|
 |
0d3b23 |
%global _hardened_build 1
|
|
|
0d3b23 |
|
|
|
0d3b23 |
Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving
|
|
|
0d3b23 |
Name: dnssec-trigger
|
|
|
0d3b23 |
Version: 0.11
|
|
|
0d3b23 |
Release: 22%{?dist}
|
|
|
0d3b23 |
License: BSD
|
|
|
0d3b23 |
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
|
|
|
0d3b23 |
Source: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
|
|
|
0d3b23 |
Source1:dnssec-triggerd.service
|
|
|
0d3b23 |
Source2: dnssec-triggerd-keygen.service
|
|
|
0d3b23 |
Source3: dnssec-trigger.conf
|
|
|
0d3b23 |
# Latest NM dispatcher Python hook from upstream SVN
|
|
|
0d3b23 |
# http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk/contrib/01-dnssec-trigger-hook-new_nm
|
|
|
0d3b23 |
Source4: 01-dnssec-trigger-hook
|
|
|
0d3b23 |
Source5: dnssec-trigger.tmpfiles.d
|
|
|
0d3b23 |
Source6: dnssec-triggerd-resolvconf-handle.sh
|
|
|
0d3b23 |
Source7: dnssec-triggerd-resolvconf-handle.service
|
|
|
0d3b23 |
# http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk/contrib/dnssec.conf.sample
|
|
|
0d3b23 |
Source8: dnssec.conf.sample
|
|
|
0d3b23 |
Patch1: dnssec-trigger-0.11-improve_dialog_texts.patch
|
|
|
0d3b23 |
Patch2: dnssec-trigger-842455.patch
|
|
|
0d3b23 |
# https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=489
|
|
|
0d3b23 |
Patch3: dnssec-trigger-0.11-nl489.patch
|
|
|
0d3b23 |
Patch4: dnssec-trigger-0.11-coverity_scan.patch
|
|
|
0d3b23 |
Patch5: dnssec-trigger-rh1254473.patch
|
|
|
0d3b23 |
|
|
|
0d3b23 |
Requires(postun): initscripts
|
|
|
0d3b23 |
Requires: ldns >= 1.6.10, NetworkManager, NetworkManager-glib, unbound, xdg-utils
|
|
|
0d3b23 |
Requires(pre): shadow-utils
|
|
|
0d3b23 |
BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel
|
|
|
0d3b23 |
BuildRequires: gtk2-devel, NetworkManager-devel
|
|
|
0d3b23 |
|
|
|
0d3b23 |
BuildRequires: systemd
|
|
|
0d3b23 |
Requires(post): systemd
|
|
|
0d3b23 |
Requires(preun): systemd
|
|
|
0d3b23 |
Requires(postun): systemd
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%description
|
|
|
0d3b23 |
dnssec-trigger reconfigures the local unbound DNS server. This unbound DNS
|
|
|
0d3b23 |
server performs DNSSEC validation, but dnssec-trigger will signal it to
|
|
|
0d3b23 |
use the DHCP obtained forwarders if possible, and fallback to doing its
|
|
|
0d3b23 |
own AUTH queries if that fails, and if that fails prompt the user via
|
|
|
0d3b23 |
dnssec-trigger-applet the option to go with insecure DNS only.
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%prep
|
|
|
0d3b23 |
%setup -q
|
|
|
0d3b23 |
# Fixup the name to not include "panel" in the menu item or name
|
|
|
0d3b23 |
sed -i "s/ Panel//" panel/dnssec-trigger-panel.desktop.in
|
|
|
0d3b23 |
sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in
|
|
|
0d3b23 |
# change some text in the popups
|
|
|
0d3b23 |
%patch1 -p1
|
|
|
0d3b23 |
%patch2 -p1
|
|
|
0d3b23 |
%patch3 -p1
|
|
|
0d3b23 |
%patch4 -p1
|
|
|
0d3b23 |
%patch5 -p1
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%build
|
|
|
0d3b23 |
%configure --with-keydir=/etc/dnssec-trigger
|
|
|
0d3b23 |
%{__make} %{?_smp_mflags}
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%install
|
|
|
0d3b23 |
rm -rf %{buildroot}
|
|
|
0d3b23 |
%{__make} DESTDIR=%{buildroot} install
|
|
|
0d3b23 |
install -d 0755 %{buildroot}%{_unitdir}
|
|
|
0d3b23 |
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}d.service
|
|
|
0d3b23 |
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}d-keygen.service
|
|
|
0d3b23 |
install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/
|
|
|
0d3b23 |
|
|
|
0d3b23 |
mkdir -p %{buildroot}%{_libexecdir}
|
|
|
0d3b23 |
install -m 0755 %{SOURCE6} %{buildroot}%{_libexecdir}/%{name}d-resolvconf-handle.sh
|
|
|
0d3b23 |
install -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/%{name}d-resolvconf-handle.service
|
|
|
0d3b23 |
|
|
|
0d3b23 |
desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
|
|
|
0d3b23 |
|
|
|
0d3b23 |
# overwrite the stock NM hook since there is new one in upstream SVN that is not used by default
|
|
|
0d3b23 |
install -p -m 0755 %{SOURCE4} %{buildroot}/%{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook
|
|
|
0d3b23 |
#install the /etc/dnssec.conf configuration file
|
|
|
0d3b23 |
install -p -m 0644 %{SOURCE8} %{buildroot}/%{_sysconfdir}/dnssec.conf
|
|
|
0d3b23 |
|
|
|
0d3b23 |
# install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir
|
|
|
0d3b23 |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
0d3b23 |
install -m 644 %{SOURCE5} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf
|
|
|
0d3b23 |
# we must create the /var/run/dnssec-trigger directory
|
|
|
0d3b23 |
mkdir -p %{buildroot}%{_localstatedir}/run
|
|
|
0d3b23 |
install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
|
|
|
0d3b23 |
|
|
|
0d3b23 |
# supress the panel name everywhere including the gnome3 panel at the bottom
|
|
|
0d3b23 |
ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger
|
|
|
0d3b23 |
|
|
|
0d3b23 |
# Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-*
|
|
|
0d3b23 |
# executables
|
|
|
0d3b23 |
for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do
|
|
|
0d3b23 |
ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8
|
|
|
0d3b23 |
done
|
|
|
0d3b23 |
ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%clean
|
|
|
0d3b23 |
rm -rf ${RPM_BUILD_ROOT}
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%files
|
|
|
0d3b23 |
%defattr(-,root,root,-)
|
|
|
0d3b23 |
%doc README LICENSE
|
|
|
0d3b23 |
%{_unitdir}/%{name}d.service
|
|
|
0d3b23 |
%{_unitdir}/%{name}d-keygen.service
|
|
|
0d3b23 |
%{_unitdir}/%{name}d-resolvconf-handle.service
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
|
|
|
0d3b23 |
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook
|
|
|
0d3b23 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf
|
|
|
0d3b23 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf
|
|
|
0d3b23 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop
|
|
|
0d3b23 |
%dir %{_localstatedir}/run/%{name}
|
|
|
0d3b23 |
%{_tmpfilesdir}/%{name}.conf
|
|
|
0d3b23 |
%{_bindir}/dnssec-trigger-panel
|
|
|
0d3b23 |
%{_bindir}/dnssec-trigger
|
|
|
0d3b23 |
%{_sbindir}/dnssec-trigger*
|
|
|
0d3b23 |
%{_libexecdir}/%{name}d-resolvconf-handle.sh
|
|
|
0d3b23 |
%{_mandir}/*/*
|
|
|
0d3b23 |
%attr(0755,root,root) %dir %{_datadir}/%{name}
|
|
|
0d3b23 |
%attr(0644,root,root) %{_datadir}/%{name}/*
|
|
|
0d3b23 |
%attr(0644,root,root) %{_datadir}/applications/dnssec-trigger-panel.desktop
|
|
|
0d3b23 |
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%post
|
|
|
0d3b23 |
%systemd_post %{name}d.service
|
|
|
0d3b23 |
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%preun
|
|
|
0d3b23 |
%systemd_preun %{name}d.service
|
|
|
0d3b23 |
if [ "$1" -eq "0" ] ; then
|
|
|
0d3b23 |
# dnssec-triggerd makes /etc/resolv.conf immutable, undo that on removal
|
|
|
0d3b23 |
chattr -i /etc/resolv.conf
|
|
|
0d3b23 |
fi
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%postun
|
|
|
0d3b23 |
%systemd_postun_with_restart %{name}d.service
|
|
|
0d3b23 |
|
|
|
0d3b23 |
|
|
|
0d3b23 |
%changelog
|
|
|
0d3b23 |
* Wed May 18 2016 Tomas Hozza <thozza@redhat.com> - 0.11-22
|
|
|
0d3b23 |
- Improved text in the GUI panel in Hotspot sign-on mode (#1254473)
|
|
|
0d3b23 |
- Build all binaries with PIE hardening (#1092526)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Tue Feb 11 2014 Tomas Hozza <thozza@redhat.com> - 0.11-21
|
|
|
0d3b23 |
- handle IndexError exception in NM script until NM provides better API (#1063735)
|
|
|
0d3b23 |
- restart NM when stopping dnssec-trigger daemon instead of handling
|
|
|
0d3b23 |
resolv.conf by ourself. (#1061370)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Jan 29 2014 Tomas Hozza <thozza@redhat.com> - 0.11-20
|
|
|
0d3b23 |
- use systemd macros instead of directly using systemctl (#1058773)
|
|
|
0d3b23 |
- Replace the "Fedora /EPEL" comment in dnssec-trigger.conf (#1055949)
|
|
|
0d3b23 |
- Use more newer and more advanced dispatcher script (#1034813)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.11-19
|
|
|
0d3b23 |
- Mass rebuild 2014-01-24
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.11-18
|
|
|
0d3b23 |
- Mass rebuild 2013-12-27
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Tue Nov 26 2013 Tomas Hozza <thozza@redhat.com> - 0.11-17
|
|
|
0d3b23 |
- Add script to backup and restore resolv.conf on dnssec-trigger start/stop (#1031648)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Nov 18 2013 Tomas Hozza <thozza@redhat.com> - 0.11-16
|
|
|
0d3b23 |
- Improve GUI dialogs texts (#1029889)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Nov 11 2013 Tomas Hozza <thozza@redhat.com> - 0.11-15
|
|
|
0d3b23 |
- Fix the dispatcher script to use new nmcli syntax (#1028003)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 0.11-14
|
|
|
0d3b23 |
- Fix errors found by static analysis of source
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Aug 09 2013 Tomas Hozza <thozza@redhat.com> - 0.11-13
|
|
|
0d3b23 |
- Use improved NM dispatcher script from upstream (#980036)
|
|
|
0d3b23 |
- Added tmpfiles.d config due to improved NM dispatcher script
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Jul 22 2013 Tomas Hozza <thozza@redhat.com> - 0.11-12
|
|
|
0d3b23 |
- Removed Fedora infrastructure from dnssec-trigger.conf (#955149)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-11
|
|
|
0d3b23 |
- link dnssec-trigger.conf.8 to dnssec-trigger.8
|
|
|
0d3b23 |
- build dnssec-triggerd with full RELRO
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-10
|
|
|
0d3b23 |
- remove deprecated "Application" keyword from desktop file
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-9
|
|
|
0d3b23 |
- install various dnssec-trigger-* symlinks to dnssec-trigger.8 manpage
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11-8
|
|
|
0d3b23 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Tue Jan 08 2013 Paul Wouters <pwouters@redhat.com> - 0.11-7
|
|
|
0d3b23 |
- Use full path for systemd (rhbz#842455)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Tue Jul 24 2012 Paul Wouters <pwouters@redhat.com> - 0.11-6
|
|
|
0d3b23 |
- Patched daemon to remove immutable attr (rhbz#842455) as the
|
|
|
0d3b23 |
systemd ExecStopPost= target does not seem to work
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Tue Jul 24 2012 Paul Wouters <pwouters@redhat.com> - 0.11-5
|
|
|
0d3b23 |
- On service stop, remove immutable attr from resolv.conf (rhbz#842455)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11-4
|
|
|
0d3b23 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Thu Jun 28 2012 Paul Wouters <pwouters@redhat.com> - 0.11-3
|
|
|
0d3b23 |
- Fix DHCP hook for f17+ version of nmcli (rhbz#835298)
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Sun Jun 17 2012 Paul Wouters <pwouters@redhat.com> - 0.11-2
|
|
|
0d3b23 |
- Small textual changes to some popup windows
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Jun 15 2012 Paul Wouters <pwouters@redhat.com> - 0.11-1
|
|
|
0d3b23 |
- Updated to 0.11
|
|
|
0d3b23 |
- http Hotspot detection via fedoraproject.org/static/hotspot.html
|
|
|
0d3b23 |
- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Thu Feb 23 2012 Paul Wouters <pwouters@redhat.com> - 0.10-4
|
|
|
0d3b23 |
- Require: unbound
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Feb 22 2012 Paul Wouters <pwouters@redhat.com> - 0.10-3
|
|
|
0d3b23 |
- Fix the systemd startup to require unbound
|
|
|
0d3b23 |
- dnssec-triggerd no longer forks, giving systemd more control
|
|
|
0d3b23 |
- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service
|
|
|
0d3b23 |
- Fix tcp80 entries in dnssec-triggerd.conf
|
|
|
0d3b23 |
- symlink dnssec-trigger-panel to dnssec-trigger to supress the
|
|
|
0d3b23 |
"-panel" in the applet name shown in gnome3
|
|
|
0d3b23 |
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Feb 22 2012 Paul Wouters <pwouters@redhat.com> - 0.10-2
|
|
|
0d3b23 |
- The NM hook was not modified at the right time during build
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Feb 22 2012 Paul Wouters <pwouters@redhat.com> - 0.10-1
|
|
|
0d3b23 |
- Updated to 0.10
|
|
|
0d3b23 |
- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Wed Feb 08 2012 Paul Wouters <pwouters@redhat.com> - 0.9-4
|
|
|
0d3b23 |
- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Feb 06 2012 Paul Wouters <pwouters@redhat.com> - 0.9-3
|
|
|
0d3b23 |
- Convert from SysV to systemd for initial Fedora release
|
|
|
0d3b23 |
- Moved configs and pem files to /etc/dnssec-trigger/
|
|
|
0d3b23 |
- No more /var/run/dnssec-triggerd/
|
|
|
0d3b23 |
- Fix Build-requires
|
|
|
0d3b23 |
- Added commented tls443 port80 entries of pwouters resolvers
|
|
|
0d3b23 |
- On uninstall ensure there is no immutable bit on /etc/resolv.conf
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Sat Jan 07 2012 Paul Wouters <paul@xelerance.com> - 0.9-2
|
|
|
0d3b23 |
- Added LICENCE to doc section
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Mon Dec 19 2011 Paul Wouters <paul@xelerance.com> - 0.9-1
|
|
|
0d3b23 |
- Upgraded to 0.9
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Oct 28 2011 Paul Wouters <paul@xelerance.com> - 0.7-1
|
|
|
0d3b23 |
- Upgraded to 0.7
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Sep 23 2011 Paul Wouters <paul@xelerance.com> - 0.4-1
|
|
|
0d3b23 |
- Upgraded to 0.4
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Sat Sep 17 2011 Paul Wouters <paul@xelerance.com> - 0.3-5
|
|
|
0d3b23 |
- Start 01-dnssec-trigger-hook in daemon start
|
|
|
0d3b23 |
- Ensure dnssec-triggerd starts after NetworkManager
|
|
|
0d3b23 |
|
|
|
0d3b23 |
* Fri Sep 16 2011 Paul Wouters <paul@xelerance.com> - 0.3-4
|
|
|
0d3b23 |
- Initial package
|