diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1b80f84
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/opendnssec-1.4.14.tar.gz
diff --git a/.opendnssec.metadata b/.opendnssec.metadata
new file mode 100644
index 0000000..abaa2d2
--- /dev/null
+++ b/.opendnssec.metadata
@@ -0,0 +1 @@
+3ac11d815572750f604707f87d68db7d593d2e86 SOURCES/opendnssec-1.4.14.tar.gz
diff --git a/SOURCES/conf.xml b/SOURCES/conf.xml
new file mode 100644
index 0000000..577e6ba
--- /dev/null
+++ b/SOURCES/conf.xml
@@ -0,0 +1,88 @@
+
+
+
+
+
+
+
+ /usr/lib64/softhsm/libsofthsm.so
+ OpenDNSSEC
+ 1234
+
+
+
+
+
+
+
+
+
+ local0
+
+
+ /etc/opendnssec/kasp.xml
+ /etc/opendnssec/zonelist.xml
+
+
+
+
+
+
+ ods
+ ods
+
+
+ /var/opendnssec/kasp.db
+ PT3600S
+
+
+
+
+
+
+
+
+
+ ods
+ ods
+
+
+ /var/opendnssec/tmp
+ 4
+
+
+
+
+
+
+
+
+
diff --git a/SOURCES/ods-enforcerd.service b/SOURCES/ods-enforcerd.service
new file mode 100644
index 0000000..b660d86
--- /dev/null
+++ b/SOURCES/ods-enforcerd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenDNSSEC Enforcer daemon
+After=syslog.target network.target
+
+[Service]
+Type=forking
+PIDFile=/var/run/opendnssec/enforcerd.pid
+EnvironmentFile=-/etc/sysconfig/ods
+ExecStart=/usr/sbin/ods-enforcerd $ODS_ENFORCERD_OPT
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/ods-signerd.service b/SOURCES/ods-signerd.service
new file mode 100644
index 0000000..a7b7034
--- /dev/null
+++ b/SOURCES/ods-signerd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenDNSSEC signer daemon
+After=syslog.target network.target ods-enforcerd
+
+[Service]
+Type=simple
+PIDFile=/var/run/opendnssec/signerd.pid
+EnvironmentFile=-/etc/sysconfig/ods
+ExecStart=/usr/sbin/ods-signerd -d $ODS_SIGNERD_OPT
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/ods.sysconfig b/SOURCES/ods.sysconfig
new file mode 100644
index 0000000..1cf67f2
--- /dev/null
+++ b/SOURCES/ods.sysconfig
@@ -0,0 +1,2 @@
+ODS_SIGNERD_OPT=""
+ODS_ENFORCERD_OPT=""
diff --git a/SOURCES/opendnssec.cron b/SOURCES/opendnssec.cron
new file mode 100644
index 0000000..776de9b
--- /dev/null
+++ b/SOURCES/opendnssec.cron
@@ -0,0 +1,4 @@
+# Ensure multiple ods-enforcerd's on different system roll at the same time
+# independant of when the daemon was started. Since TLDs often update their
+# zone "on the hour" we do the key rollover checks just before the hour.
+50,20 * * * * root test -f /var/lock/subsys/ods-enforcerd && kill -s SIGHUP `cat /var/run/opendnssec/enforcerd.pid` > /dev/null 2> /dev/null
diff --git a/SOURCES/tmpfiles-opendnssec.conf b/SOURCES/tmpfiles-opendnssec.conf
new file mode 100644
index 0000000..36ee903
--- /dev/null
+++ b/SOURCES/tmpfiles-opendnssec.conf
@@ -0,0 +1 @@
+D /var/run/opendnssec 0755 ods ods -
diff --git a/SPECS/opendnssec.spec b/SPECS/opendnssec.spec
new file mode 100644
index 0000000..46f5afa
--- /dev/null
+++ b/SPECS/opendnssec.spec
@@ -0,0 +1,305 @@
+#global prever rcX
+%global _hardened_build 1
+
+Summary: DNSSEC key and zone management software
+Name: opendnssec
+Version: 1.4.14
+Release: 1%{?prever}%{?dist}
+License: BSD
+Url: http://www.opendnssec.org/
+Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
+Source1: ods-enforcerd.service
+Source2: ods-signerd.service
+Source3: ods.sysconfig
+Source4: conf.xml
+Source5: tmpfiles-opendnssec.conf
+Source6: opendnssec.cron
+
+Group: Applications/System
+Requires: opencryptoki, softhsm, systemd-units
+Requires: libxml2, libxslt sqlite
+BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
+BuildRequires: libxml2-devel CUnit-devel, doxygen
+# It tests for pkill/killall and would use /bin/false if not found
+BuildRequires: procps-ng
+BuildRequires: perl-interpreter
+
+BuildRequires: systemd-units
+Requires(pre): shadow-utils
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%if 0%{?prever:1}
+#For building snapshots
+Buildrequires: autoconf, automake, libtool, java
+%endif
+
+%description
+OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
+It secures zone data just before it is published in an authoritative
+name server. It requires a PKCS#11 crypto module library, such as softhsm
+
+%prep
+%setup -q -n %{name}-%{version}%{?prever}
+# bump default policy ZSK keysize to 2048
+sed -i "s/1024/2048/" conf/kasp.xml.in
+
+%build
+#export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
+#export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"
+#export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security"
+%configure --with-ldns=%{_libdir}
+make %{?_smp_mflags}
+
+%check
+# Requires sample db not shipped with upstream
+# make check
+
+%install
+rm -rf %{buildroot}
+make DESTDIR=%{buildroot} install
+mkdir -p %{buildroot}%{_localstatedir}/opendnssec/{tmp,signed,signconf}
+install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
+install -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
+rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
+install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig
+install -d -m 0755 %{buildroot}%{_unitdir}
+install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
+install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
+install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
+install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
+mkdir -p %{buildroot}%{_tmpfilesdir}/
+install -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/opendnssec.conf
+mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
+cp enforcer/utils/migrate_1_4_8.sqlite3 %{buildroot}%{_datadir}/%{name}/
+
+%files
+%{_unitdir}/ods-enforcerd.service
+%{_unitdir}/ods-signerd.service
+%config(noreplace) %{_tmpfilesdir}/opendnssec.conf
+%attr(0770,root,ods) %dir %{_sysconfdir}/opendnssec
+%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec
+%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/tmp
+%attr(0775,root,ods) %dir %{_localstatedir}/opendnssec/signed
+%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signconf
+%attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods
+%attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/opendnssec
+%doc NEWS README.md
+%license LICENSE
+%{_mandir}/*/*
+%{_sbindir}/*
+%{_bindir}/*
+%attr(0755,root,root) %dir %{_datadir}/%{name}
+%{_datadir}/%{name}/*
+
+%pre
+getent group ods >/dev/null || groupadd -r ods
+getent passwd ods >/dev/null || \
+useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \
+-c "opendnssec daemon account" ods
+exit 0
+
+%post
+# Initialise a slot on the softhsm on first install
+if [ "$1" -eq 1 ]; then
+ %{_sbindir}/runuser -u ods -- %{_bindir}/softhsm2-util --init-token \
+ --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
+ if [ ! -s %{_localstatedir}opendnssec/kasp.db ]; then
+ echo y | %{_bindir}/ods-ksmutil setup
+ fi
+fi
+
+# Migrate version 3 db to version 4 db
+if [ "`%{_bindir}/sqlite3 %{_localstatedir}/%{name}/kasp.db 'select version from dbadmin;'`" != "4" ]; then
+ %{_bindir}/sqlite3 %{_localstatedir}/%{name}/kasp.db < %{_datadir}/%{name}/migrate_1_4_8.sqlite3
+fi
+
+# in case we update any xml conf file
+ods-ksmutil update all >/dev/null 2>/dev/null ||:
+%systemd_post ods-enforcerd.service
+%systemd_post ods-signerd.service
+
+%preun
+%systemd_preun ods-enforcerd.service
+%systemd_preun ods-signerd.service
+
+%postun
+%systemd_postun_with_restart ods-enforcerd.service
+%systemd_postun_with_restart ods-signerd.service
+
+%changelog
+* Tue Dec 12 2017 Paul Wouters - 1.4.14-1
+- Update to 1.4.14 as first steop to migrating to 2.x
+- Resolves: rhbz#1413254 Move tmpfiles.d config to %%{_tmpfilesdir}, install LICENSE as %%license
+
+* Thu Aug 03 2017 Fedora Release Engineering - 1.4.9-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering - 1.4.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Mar 08 2017 Tomas Hozza - 1.4.9-5
+- Fix FTBFS (#1424019) in order to rebuild against new ldns
+
+* Sat Feb 11 2017 Fedora Release Engineering - 1.4.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Feb 18 2016 Paul Wouters - 1.4.9-3
+- Resolves: rbz#1303965 upgrade to opendnssec-1.4.9-1.fc23 breaks old installations
+- On initial install, after token init, also run ods-ksmutil setup
+
+* Thu Feb 04 2016 Fedora Release Engineering - 1.4.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Feb 01 2016 Paul Wouters - 1.4.9-1
+- Updated to 1.4.9
+- Removed merged in patch
+
+* Wed Jun 17 2015 Fedora Release Engineering - 1.4.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue Jun 09 2015 Paul Wouters - 1.4.7-2
+- Resolves rhbz#1219746 ods-signerd.service misplaced After= in section Service
+- Resolves rhbz#1220443 OpenDNSSEC fails to initialise a slot in softhsm on first install
+
+* Tue Dec 09 2014 Paul Wouters - 1.4.7-1
+- Updated to 1.4.7 (fix zone update can get stuck, crash on retransfer cmd)
+
+* Wed Oct 15 2014 Paul Wouters - 1.4.6-4
+- Change /etc/opendnssec to be ods group writable
+
+* Wed Oct 08 2014 Paul Wouters - 1.4.6-3
+- Added Petr Spacek's patch that adds the config option (rhbz#1123354)
+
+* Sun Aug 17 2014 Fedora Release Engineering - 1.4.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Jul 28 2014 Paul Wouters - 1.4.6-1
+- Updated to 1.4.6
+- Removed incorporated patch upstream
+- Remove Wants= from ods-signerd.service (rhbz#1098205)
+
+* Sat Jun 07 2014 Fedora Release Engineering - 1.4.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Fri Apr 18 2014 Paul Wouters - 1.4.5-2
+- Updated to 1.4.5
+- Added patch for serial 0 bug in XFR adapter
+
+* Tue Apr 01 2014 Paul Wouters - 1.4.4-3
+- Add buildrequires for ods-kasp2html (rhbz#1073313)
+
+* Sat Mar 29 2014 Paul Wouters - 1.4.4-2
+- Add requires for ods-kasp2html (rhbz#1073313)
+
+* Thu Mar 27 2014 Paul Wouters - 1.4.4-1
+- Updated to 1.4.4 (compatibility with non RFC 5155 errata 3441)
+- Change the default ZSK policy from 1024 to 2048 bit RSA keys
+- Fix post to be quiet when upgrading opendnssec
+
+* Thu Jan 09 2014 Paul Wouters - 1.4.3-1
+- Updated to 1.4.3 (rhel#1048449) - minor bugfixes, minor feature enhancements
+- rhel#1025985 OpenDNSSEC signer cannot be started due to a typo in service file
+
+* Wed Sep 11 2013 Paul Wouters - 1.4.2-1
+- Updated to 1.4.2, bugfix release
+
+* Sat Aug 03 2013 Fedora Release Engineering - 1.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Jun 28 2013 Paul Wouters - 1.4.1-1
+- Updated to 1.4.1. NSEC3 handling and serial number handling fixes
+- Add BuildRequire for systemd-units
+
+* Sat May 11 2013 Paul Wouters - 1.4.0-1
+- Updated to 1.4.0
+
+* Fri Apr 12 2013 Paul Wouters - 1.4.20-0.8.rc3
+- Updated to 1.4.0rc3
+- Enabled hardened compile, full relzo/pie
+
+* Fri Jan 25 2013 Patrick Uiterwijk - 1.4.0-0.7.rc2
+- Updated to 1.4.0rc2, which includes svn r6952
+
+* Fri Jan 18 2013 Patrick Uiterwijk - 1.4.0-0.6.rc1
+- Updated to 1.4.0rc1
+- Applied opendnssec-ksk-premature-retirement.patch (svn r6952)
+
+* Tue Dec 18 2012 Paul Wouters - 1.4.0-0.5.b2
+- Updated to 1.4.0b2
+- All patches have been merged upstream
+- cron job should be marked as config file
+
+* Tue Oct 30 2012 Paul Wouters - 1.4.0-0.4.b1
+- Added BuildRequires: procps-ng for bug OPENDNSSEC-345
+- Change RRSIG inception offset to -2h to avoid possible
+ daylight saving issues on resolvers
+- Patch to prevent removal of occluded data
+
+* Wed Sep 26 2012 Paul Wouters - 1.4.0-0.3.b1
+- Just an EVR fix to the proper standard
+- Cleanup of spec file
+- Introduce new systemd-rpm macros (rhbz#850242)
+
+* Wed Sep 12 2012 Paul Wouters - 1.4.0-0.b1.1
+- Updated to 1.4.0b1
+- Patch for NSEC3PARAM TTL
+- Cron job to assist narrowing ods-enforcerd timing differences
+
+* Wed Aug 29 2012 Paul Wouters - 1.4.0-0.a3.1
+- Updated to 1.4.0a3
+- Patch to more aggressively try to resign
+- Patch to fix locking issue eating up cpu
+
+* Fri Jul 20 2012 Fedora Release Engineering - 1.4.0-0.a2.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue Jun 12 2012 Paul Wouters - 1.4.0-0.a2.1
+- Updated to 1.4.0a2
+- ksm-utils patch for ods-ksmutil to die sooner when it can't lock
+ the HSM.
+
+* Wed May 16 2012 Paul Wouters - 1.4.0-0.a1.3
+- Patch for crasher with deleted RRsets and NSEC3/OPTOUT chains
+
+* Mon Mar 26 2012 Paul Wouters - 1.4.0-0.a1.2
+- Added opendnssec LICENSE file from trunk (Thanks Jakob!)
+
+* Mon Mar 26 2012 Paul Wouters - 1.4.0-0.a1.1
+- Fix macros in comment
+- Added missing -m to install target
+
+* Sun Mar 25 2012 Paul Wouters - 1.4.0-0.a1
+- The 1.4.x branch no longer needs ruby, as the auditor has been removed
+- Added missing openssl-devel BuildRequire
+- Comment out so keys generated by ods can be used by bind
+
+* Fri Feb 24 2012 Paul Wouters - 1.3.6-3
+- Requires rubygem-soap4r when using ruby-1.9
+- Don't ghost /var/run/opendnssec
+- Converted initd to systemd
+
+* Thu Nov 24 2011 root - 1.3.2-6
+- Added rubygem-dnsruby requires as rpm does not pick it up automatically
+
+* Tue Nov 22 2011 root - 1.3.2-5
+- Added /var/opendnssec/signconf/ /as this temp dir is needed
+
+* Mon Nov 21 2011 Paul Wouters - 1.3.2-4
+- Added /var/opendnssec/signed/ as this is the default output dir
+
+* Sun Nov 20 2011 Paul Wouters - 1.3.2-3
+- Add ods user for opendnssec tasks
+- Added initscripts and services for ods-signerd and ods-enforcerd
+- Initialise OpenDNSSEC softhsm token on first install
+
+* Wed Oct 05 2011 Paul Wouters - 1.3.2-1
+- Updated to 1.3.2
+- Added dependancies on opencryptoki and softhsm
+- Don't install duplicate unreadable .sample files
+- Fix upstream conf.xml to point to actually used library paths
+
+* Thu Mar 3 2011 Paul Wouters - 1.2.0-1
+- Initial package for Fedora