Accepting request 573085 from home:adamm:branches:server:dns
- drop insserv requires on SLE12+ and openSUSE - nsd-lintrpmrc: drop most overrides - don't install config file as sample - switch to using user/group names _nsd to match expected names as per recent rpmlint changes as not to conflict with admin created names. - update and change current owner during upgrade OBS-URL: https://build.opensuse.org/request/show/573085 OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=34
This commit is contained in:
Marguerite Su
Git OBS Bridge
parent
6bdae24a72
commit
ab97dbe788
@ -1,22 +1,3 @@
|
||||
# failed check. chroot immediately follows chdir
|
||||
addFilter("W: missing-call-to-chdir-with-chroot /usr/sbin/nsd")
|
||||
|
||||
# We create our group/user
|
||||
addFilter("W: non-standard-uid /var/lib/nsd/nsd.db nsd")
|
||||
addFilter("W: non-standard-uid /var/log/nsd nsd")
|
||||
addFilter("W: non-standard-uid /var/log/nsd/nsd.log nsd")
|
||||
addFilter("W: non-standard-uid /var/lib/nsd/xfrd.state nsd")
|
||||
addFilter("W: non-standard-uid /var/lib/nsd nsd")
|
||||
addFilter("W: non-standard-uid /var/lib/nsd/ixfr.db nsd")
|
||||
addFilter("W: non-standard-gid /var/lib/nsd/nsd.db nsd")
|
||||
addFilter("W: non-standard-gid /var/log/nsd nsd")
|
||||
addFilter("W: non-standard-gid /etc/nsd nsd")
|
||||
addFilter("W: non-standard-gid /var/log/nsd/nsd.log nsd")
|
||||
addFilter("W: non-standard-gid /etc/nsd/nsd.conf.sample nsd")
|
||||
addFilter("W: non-standard-gid /etc/nsd/nsd.conf nsd")
|
||||
addFilter("W: non-standard-gid /var/lib/nsd/xfrd.state nsd")
|
||||
addFilter("W: non-standard-gid /var/lib/nsd nsd")
|
||||
addFilter("W: non-standard-gid /var/lib/nsd/ixfr.db nsd")
|
||||
|
||||
addFilter("W: non-standard-gid /run/nsd nsd")
|
||||
addFilter("W: non-standard-uid /run/nsd nsd")
|
||||
|
||||
11
nsd.changes
11
nsd.changes
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 5 10:26:02 UTC 2018 - adam.majer@suse.de
|
||||
|
||||
- drop insserv requires on SLE12+ and openSUSE
|
||||
- nsd-lintrpmrc: drop most overrides
|
||||
- don't install config file as sample
|
||||
- switch to using user/group names _nsd to match expected names
|
||||
as per recent rpmlint changes as not to conflict with admin
|
||||
created names.
|
||||
- update and change current owner during upgrade
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 2 11:18:40 UTC 2018 - michael@stroeder.com
|
||||
|
||||
|
||||
147
nsd.spec
147
nsd.spec
@ -1,82 +1,91 @@
|
||||
#
|
||||
# spec file for package nsd
|
||||
#
|
||||
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
%if 0%{?suse_version} >= 1230
|
||||
%bcond_without systemd
|
||||
%define _rundir /run
|
||||
%else
|
||||
%bcond_with systemd
|
||||
%define _rundir /var/run
|
||||
%endif
|
||||
# only needed for < 1310
|
||||
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
|
||||
|
||||
%define home %{_localstatedir}/lib/%{name}
|
||||
%define configdir %{_sysconfdir}/%{name}
|
||||
%define configfile %{configdir}/nsdc.conf
|
||||
%define zonesfile %{configdir}/nsd.zones
|
||||
%define zonesdir %{configdir}/zones
|
||||
%define pidfile %{_rundir}/nsd/nsd.pid
|
||||
%if 0%{?suse_version} >= 1230
|
||||
%define _rundir /run
|
||||
%bcond_without systemd
|
||||
%else
|
||||
%define _rundir %{_localstatedir}/run
|
||||
%bcond_with systemd
|
||||
%endif
|
||||
Name: nsd
|
||||
Version: 4.1.19
|
||||
Release: 0
|
||||
#
|
||||
Summary: An authoritative only domain name server
|
||||
#
|
||||
License: BSD-3-Clause
|
||||
Group: Productivity/Networking/DNS/Servers
|
||||
#
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
URL: http://open.nlnetlabs.nl/nsd/
|
||||
Source: http://open.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz
|
||||
Source1: nsd.service
|
||||
Source2: tmpfiles-nsd.conf
|
||||
Source3: nsd.init
|
||||
Source4: nsd.keyring
|
||||
Source5: https://www.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz.asc
|
||||
Source10: nsd-rpmlintrc
|
||||
#
|
||||
BuildRequires: libevent-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: pwdutils
|
||||
BuildRequires: tcpd-devel
|
||||
Requires: %fillup_prereq
|
||||
Requires: pwdutils
|
||||
Requires(post): coreutils
|
||||
Requires(post): findutils
|
||||
Requires(post): shadow
|
||||
Requires(pre): shadow
|
||||
%if %{with systemd}
|
||||
BuildRequires: systemd-devel
|
||||
%{?systemd_requires}
|
||||
%else
|
||||
# FIXME: use proper Requires(pre/post/preun/...)
|
||||
PreReq: %insserv_prereq
|
||||
%endif
|
||||
PreReq: %insserv_prereq %fillup_prereq pwdutils
|
||||
#
|
||||
%define home %{_var}/lib/%{name}
|
||||
%define configdir %{_sysconfdir}/%{name}
|
||||
%define configfile %{configdir}/nsdc.conf
|
||||
%define zonesfile %{configdir}/nsd.zones
|
||||
%define zonesdir %{configdir}/
|
||||
%define dbfile %{zonesdir}/nsd.db
|
||||
%define pidfile %{_rundir}/nsd/nsd.pid
|
||||
#
|
||||
Url: http://open.nlnetlabs.nl/nsd/
|
||||
Source: http://open.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz
|
||||
Source5: https://www.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz.asc
|
||||
Source4: nsd.keyring
|
||||
Source1: nsd.service
|
||||
Source2: tmpfiles-nsd.conf
|
||||
Source3: nsd.init
|
||||
#
|
||||
Summary: An authoritative only, high performance domain name server
|
||||
|
||||
%description
|
||||
NSD is a complete implementation of an authoritative domain name server developed
|
||||
by NLnet Labs with the purpose of creating more diversity in the DNS landscape.
|
||||
|
||||
%prep
|
||||
%setup
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
export CFLAGS="${RPM_OPT_FLAGS} ${CFLAGS} -fPIE -Wformat-nonliteral -Wformat-security"
|
||||
export LDFLAGS="${LDFLAGS} -pie -Wl,-z,relro,-z,now"
|
||||
%configure \
|
||||
--with-configdir=%{configdir} \
|
||||
--with-zonesdir=%{configdir} \
|
||||
--with-zonesdir=%{zonesdir} \
|
||||
--with-dbfile=%{home}/nsd.db \
|
||||
--with-xfrdfile=%{home}/xfrd.state \
|
||||
--with-pidfile=%{pidfile} \
|
||||
--with-logfile=/var/log/nsd/nsd.log \
|
||||
--with-pidfile=%{_rundir}/nsd/nsd.pid \
|
||||
--with-logfile=/%{_localstatedir}/log/nsd/nsd.log \
|
||||
--enable-root-server \
|
||||
--enable-bind8-stats \
|
||||
--enable-zone-stats \
|
||||
--enable-mmap \
|
||||
--with-user=%{name} \
|
||||
--with-user=_nsd \
|
||||
--enable-ratelimit
|
||||
make %{?_smp_mflags}
|
||||
iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8
|
||||
@ -85,22 +94,21 @@ mv -f doc/RELNOTES.utf8 doc/RELNOTES
|
||||
mv -f doc/CREDITS.utf8 doc/CREDITS
|
||||
|
||||
%install
|
||||
make install DESTDIR="%{buildroot}"
|
||||
cp -v %{buildroot}%{configdir}/nsd.conf.sample %{buildroot}%{configdir}/nsd.conf
|
||||
%make_install
|
||||
chmod -Rv o= %{buildroot}%{configdir}/
|
||||
#
|
||||
install -d -m 0700 %{buildroot}%{home} \
|
||||
%{buildroot}%{_rundir}/%{name}
|
||||
#
|
||||
install -d -m 0755 %{buildroot}/var/log/nsd/
|
||||
touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/var/log/nsd/nsd.log
|
||||
install -d -m 0755 %{buildroot}/%{_localstatedir}/log/nsd/
|
||||
touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/%{_localstatedir}/log/nsd/nsd.log
|
||||
|
||||
%if %{with systemd}
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/nsd.service
|
||||
install -D -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/nsd.conf
|
||||
ln -s -f /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
%else
|
||||
install -D -m 0755 %{S:3} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
||||
install -D -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
||||
ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
|
||||
%endif
|
||||
|
||||
@ -108,8 +116,8 @@ ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
|
||||
#
|
||||
# e.g. adding user
|
||||
#
|
||||
%{_sbindir}/groupadd -r %{name} &>/dev/null ||:
|
||||
%{_sbindir}/useradd -g %{name} -s /bin/false -r -c "user for %{name}" -d %{home} %{name} &>/dev/null ||:
|
||||
%{_sbindir}/groupadd -r _nsd &>/dev/null ||:
|
||||
%{_sbindir}/useradd -g _nsd -s /bin/false -r -c "user for %{name}" -d %{home} _nsd &>/dev/null ||:
|
||||
%if %{with systemd}
|
||||
%service_add_pre %{name}.service
|
||||
%endif
|
||||
@ -121,6 +129,28 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
|
||||
%service_add_post %{name}.service
|
||||
%endif
|
||||
|
||||
# On upgrade, we migrate from old "nsd" user to new "_nsd" user for
|
||||
# config, home and default logging directories
|
||||
#
|
||||
# This is only used for special case of upgrading server:dns/nsd users
|
||||
# as 'nsd' user was never part of openSUSE:Factory
|
||||
if [ "x"$1 = "x2" ] && [ "x"`stat -c '%%G' %{home}/nsd.db` = 'xnsd' ]; then
|
||||
echo "Changing legacy group from user/group nsd:nsd to _nsd:_nsd"
|
||||
%{_bindir}/find %{_localstatedir}/log/nsd %{home} %{_rundir}/nsd -exec %{_bindir}/chown -v _nsd:_nsd {} \+
|
||||
%{_bindir}/find %{configdir} -exec %{_bindir}/chgrp -v _nsd {} \+
|
||||
|
||||
# force restart because we need to remove users here
|
||||
%if %{with systemd}
|
||||
%{_bindir}/systemctl try-restart %{name}.service ||:
|
||||
%else
|
||||
%{_sbindir}/rcnsd restart ||:
|
||||
%endif
|
||||
|
||||
# remove old username/group
|
||||
%{_sbindir}/userdel nsd || :
|
||||
%{_sbindir}/groupdel nsd || :
|
||||
fi
|
||||
|
||||
%preun
|
||||
%if %{with systemd}
|
||||
%service_del_preun %{name}.service
|
||||
@ -133,11 +163,10 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
|
||||
%service_del_postun %{name}.service
|
||||
%else
|
||||
%restart_on_update %{name}
|
||||
%{insserv_cleanup}
|
||||
%insserv_cleanup
|
||||
%endif
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc doc/*
|
||||
%{configdir}/nsd.conf.sample
|
||||
%config
|
||||
@ -161,16 +190,16 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
|
||||
%{_mandir}/man8/nsd.8*
|
||||
%{_mandir}/man8/nsd-control.8*
|
||||
#
|
||||
%config(noreplace) %attr(-,root,%{name}) %{configdir}
|
||||
%config(noreplace) %attr(-,root,_nsd) %{configdir}
|
||||
%ghost %config %attr(640,_nsd,_nsd) %{configdir}/nsd.conf
|
||||
#
|
||||
%dir %attr(750,%{name},%{name}) %{home}
|
||||
%ghost %config %attr(640,%{name},%{name}) %{home}/nsd.db
|
||||
%ghost %config %attr(640,%{name},%{name}) %{home}/ixfr.db
|
||||
%ghost %config %attr(640,%{name},%{name}) %{home}/xfrd.state
|
||||
%dir %attr(750,_nsd,_nsd) %{home}
|
||||
%ghost %config %attr(640,_nsd,_nsd) %{home}/nsd.db
|
||||
%ghost %config %attr(640,_nsd,_nsd) %{home}/ixfr.db
|
||||
%ghost %config %attr(640,_nsd,_nsd) %{home}/xfrd.state
|
||||
#
|
||||
%dir %attr(750,%{name},%{name}) /var/log/nsd
|
||||
%ghost %attr(640,%{name},%{name}) /var/log/nsd/nsd.log
|
||||
%ghost %attr(750,%{name},%{name}) %{_rundir}/%{name}
|
||||
|
||||
%dir %attr(750,_nsd,_nsd) /%{_localstatedir}/log/nsd
|
||||
%ghost %attr(640,_nsd,_nsd) /%{_localstatedir}/log/nsd/nsd.log
|
||||
%ghost %attr(750,_nsd,_nsd) %{_rundir}/%{name}
|
||||
|
||||
%changelog
|
||||
|
||||
@ -1 +1 @@
|
||||
D /run/nsd 0755 nsd nsd -
|
||||
D /run/nsd 0755 _nsd _nsd -
|
||||
|
||||
Loading…
Reference in New Issue
Block a user