diff --git a/.cvsignore b/.cvsignore index 389e778..b4ba7df 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,3 @@ -bind-9.2.1.tar.bz2 +bind-9.2.2.P3.tar.bz2 +bind-chroot.tar.gz bind-manpages.tar.bz2 diff --git a/bind-9.2.2-nsl.patch b/bind-9.2.2-nsl.patch new file mode 100644 index 0000000..83cc83b --- /dev/null +++ b/bind-9.2.2-nsl.patch @@ -0,0 +1,11 @@ +--- bind-9.2.2/configure.lr 2003-09-12 08:17:34.000000000 -0600 ++++ bind-9.2.2/configure 2003-09-12 08:17:52.000000000 -0600 +@@ -6178,7 +6178,7 @@ + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +-LIBS="-lnsl $LIBS" ++LIBS="-lXXXnsl $LIBS" + cat >conftest.$ac_ext <<_ACEOF + #line $LINENO "configure" + #include "confdefs.h" diff --git a/bind-bsdcompat.patch b/bind-bsdcompat.patch new file mode 100644 index 0000000..a0316c5 --- /dev/null +++ b/bind-bsdcompat.patch @@ -0,0 +1,11 @@ +--- bind-9.2.2/lib/isc/unix/socket.c.bsdcompat 2003-02-18 02:28:41.000000000 -0500 ++++ bind-9.2.2/lib/isc/unix/socket.c 2003-07-19 15:40:49.784907968 -0400 +@@ -1365,7 +1365,7 @@ isc_socket_create(isc_socketmgr_t *manag + return (ISC_R_UNEXPECTED); + } + +-#ifdef SO_BSDCOMPAT ++#if 0 + if (setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT, + (void *)&on, sizeof on) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); diff --git a/bind-nonexec.patch b/bind-nonexec.patch new file mode 100644 index 0000000..c0678b2 --- /dev/null +++ b/bind-nonexec.patch @@ -0,0 +1,66 @@ +--- bind-9.2.2/lib/bind/Makefile.in.nonexec 2003-07-30 14:40:41.081001798 -0400 ++++ bind-9.2.2/lib/bind/Makefile.in 2003-07-30 14:41:13.093062788 -0400 +@@ -109,7 +109,7 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir} + + install:: timestamp installdirs +- ${LIBTOOL} ${INSTALL_DATA} libbind.@A@ ${DESTDIR}${libdir} ++ ${LIBTOOL} ${INSTALL_PROGRAM} libbind.@A@ ${DESTDIR}${libdir} + + + clean distclean:: +--- bind-9.2.2/lib/dns/Makefile.in.nonexec 2003-07-30 14:39:04.705849948 -0400 ++++ bind-9.2.2/lib/dns/Makefile.in 2003-07-30 14:39:22.621205149 -0400 +@@ -107,7 +107,7 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir} + + install:: timestamp installdirs +- ${LIBTOOL} ${INSTALL_DATA} libdns.@A@ ${DESTDIR}${libdir} ++ ${LIBTOOL} ${INSTALL_PROGRAM} libdns.@A@ ${DESTDIR}${libdir} + + clean distclean:: + rm -f libdns.@A@ timestamp +--- bind-9.2.2/lib/isc/Makefile.in.nonexec 2003-07-30 14:14:54.868958681 -0400 ++++ bind-9.2.2/lib/isc/Makefile.in 2003-07-30 14:27:43.821361581 -0400 +@@ -105,7 +105,7 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir} + + install:: timestamp installdirs +- ${LIBTOOL} ${INSTALL_DATA} libisc.@A@ ${DESTDIR}${libdir} ++ ${LIBTOOL} ${INSTALL_PROGRAM} libisc.@A@ ${DESTDIR}${libdir} + + clean distclean:: + rm -f libisc.@A@ libisc.la timestamp +--- bind-9.2.2/lib/isccc/Makefile.in.nonexec 2003-07-30 14:39:51.672537962 -0400 ++++ bind-9.2.2/lib/isccc/Makefile.in 2003-07-30 14:40:03.276472611 -0400 +@@ -80,7 +80,7 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir} + + install:: timestamp installdirs +- ${LIBTOOL} ${INSTALL_DATA} libisccc.@A@ ${DESTDIR}${libdir} ++ ${LIBTOOL} ${INSTALL_PROGRAM} libisccc.@A@ ${DESTDIR}${libdir} + + clean distclean:: + rm -f libisccc.@A@ timestamp +--- bind-9.2.2/lib/isccfg/Makefile.in.nonexec 2003-07-30 14:41:59.601792847 -0400 ++++ bind-9.2.2/lib/isccfg/Makefile.in 2003-07-30 14:42:02.355540027 -0400 +@@ -75,7 +75,7 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir} + + install:: timestamp installdirs +- ${LIBTOOL} ${INSTALL_DATA} libisccfg.@A@ ${DESTDIR}${libdir} ++ ${LIBTOOL} ${INSTALL_PROGRAM} libisccfg.@A@ ${DESTDIR}${libdir} + + clean distclean:: + rm -f libisccfg.@A@ timestamp +--- bind-9.2.2/lib/lwres/Makefile.in.nonexec 2003-07-30 14:42:09.941843533 -0400 ++++ bind-9.2.2/lib/lwres/Makefile.in 2003-07-30 14:42:12.256631013 -0400 +@@ -76,7 +76,7 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir} + + install:: timestamp installdirs +- ${LIBTOOL} ${INSTALL_DATA} liblwres.@A@ ${DESTDIR}${libdir} ++ ${LIBTOOL} ${INSTALL_PROGRAM} liblwres.@A@ ${DESTDIR}${libdir} + + clean distclean:: + rm -f liblwres.@A@ liblwres.la timestamp diff --git a/bind.spec b/bind.spec index 2317d78..19d5489 100644 --- a/bind.spec +++ b/bind.spec @@ -1,4 +1,5 @@ %define server 1 +%define posix_threads 0 Summary: A DNS (Domain Name System) server. Name: bind License: BSD-like @@ -10,21 +11,27 @@ Source3: named.init Source4: named.logrotate Source5: keygen.c Source6: rfc1912.txt +Source7: bind-chroot.tar.gz Patch: bind-9.2.0rc3-varrun.patch Patch1: bind-9.2.1-key.patch -Patch2: bind-9.2.1-config.patch +Patch2: bind-config.patch +Patch3: bind-posixthreads.patch +Patch4: bind-bsdcompat.patch +Patch5: bind-nonexec.patch +Patch6: bind-9.2.2-nsl.patch Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-root -Version: 9.2.1 -Release: 16 - -BuildRequires: openssl-devel gcc glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig +Version: 9.2.2.P3 +Release: 9 +BuildRequires: openssl-devel gcc glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig fileutils tar Requires(pre,preun): shadow-utils Requires(post,preun): chkconfig -Requires(post): textutils, fileutils, sed +Requires(post): textutils, fileutils, sed, grep Requires: bind-utils /bin/usleep -Requires: kernel >= 2.3 +Requires: kernel >= 2.4 +#Requires: glibc >= 2.3.2-5 +Requires: glibc >= 2.2 %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS @@ -57,16 +64,94 @@ The bind-devel package contains all the include files and the library required for DNS (Domain Name System) development for BIND versions 9.x.x. +%package chroot +Summary: A chrooted tree for the BIND nameserver +Group: System Environment/Daemons +Prefix: /var/named/chroot +Requires: bind = %{version} + +%description chroot +This package contains a tree of files which can be used as a +chroot(2) jail for the named(8) program from the BIND package. + +based off code from Jan "Yenya" Kasprzak + +%files chroot +%defattr(-,root,root) +%attr(770,root,named) %prefix/var/run/named +%attr(770,root,named) %prefix/var/tmp +%attr(750,root,named) %config(noreplace) %verify(user group mode) %prefix/etc/named.conf +%attr(640,root,named) %config(noreplace) %verify(user group mode) %prefix/dev/random +%attr(640,root,named) %config(noreplace) %verify(user group mode) %prefix/dev/null +%attr(640,root,named) %config(noreplace) %verify(user group mode) %prefix/etc/rndc.key +%attr(750,root,named) %prefix/var/named + +%post chroot +if [ $1 = 1 ]; then + if test -r /etc/sysconfig/named && grep -q ^ROOTDIR= /etc/sysconfig/named + then : + else echo ROOTDIR="%{prefix}" >>/etc/sysconfig/named + fi + rm -f "%{prefix}/dev/null" + mknod "%{prefix}/dev/null" c 1 3 + chmod 666 "%{prefix}/dev/null" + rm -f "%{prefix}/dev/random" + # We deliberately create a /dev/urandom instead of /dev/random to protect + # the not-so-trusted named(8) binary to suck all the randomness from the RNG. + mknod "%{prefix}/dev/random" c 1 9 + chmod 640 "%{prefix}/dev/random" + chown root.named "%{prefix}/dev/random" + if test -r /etc/localtime + then + cp /etc/localtime "%{prefix}/etc/localtime" + fi + if test -r /etc/rndc.key + then + cp /etc/rndc.key "%{prefix}/etc/rndc.key" + chown named.named "%{prefix}/etc/rndc.key" + fi + if test -r /etc/named.conf + then + cp /etc/named.conf "%{prefix}/etc/named.conf" + chown named.named "%{prefix}/etc/named.conf" + fi + if test -r /etc/named.custom + then + cp /etc/named.custom "%{prefix}/etc/named.custom" + chown named.named "%{prefix}/etc/named.custom" + fi + cp -rf /var/named/* "%{prefix}/var/named/" 2> /dev/null + chown -R named.named "%{prefix}/var/named" + if /etc/init.d/named condrestart + then : + fi +fi +%preun chroot +if [ $1 = 0 ]; then + if test -r /etc/sysconfig/named && grep -q ^ROOTDIR= /etc/sysconfig/named + then + grep -v ROOTDIR="%{prefix}" /etc/sysconfig/named > /tmp/named + mv -f /tmp/named /etc/sysconfig/named + fi + if /etc/init.d/named condrestart + then : + fi +fi + %prep %setup -q -n %{name}-%{version} %patch -p1 -b .varrun %patch1 -p1 -b .key %patch2 -p1 -b .configure +%if %{posix_threads} +%patch3 -p1 -b .posixthreads +%endif +%patch4 -p1 -b .bsdcompat +%patch5 -p1 -b .nonexec +%patch6 -p1 %build -#CHROOT=/etc/named/chroot -CHROOT="" -LTVERSION=`libtool --version |awk '{ print $4 }' |sed -e "s/\.//;s/\..*//g"` +LTVERSION=`libtool --version | head -1 | awk '{ print $4 }' |sed -e "s/\.//;s/\..*//g"` if [ "$LTVERSION" -lt 14 ]; then export LTCONFIG_VERSION=1.3.5 fi @@ -88,9 +173,13 @@ gzip -9 doc/rfc/* rm -rf $RPM_BUILD_ROOT mkdir -p ${RPM_BUILD_ROOT}/etc/{rc.d/init.d,logrotate.d} mkdir -p ${RPM_BUILD_ROOT}/usr/{bin,lib,sbin,include} -mkdir -p ${RPM_BUILD_ROOT}/${CHROOT}/var/named +mkdir -p ${RPM_BUILD_ROOT}/var/named +mkdir -p ${RPM_BUILD_ROOT}/var/named/slaves mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8} -mkdir -p ${RPM_BUILD_ROOT}/${CHROOT}/var/run/named +mkdir -p ${RPM_BUILD_ROOT}/var/run/named +#chroot +mkdir -p ${RPM_BUILD_ROOT}/%{prefix} +tar --no-same-owner -zxvf %{SOURCE7} --directory ${RPM_BUILD_ROOT}/%{prefix} make DESTDIR=$RPM_BUILD_ROOT install install -c -m 640 bin/rndc/rndc.conf $RPM_BUILD_ROOT/etc @@ -107,8 +196,8 @@ __EOF gcc $RPM_OPT_FLAGS -o $RPM_BUILD_ROOT/usr/sbin/dns-keygen %{SOURCE5} cd $RPM_BUILD_ROOT%{_mandir} tar xjf %{SOURCE1} -mkdir -p ${RPM_BUILD_ROOT}/$CHROOT/etc/sysconfig -cp %{SOURCE2} ${RPM_BUILD_ROOT}/$CHROOT/etc/sysconfig/named +mkdir -p ${RPM_BUILD_ROOT}/etc/sysconfig +cp %{SOURCE2} ${RPM_BUILD_ROOT}/etc/sysconfig/named %if %server %pre @@ -116,20 +205,22 @@ cp %{SOURCE2} ${RPM_BUILD_ROOT}/$CHROOT/etc/sysconfig/named -s /sbin/nologin -r -d /var/named named 2>/dev/null || : %post -/sbin/chkconfig --add named -if [ -f ${CHROOT}/etc/named.boot -a ! -f ${CHROOT}/etc/named.conf ]; then - if [ -x /usr/sbin/named-bootconf ]; then - cat ${CHROOT}/etc/named.boot | /usr/sbin/named-bootconf > ${CHROOT}/etc/named.conf - chmod 644 ${CHROOT}/etc/named.conf - fi -fi -if [ ! -e /etc/rndc.key.rpmnew ]; then - sed -e "s/@KEY@/`/usr/sbin/dns-keygen`/" /etc/rndc.key >/etc/rndc.key.tmp - mv -f /etc/rndc.key.tmp /etc/rndc.key +if [ $1 = 1 ]; then + /sbin/chkconfig --add named + if [ -f etc/named.boot -a ! -f etc/named.conf ]; then + if [ -x /usr/sbin/named-bootconf ]; then + cat etc/named.boot | /usr/sbin/named-bootconf > etc/named.conf + chmod 644 etc/named.conf + fi + fi + if [ ! -e /etc/rndc.key.rpmnew ]; then + sed -e "s/@KEY@/`/usr/sbin/dns-keygen`/" /etc/rndc.key >/etc/rndc.key.tmp + mv -f /etc/rndc.key.tmp /etc/rndc.key + fi + chmod 0640 /etc/rndc.conf etc/rndc.key + chown root:named /etc/rndc.conf etc/rndc.key + /sbin/ldconfig fi -chmod 0640 /etc/rndc.conf ${CHROOT}/etc/rndc.key -chown root:named /etc/rndc.conf ${CHROOT}/etc/rndc.key -/sbin/ldconfig exit 0 %preun @@ -191,8 +282,9 @@ rm -rf ${RPM_BUILD_ROOT} ${RPM_BUILD_DIR}/%{name}-%{version} %{_mandir}/man8/named-checkzone.8* %{_mandir}/man8/rndc-confgen.8* -%attr(-,named,named) %dir /var/named -%attr(-,named,named) %dir /var/run/named +%attr(750,root,named) %dir /var/named +%attr(770,named,named) %dir /var/named/slaves +%attr(770,named,named) %dir /var/run/named %endif %files utils @@ -222,6 +314,101 @@ rm -rf ${RPM_BUILD_ROOT} ${RPM_BUILD_DIR}/%{name}-%{version} %endif %changelog +* Fri Oct 17 2003 Daniel Walsh 9.2.2.P3-9 +- Add /var/named/slaves directory + +* Sun Oct 12 2003 Florian La Roche +- do not link against libnsl, not needed for Linux + +* Wed Oct 8 2003 Daniel Walsh 9.2.2.P3-6 +- Fix local time in log file + +* Tue Oct 7 2003 Daniel Walsh 9.2.2.P3-5 +- Try again + +* Mon Oct 6 2003 Daniel Walsh 9.2.2.P3-4 +- Fix handling of chroot -/dev/random + +* Thu Oct 2 2003 Daniel Walsh 9.2.2.P3-3 +- Stop hammering stuff on update of chroot environment + +* Mon Sep 29 2003 Daniel Walsh 9.2.2.P3-2 +- Fix chroot directory to grab all subdirectories + +* Wed Sep 24 2003 Daniel Walsh 9.2.2.P3-1 +- New patch to support for "delegation-only" + +* Wed Sep 17 2003 Daniel Walsh 9.2.2-23 +- patch support for "delegation-only" + +* Wed Jul 30 2003 Daniel Walsh 9.2.2-22 +- Update to build on RHL + +* Wed Jul 30 2003 Daniel Walsh 9.2.2-21 +- Install libraries as exec so debug info will be pulled + +* Sat Jul 19 2003 Daniel Walsh 9.2.2-20 +- Remove BSDCOMPAT + +* Tue Jul 15 2003 Daniel Walsh 9.2.2-19 +- Update to build on RHL + +* Tue Jul 15 2003 Daniel Walsh 9.2.2-18 +- Change protections on /var/named and /var/chroot/named + +* Tue Jun 17 2003 Daniel Walsh 9.2.2-17 +- Update to build on RHL + +* Tue Jun 17 2003 Daniel Walsh 9.2.2-16 +- Update to build on RHEL + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Apr 22 2003 Daniel Walsh 9.2.2-14 +- Update to build on RHEL + +* Tue Apr 22 2003 Daniel Walsh 9.2.2-13 +- Fix config description of named.conf in chroot +- Change named.init script to check for existence of /etc/sysconfig/network + +* Fri Apr 18 2003 Daniel Walsh 9.2.2-12 +- Update to build on RHEL + +* Fri Apr 18 2003 Daniel Walsh 9.2.2-11 +- Update to build on RHEL + +* Fri Apr 18 2003 Daniel Walsh 9.2.2-10 +- Fix echo OK on starting/stopping service + +* Fri Mar 28 2003 Daniel Walsh 9.2.2-9 +- Update to build on RHEL + +* Fri Mar 28 2003 Daniel Walsh 9.2.2-8 +- Fix echo on startup + +* Tue Mar 25 2003 Daniel Walsh 9.2.2-7 +- Fix problems with chroot environment +- Eliminate posix threads + +* Mon Mar 24 2003 Daniel Walsh 9.2.2-6 +- Fix build problems + +* Fri Mar 14 2003 Daniel Walsh 9.2.2-5 +- Fix build on beehive + +* Thu Mar 13 2003 Daniel Walsh 9.2.2-4 +- build bind-chroot kit + +* Tue Mar 11 2003 Daniel Walsh 9.2.2-3 +- Change configure to use proper threads model + +* Fri Mar 7 2003 Daniel Walsh 9.2.2-2 +- update to 9.2.2 + +* Tue Mar 4 2003 Daniel Walsh 9.2.2-1 +- update to 9.2.2 + * Tue Jan 24 2003 Daniel Walsh 9.2.1-16 - Put a sleep in restart to make sure stop completes diff --git a/named.init b/named.init index 4f7def1..ccaccae 100755 --- a/named.init +++ b/named.init @@ -12,7 +12,7 @@ . /etc/rc.d/init.d/functions # Source networking configuration. -. /etc/sysconfig/network +[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network RETVAL=0 prog="named" @@ -40,6 +40,7 @@ start() { daemon /usr/sbin/named -u named ${OPTIONS} RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/named + echo return $RETVAL } stop() { @@ -51,7 +52,10 @@ stop() { killproc named RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named + echo + return $RETVAL } + success echo return $RETVAL } diff --git a/named.logrotate b/named.logrotate index 80956ce..ccb66d9 100644 --- a/named.logrotate +++ b/named.logrotate @@ -2,6 +2,6 @@ missingok create 0644 named named postrotate - /sbin/service named reload 2> /dev/null || true + /sbin/service named reload 2> /dev/null > /dev/null || true endscript } diff --git a/sources b/sources index a5d42b9..1117106 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -78123b906b82a9378a2e2590304cb7ce bind-9.2.1.tar.bz2 +64539232c1ad4658ae4a32aa46719159 bind-9.2.2.P3.tar.bz2 +682fa30aef039f9a752d006121d834d8 bind-chroot.tar.gz c2f6322d4ef48684478cbb3c5cccbd3f bind-manpages.tar.bz2