vers
Release: 0
%description -n libidnkit1
The libidnkit library support various manipulations of
internationalized domain names.
libidnkit internally uses iconv function to provide encoding
conversion from UTF-8 to the local encoding (such as ISO-8859-1,
usually determined by the current locale), and vise versa.
%package -n libidnkitlite1
Summary: BIND Internationalized Domain Names lightweight library
Group: System/Libraries
Version: %idn_vers
Release: 0
%description -n libidnkitlite1
The libidnkitlite library support various manipulations of
internationalized domain names.
libidnkitlite is lightweight version of libidnkit. It assumes local
encoding is UTF-8 so that it never uses iconv.
%package -n libidnkitres1
Summary: Resolver function library with IDN support
Group: System/Libraries
Version: %idn_vers
Release: 0
%description -n libidnkitres1
libidnkitres is a LD_PRELOAD-able library which provides a modified
version of resolver functions (gethostbyname, getaddrinfo, etc.)
which implement features for handling internationalized domain names.
%package -n libirs141
Summary: The BIND Information Retrieval System library
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libirs141
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file.
Specifically, it is intended to provide DNSSEC related configuration
parameters. By default, the path to this configuration file is /etc/dns.conf.
%package -n libirs-devel
Summary: Development files for IRS
Group: Development/Libraries/C and C++
Version: %rpm_vers
Release: 0
Requires: libirs141 = %rpm_vers
%description -n libirs-devel
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file. This
subpackage contains the header files needed for building programs with it.
%package -n libisc160
Summary: ISC shared library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
# Added on 2014-10-01. Does not really matter where it is put, we just need to
# flush the old name from the rpmdb. The libs will be automatically pulled in
# by way of rpm symbol requirements already.
Obsoletes: bind-libs = %version-%release
Provides: bind-libs < %version-%release
%description -n libisc160
This library contains miscellaneous utility function used by the BIND
server and utilities. It includes functions for assertion handling,
balanced binary (AVL) trees, bit masks comparison, event based
programs, heap-based priority queues, memory handling, and program
logging.
%package -n libisccc140
Summary: Command Channel Library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libisccc140
This library is used for communicating with BIND servers'
administrative command channel (port 953 by default).
%package -n libisccfg140
Summary: Exported ISC configuration shared library
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libisccfg140
This BIND library contains the configuration file parser.
%package -n liblwres141
Summary: Lightweight Resolver API library
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n liblwres141
The BIND 9 lightweight resolver library is a name service independent
stub resolver library. It provides hostname-to-address and
address-to-hostname lookup services to applications by transmitting
lookup requests to a resolver daemon, lwresd, running on the local
host. The resover daemon performs the lookup using the DNS or
possibly other name service protocols, and returns the results to the
application through the library. The library and resolver daemon
communicate using a UDP-based protocol.
%package chrootenv
Summary: Chroot environment for BIND named and lwresd
Group: Productivity/Networking/DNS/Servers
Version: %rpm_vers
Release: 0
Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd
%description chrootenv
This package contains all directories and files which are common to the
chroot environment of BIND named and lwresd. Most is part of the
structure below /var/lib/named.
%package devel
Summary: Development Libraries and Header Files of BIND
Group: Development/Libraries/C and C++
Version: %rpm_vers
Release: 0
Requires: libbind9-140 = %version
Requires: libdns162 = %version
Requires: libirs141 = %version
Requires: libisc160 = %version
Requires: libisccc140 = %version
Requires: libisccfg140 = %version
Requires: liblwres141 = %version
Provides: bind8-devel
Provides: bind9-devel
Obsoletes: bind8-devel < %version
Obsoletes: bind9-devel < %version
%description devel
This package contains the header files, libraries, and documentation
for building programs using the libraries of the Berkeley Internet Name
Domain (BIND) Domain Name System implementation of the Domain Name
System (DNS) protocols.
%package doc
Summary: BIND documentation
Group: Documentation/Other
Version: %rpm_vers
Release: 0
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
BuildArch: noarch
%endif
%description doc
Documentation of the Berkeley Internet Name Domain (BIND) Domain Name
System implementation of the Domain Name System (DNS) protocols. This
includes also the BIND Administrator Reference Manual (ARM).
%package lwresd
Summary: Lightweight Resolver Daemon
Group: Productivity/Networking/DNS/Utilities
Version: %rpm_vers
Release: 0
Requires: %{name}-chrootenv
Provides: dns_daemon
Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
PreReq: sysvinit(network) sysvinit(syslog)
%endif
%description lwresd
Bind-lwresd provides resolution services to local clients using a
combination of the lightweight resolver library liblwres and the
resolver daemon process lwresd running on the local host. These
communicate using a simple UDP-based protocol, the "lightweight
resolver protocol" that is distinct from and simpler than the full DNS
protocol.
%package utils
Summary: Utilities to query and test DNS
Group: Productivity/Networking/DNS/Utilities
Version: %rpm_vers
Release: 0
Provides: bind9-utils
Provides: bindutil
Provides: dns_utils
Obsoletes: bind9-utils < %version
Obsoletes: bindutil < %version
%description utils
This package includes the utilities "host", "dig", and "nslookup" used to
test and query the Domain Name System (DNS). The Berkeley Internet
Name Domain (BIND) DNS server is found in the package named bind.
%prep
%setup -q -n %{pkg_name}-%{pkg_vers} -a1
%patch -p1
%patch1 -p1
%patch4 -p0
%patch5 -p1
#%patch50
%patch51
%patch52
%patch53
%patch101 -p1
%patch102 -p1
# use the year from source gzip header instead of current one to make reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{S:0})
sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" lib/dns/gen.c
# modify settings of some files regarding to OS version and vendor
function replaceStrings()
{
file="$1"
sed -e "s@__NSD__@/lib@g" \
-e "s@__BIND_PACKAGE_NAME__@%{pkg_name}@g" \
-e "s@__VENDOR__@%{VENDOR}@g" \
-e "s@___lib__@%{_lib}@g" \
-i "${file}"
}
pushd vendor-files
for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} sysconfig/{named-common,named-named,syslog-named}; do
replaceStrings ${file}
done
popd
cp contrib/sdb/ldap/ldapdb.c bin/named/
cp contrib/sdb/ldap/ldapdb.h bin/named/include/
# ---------------------------------------------------------------------------
%build
%{?suse_update_config:%{suse_update_config -f}}
# gssapi/gssapi_krb5.h isn't found if aclocal.m4 gets modified this way
#cat /usr/share/aclocal/libtool.m4 >> aclocal.m4
%{__libtoolize} -f
%{__aclocal}
%{__autoconf}
#pushd lib/bind
#%{?suse_update_config:%{suse_update_config -f}}
#cat /usr/share/aclocal/libtool.m4 >> aclocal.m4
#%{__libtoolize} -f
#%{__aclocal}
#%{__autoconf}
#popd
#pushd contrib/idn/idnkit-1.0-src
#%{?suse_update_config:%{suse_update_config -f}}
#cat /usr/share/aclocal/libtool.m4 >> aclocal.m4
#%{__libtoolize} -f
#%{__aclocal}
#%{__autoconf}
#popd
export CFLAGS="$RPM_OPT_FLAGS -DNO_VERSION_DATE -fno-strict-aliasing $(getconf LFS_CFLAGS)" LDFLAGS="-L%{_libdir}"
#export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED" LDFLAGS="-L%{_libdir}"
#export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fpie" LDFLAGS="-L%{_libdir} -pie"
CONFIGURE_OPTIONS="\
--prefix=%{_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_var} \
--libdir=%{_libdir} \
--enable-exportlib \
--with-export-libdir=%{_libdir} \
--with-export-includedir=%{_includedir} \
--includedir=%{_includedir}/bind \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--disable-static \
--with-openssl \
--enable-threads \
--with-libtool \
--enable-runidn \
--with-libxml2 \
--with-dlz-mysql \
--with-dlz-ldap \
--enable-rrl \
--with-randomdev=/dev/urandom \
"
cp -f -p config.guess config.sub contrib/idn/idnkit-1.0-src/
./configure ${CONFIGURE_OPTIONS}
# disable rpath
sed -i '
s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g
s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g
' libtool
%{__make} %{?_smp_mflags}
pushd contrib/idn/idnkit-1.0-src
./configure ${CONFIGURE_OPTIONS}
# disable rpath
sed -i '
s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g
s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g
' libtool
%{__make} %{?_smp_mflags}
popd
# running BIND system tests
# FIXME: enable make test if every test checks for a free port first; fixed port
# 5300 might lead to test failures if port is already in use.
#pushd bin/tests/system/
#./ifconfig.sh up
#%{__make} test
#./ifconfig.sh down
#popd
# replace __NSD__ in some files by a sub directory to set the full path to
# named's root directory
# ---------------------------------------------------------------------------
%install
%{GROUPADD_NAMED}
%{USERADD_NAMED}
mkdir -p \
${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d \
${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d \
${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema \
${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d \
${RPM_BUILD_ROOT}/usr/{bin,%{_lib},sbin,include} \
${RPM_BUILD_ROOT}/%{_datadir}/bind \
${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System \
${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind \
${RPM_BUILD_ROOT}/var/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \
${RPM_BUILD_ROOT}%{_mandir}/{man1,man3,man5,man8} \
${RPM_BUILD_ROOT}/var/adm/fillup-templates \
${RPM_BUILD_ROOT}/%{_rundir} \
${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services \
${RPM_BUILD_ROOT}%{_includedir}/bind/dns \
${RPM_BUILD_ROOT}%{_libexecdir}/bind
%{__make} DESTDIR=${RPM_BUILD_ROOT} install
pushd contrib/idn/idnkit-1.0-src
%{__make} DESTDIR=${RPM_BUILD_ROOT} install
popd
# install interface header file for developing Dynamic DB plugin
install -m 0644 lib/dns/include/dns/dynamic_db.h ${RPM_BUILD_ROOT}%{_includedir}/bind/dns/
# install errno2result.h, some dynamic DB plugins could use it.
install -m 0755 -d ${RPM_BUILD_ROOT}%{_includedir}/isc/
install -m 0644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/isc/
# remove useless .la files
rm -f ${RPM_BUILD_ROOT}/%{_lib}/libidnkit.la
rm -f ${RPM_BUILD_ROOT}/%{_lib}/libidnkitlite.la
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/lib*.{la,a}
mv vendor-files/config/named.conf ${RPM_BUILD_ROOT}/%{_sysconfdir}
mv vendor-files/config/bind.reg ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d
mv vendor-files/config/rndc-access.conf ${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d
for file in lwresd.conf named.conf.include rndc.key; do
touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/${file}
done
for file in lwresd named; do
install -m 0754 vendor-files/init/${file} ${RPM_BUILD_ROOT}/etc/init.d/${file}
ln -sf /etc/init.d/${file} ${RPM_BUILD_ROOT}/usr/sbin/rc${file}
done
install -m 0644 ${RPM_SOURCE_DIR}/named.root ${RPM_BUILD_ROOT}/var/lib/named/root.hint
mv vendor-files/config/{127.0.0,localhost}.zone ${RPM_BUILD_ROOT}/var/lib/named
install -m 0754 vendor-files/tools/createNamedConfInclude ${RPM_BUILD_ROOT}/%{_datadir}/bind
install -m 0755 vendor-files/tools/bind.genDDNSkey ${RPM_BUILD_ROOT}/%{_bindir}/genDDNSkey
cp -a vendor-files/docu/BIND.desktop ${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System
cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema/dnszone.schema
cp -p "%{S:60}" "${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema/dlz.schema"
install -m 0754 vendor-files/tools/ldapdump ${RPM_BUILD_ROOT}/%{_datadir}/bind
find ${RPM_BUILD_ROOT}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755
touch ${RPM_BUILD_ROOT}/var/lib/named/etc/{localtime,named.conf.include,named.d/rndc.access.conf}
touch ${RPM_BUILD_ROOT}/var/lib/named/dev/log
ln -s ../.. ${RPM_BUILD_ROOT}/var/lib/named/var/lib/named
ln -s ../log ${RPM_BUILD_ROOT}/var/lib/named/var
%if "%_rundir" == "/run"
ln -s ../var/lib/named/var/run/lwresd ${RPM_BUILD_ROOT}/run
ln -s ../var/lib/named/var/run/named ${RPM_BUILD_ROOT}/run
%else
ln -s ../lib/named/var/run/lwresd ${RPM_BUILD_ROOT}/var/run
ln -s ../lib/named/var/run/named ${RPM_BUILD_ROOT}/var/run
%endif
for file in named-common named-named syslog-named; do
install -m 0644 vendor-files/sysconfig/${file} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.${file}
done
install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
# Cleanup doc
rm doc/misc/Makefile*
# Remove samples
rm ${RPM_BUILD_ROOT}/etc/*.sample
find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f
# Create doc as we want it in bind and not bind-doc
cp -a vendor-files/docu/README ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/README.%{VENDOR}
cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/
mkdir -p vendor-files/config/ISC-examples
cp -a bin/tests/*.conf* vendor-files/config/ISC-examples
for file in CHANGES COPYRIGHT README FAQ version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do
basename=$( basename ${file})
cp -a ${file} ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/${basename}
echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc
done
pushd ${RPM_BUILD_ROOT}%{_defaultdocdir}/bind/contrib/idn/idnkit-1.0-src
%{__make} distclean
rm -rf include lib man map patch tools win wsock Makefile.in acconfig.h aclocal.m4 config.* configure* install-sh ltconfig make.wnt mkinstalldirs
popd
# ---------------------------------------------------------------------------
install -m 0644 bind.keys ${RPM_BUILD_ROOT}/var/lib/named/named.root.key
%pre
# Are we updating from a package named bind9?
if test -d usr/share/doc/packages/bind9 && sbin/chkconfig -c named; then
NAMED_ACTIVE_FILE="var/adm/named.was.active"
test -f ${NAMED_ACTIVE_FILE} && old ${NAMED_ACTIVE_FILE}
ACTIVE_DIR=$( dirname ${NAMED_ACTIVE_FILE})
test -d ${ACTIVE_DIR} || mkdir -p ${ACTIVE_DIR}
touch ${NAMED_ACTIVE_FILE}
fi
%{GROUPADD_NAMED}
%{USERADD_NAMED}
# Might be an update.
%{USERMOD_NAMED}
# var/run/named is now a sym link pointing to the chroot jail
test -L var/run/named || rm -rf var/run/named
test -f etc/sysconfig/named && \
. etc/sysconfig/named
# Store NAMED_RUN_CHROOTED setting to a temp file.
TEMP_SYSCONFIG_FILE="var/adm/named-chroot"
TEMP_DIR=$( dirname ${TEMP_SYSCONFIG_FILE})
test -d ${TEMP_DIR} || \
mkdir -p ${TEMP_DIR}
test -e ${TEMP_SYSCONFIG_FILE} && \
old ${TEMP_SYSCONFIG_FILE}
echo "NAMED_RUN_CHROOTED=\"${NAMED_RUN_CHROOTED}\"" >${TEMP_SYSCONFIG_FILE}
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_add_pre named
%endif
%preun
%stop_on_removal named
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_del_preun named
%endif
%post
%{fillup_and_insserv -nf named}
%{fillup_only -nsa named named}
if [ ! -f etc/rndc.key ]; then
usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
chmod 0640 etc/rndc.key
chown root:named etc/rndc.key
fi
TEMP_SYSCONFIG_FILE="var/adm/named-chroot"
# Are we in update mode?
if [ ${FIRST_ARG:-0} -gt 1 ]; then
# Is named.conf an old, /var/named configuration?
if [ -f etc/named.conf ] && grep -qi '^[[:space:]]*directory[[:space:]]*"/var/named"[[:space:]]*;' etc/named.conf; then
test -d var/log || \
mkdir -p var/log
CONVLOG="/var/log/named-move-to-var-lib"
# move zone files to new location
echo "Moving zone files to new location /var/lib/named" | tee ${CONVLOG}
IFS="
"
for dir in var/named var/named/slave; do
for source in $( find ${dir} -maxdepth 1 ); do
case "${source#var/named/}" in
localhost.zone|127.0.0.zone|root.hint|slave|var/named) continue ;;
esac
sourcedir=$( echo "${source%/*}")
destdir=$( echo "${sourcedir#var/named}")
if [ -e "var/lib/named/${destdir}/${source##*/}" ]; then
echo "Warning: /var/lib/named${destdir}/${source##*/} already exists; skipped." | tee -a ${CONVLOG}
else
echo "${source#var/named/}" | tee -a ${CONVLOG}
mv "${source}" "var/lib/named/${destdir}"
fi
done
done
# updating named.conf
echo -n "Backup old /etc/named.conf to " | tee -a ${CONVLOG}
oldconfig=$( old etc/named.conf) 2>/dev/null
oldconfig=${oldconfig##*/}
echo -n "/etc/${oldconfig}. Conversion " | tee -a ${CONVLOG}
sed -e "s@\"/var/named\"@\"/var/lib/named\"@" "etc/${oldconfig}" > etc/named.conf 2>/dev/null
conv_rc=$?
if [ ${conv_rc} -eq 0 ]; then
echo "succeded." | tee -a ${CONVLOG}
chmod --reference="etc/${oldconfig}" etc/named.conf
chown --reference="etc/${oldconfig}" etc/named.conf
else
echo "failed." | tee -a ${CONVLOG}
fi
if [ ${conv_rc} -eq 0 ]; then
cat << EOF >>${CONVLOG}
Result: named.conf conversion succeded. For details check the following
diff of the the old and new configuration.
Ergebnis: Die named.conf-Konvertierung war erfolgreich. Details finden
Sie in der nachfolgenden Differenz der alten und neuen Konfiguration.
EOF
diff -u etc/${oldconfig} etc/named.conf >>${CONVLOG}
else
cat << EOF >>${CONVLOG}
Result: Conversion failed. You must check your /etc/named.conf
Ergebnis: Die Konvertierung ist fehlgeschlagen. Sie müssen Ihre
/etc/named.conf überprüfen.
EOF
fi
else
rm -f var/lib/update-messages/bind.1
fi # End of 'Is named.conf an old, /var/named configuration?'.
# Add include files to NAMED_CONF_INCLUDE_FILES if we have already a include
# file (SL Standard Server 8) and NAMED_RUN_CHROOTED from the
# TEMP_SYSCONFIG_FILE is empty.
if [ -f ${TEMP_SYSCONFIG_FILE} ]; then
. ${TEMP_SYSCONFIG_FILE}
fi
if [ -s etc/named.conf.include -a -z "${NAMED_RUN_CHROOTED}" ]; then
test -f etc/sysconfig/named && . etc/sysconfig/named
if [ "${NAMED_INITIALIZE_SCRIPTS}" = "createNamedConfInclude" -a \
-z "${NAMED_CONF_INCLUDE_FILES}" ]; then
# Get the included files from an existing meta include file.
INCLUDE_LINES=$( grep -e '^[[:space:]]*include' etc/named.conf.include | cut -f 2 -d '"')
if [ "${INCLUDE_LINES}" -a -z "${NAMED_CONF_INCLUDE_FILES}" ]; then
for file in ${INCLUDE_LINES}; do
# don't add a file a second time
echo "${INCLUDE_FILES}" | grep -qe "\<${file#/etc/named.d/}\>" && continue
# don't add the meta include file as the init script copy it anyway
# to the chroot jail
test "${file}" = "/etc/named.conf.include" && continue
test "${INCLUDE_FILES}" && INCLUDE_FILES="${INCLUDE_FILES} "
# strip off any leading /etc/named.d/ as the init script takes care
# of relative file names
INCLUDE_FILES="${INCLUDE_FILES}${file#/etc/named.d/}"
done
TMPFILE=$( mktemp /var/tmp/named.sysconfig.XXXXXX)
if [ $? -ne 0 ]; then
echo "Can't create temp file. Please add your included files from /etc/named.conf to"
echo "NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named manually."
return
fi
chmod --reference=etc/sysconfig/named ${TMPFILE}
if sed "s+^NAMED_CONF_INCLUDE_FILES.*$+NAMED_CONF_INCLUDE_FILES=\"${INCLUDE_FILES}\"+" etc/sysconfig/named > "${TMPFILE}"; then
mv "${TMPFILE}" etc/sysconfig/named
else
echo "Can't set NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named to \"${INCLUDE_FILES}\"."
fi
fi
fi
else
rm -f touch var/lib/update-messages/bind.3
fi # End of 'Add include files to NAMED_CONF_INCLUDE_FILES'
fi # End of 'Are we in update mode?'
# Remove TEMP_SYSCONFIG_FILE in any case.
rm -f ${TEMP_SYSCONFIG_FILE}
NAMED_ACTIVE_FILE="var/adm/named.was.active"
if [ -f ${NAMED_ACTIVE_FILE} ]; then
sbin/insserv named
test ! -s ${NAMED_ACTIVE_FILE} && rm -f ${NAMED_ACTIVE_FILE}
fi
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_add_post named
%endif
%postun
%restart_on_update named
%insserv_cleanup
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_del_postun named
%endif
%post -n libbind9-140 -p /sbin/ldconfig
%postun -n libbind9-140 -p /sbin/ldconfig
%post -n libdns162 -p /sbin/ldconfig
%postun -n libdns162 -p /sbin/ldconfig
%post -n libidnkit1 -p /sbin/ldconfig
%postun -n libidnkit1 -p /sbin/ldconfig
%post -n libidnkitlite1 -p /sbin/ldconfig
%postun -n libidnkitlite1 -p /sbin/ldconfig
%post -n libidnkitres1 -p /sbin/ldconfig
%postun -n libidnkitres1 -p /sbin/ldconfig
%post -n libirs141 -p /sbin/ldconfig
%postun -n libirs141 -p /sbin/ldconfig
%post -n libisc160 -p /sbin/ldconfig
%postun -n libisc160 -p /sbin/ldconfig
%post -n libisccc140 -p /sbin/ldconfig
%postun -n libisccc140 -p /sbin/ldconfig
%post -n libisccfg140 -p /sbin/ldconfig
%postun -n libisccfg140 -p /sbin/ldconfig
%post -n liblwres141 -p /sbin/ldconfig
%postun -n liblwres141 -p /sbin/ldconfig
%pre chrootenv
%{GROUPADD_NAMED}
%{USERADD_NAMED}
%post chrootenv
%{fillup_only -nsa named common}
%{fillup_only -nsa syslog named}
%pre lwresd
%{GROUPADD_NAMED}
%{USERADD_NAMED}
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_add_pre lwresd
%endif
%post lwresd
# Create a key if usr/sbin/rndc-confgen is installed.
if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then
usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
chmod 0640 etc/rndc.key
chown root:named etc/rndc.key
fi
# delete an emtpy lwresd.conf file
if [ ! -s etc/lwresd.conf ]; then
rm -f etc/lwresd.conf
fi
if [ $1 -le 1 ]; then
%{fillup_and_insserv -fy lwresd}
fi;
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_add_post lwresd
%endif
%preun lwresd
%stop_on_removal lwresd
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_del_preun lwresd
%endif
%postun lwresd
%restart_on_update lwresd
%insserv_cleanup
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%service_del_postun lwresd
%endif
%post utils
/sbin/ldconfig
# Create a key if lwresd is installed.
if [ -x usr/sbin/lwresd -a ! -f etc/rndc.key ]; then
usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
chmod 0640 etc/rndc.key
chown root:named etc/rndc.key
fi
# ---------------------------------------------------------------------------
%files
%defattr(-,root,root)
%attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf
%dir %{_sysconfdir}/slp.reg.d
%attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg
%attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include
%attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key
%config /%{_sysconfdir}/init.d/named
%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
%{_bindir}/bind9-config
%{_sbindir}/rcnamed
%{_sbindir}/named
%{_sbindir}/named-checkconf
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%{_sbindir}/named-rrchecker
%{_mandir}/man1/bind9-config.1.gz
%{_mandir}/man1/named-rrchecker.1.gz
%{_mandir}/man5/named.conf.5.gz
%{_mandir}/man8/named-checkconf.8.gz
%{_mandir}/man8/named-checkzone.8.gz
%{_mandir}/man8/named.8.gz
%{_mandir}/man8/named-compilezone.8.gz
%dir %{_datadir}/bind
%{_datadir}/bind/createNamedConfInclude
%{_datadir}/bind/ldapdump
%ghost %{_rundir}/named
%{_var}/adm/fillup-templates/sysconfig.named-named
%dir %{_var}/lib/named/master
%attr(-,named,named) %dir %{_var}/lib/named/dyn
%attr(-,named,named) %dir %{_var}/lib/named/slave
%config %{_var}/lib/named/root.hint
%config %{_var}/lib/named/127.0.0.zone
%config %{_var}/lib/named/localhost.zone
%config %{_var}/lib/named/named.root.key
%ghost %{_var}/lib/named/etc/localtime
%attr(0644,root,named) %ghost %{_var}/lib/named/etc/named.conf.include
%attr(-,named,named) %dir %{_var}/lib/named/var/run/named
%dir %{_libexecdir}/bind
%files -n idnkit
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/idn.conf
%config(noreplace) %{_sysconfdir}/idnalias.conf
%{_bindir}/idnconv
%{_bindir}/runidn
%{_mandir}/man1/idnconv.1.gz
%{_mandir}/man1/runidn.1.gz
%{_mandir}/man5/idn.conf.5.gz
%{_mandir}/man5/idnalias.conf.5.gz
%{_mandir}/man5/idnrc.5.gz
%{_datadir}/idnkit/
%files -n idnkit-devel
%defattr(-,root,root)
%dir %_includedir/bind/
%_includedir/bind/idn/
%_libdir/libidn*.so
%_mandir/man3/libidn*.3*
%files -n libbind9-140
%defattr(-,root,root)
%_libdir/libbind9.so.140*
%files -n libdns162
%defattr(-,root,root)
%_libdir/libdns.so.162*
%files -n libidnkit1
%defattr(-,root,root)
%_libdir/libidnkit.so.1*
%files -n libidnkitlite1
%defattr(-,root,root)
%_libdir/libidnkitlite.so.1*
%files -n libidnkitres1
%defattr(-,root,root)
%_libdir/libidnkitres.so.1*
%files -n libirs141
%defattr(-,root,root)
%_libdir/libirs.so.141*
%files -n libirs-devel
%defattr(-,root,root)
%_libdir/libirs.so
%files -n libisc160
%defattr(-,root,root)
%_libdir/libisc.so.160*
%files -n libisccc140
%defattr(-,root,root)
%_libdir/libisccc.so.140*
%files -n libisccfg140
%defattr(-,root,root)
%_libdir/libisccfg.so.140*
%files -n liblwres141
%defattr(-,root,root)
%_libdir/liblwres.so.141*
%files chrootenv
%defattr(-,root,root)
%dir %{_var}/lib/named
%dir %{_var}/lib/named/etc
%dir %{_var}/lib/named/etc/named.d
%dir %{_var}/lib/named/dev
%dir %{_var}/lib/named/var
%dir %{_var}/lib/named/var/lib
%dir %{_var}/lib/named/var/run
%attr(-,named,named) %dir %{_var}/lib/named/log
%ghost %{_var}/lib/named/etc/named.d/rndc.access.conf
%ghost %{_var}/lib/named/dev/log
%attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null
%attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random
%{_var}/lib/named/var/lib/named
%{_var}/lib/named/var/log
%{_var}/adm/fillup-templates/sysconfig.named-common
%{_var}/adm/fillup-templates/sysconfig.syslog-named
%files devel
%defattr(-,root,root)
%dir %{_includedir}/isc
%{_includedir}/isc/errno2result.h
%{_bindir}/isc-config.sh
%{_libdir}/libbind9.so
%{_libdir}/libdns.so
%{_libdir}/libisc*.so
%{_libdir}/liblwres.so
%{_includedir}/bind
%exclude %{_includedir}/bind/idn
%{_mandir}/man3/lwres*.3*
%files doc -f filelist-bind-doc
%defattr(-,root,root)
%dir %doc %{_defaultdocdir}/bind
%doc %{_datadir}/susehelp
%files lwresd
%defattr(-,root,root)
%ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf
%config /etc/init.d/lwresd
%{_sbindir}/rclwresd
%{_sbindir}/lwresd
%{_mandir}/man8/lwresd.8.gz
%ghost %{_rundir}/lwresd
%attr(-,named,named) %dir %{_var}/lib/named/var/run/lwresd
%files utils
%defattr(-,root,root)
%dir /etc/named.d
%config(noreplace) /etc/named.d/rndc-access.conf
%config(noreplace) /etc/bind.keys
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dlz.schema
%{_bindir}/delv
%{_bindir}/dig
%{_bindir}/host
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_bindir}/genDDNSkey
%{_sbindir}/arpaname
%{_sbindir}/ddns-confgen
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%{_sbindir}/dnssec-checkds
%{_sbindir}/dnssec-coverage
%endif
%{_sbindir}/dnssec-dsfromkey
%{_sbindir}/dnssec-importkey
%{_sbindir}/dnssec-keyfromlabel
%{_sbindir}/dnssec-keygen
%{_sbindir}/dnssec-revoke
%{_sbindir}/dnssec-settime
%{_sbindir}/dnssec-signzone
%{_sbindir}/dnssec-verify
%{_sbindir}/genrandom
%{_sbindir}/isc-hmac-fixup
%{_sbindir}/named-journalprint
%{_sbindir}/nsec3hash
%{_sbindir}/rndc
%{_sbindir}/rndc-confgen
%{_sbindir}/tsig-keygen
%dir %doc %{_defaultdocdir}/bind
%{_defaultdocdir}/bind/README.%{VENDOR}
%{_mandir}/man1/arpaname.1.gz
%{_mandir}/man1/delv.1.gz
%{_mandir}/man1/dig.1.gz
%{_mandir}/man1/host.1.gz
%{_mandir}/man1/isc-config.sh.1.gz
%{_mandir}/man1/nslookup.1.gz
%{_mandir}/man1/nsupdate.1.gz
%{_mandir}/man5/rndc.conf.5.gz
%{_mandir}/man8/ddns-confgen.8.gz
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230
%{_mandir}/man8/dnssec-checkds.8.gz
%{_mandir}/man8/dnssec-coverage.8.gz
%endif
%{_mandir}/man8/dnssec-dsfromkey.8.gz
%{_mandir}/man8/dnssec-importkey.8.gz
%{_mandir}/man8/dnssec-keyfromlabel.8.gz
%{_mandir}/man8/dnssec-keygen.8.gz
%{_mandir}/man8/dnssec-revoke.8.gz
%{_mandir}/man8/dnssec-settime.8.gz
%{_mandir}/man8/dnssec-signzone.8.gz
%{_mandir}/man8/dnssec-verify.8.gz
%{_mandir}/man8/genrandom.8.gz
%{_mandir}/man8/isc-hmac-fixup.8.gz
%{_mandir}/man8/named-journalprint.8.gz
%{_mandir}/man8/nsec3hash.8.gz
%{_mandir}/man8/rndc.8.gz
%{_mandir}/man8/rndc-confgen.8.gz
%{_mandir}/man8/tsig-keygen.8.gz
%changelog