unbound/unbound.spec

381 lines
13 KiB
RPMSpec

# norootforbuild
%bcond_without python
%bcond_without munin
%bcond_without hardened_build
%if 0%{?suse_version} >= 1230
%bcond_without systemd
%else
%bcond_with systemd
%endif
# only needed for < 1310
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
#
%define _sharedstatedir /var/lib/
%define ldns_version 1.6.16
%define fwdir /etc/sysconfig/SuSEfirewall2.d/services
%if 0%{?suse_version} > 1220
%define piddir /run
%else
%define piddir %{_localstatedir}/run
%endif
%if %{with python}
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
%endif
Name: unbound
Version: 1.4.22
Release: 1
#
Group: Productivity/Networking/DNS/Servers
License: BSD-3-Clause
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: flex
BuildRequires: openssl-devel
BuildRequires: libevent-devel
BuildRequires: ldns-devel >= %{ldns_version}
BuildRequires: python-devel
BuildRequires: libexpat-devel
%if %{with python}
BuildRequires: python-devel
BuildRequires: swig
%endif
PreReq: pwdutils
Requires: ldns >= %{ldns_version}
# until we figured something else out for the unbound-anchor part in the systemd unit file
Requires: sudo
%if %{with systemd}
BuildRequires: systemd-devel
%{?systemd_requires}
%endif
#
Url: http://www.unbound.net/
Source: http://www.unbound.net/downloads/unbound-%{version}.tar.gz
Source1: unbound.service
Source2: unbound.conf
Source3: unbound.munin
Source4: unbound_munin_
Source5: root.key
Source6: dlv.isc.org.key
Source7: unbound-keygen.service
Source8: tmpfiles-unbound.conf
Source9: example.com.key
Source10: example.com.conf
Source11: block-example.com.conf
# From http://data.iana.org/root-anchors/icannbundle.pem
Source12: icannbundle.pem
Source13: root.anchor
Source14: unbound.sysconfig
Source15: unbound.cron
Source16: unbound-munin.README
Source17: unbound.firewall
Summary: Validating, recursive, and caching DNS(SEC) resolver
%description
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.
Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.
%define libname libunbound2
%package -n %{libname}
Group: Development/Libraries/C and C++
Requires: %{name}-anchor >= %{version}
#
Summary: Shared library from unbound
%description -n %{libname}
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
This package holds the shared library from unbound.
%if %{with_munin}
%package munin
Summary: Plugin for the munin / munin-node monitoring package
Group: System Environment/Daemons
Requires: munin-node
Requires: %{name} = %{version}
Requires: bc
BuildArch: noarch
%description munin
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
This package holds the plugin for the munin / munin-node monitoring package
%endif
%package devel
Group: Development/Libraries/C and C++
Requires: %{libname} = %{version}
Requires: ldns-devel >= %{ldns_version}
Requires: openssl-devel
#
Summary: Development files for libunbound
%description devel
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
This package holds the development files to work with libunbound.
%package anchor
Group: Productivity/Networking/DNS/Servers
#
Requires: cron
Summary: Unbound Anchor cert management tools
%description anchor
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
This package contains the tools to manage the anchor certs.
%if %{with python}
%package python
Summary: Python modules and extensions for unbound
Group: Applications/System
Requires: %{libname} = %{version}
%description python
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
This package holds the Python modules and extensions for unbound.
%endif
%prep
%setup
%build
export LDFLAGS="-Wl,-z,relro,-z,now -pie"
export CFLAGS="%{optflags} -fPIE -pie"
export CXXFLAGS="%{optflags} -fPIE -pie"
%configure \
--disable-rpath \
--with-libevent \
--with-pthreads \
--disable-static \
--with-ldns=%{_prefix} \
--enable-sha2 --enable-gost --enable-ecdsa \
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \
--with-pidfile=%{piddir}%{name}/%{name}.pid \
%if %{with python}
--with-pythonmodule --with-pyunbound \
%endif
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key
# --with-pyunbound --with-pythonmodule
# --with-conf-file=path Pathname to the Unbound configuration file
# --with-run-dir=path set default directory to chdir to (by default dir
# part of cfg file)
# --with-chroot-dir=path set default directory to chroot to (by default same
# as run-dir)
# --with-share-dir=path set default directory with shared data (by default
# same as share/unbound)
# --with-pidfile=filename set default pathname to unbound pidfile (default
# run-dir/unbound.pid)
# --with-rootkey-file=filename
# set default pathname to root key file (default
# run-dir/root.key). This file is read and written.
# --with-rootcert-file=filename
# set default pathname to root update certificate file
# (default run-dir/icannbundle.pem). This file need
# not exist if you are content with the builtin.
#
%{__make} %{?_smp_mflags}
%{__make} %{?_smp_mflags} streamtcp
%install
make install DESTDIR="%{buildroot}"
install -d -m 0750 %{buildroot}/var/lib/unbound
install -d 0755 %{buildroot}%{_unitdir}
install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/unbound.service
install -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/unbound-keygen.service
install -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/unbound
install -D -p -m 0644 %{SOURCE14} %{buildroot}/var/adm/fillup-templates/sysconfig.%{name}
ln -sf /usr/sbin/service %{buildroot}%{_sbindir}/rcunbound
ln -sf /usr/sbin/service %{buildroot}%{_sbindir}/rcunbound-keygen
install -p -m 0644 %{SOURCE16} .
install -d 0755 %{buildroot}%{_sysconfdir}/cron.d
install -p -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/cron.d/unbound-anchor
install -d 0755 %{buildroot}%{fwdir}
install -p -m 0644 %{SOURCE17} %{buildroot}%{fwdir}/%{name}
%if %{with munin}
# Install munin plugin and its softlinks
install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
install -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound
install -d 0755 %{buildroot}%{_datadir}/munin/plugins/
install -p -m 0755 %{SOURCE4} %{buildroot}%{_datadir}/munin/plugins/unbound
for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do
ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin
done
%endif
# install streamtcp used for monitoring / debugging unbound's port 80/443 modes
install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp
# install streamtcp man page
install -m 0644 testcode/streamtcp.1 %{buildroot}/%{_mandir}/man1/unbound-streamtcp.1
# Install tmpfiles.d config
install -d -m 0755 %{buildroot}%{_tmpfilesdir}/ \
%{buildroot}%{_sharedstatedir}/unbound
install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/unbound.conf
# install root and DLV key - we keep a copy of the root key in old location,
# in case user has changed the configuration and we wouldn't update it there
install -m 0644 %{SOURCE5} %{SOURCE6} %{buildroot}%{_sysconfdir}/unbound/
install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/root.key
# remove static library from install (fedora packaging guidelines)
rm %{buildroot}%{_libdir}/*.la
%if %{with python}
rm %{buildroot}%{python_sitearch}/*.la
%endif
# create softlink for all functions of libunbound man pages
for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove;
do
echo ".so man3/libunbound.3" > %{buildroot}%{_mandir}/man3/${mpage}.3 ;
done
mkdir -p %{buildroot}%{piddir}/%{name}
# Install directories for easier config file drop in
mkdir -p %{buildroot}%{_sysconfdir}/unbound/{keys.d,conf.d,local.d}
install -m 0640 -p %{SOURCE9} %{buildroot}%{_sysconfdir}/unbound/keys.d/
install -m 0640 -p %{SOURCE10} %{buildroot}%{_sysconfdir}/unbound/conf.d/
install -m 0640 -p %{SOURCE11} %{buildroot}%{_sysconfdir}/unbound/local.d/
# Link unbound-control-setup.8 manpage to unbound-control.8
echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8
%check
#make check
%clean
%{__rm} -rf %{buildroot}
%pre anchor
/usr/sbin/groupadd -r unbound &>/dev/null || :
/usr/sbin/useradd -g unbound -s /bin/false -r -c "unbound caching dns server" -d /var/lib/unbound unbound &>/dev/null || :
%pre
%if %{with systemd}
%service_add_pre unbound-keygen.service unbound.service
%endif
%post
%fillup_only %{name}
%if %{with systemd}
systemd-tmpfiles --create %{_tmpfilesdir}/unbound.conf
%service_add_post unbound-keygen.service unbound.service
%endif
%preun
%if %{with systemd}
%service_del_preun unbound-keygen.service unbound.service
%else
%stop_on_removal %{name}
%endif
%postun
%if %{with systemd}
%service_del_postun unbound-keygen.service unbound.service
%else
%restart_on_update %{name}
%{insserv_cleanup}
%endif
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES
%attr(0755,unbound,unbound) %ghost %dir %{piddir}/%{name}
%attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
%dir %attr(-,root,unbound) %{_sysconfdir}/%{name}/keys.d
%attr(0660,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key
%dir %attr(-,root,unbound) %{_sysconfdir}/%{name}/conf.d
%attr(0660,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf
%dir %attr(-,root,unbound) %{_sysconfdir}/%{name}/local.d
%attr(0660,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf
%{_sbindir}/unbound
%{_sbindir}/unbound-checkconf
%{_sbindir}/unbound-host
%{_sbindir}/unbound-control
%{_sbindir}/unbound-control-setup
%{_sbindir}/unbound-streamtcp
%{_mandir}/man1/unbound-host.1*
%{_mandir}/man5/unbound.conf.5*
%{_mandir}/man8/unbound.8*
%{_mandir}/man8/unbound-checkconf.8*
%{_mandir}/man8/unbound-control-setup.8*
%{_mandir}/man8/unbound-control.8*
%{_mandir}/man1/unbound-streamtcp.1*
/var/adm/fillup-templates/sysconfig.%{name}
%if %{with systemd}
%{_tmpfilesdir}/unbound.conf
%{_unitdir}/unbound-keygen.service
%{_unitdir}/unbound.service
%endif
%{_sbindir}/rcunbound
%{_sbindir}/rcunbound-keygen
%dir %{fwdir}
%config %{fwdir}/%{name}
%files -n %{libname}
%defattr(-,root,root,-)
%{_libdir}/libunbound.so.*
%if %{with python}
%files python
%defattr(-,root,root,-)
%{python_sitearch}/*
%doc libunbound/python/examples/*
%doc pythonmod/examples/*
%endif
%if %{with munin}
%files munin
%defattr(-,root,root,-)
%dir %{_sysconfdir}/munin/
%dir %{_sysconfdir}/munin/plugin-conf.d/
%config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound
%dir %{_datadir}/munin/
%dir %{_datadir}/munin/plugins/
%{_datadir}/munin/plugins/unbound*
%doc unbound-munin.README
%endif
%files devel
%defattr(-,root,root,-)
%{_includedir}/unbound.h
%{_libdir}/libunbound.so
%{_mandir}/man3/libunbound.3*
%{_mandir}/man3/ub_*.3*
%files anchor
%defattr(-,root,root,-)
%dir %{_sysconfdir}/%{name}/
%{_sbindir}/unbound-anchor
%config %{_sysconfdir}/%{name}/icannbundle.pem
%config %{_sysconfdir}/cron.d/unbound-anchor
%dir %attr(-,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0640,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.key
%attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
# just left for backwards compat with user changed unbound.conf files - format is different!
%attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/root.key
%{_mandir}/man8/unbound-anchor.8*
%doc doc/README doc/LICENSE
%changelog