diff --git a/nsd-rpmlintrc b/nsd-rpmlintrc index 62abb8b..c57bbe1 100644 --- a/nsd-rpmlintrc +++ b/nsd-rpmlintrc @@ -1,22 +1,3 @@ # failed check. chroot immediately follows chdir addFilter("W: missing-call-to-chdir-with-chroot /usr/sbin/nsd") -# We create our group/user -addFilter("W: non-standard-uid /var/lib/nsd/nsd.db nsd") -addFilter("W: non-standard-uid /var/log/nsd nsd") -addFilter("W: non-standard-uid /var/log/nsd/nsd.log nsd") -addFilter("W: non-standard-uid /var/lib/nsd/xfrd.state nsd") -addFilter("W: non-standard-uid /var/lib/nsd nsd") -addFilter("W: non-standard-uid /var/lib/nsd/ixfr.db nsd") -addFilter("W: non-standard-gid /var/lib/nsd/nsd.db nsd") -addFilter("W: non-standard-gid /var/log/nsd nsd") -addFilter("W: non-standard-gid /etc/nsd nsd") -addFilter("W: non-standard-gid /var/log/nsd/nsd.log nsd") -addFilter("W: non-standard-gid /etc/nsd/nsd.conf.sample nsd") -addFilter("W: non-standard-gid /etc/nsd/nsd.conf nsd") -addFilter("W: non-standard-gid /var/lib/nsd/xfrd.state nsd") -addFilter("W: non-standard-gid /var/lib/nsd nsd") -addFilter("W: non-standard-gid /var/lib/nsd/ixfr.db nsd") - -addFilter("W: non-standard-gid /run/nsd nsd") -addFilter("W: non-standard-uid /run/nsd nsd") diff --git a/nsd.changes b/nsd.changes index 845a682..a514082 100644 --- a/nsd.changes +++ b/nsd.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Feb 5 10:26:02 UTC 2018 - adam.majer@suse.de + +- drop insserv requires on SLE12+ and openSUSE +- nsd-lintrpmrc: drop most overrides +- don't install config file as sample +- switch to using user/group names _nsd to match expected names + as per recent rpmlint changes as not to conflict with admin + created names. +- update and change current owner during upgrade + ------------------------------------------------------------------- Tue Jan 2 11:18:40 UTC 2018 - michael@stroeder.com diff --git a/nsd.spec b/nsd.spec index 062770e..675500d 100644 --- a/nsd.spec +++ b/nsd.spec @@ -1,82 +1,91 @@ # # spec file for package nsd # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild -%if 0%{?suse_version} >= 1230 -%bcond_without systemd -%define _rundir /run -%else -%bcond_with systemd -%define _rundir /var/run -%endif -# only needed for < 1310 -%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d} +%define home %{_localstatedir}/lib/%{name} +%define configdir %{_sysconfdir}/%{name} +%define configfile %{configdir}/nsdc.conf +%define zonesfile %{configdir}/nsd.zones +%define zonesdir %{configdir}/zones +%define pidfile %{_rundir}/nsd/nsd.pid +%if 0%{?suse_version} >= 1230 +%define _rundir /run +%bcond_without systemd +%else +%define _rundir %{_localstatedir}/run +%bcond_with systemd +%endif Name: nsd Version: 4.1.19 Release: 0 # +Summary: An authoritative only domain name server +# License: BSD-3-Clause Group: Productivity/Networking/DNS/Servers # -BuildRoot: %{_tmppath}/%{name}-%{version}-build +URL: http://open.nlnetlabs.nl/nsd/ +Source: http://open.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz +Source1: nsd.service +Source2: tmpfiles-nsd.conf +Source3: nsd.init +Source4: nsd.keyring +Source5: https://www.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz.asc +Source10: nsd-rpmlintrc +# BuildRequires: libevent-devel BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: pwdutils BuildRequires: tcpd-devel +Requires: %fillup_prereq +Requires: pwdutils +Requires(post): coreutils +Requires(post): findutils +Requires(post): shadow +Requires(pre): shadow %if %{with systemd} BuildRequires: systemd-devel %{?systemd_requires} +%else +# FIXME: use proper Requires(pre/post/preun/...) +PreReq: %insserv_prereq %endif -PreReq: %insserv_prereq %fillup_prereq pwdutils -# -%define home %{_var}/lib/%{name} -%define configdir %{_sysconfdir}/%{name} -%define configfile %{configdir}/nsdc.conf -%define zonesfile %{configdir}/nsd.zones -%define zonesdir %{configdir}/ -%define dbfile %{zonesdir}/nsd.db -%define pidfile %{_rundir}/nsd/nsd.pid -# -Url: http://open.nlnetlabs.nl/nsd/ -Source: http://open.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz -Source5: https://www.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz.asc -Source4: nsd.keyring -Source1: nsd.service -Source2: tmpfiles-nsd.conf -Source3: nsd.init -# -Summary: An authoritative only, high performance domain name server + %description NSD is a complete implementation of an authoritative domain name server developed by NLnet Labs with the purpose of creating more diversity in the DNS landscape. %prep -%setup +%setup -q %build -export CFLAGS="${RPM_OPT_FLAGS} ${CFLAGS} -fPIE -Wformat-nonliteral -Wformat-security" -export LDFLAGS="${LDFLAGS} -pie -Wl,-z,relro,-z,now" %configure \ --with-configdir=%{configdir} \ - --with-zonesdir=%{configdir} \ + --with-zonesdir=%{zonesdir} \ --with-dbfile=%{home}/nsd.db \ --with-xfrdfile=%{home}/xfrd.state \ - --with-pidfile=%{pidfile} \ - --with-logfile=/var/log/nsd/nsd.log \ + --with-pidfile=%{_rundir}/nsd/nsd.pid \ + --with-logfile=/%{_localstatedir}/log/nsd/nsd.log \ --enable-root-server \ --enable-bind8-stats \ --enable-zone-stats \ --enable-mmap \ - --with-user=%{name} \ + --with-user=_nsd \ --enable-ratelimit make %{?_smp_mflags} iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8 @@ -85,22 +94,21 @@ mv -f doc/RELNOTES.utf8 doc/RELNOTES mv -f doc/CREDITS.utf8 doc/CREDITS %install -make install DESTDIR="%{buildroot}" -cp -v %{buildroot}%{configdir}/nsd.conf.sample %{buildroot}%{configdir}/nsd.conf +%make_install chmod -Rv o= %{buildroot}%{configdir}/ # install -d -m 0700 %{buildroot}%{home} \ %{buildroot}%{_rundir}/%{name} # -install -d -m 0755 %{buildroot}/var/log/nsd/ -touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/var/log/nsd/nsd.log +install -d -m 0755 %{buildroot}/%{_localstatedir}/log/nsd/ +touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/%{_localstatedir}/log/nsd/nsd.log %if %{with systemd} install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/nsd.service install -D -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/nsd.conf -ln -s -f /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name} +ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %else -install -D -m 0755 %{S:3} %{buildroot}%{_sysconfdir}/init.d/%{name} +install -D -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} %endif @@ -108,8 +116,8 @@ ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} # # e.g. adding user # -%{_sbindir}/groupadd -r %{name} &>/dev/null ||: -%{_sbindir}/useradd -g %{name} -s /bin/false -r -c "user for %{name}" -d %{home} %{name} &>/dev/null ||: +%{_sbindir}/groupadd -r _nsd &>/dev/null ||: +%{_sbindir}/useradd -g _nsd -s /bin/false -r -c "user for %{name}" -d %{home} _nsd &>/dev/null ||: %if %{with systemd} %service_add_pre %{name}.service %endif @@ -121,6 +129,28 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || : %service_add_post %{name}.service %endif +# On upgrade, we migrate from old "nsd" user to new "_nsd" user for +# config, home and default logging directories +# +# This is only used for special case of upgrading server:dns/nsd users +# as 'nsd' user was never part of openSUSE:Factory +if [ "x"$1 = "x2" ] && [ "x"`stat -c '%%G' %{home}/nsd.db` = 'xnsd' ]; then + echo "Changing legacy group from user/group nsd:nsd to _nsd:_nsd" + %{_bindir}/find %{_localstatedir}/log/nsd %{home} %{_rundir}/nsd -exec %{_bindir}/chown -v _nsd:_nsd {} \+ + %{_bindir}/find %{configdir} -exec %{_bindir}/chgrp -v _nsd {} \+ + + # force restart because we need to remove users here + %if %{with systemd} + %{_bindir}/systemctl try-restart %{name}.service ||: + %else + %{_sbindir}/rcnsd restart ||: + %endif + + # remove old username/group + %{_sbindir}/userdel nsd || : + %{_sbindir}/groupdel nsd || : +fi + %preun %if %{with systemd} %service_del_preun %{name}.service @@ -133,11 +163,10 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || : %service_del_postun %{name}.service %else %restart_on_update %{name} -%{insserv_cleanup} +%insserv_cleanup %endif %files -%defattr(-,root,root) %doc doc/* %{configdir}/nsd.conf.sample %config @@ -161,16 +190,16 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || : %{_mandir}/man8/nsd.8* %{_mandir}/man8/nsd-control.8* # -%config(noreplace) %attr(-,root,%{name}) %{configdir} +%config(noreplace) %attr(-,root,_nsd) %{configdir} +%ghost %config %attr(640,_nsd,_nsd) %{configdir}/nsd.conf # -%dir %attr(750,%{name},%{name}) %{home} -%ghost %config %attr(640,%{name},%{name}) %{home}/nsd.db -%ghost %config %attr(640,%{name},%{name}) %{home}/ixfr.db -%ghost %config %attr(640,%{name},%{name}) %{home}/xfrd.state +%dir %attr(750,_nsd,_nsd) %{home} +%ghost %config %attr(640,_nsd,_nsd) %{home}/nsd.db +%ghost %config %attr(640,_nsd,_nsd) %{home}/ixfr.db +%ghost %config %attr(640,_nsd,_nsd) %{home}/xfrd.state # -%dir %attr(750,%{name},%{name}) /var/log/nsd -%ghost %attr(640,%{name},%{name}) /var/log/nsd/nsd.log -%ghost %attr(750,%{name},%{name}) %{_rundir}/%{name} - +%dir %attr(750,_nsd,_nsd) /%{_localstatedir}/log/nsd +%ghost %attr(640,_nsd,_nsd) /%{_localstatedir}/log/nsd/nsd.log +%ghost %attr(750,_nsd,_nsd) %{_rundir}/%{name} %changelog diff --git a/tmpfiles-nsd.conf b/tmpfiles-nsd.conf index 9830f91..b9bf6c6 100644 --- a/tmpfiles-nsd.conf +++ b/tmpfiles-nsd.conf @@ -1 +1 @@ -D /run/nsd 0755 nsd nsd - +D /run/nsd 0755 _nsd _nsd -