# # spec file for package bind # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif Name: bind %define pkg_name bind %define pkg_vers 9.10.4-P5 %define rpm_vers 9.10.4P5 %define idn_vers 1.0 %define with_systemd 0 Summary: Domain Name System (DNS) Server (named) License: ISC Group: Productivity/Networking/DNS/Servers Version: %rpm_vers Release: 0 Source: ftp://ftp.isc.org/isc/bind9/%{pkg_vers}/bind-%{pkg_vers}.tar.gz Source3: ftp://ftp.isc.org/isc/bind9/%{pkg_vers}/bind-%{pkg_vers}.tar.gz.asc # from http://www.isc.org/about/openpgp/ ... changes yearly apparently. Source4: %name.keyring Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source9: ftp://ftp.internic.net/domain/named.root # url http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt no longer exists... Source40: dnszone-schema.txt Patch: configure.in.diff Patch1: Makefile.in.diff Patch4: perl-path.diff Patch5: dns_dynamic_db.patch Patch51: pie_compile.diff Patch52: named-bootconf.diff Patch53: bind-sdb-ldap.patch Patch101: runidn.diff Patch102: idnkit-powerpc-ltconfig.patch Patch103: bind-CVE-2017-3135.patch Patch104: bind-CVE-2017-3142-and-3143.patch Patch200: bind-openssl11.patch BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libjson-c-devel BuildRequires: libmysqlclient-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: openldap2-devel BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: python3-base %if %{with_systemd} BuildRequires: systemd-rpm-macros %else PreReq: %insserv_prereq %endif BuildRequires: update-desktop-files Provides: bind8 Provides: bind9 Provides: dns_daemon Obsoletes: bind8 < %version Obsoletes: bind9 < %version Requires: %{name}-chrootenv Requires: %{name}-utils PreReq: %fillup_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod Url: http://isc.org/sw/bind/ Source60: dlz-schema.txt %if "%{_vendor}" == "suse" %define VENDOR SUSE %else %define VENDOR %_vendor %endif # Defines for user and group add %define NAMED_UID 44 %define NAMED_UID_NAME named %define NAMED_GID 44 %define NAMED_GID_NAME named %define NAMED_COMMENT Name server daemon %define NAMED_HOMEDIR /var/lib/named %define NAMED_SHELL /bin/false %define GROUPADD_NAMED /usr/sbin/groupadd -g %{NAMED_GID} -o -r %{NAMED_GID_NAME} 2> /dev/null || : %define USERADD_NAMED /usr/sbin/useradd -r -o -g %{NAMED_GID_NAME} -u %{NAMED_UID} -s %{NAMED_SHELL} -c "%{NAMED_COMMENT}" -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} 2> /dev/null || : %define USERMOD_NAMED /usr/sbin/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} 2>/dev/null || : BuildRoot: %{_tmppath}/%{name}-%{version}-build %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif %description Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. %package -n idnkit Summary: Toolkit for internationalized domain names Group: Productivity/Networking/DNS/Utilities Version: %idn_vers Release: 0 # Added on 2014-10-01 Provides: bind-utils:%_bindir/idnconv Provides: bind-utils:%_bindir/runidn %description -n idnkit idnkit is a toolkit for handling internationalized domain names. It consists of the following components. * library for handling internationalized domain names (libidnkit) * codeset conversion utility (idnconv) * a command which adds IDN feature dynamically to Unix applications (runidn) %package -n idnkit-devel Summary: Development files for idnkit Group: Development/Libraries/C and C++ Version: %idn_vers Release: 0 Provides: bind-devel:%_includedir/bind/idn Requires: libidnkit1 = %idn_vers Requires: libidnkitlite1 = %idn_vers Requires: libidnkitres1 = %idn_vers %description -n idnkit-devel idnkit is a toolkit for handling internationalized domain names. This subpackage contains the header files needed for building programs with it. %package -n libbind9-140 Summary: BIND9 shared library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 %description -n libbind9-140 This library contains a few utility functions used by the BIND server and utilities. %package -n libdns165 Summary: DNS library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 %description -n libdns165 This subpackage contains the "DNS client" module. This is a higher level API that provides an interface to name resolution, single DNS transaction with a particular server, and dynamic update. Regarding name resolution, it supports advanced features such as DNSSEC validation and caching. This module supports both synchronous and asynchronous mode. It also contains the Advanced Database (ADB) and Simple Database (SDB) APIs. ADB allows user-written routines to replace BIND’s internal database function for both nominated and all zones. SDB allows a user-written driver to supply zone data either from alternate data sources (for instance, a relational database) or using specialized algorithms (for instance, for load-balancing). [Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress] %package -n libidnkit1 Summary: BIND Internationalized Domain Names library Group: System/Libraries Version: %idn_vers Release: 0 %description -n libidnkit1 The libidnkit library support various manipulations of internationalized domain names. libidnkit internally uses iconv function to provide encoding conversion from UTF-8 to the local encoding (such as ISO-8859-1, usually determined by the current locale), and vise versa. %package -n libidnkitlite1 Summary: BIND Internationalized Domain Names lightweight library Group: System/Libraries Version: %idn_vers Release: 0 %description -n libidnkitlite1 The libidnkitlite library support various manipulations of internationalized domain names. libidnkitlite is lightweight version of libidnkit. It assumes local encoding is UTF-8 so that it never uses iconv. %package -n libidnkitres1 Summary: Resolver function library with IDN support Group: System/Libraries Version: %idn_vers Release: 0 %description -n libidnkitres1 libidnkitres is a LD_PRELOAD-able library which provides a modified version of resolver functions (gethostbyname, getaddrinfo, etc.) which implement features for handling internationalized domain names. %package -n libirs141 Summary: The BIND Information Retrieval System library Group: System/Libraries Version: %rpm_vers Release: 0 %description -n libirs141 libirs provides an interface to parse the traditional resolv.conf file and an "advanced" configuration file related to the DNS library for configuration parameters that would be beyond the capability of the resolv.conf file. Specifically, it is intended to provide DNSSEC related configuration parameters. By default, the path to this configuration file is /etc/dns.conf. %package -n libirs-devel Summary: Development files for IRS Group: Development/Libraries/C and C++ Version: %rpm_vers Release: 0 Requires: libirs141 = %rpm_vers %description -n libirs-devel libirs provides an interface to parse the traditional resolv.conf file and an "advanced" configuration file related to the DNS library for configuration parameters that would be beyond the capability of the resolv.conf file. This subpackage contains the header files needed for building programs with it. %package -n libisc160 Summary: ISC shared library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 # Added on 2014-10-01. Does not really matter where it is put, we just need to # flush the old name from the rpmdb. The libs will be automatically pulled in # by way of rpm symbol requirements already. Obsoletes: bind-libs = %version-%release Provides: bind-libs < %version-%release %description -n libisc160 This library contains miscellaneous utility function used by the BIND server and utilities. It includes functions for assertion handling, balanced binary (AVL) trees, bit masks comparison, event based programs, heap-based priority queues, memory handling, and program logging. %package -n libisccc140 Summary: Command Channel Library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 %description -n libisccc140 This library is used for communicating with BIND servers' administrative command channel (port 953 by default). %package -n libisccfg140 Summary: Exported ISC configuration shared library Group: System/Libraries Version: %rpm_vers Release: 0 %description -n libisccfg140 This BIND library contains the configuration file parser. %package -n liblwres141 Summary: Lightweight Resolver API library Group: System/Libraries Version: %rpm_vers Release: 0 %description -n liblwres141 The BIND 9 lightweight resolver library is a name service independent stub resolver library. It provides hostname-to-address and address-to-hostname lookup services to applications by transmitting lookup requests to a resolver daemon, lwresd, running on the local host. The resover daemon performs the lookup using the DNS or possibly other name service protocols, and returns the results to the application through the library. The library and resolver daemon communicate using a UDP-based protocol. %package chrootenv Summary: Chroot environment for BIND named and lwresd Group: Productivity/Networking/DNS/Servers Version: %rpm_vers Release: 0 Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd %description chrootenv This package contains all directories and files which are common to the chroot environment of BIND named and lwresd. Most is part of the structure below /var/lib/named. %package devel Summary: Development Libraries and Header Files of BIND Group: Development/Libraries/C and C++ Version: %rpm_vers Release: 0 Requires: libbind9-140 = %version Requires: libdns165 = %version Requires: libirs141 = %version Requires: libisc160 = %version Requires: libisccc140 = %version Requires: libisccfg140 = %version Requires: liblwres141 = %version Provides: bind8-devel Provides: bind9-devel Obsoletes: bind8-devel < %version Obsoletes: bind9-devel < %version %description devel This package contains the header files, libraries, and documentation for building programs using the libraries of the Berkeley Internet Name Domain (BIND) Domain Name System implementation of the Domain Name System (DNS) protocols. %package doc Summary: BIND documentation Group: Documentation/Other Version: %rpm_vers Release: 0 %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230 BuildArch: noarch %endif %description doc Documentation of the Berkeley Internet Name Domain (BIND) Domain Name System implementation of the Domain Name System (DNS) protocols. This includes also the BIND Administrator Reference Manual (ARM). %package lwresd Summary: Lightweight Resolver Daemon Group: Productivity/Networking/DNS/Utilities Version: %rpm_vers Release: 0 Requires: %{name}-chrootenv Provides: dns_daemon Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd %if !%{with_systemd} PreReq: %insserv_prereq %endif %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230 PreReq: sysvinit(network) sysvinit(syslog) %endif %description lwresd Bind-lwresd provides resolution services to local clients using a combination of the lightweight resolver library liblwres and the resolver daemon process lwresd running on the local host. These communicate using a simple UDP-based protocol, the "lightweight resolver protocol" that is distinct from and simpler than the full DNS protocol. %package utils Summary: Utilities to query and test DNS Group: Productivity/Networking/DNS/Utilities Version: %rpm_vers Release: 0 Provides: bind9-utils Provides: bindutil Provides: dns_utils Obsoletes: bind9-utils < %version Obsoletes: bindutil < %version %description utils This package includes the utilities "host", "dig", and "nslookup" used to test and query the Domain Name System (DNS). The Berkeley Internet Name Domain (BIND) DNS server is found in the package named bind. %prep %setup -q -n %{pkg_name}-%{pkg_vers} -a1 %patch -p1 %patch1 -p1 %patch4 -p0 %patch5 -p1 #%patch50 %patch51 %patch52 %patch53 %patch101 -p1 %patch102 -p1 %patch103 -p1 %patch104 -p1 %patch200 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{S:0}) sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" lib/dns/gen.c # modify settings of some files regarding to OS version and vendor function replaceStrings() { file="$1" sed -e "s@__NSD__@/lib@g" \ -e "s@__BIND_PACKAGE_NAME__@%{pkg_name}@g" \ -e "s@__VENDOR__@%{VENDOR}@g" \ -e "s@___lib__@%{_lib}@g" \ -e "s@__openssl__@$(pkg-config --variable=enginesdir libcrypto)@g" \ -i "${file}" } pushd vendor-files for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} sysconfig/{named-common,named-named,syslog-named}; do replaceStrings ${file} done popd cp contrib/sdb/ldap/ldapdb.c bin/named/ cp contrib/sdb/ldap/ldapdb.h bin/named/include/ # --------------------------------------------------------------------------- %build %{?suse_update_config:%{suse_update_config -f}} # gssapi/gssapi_krb5.h isn't found if aclocal.m4 gets modified this way #cat /usr/share/aclocal/libtool.m4 >> aclocal.m4 %{__libtoolize} -f %{__aclocal} %{__autoconf} #pushd lib/bind #%{?suse_update_config:%{suse_update_config -f}} #cat /usr/share/aclocal/libtool.m4 >> aclocal.m4 #%{__libtoolize} -f #%{__aclocal} #%{__autoconf} #popd #pushd contrib/idn/idnkit-1.0-src #%{?suse_update_config:%{suse_update_config -f}} #cat /usr/share/aclocal/libtool.m4 >> aclocal.m4 #%{__libtoolize} -f #%{__aclocal} #%{__autoconf} #popd export CFLAGS="$RPM_OPT_FLAGS -DNO_VERSION_DATE -fno-strict-aliasing $(getconf LFS_CFLAGS)" LDFLAGS="-L%{_libdir}" #export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED" LDFLAGS="-L%{_libdir}" #export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fpie" LDFLAGS="-L%{_libdir} -pie" CONFIGURE_OPTIONS="\ --prefix=%{_prefix} \ --bindir=%{_bindir} \ --sbindir=%{_sbindir} \ --sysconfdir=%{_sysconfdir} \ --localstatedir=%{_var} \ --libdir=%{_libdir} \ --enable-exportlib \ --with-export-libdir=%{_libdir} \ --with-export-includedir=%{_includedir} \ --includedir=%{_includedir}/bind \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --disable-static \ --with-openssl \ --enable-threads \ --with-libtool \ --enable-runidn \ --with-libxml2 \ --with-libjson \ --with-dlz-mysql \ --with-dlz-ldap \ --enable-rrl \ --with-randomdev=/dev/urandom \ " cp -f -p config.guess config.sub contrib/idn/idnkit-1.0-src/ ./configure ${CONFIGURE_OPTIONS} # disable rpath sed -i ' s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g ' libtool %{__make} %{?_smp_mflags} pushd contrib/idn/idnkit-1.0-src ./configure ${CONFIGURE_OPTIONS} # disable rpath sed -i ' s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g ' libtool %{__make} %{?_smp_mflags} popd # running BIND system tests # FIXME: enable make test if every test checks for a free port first; fixed port # 5300 might lead to test failures if port is already in use. #pushd bin/tests/system/ #./ifconfig.sh up #%{__make} test #./ifconfig.sh down #popd # replace __NSD__ in some files by a sub directory to set the full path to # named's root directory # --------------------------------------------------------------------------- %install %{GROUPADD_NAMED} %{USERADD_NAMED} mkdir -p \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d \ ${RPM_BUILD_ROOT}/usr/{bin,%{_lib},sbin,include} \ ${RPM_BUILD_ROOT}/%{_datadir}/bind \ ${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System \ ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind \ ${RPM_BUILD_ROOT}/var/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \ ${RPM_BUILD_ROOT}%{_mandir}/{man1,man3,man5,man8} \ ${RPM_BUILD_ROOT}%{_fillupdir} \ ${RPM_BUILD_ROOT}/%{_rundir} \ ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services \ ${RPM_BUILD_ROOT}%{_includedir}/bind/dns \ ${RPM_BUILD_ROOT}%{_libexecdir}/bind %{__make} DESTDIR=${RPM_BUILD_ROOT} install pushd contrib/idn/idnkit-1.0-src %{__make} DESTDIR=${RPM_BUILD_ROOT} install popd # install interface header file for developing Dynamic DB plugin install -m 0644 lib/dns/include/dns/dynamic_db.h ${RPM_BUILD_ROOT}%{_includedir}/bind/dns/ # install errno2result.h, some dynamic DB plugins could use it. install -m 0755 -d ${RPM_BUILD_ROOT}%{_includedir}/isc/ install -m 0644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/isc/ # remove useless .la files rm -f ${RPM_BUILD_ROOT}/%{_lib}/libidnkit.la rm -f ${RPM_BUILD_ROOT}/%{_lib}/libidnkitlite.la rm -f ${RPM_BUILD_ROOT}/%{_libdir}/lib*.{la,a} mv vendor-files/config/named.conf ${RPM_BUILD_ROOT}/%{_sysconfdir} mv vendor-files/config/bind.reg ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d mv vendor-files/config/rndc-access.conf ${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d for file in lwresd.conf named.conf.include rndc.key; do touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/${file} done for file in lwresd named; do install -m 0754 vendor-files/init/${file} ${RPM_BUILD_ROOT}/etc/init.d/${file} ln -sf /etc/init.d/${file} ${RPM_BUILD_ROOT}/usr/sbin/rc${file} done install -m 0644 ${RPM_SOURCE_DIR}/named.root ${RPM_BUILD_ROOT}/var/lib/named/root.hint mv vendor-files/config/{127.0.0,localhost}.zone ${RPM_BUILD_ROOT}/var/lib/named install -m 0754 vendor-files/tools/createNamedConfInclude ${RPM_BUILD_ROOT}/%{_datadir}/bind install -m 0755 vendor-files/tools/bind.genDDNSkey ${RPM_BUILD_ROOT}/%{_bindir}/genDDNSkey cp -a vendor-files/docu/BIND.desktop ${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema/dnszone.schema cp -p "%{S:60}" "${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema/dlz.schema" install -m 0754 vendor-files/tools/ldapdump ${RPM_BUILD_ROOT}/%{_datadir}/bind find ${RPM_BUILD_ROOT}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755 touch ${RPM_BUILD_ROOT}/var/lib/named/etc/{localtime,named.conf.include,named.d/rndc.access.conf} touch ${RPM_BUILD_ROOT}/var/lib/named/dev/log ln -s ../.. ${RPM_BUILD_ROOT}/var/lib/named/var/lib/named ln -s ../log ${RPM_BUILD_ROOT}/var/lib/named/var %if "%_rundir" == "/run" ln -s ../var/lib/named/var/run/lwresd ${RPM_BUILD_ROOT}/run ln -s ../var/lib/named/var/run/named ${RPM_BUILD_ROOT}/run %else ln -s ../lib/named/var/run/lwresd ${RPM_BUILD_ROOT}/var/run ln -s ../lib/named/var/run/named ${RPM_BUILD_ROOT}/var/run %endif for file in named-common named-named syslog-named; do install -m 0644 vendor-files/sysconfig/${file} ${RPM_BUILD_ROOT}%{_fillupdir}/sysconfig.${file} done install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind # Cleanup doc rm doc/misc/Makefile* # Remove samples rm ${RPM_BUILD_ROOT}/etc/*.sample find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f # Create doc as we want it in bind and not bind-doc cp -a vendor-files/docu/README ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/README.%{VENDOR} cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/ mkdir -p vendor-files/config/ISC-examples cp -a bin/tests/*.conf* vendor-files/config/ISC-examples for file in CHANGES COPYRIGHT README FAQ version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do basename=$( basename ${file}) cp -a ${file} ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/${basename} echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc done pushd ${RPM_BUILD_ROOT}%{_defaultdocdir}/bind/contrib/idn/idnkit-1.0-src %{__make} distclean rm -rf include lib man map patch tools win wsock Makefile.in acconfig.h aclocal.m4 config.* configure* install-sh ltconfig make.wnt mkinstalldirs popd # --------------------------------------------------------------------------- install -m 0644 bind.keys ${RPM_BUILD_ROOT}/var/lib/named/named.root.key %pre # Are we updating from a package named bind9? if test -d usr/share/doc/packages/bind9 && sbin/chkconfig -c named; then NAMED_ACTIVE_FILE="var/adm/named.was.active" test -f ${NAMED_ACTIVE_FILE} && old ${NAMED_ACTIVE_FILE} ACTIVE_DIR=$( dirname ${NAMED_ACTIVE_FILE}) test -d ${ACTIVE_DIR} || mkdir -p ${ACTIVE_DIR} touch ${NAMED_ACTIVE_FILE} fi %{GROUPADD_NAMED} %{USERADD_NAMED} # Might be an update. %{USERMOD_NAMED} # var/run/named is now a sym link pointing to the chroot jail test -L var/run/named || rm -rf var/run/named test -f etc/sysconfig/named && \ . etc/sysconfig/named # Store NAMED_RUN_CHROOTED setting to a temp file. TEMP_SYSCONFIG_FILE="var/adm/named-chroot" TEMP_DIR=$( dirname ${TEMP_SYSCONFIG_FILE}) test -d ${TEMP_DIR} || \ mkdir -p ${TEMP_DIR} test -e ${TEMP_SYSCONFIG_FILE} && \ old ${TEMP_SYSCONFIG_FILE} echo "NAMED_RUN_CHROOTED=\"${NAMED_RUN_CHROOTED}\"" >${TEMP_SYSCONFIG_FILE} %if %{with_systemd} %service_add_pre named.service %endif %preun %if %{with_systemd} %service_del_preun named.service %else %stop_on_removal named %endif %post %if !%{with_systemd} %{fillup_and_insserv -nf named} %endif %{fillup_only -nsa named named} if [ ! -f etc/rndc.key ]; then usr/sbin/rndc-confgen -a -b 512 -r dev/urandom chmod 0640 etc/rndc.key chown root:named etc/rndc.key fi TEMP_SYSCONFIG_FILE="var/adm/named-chroot" # Are we in update mode? if [ ${FIRST_ARG:-0} -gt 1 ]; then # Is named.conf an old, /var/named configuration? if [ -f etc/named.conf ] && grep -qi '^[[:space:]]*directory[[:space:]]*"/var/named"[[:space:]]*;' etc/named.conf; then test -d var/log || \ mkdir -p var/log CONVLOG="/var/log/named-move-to-var-lib" # move zone files to new location echo "Moving zone files to new location /var/lib/named" | tee ${CONVLOG} IFS=" " for dir in var/named var/named/slave; do for source in $( find ${dir} -maxdepth 1 ); do case "${source#var/named/}" in localhost.zone|127.0.0.zone|root.hint|slave|var/named) continue ;; esac sourcedir=$( echo "${source%/*}") destdir=$( echo "${sourcedir#var/named}") if [ -e "var/lib/named/${destdir}/${source##*/}" ]; then echo "Warning: /var/lib/named${destdir}/${source##*/} already exists; skipped." | tee -a ${CONVLOG} else echo "${source#var/named/}" | tee -a ${CONVLOG} mv "${source}" "var/lib/named/${destdir}" fi done done # updating named.conf echo -n "Backup old /etc/named.conf to " | tee -a ${CONVLOG} oldconfig=$( old etc/named.conf) 2>/dev/null oldconfig=${oldconfig##*/} echo -n "/etc/${oldconfig}. Conversion " | tee -a ${CONVLOG} sed -e "s@\"/var/named\"@\"/var/lib/named\"@" "etc/${oldconfig}" > etc/named.conf 2>/dev/null conv_rc=$? if [ ${conv_rc} -eq 0 ]; then echo "succeded." | tee -a ${CONVLOG} chmod --reference="etc/${oldconfig}" etc/named.conf chown --reference="etc/${oldconfig}" etc/named.conf else echo "failed." | tee -a ${CONVLOG} fi if [ ${conv_rc} -eq 0 ]; then cat << EOF >>${CONVLOG} Result: named.conf conversion succeded. For details check the following diff of the the old and new configuration. Ergebnis: Die named.conf-Konvertierung war erfolgreich. Details finden Sie in der nachfolgenden Differenz der alten und neuen Konfiguration. EOF diff -u etc/${oldconfig} etc/named.conf >>${CONVLOG} else cat << EOF >>${CONVLOG} Result: Conversion failed. You must check your /etc/named.conf Ergebnis: Die Konvertierung ist fehlgeschlagen. Sie müssen Ihre /etc/named.conf überprüfen. EOF fi else rm -f var/lib/update-messages/bind.1 fi # End of 'Is named.conf an old, /var/named configuration?'. # Add include files to NAMED_CONF_INCLUDE_FILES if we have already a include # file (SL Standard Server 8) and NAMED_RUN_CHROOTED from the # TEMP_SYSCONFIG_FILE is empty. if [ -f ${TEMP_SYSCONFIG_FILE} ]; then . ${TEMP_SYSCONFIG_FILE} fi if [ -s etc/named.conf.include -a -z "${NAMED_RUN_CHROOTED}" ]; then test -f etc/sysconfig/named && . etc/sysconfig/named if [ "${NAMED_INITIALIZE_SCRIPTS}" = "createNamedConfInclude" -a \ -z "${NAMED_CONF_INCLUDE_FILES}" ]; then # Get the included files from an existing meta include file. INCLUDE_LINES=$( grep -e '^[[:space:]]*include' etc/named.conf.include | cut -f 2 -d '"') if [ "${INCLUDE_LINES}" -a -z "${NAMED_CONF_INCLUDE_FILES}" ]; then for file in ${INCLUDE_LINES}; do # don't add a file a second time echo "${INCLUDE_FILES}" | grep -qe "\<${file#/etc/named.d/}\>" && continue # don't add the meta include file as the init script copy it anyway # to the chroot jail test "${file}" = "/etc/named.conf.include" && continue test "${INCLUDE_FILES}" && INCLUDE_FILES="${INCLUDE_FILES} " # strip off any leading /etc/named.d/ as the init script takes care # of relative file names INCLUDE_FILES="${INCLUDE_FILES}${file#/etc/named.d/}" done TMPFILE=$( mktemp /var/tmp/named.sysconfig.XXXXXX) if [ $? -ne 0 ]; then echo "Can't create temp file. Please add your included files from /etc/named.conf to" echo "NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named manually." return fi chmod --reference=etc/sysconfig/named ${TMPFILE} if sed "s+^NAMED_CONF_INCLUDE_FILES.*$+NAMED_CONF_INCLUDE_FILES=\"${INCLUDE_FILES}\"+" etc/sysconfig/named > "${TMPFILE}"; then mv "${TMPFILE}" etc/sysconfig/named else echo "Can't set NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named to \"${INCLUDE_FILES}\"." fi fi fi else rm -f touch var/lib/update-messages/bind.3 fi # End of 'Add include files to NAMED_CONF_INCLUDE_FILES' fi # End of 'Are we in update mode?' # Remove TEMP_SYSCONFIG_FILE in any case. rm -f ${TEMP_SYSCONFIG_FILE} %if %{with_systemd} %service_add_post named.service %else NAMED_ACTIVE_FILE="var/adm/named.was.active" if [ -f ${NAMED_ACTIVE_FILE} ]; then sbin/insserv named test ! -s ${NAMED_ACTIVE_FILE} && rm -f ${NAMED_ACTIVE_FILE} fi if [ -x %{_bindir}/systemctl ]; then # make sure systemctl knows about the service even though it's not a systemd service # Without this, systemctl status named would return # Unit named.service could not be found. # until systemctl daemon-reload has been executed %{_bindir}/systemctl daemon-reload || : fi %endif %postun %if %{with_systemd} %service_del_postun named.service %else %restart_on_update named %insserv_cleanup %endif %post -n libbind9-140 -p /sbin/ldconfig %postun -n libbind9-140 -p /sbin/ldconfig %post -n libdns165 -p /sbin/ldconfig %postun -n libdns165 -p /sbin/ldconfig %post -n libidnkit1 -p /sbin/ldconfig %postun -n libidnkit1 -p /sbin/ldconfig %post -n libidnkitlite1 -p /sbin/ldconfig %postun -n libidnkitlite1 -p /sbin/ldconfig %post -n libidnkitres1 -p /sbin/ldconfig %postun -n libidnkitres1 -p /sbin/ldconfig %post -n libirs141 -p /sbin/ldconfig %postun -n libirs141 -p /sbin/ldconfig %post -n libisc160 -p /sbin/ldconfig %postun -n libisc160 -p /sbin/ldconfig %post -n libisccc140 -p /sbin/ldconfig %postun -n libisccc140 -p /sbin/ldconfig %post -n libisccfg140 -p /sbin/ldconfig %postun -n libisccfg140 -p /sbin/ldconfig %post -n liblwres141 -p /sbin/ldconfig %postun -n liblwres141 -p /sbin/ldconfig %pre chrootenv %{GROUPADD_NAMED} %{USERADD_NAMED} %post chrootenv %{fillup_only -nsa named common} %{fillup_only -nsa syslog named} %pre lwresd %{GROUPADD_NAMED} %{USERADD_NAMED} %if %{with_systemd} %service_add_pre lwresd.service %endif %post lwresd # Create a key if usr/sbin/rndc-confgen is installed. if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then usr/sbin/rndc-confgen -a -b 512 -r dev/urandom chmod 0640 etc/rndc.key chown root:named etc/rndc.key fi # delete an emtpy lwresd.conf file if [ ! -s etc/lwresd.conf ]; then rm -f etc/lwresd.conf fi %if %{with_systemd} %service_add_post lwresd.service %else if [ $1 -le 1 ]; then %{fillup_and_insserv -fy lwresd} fi %endif %preun lwresd %stop_on_removal lwresd %if %{with_systemd} %service_del_preun lwresd.service %else %stop_on_removal lwresd %endif %postun lwresd %if %{with_systemd} %service_del_postun lwresd.service %else %restart_on_update lwresd %insserv_cleanup %endif %post utils /sbin/ldconfig # Create a key if lwresd is installed. if [ -x usr/sbin/lwresd -a ! -f etc/rndc.key ]; then usr/sbin/rndc-confgen -a -b 512 -r dev/urandom chmod 0640 etc/rndc.key chown root:named etc/rndc.key fi # --------------------------------------------------------------------------- %files %defattr(-,root,root) %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf %dir %{_sysconfdir}/slp.reg.d %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key %config /%{_sysconfdir}/init.d/named %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind %{_bindir}/bind9-config %{_sbindir}/rcnamed %{_sbindir}/named %{_sbindir}/named-checkconf %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone %{_sbindir}/named-rrchecker %{_mandir}/man1/bind9-config.1.gz %{_mandir}/man1/named-rrchecker.1.gz %{_mandir}/man5/named.conf.5.gz %{_mandir}/man8/named-checkconf.8.gz %{_mandir}/man8/named-checkzone.8.gz %{_mandir}/man8/named.8.gz %{_mandir}/man8/named-compilezone.8.gz %dir %{_datadir}/bind %{_datadir}/bind/createNamedConfInclude %{_datadir}/bind/ldapdump %ghost %{_rundir}/named %{_fillupdir}/sysconfig.named-named %dir %{_var}/lib/named/master %attr(-,named,named) %dir %{_var}/lib/named/dyn %attr(-,named,named) %dir %{_var}/lib/named/slave %config %{_var}/lib/named/root.hint %config %{_var}/lib/named/127.0.0.zone %config %{_var}/lib/named/localhost.zone %config %{_var}/lib/named/named.root.key %ghost %{_var}/lib/named/etc/localtime %attr(0644,root,named) %ghost %{_var}/lib/named/etc/named.conf.include %attr(-,named,named) %dir %{_var}/lib/named/var/run/named %dir %{_libexecdir}/bind %files -n idnkit %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/idn.conf %config(noreplace) %{_sysconfdir}/idnalias.conf %{_bindir}/idnconv %{_bindir}/runidn %{_mandir}/man1/idnconv.1.gz %{_mandir}/man1/runidn.1.gz %{_mandir}/man5/idn.conf.5.gz %{_mandir}/man5/idnalias.conf.5.gz %{_mandir}/man5/idnrc.5.gz %{_datadir}/idnkit/ %files -n idnkit-devel %defattr(-,root,root) %dir %_includedir/bind/ %_includedir/bind/idn/ %_libdir/libidn*.so %_mandir/man3/libidn*.3* %files -n libbind9-140 %defattr(-,root,root) %_libdir/libbind9.so.140* %files -n libdns165 %defattr(-,root,root) %_libdir/libdns.so.165* %files -n libidnkit1 %defattr(-,root,root) %_libdir/libidnkit.so.1* %files -n libidnkitlite1 %defattr(-,root,root) %_libdir/libidnkitlite.so.1* %files -n libidnkitres1 %defattr(-,root,root) %_libdir/libidnkitres.so.1* %files -n libirs141 %defattr(-,root,root) %_libdir/libirs.so.141* %files -n libirs-devel %defattr(-,root,root) %_libdir/libirs.so %files -n libisc160 %defattr(-,root,root) %_libdir/libisc.so.160* %files -n libisccc140 %defattr(-,root,root) %_libdir/libisccc.so.140* %files -n libisccfg140 %defattr(-,root,root) %_libdir/libisccfg.so.140* %files -n liblwres141 %defattr(-,root,root) %_libdir/liblwres.so.141* %files chrootenv %defattr(-,root,root) %attr(-,named,named) %dir %{_var}/lib/named %dir %{_var}/lib/named/etc %dir %{_var}/lib/named/etc/named.d %dir %{_var}/lib/named/dev %dir %{_var}/lib/named/var %dir %{_var}/lib/named/var/lib %dir %{_var}/lib/named/var/run %attr(-,named,named) %dir %{_var}/lib/named/log %ghost %{_var}/lib/named/etc/named.d/rndc.access.conf %ghost %{_var}/lib/named/dev/log %attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null %attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random %{_var}/lib/named/var/lib/named %{_var}/lib/named/var/log %{_fillupdir}/sysconfig.named-common %{_fillupdir}/sysconfig.syslog-named %files devel %defattr(-,root,root) %dir %{_includedir}/isc %{_includedir}/isc/errno2result.h %{_bindir}/isc-config.sh %{_libdir}/libbind9.so %{_libdir}/libdns.so %{_libdir}/libisc*.so %{_libdir}/liblwres.so %{_includedir}/bind %exclude %{_includedir}/bind/idn %{_mandir}/man3/lwres*.3* %files doc -f filelist-bind-doc %defattr(-,root,root) %dir %doc %{_defaultdocdir}/bind %doc %{_datadir}/susehelp %files lwresd %defattr(-,root,root) %ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf %config /etc/init.d/lwresd %{_sbindir}/rclwresd %{_sbindir}/lwresd %{_mandir}/man8/lwresd.8.gz %ghost %{_rundir}/lwresd %attr(-,named,named) %dir %{_var}/lib/named/var/run/lwresd %files utils %defattr(-,root,root) %dir /etc/named.d %config(noreplace) /etc/named.d/rndc-access.conf %config(noreplace) /etc/bind.keys %dir %{_sysconfdir}/openldap %dir %{_sysconfdir}/openldap/schema %attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema %attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dlz.schema %{_bindir}/delv %{_bindir}/dig %{_bindir}/host %{_bindir}/nslookup %{_bindir}/nsupdate %{_bindir}/genDDNSkey %{_sbindir}/arpaname %{_sbindir}/ddns-confgen %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230 %{_sbindir}/dnssec-checkds %{_sbindir}/dnssec-coverage %endif %{_sbindir}/dnssec-dsfromkey %{_sbindir}/dnssec-importkey %{_sbindir}/dnssec-keyfromlabel %{_sbindir}/dnssec-keygen %{_sbindir}/dnssec-revoke %{_sbindir}/dnssec-settime %{_sbindir}/dnssec-signzone %{_sbindir}/dnssec-verify %{_sbindir}/genrandom %{_sbindir}/isc-hmac-fixup %{_sbindir}/named-journalprint %{_sbindir}/nsec3hash %{_sbindir}/rndc %{_sbindir}/rndc-confgen %{_sbindir}/tsig-keygen %dir %doc %{_defaultdocdir}/bind %{_defaultdocdir}/bind/README.%{VENDOR} %{_mandir}/man1/arpaname.1.gz %{_mandir}/man1/delv.1.gz %{_mandir}/man1/dig.1.gz %{_mandir}/man1/host.1.gz %{_mandir}/man1/isc-config.sh.1.gz %{_mandir}/man1/nslookup.1.gz %{_mandir}/man1/nsupdate.1.gz %{_mandir}/man5/rndc.conf.5.gz %{_mandir}/man8/ddns-confgen.8.gz %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1230 %{_mandir}/man8/dnssec-checkds.8.gz %{_mandir}/man8/dnssec-coverage.8.gz %endif %{_mandir}/man8/dnssec-dsfromkey.8.gz %{_mandir}/man8/dnssec-importkey.8.gz %{_mandir}/man8/dnssec-keyfromlabel.8.gz %{_mandir}/man8/dnssec-keygen.8.gz %{_mandir}/man8/dnssec-revoke.8.gz %{_mandir}/man8/dnssec-settime.8.gz %{_mandir}/man8/dnssec-signzone.8.gz %{_mandir}/man8/dnssec-verify.8.gz %{_mandir}/man8/genrandom.8.gz %{_mandir}/man8/isc-hmac-fixup.8.gz %{_mandir}/man8/named-journalprint.8.gz %{_mandir}/man8/nsec3hash.8.gz %{_mandir}/man8/rndc.8.gz %{_mandir}/man8/rndc-confgen.8.gz %{_mandir}/man8/tsig-keygen.8.gz %changelog