|
|
dd3346 |
#global prever rcX
|
|
|
dd3346 |
%global _hardened_build 1
|
|
|
dd3346 |
|
|
|
dd3346 |
Summary: DNSSEC key and zone management software
|
|
|
dd3346 |
Name: opendnssec
|
|
|
18c90f |
Version: 1.4.7
|
|
|
9f397c |
Release: 4%{?prever}%{?dist}
|
|
|
dd3346 |
License: BSD
|
|
|
dd3346 |
Url: http://www.opendnssec.org/
|
|
|
dd3346 |
Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
|
|
|
dd3346 |
Source1: ods-enforcerd.service
|
|
|
dd3346 |
Source2: ods-signerd.service
|
|
|
dd3346 |
Source3: ods.sysconfig
|
|
|
dd3346 |
Source4: conf.xml
|
|
|
dd3346 |
Source5: tmpfiles-opendnssec.conf
|
|
|
dd3346 |
Source6: opendnssec.cron
|
|
|
dd3346 |
|
|
|
18c90f |
Patch0: opendnssec-1.4.7-1204100-extract.patch
|
|
|
dd3346 |
Patch1: 0001-use-system-trang.patch
|
|
|
dd3346 |
Patch2: 0002-get-started.patch
|
|
|
dd3346 |
|
|
|
dd3346 |
Group: Applications/System
|
|
|
dd3346 |
Requires: opencryptoki, softhsm >= 2.0.0b1-2, systemd-units
|
|
|
dd3346 |
BuildRequires: libxml2, libxslt
|
|
|
dd3346 |
Requires: libxml2, libxslt
|
|
|
dd3346 |
BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
|
|
|
dd3346 |
BuildRequires: libxml2-devel, doxygen, trang
|
|
|
dd3346 |
# It tests for pkill/killall and would use /bin/false if not found
|
|
|
dd3346 |
BuildRequires: procps-ng
|
|
|
dd3346 |
BuildRequires: systemd-units
|
|
|
dd3346 |
BuildRequires: sed
|
|
|
dd3346 |
Requires(pre): shadow-utils
|
|
|
dd3346 |
Requires(post): systemd-units
|
|
|
dd3346 |
Requires(preun): systemd-units
|
|
|
dd3346 |
Requires(postun): systemd-units
|
|
|
dd3346 |
%if 0%{?prever:1}
|
|
|
dd3346 |
#For building snapshots
|
|
|
dd3346 |
Buildrequires: autoconf, automake, libtool, java
|
|
|
dd3346 |
%endif
|
|
|
dd3346 |
|
|
|
dd3346 |
%description
|
|
|
dd3346 |
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
|
|
|
dd3346 |
It secures zone data just before it is published in an authoritative
|
|
|
dd3346 |
name server. It requires a PKCS#11 crypto module library, such as softhsm.
|
|
|
dd3346 |
|
|
|
9f397c |
This package is only supported for use with IdM.
|
|
|
dd3346 |
|
|
|
dd3346 |
%prep
|
|
|
dd3346 |
%setup -q -n %{name}-%{version}%{?prever}
|
|
|
dd3346 |
# bump default policy ZSK keysize to 2048
|
|
|
dd3346 |
sed -i "s/1024/2048/" conf/kasp.xml.in
|
|
|
dd3346 |
%patch0 -p1 -b .p0.allow_extraction
|
|
|
dd3346 |
%patch1 -p1 -b .p0.system_trang
|
|
|
dd3346 |
%patch2 -p1
|
|
|
dd3346 |
# fix platform-specific paths in conf.xml
|
|
|
dd3346 |
sed -i 's:<Module>/usr/lib64:<Module>%{_libdir}:' %{SOURCE4}
|
|
|
dd3346 |
|
|
|
dd3346 |
%build
|
|
|
dd3346 |
export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
|
|
|
dd3346 |
export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"
|
|
|
dd3346 |
export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security"
|
|
|
dd3346 |
%configure --with-ldns=%{_libdir} --without-cunit
|
|
|
dd3346 |
make %{?_smp_mflags}
|
|
|
dd3346 |
|
|
|
dd3346 |
%check
|
|
|
dd3346 |
# Requires sample db not shipped with upstream
|
|
|
dd3346 |
# It also requires CUnit-devel package which is not in RHEL
|
|
|
dd3346 |
# make check
|
|
|
dd3346 |
|
|
|
dd3346 |
%install
|
|
|
dd3346 |
rm -rf %{buildroot}
|
|
|
dd3346 |
make DESTDIR=%{buildroot} install
|
|
|
dd3346 |
mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
|
|
|
dd3346 |
install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
|
|
|
dd3346 |
install -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
|
|
|
dd3346 |
rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
|
|
|
dd3346 |
install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig
|
|
|
dd3346 |
install -d -m 0755 %{buildroot}%{_unitdir}
|
|
|
dd3346 |
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
|
|
|
dd3346 |
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
|
|
|
dd3346 |
install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
|
|
|
dd3346 |
install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
|
|
|
9f397c |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
9f397c |
install -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/opendnssec.conf
|
|
|
dd3346 |
mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
|
|
|
dd3346 |
|
|
|
dd3346 |
%files
|
|
|
dd3346 |
%{_unitdir}/ods-enforcerd.service
|
|
|
dd3346 |
%{_unitdir}/ods-signerd.service
|
|
|
9f397c |
%config(noreplace) %{_tmpfilesdir}/opendnssec.conf
|
|
|
18c90f |
%attr(0770,root,ods) %dir %{_sysconfdir}/opendnssec
|
|
|
18c90f |
%attr(0775,root,ods) %dir %{_localstatedir}/opendnssec
|
|
|
dd3346 |
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/tmp
|
|
|
18c90f |
%attr(0775,root,ods) %dir %{_localstatedir}/opendnssec/signed
|
|
|
dd3346 |
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signconf
|
|
|
dd3346 |
%attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml
|
|
|
dd3346 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods
|
|
|
dd3346 |
%attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec
|
|
|
dd3346 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/opendnssec
|
|
|
dd3346 |
%doc NEWS README.md LICENSE GETSTARTED
|
|
|
dd3346 |
%{_mandir}/*/*
|
|
|
dd3346 |
%{_sbindir}/*
|
|
|
dd3346 |
%{_bindir}/*
|
|
|
dd3346 |
%attr(0770,root,ods) %dir %{_datadir}/%{name}
|
|
|
dd3346 |
%{_datadir}/%{name}/*
|
|
|
dd3346 |
|
|
|
dd3346 |
%pre
|
|
|
dd3346 |
getent group ods >/dev/null || groupadd -r ods
|
|
|
dd3346 |
getent passwd ods >/dev/null || \
|
|
|
dd3346 |
useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \
|
|
|
dd3346 |
-c "opendnssec daemon account" ods
|
|
|
dd3346 |
exit 0
|
|
|
dd3346 |
|
|
|
dd3346 |
%post
|
|
|
dd3346 |
# in case we update any xml conf file
|
|
|
dd3346 |
ods-ksmutil update all >/dev/null 2>/dev/null ||:
|
|
|
dd3346 |
%systemd_post ods-enforcerd.service
|
|
|
dd3346 |
%systemd_post ods-signerd.service
|
|
|
dd3346 |
|
|
|
dd3346 |
|
|
|
dd3346 |
%preun
|
|
|
dd3346 |
%systemd_preun ods-enforcerd.service
|
|
|
dd3346 |
%systemd_preun ods-signerd.service
|
|
|
dd3346 |
|
|
|
dd3346 |
%postun
|
|
|
dd3346 |
%systemd_postun_with_restart ods-enforcerd.service
|
|
|
dd3346 |
%systemd_postun_with_restart ods-signerd.service
|
|
|
dd3346 |
|
|
|
dd3346 |
%changelog
|
|
|
9f397c |
* Tue Apr 11 2017 Paul Wouters <pwouters@redhat.com> - 1.4.7-4
|
|
|
9f397c |
- Resolves: rhbz#1258740 Opendnssec is installing files under /etc/tmpfiles.d
|
|
|
9f397c |
|
|
|
18c90f |
* Thu Sep 10 2015 Paul Wouters <pwouters@redhat.com> - 1.4.7-3
|
|
|
18c90f |
- Resolves: rhbz#1261530 /etc/opendnssec is not writeable by ods user
|
|
|
18c90f |
|
|
|
18c90f |
* Thu Jun 11 2015 Paul Wouters <pwouters@redhat.com> - 1.4.7-2
|
|
|
18c90f |
- Resolves: rhbz#1230287 ods-signerd.service Unknown lvalue 'After'
|
|
|
18c90f |
|
|
|
18c90f |
* Tue Mar 31 2015 Paul Wouters <pwouters@redhat.com> - 1.4.7-1
|
|
|
18c90f |
- Resolves: rhbz#1204100 Rebase to opendnssec 1.4.7+
|
|
|
18c90f |
|
|
|
dd3346 |
* Tue Sep 30 2014 Petr Spacek <pspacek@redhat.com> - 1.4.6-3
|
|
|
dd3346 |
- Updated spec to build platform-indepent conf.xml
|
|
|
dd3346 |
|
|
|
dd3346 |
* Tue Sep 30 2014 Paul Wouters <pwouters@redhat.com> - 1.4.6-2
|
|
|
dd3346 |
- Changed conf.xml to reference softhsm at /usr/lib64/pkcs11/libsofthsm2.so
|
|
|
dd3346 |
- Updated Requires: to softhsm >= 2.0.0b1-2
|
|
|
dd3346 |
|
|
|
dd3346 |
* Mon Sep 22 2014 Petr Spacek <pspacek redhat com> - 1.4.6-1
|
|
|
dd3346 |
- Imported version 1.4.6
|
|
|
dd3346 |
- Added patch which adds configuration option <AllowExtraction/>
|
|
|
dd3346 |
|