From c6b3534ce9fe4c5d2a868fdf4d5c34b83d57b981 Mon Sep 17 00:00:00 2001 From: Pavel Šimerda Date: Jan 20 2015 09:42:43 +0000 Subject: Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update --- diff --git a/dnssec-trigger-0.12-nm-script.patch b/dnssec-trigger-0.12-nm-script.patch index 5149bdb..ce584e1 100644 --- a/dnssec-trigger-0.12-nm-script.patch +++ b/dnssec-trigger-0.12-nm-script.patch @@ -1,8 +1,8 @@ diff --git a/dnssec-trigger-script.in b/dnssec-trigger-script.in -index b572dd1..32d7749 100644 +index b572dd1..b25afc9 100644 --- a/dnssec-trigger-script.in +++ b/dnssec-trigger-script.in -@@ -6,7 +6,7 @@ +@@ -6,17 +6,20 @@ """ from gi.repository import NMClient @@ -11,7 +11,12 @@ index b572dd1..32d7749 100644 import logging, logging.handlers import socket, struct -@@ -15,8 +15,7 @@ DEVNULL = open("/dev/null", "wb") ++# Python compatibility stuff ++if not hasattr(os, "O_CLOEXEC"): ++ os.O_CLOEXEC = 0x80000 ++ + DEVNULL = open("/dev/null", "wb") + log = logging.getLogger() log.setLevel(logging.INFO) log.addHandler(logging.handlers.SysLogHandler()) @@ -21,7 +26,7 @@ index b572dd1..32d7749 100644 # NetworkManager reportedly doesn't pass the PATH environment variable. os.environ['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -@@ -24,6 +23,24 @@ os.environ['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b +@@ -24,12 +27,37 @@ os.environ['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b class UserError(Exception): pass @@ -35,7 +40,7 @@ index b572dd1..32d7749 100644 + dirname = os.path.dirname(self.path) + if not os.path.exists(dirname): + os.makedirs(dirname) -+ self.lock = open(self.path, "w") ++ self.lock = os.open(self.path, os.O_WRONLY | os.O_CREAT | os.O_CLOEXEC, 0o600) + + def __enter__(self): + fcntl.lockf(self.lock, fcntl.LOCK_EX) @@ -46,12 +51,50 @@ index b572dd1..32d7749 100644 class Config: """Global configuration options""" -@@ -53,18 +70,17 @@ class ConnectionList: + path = "/etc/dnssec.conf" +- validate_connection_provided_zones = True +- add_wifi_provided_zones = False ++ ++ bool_options = { ++ "debug": False, ++ "validate_connection_provided_zones": True, ++ "add_wifi_provided_zones": False, ++ "use_vpn_global_forwarders": False, ++ "use_resolv_conf_symlink": False, ++ "use_resolv_secure_conf_symlink": False, ++ } + + def __init__(self): + try: +@@ -37,35 +65,36 @@ class Config: + for line in config_file: + if '=' in line: + option, value = [part.strip() for part in line.split("=", 1)] +- if option == "validate_connection_provided_zones": +- self.validate_connection_provided_zones = (value == "yes") +- elif option == "add_wifi_provided_zones": +- self.add_wifi_provided_zones = (value == "yes") ++ if option in self.bool_options: ++ self.bool_options[option] = (value == "yes") + except IOError: + pass + log.debug(self) + +- def __repr__(self): +- return "".format(**vars(self)) ++ def __getattr__(self, option): ++ return self.bool_options[option] ++ ++ def __str__(self): ++ return "".format(self.bool_options) + + class ConnectionList: + """List of NetworkManager active connections""" nm_connections = None - def __init__(self, only_default=False, skip_wifi=False): -+ def __init__(self, client, only_default=False, skip_wifi=False): ++ def __init__(self, client, only_default=False, only_vpn=False, skip_wifi=False): # Cache the active connection list in the class + if not client.get_manager_running(): + raise UserError("NetworkManager is not running.") @@ -61,15 +104,27 @@ index b572dd1..32d7749 100644 + self.__class__.nm_connections = client.get_active_connections() self.skip_wifi = skip_wifi self.only_default = only_default ++ self.only_vpn = only_vpn log.debug(self) def __repr__(self): - if not list(self): - raise Exception("!!!") - return "".format(list(self), **vars(self)) +- return "".format(list(self), **vars(self)) ++ return "".format(list(self), **vars(self)) def __iter__(self): -@@ -190,10 +206,10 @@ class UnboundZoneConfig: + for item in self.nm_connections: +@@ -82,6 +111,8 @@ class ConnectionList: + # Skip non-default connections if appropriate + if self.only_default and not connection.is_default: + continue ++ if self.only_vpn and not connection.is_vpn: ++ continue + yield connection + + def get_zone_connection_mapping(self): +@@ -190,10 +221,10 @@ class UnboundZoneConfig: if fields.pop(0) in ('forward', 'forward:'): fields.pop(0) secure = False @@ -82,7 +137,7 @@ index b572dd1..32d7749 100644 log.debug(self) def __repr__(self): -@@ -255,7 +271,7 @@ class Store: +@@ -255,7 +286,7 @@ class Store: line = line.strip() if line: self.cache.add(line) @@ -91,7 +146,7 @@ index b572dd1..32d7749 100644 pass log.debug(self) -@@ -277,10 +293,16 @@ class Store: +@@ -277,10 +308,16 @@ class Store: log.debug(self) def update(self, zones): @@ -111,7 +166,7 @@ index b572dd1..32d7749 100644 def remove(self, zone): """Remove zone from the cache.""" -@@ -309,7 +331,7 @@ class GlobalForwarders: +@@ -309,10 +346,21 @@ class GlobalForwarders: line = line.strip() if line: self.cache.add(line) @@ -120,14 +175,30 @@ index b572dd1..32d7749 100644 pass class Application: -@@ -328,32 +350,40 @@ class Application: ++ resolvconf = "/etc/resolv.conf" ++ resolvconf_tmp = "/etc/.resolv.conf.dnssec-trigger" ++ resolvconf_secure = "/etc/resolv-secure.conf" ++ resolvconf_secure_tmp = "/etc/.resolv-secure.conf.dnssec-trigger" ++ resolvconf_backup = "/var/run/dnssec-trigger/resolv.conf.backup" ++ resolvconf_trigger = "/var/run/dnssec-trigger/resolv.conf" ++ resolvconf_trigger_tmp = resolvconf_trigger + ".tmp" ++ resolvconf_networkmanager = "/var/run/NetworkManager/resolv.conf" ++ ++ resolvconf_localhost_contents = "# Generated by dnssec-trigger-script\nnameserver 127.0.0.1\n" ++ + def __init__(self, argv): + if len(argv) > 1 and argv[1] == '--debug': + argv.pop(1) +@@ -327,108 +375,222 @@ class Application: + self.method = getattr(self, "run_" + argv[1][2:].replace('-', '_')) except AttributeError: self.usage() ++ self.config = Config() -+ self.client = NMClient.Client() ++ if self.config.debug: ++ log.setLevel(logging.DEBUG); + -+ self.resolvconf = "/etc/resolv.conf" -+ self.resolvconf_backup = "/var/run/dnssec-trigger/resolv.conf.bak" ++ self.client = NMClient.Client() def nm_handles_resolv_conf(self): - if subprocess.call(["pidof", "NetworkManager"], stdout=DEVNULL, stderr=DEVNULL) != 0: @@ -139,35 +210,129 @@ index b572dd1..32d7749 100644 for line in nm_config_file: - if line.strip == "dns=none": + if line.strip() in ("dns=none", "dns=unbound"): -+ log.debug("NetworkManager doesn't handle /etc/resolv.conf") ++ log.debug("NetworkManager doesn't handle resolv.conf") return False except IOError: pass -+ log.debug("NetworkManager handles /etc/resolv.conf") ++ log.debug("NetworkManager handles resolv.conf") return True def usage(self): - raise UserError("Usage: dnssec-trigger-script [--debug] [--async] --prepare|--update|--update-global-forwarders|--update-connection-zones|--cleanup") +- raise UserError("Usage: dnssec-trigger-script [--debug] [--async] --prepare|--update|--update-global-forwarders|--update-connection-zones|--cleanup") ++ raise UserError("Usage: dnssec-trigger-script [--debug] [--async] --prepare|--setup|--update|--update-global-forwarders|--update-connection-zones|--cleanup") def run(self): -- log.debug("Running: {}".format(self.method.__name__)) -- self.method() -+ with Lock(): -+ log.debug("Running: {}".format(self.method.__name__)) -+ self.method() + log.debug("Running: {}".format(self.method.__name__)) + self.method() ++ def _check_resolv_conf(self, path): ++ try: ++ with open(path) as source: ++ if source.read() != self.resolvconf_localhost_contents: ++ log.warning("Detected incorrect contents of {!r}!".format(path)) ++ return False; ++ return True ++ except IOError: ++ return False ++ ++ def _write_resolv_conf(self, path): ++ self._try_remove(path) ++ with open(path, "w") as target: ++ target.write(self.resolvconf_localhost_contents) ++ ++ def _install_resolv_conf(self, path, path_tmp, symlink=False): ++ if symlink: ++ self._try_remove(path_tmp) ++ os.symlink(self.resolvconf_trigger, path_tmp) ++ self._try_set_mutable(path) ++ os.rename(path_tmp, path) ++ elif not self._check_resolv_conf(path): ++ self._write_resolv_conf(path_tmp) ++ self._try_set_mutable(path) ++ os.rename(path_tmp, path) ++ self._try_set_immutable(path) ++ ++ def _try_remove(self, path): ++ self._try_set_mutable(path) ++ try: ++ os.remove(path) ++ except OSError: ++ pass ++ ++ def _try_set_immutable(self, path): ++ subprocess.call(["chattr", "+i", path]) ++ ++ def _try_set_mutable(self, path): ++ if os.path.exists(path) and not os.path.islink(path): ++ subprocess.call(["chattr", "-i", path]) ++ def run_prepare(self): - """Prepare for dnssec-trigger.""" +- """Prepare for dnssec-trigger.""" ++ """Prepare for starting dnssec-trigger ++ ++ Called by the service manager before starting dnssec-trigger daemon. ++ """ ++ # Backup resolv.conf when appropriate if not self.nm_handles_resolv_conf(): - log.info("Backing up /etc/resolv.conf") +- log.info("Backing up /etc/resolv.conf") - shutil.copy("/etc/resolv.conf", "/var/run/dnssec-trigger/resolv.conf.bak") -+ shutil.copy(self.resolvconf, self.resolvconf_backup) ++ try: ++ log.info("Backing up {} as {}...".format(self.resolvconf, self.resolvconf_backup)) ++ shutil.move(self.resolvconf, self.resolvconf_backup) ++ except IOError as error: ++ log.warning("Cannot back up {!r} as {!r}: {}".format(self.resolvconf, self.resolvconf_backup, error.strerror)) ++ ++ # Make sure dnssec-trigger daemon doesn't get confused by existing files. ++ self._try_remove(self.resolvconf) ++ self._try_remove(self.resolvconf_secure) ++ self._try_remove(self.resolvconf_trigger) ++ ++ def run_setup(self): ++ """Set up resolv.conf with localhost nameserver ++ ++ Called by dnssec-trigger. ++ """ ++ ++ self._install_resolv_conf(self.resolvconf_trigger, self.resolvconf_trigger_tmp, False) ++ self._install_resolv_conf(self.resolvconf, self.resolvconf_tmp, self.config.use_resolv_conf_symlink) ++ self._install_resolv_conf(self.resolvconf_secure, self.resolvconf_secure_tmp, self.config.use_resolv_secure_conf_symlink) ++ ++ def run_restore(self): ++ """Restore resolv.conf with original data ++ ++ Called by dnssec-trigger or internally as part of other actions. ++ """ ++ ++ self._try_remove(self.resolvconf) ++ self._try_remove(self.resolvconf_secure) ++ self._try_remove(self.resolvconf_trigger) ++ ++ log.info("Recovering {}...".format(self.resolvconf)) ++ if self.nm_handles_resolv_conf(): ++ if os.path.isfile(self.resolvconf_networkmanager): ++ os.symlink(self.resolvconf_networkmanager, self.resolvconf) ++ elif os.path.isfile("/sys/fs/cgroup/systemd"): ++ subprocess.check_call(["systemctl", "--ignore-dependencies", "try-restart", "NetworkManager.service"]) ++ else: ++ subprocess.check_call(["/etc/init.d/NetworkManager", "restart"]) ++ else: ++ try: ++ shutil.move(self.resolvconf_backup, self.resolvconf) ++ except IOError as error: ++ log.warning("Cannot restore {!r} from {!r}: {}".format(self.resolvconf, self.resolvconf_backup, error.strerror)) def run_cleanup(self): - """Clean up after dnssec-trigger.""" -@@ -361,6 +391,18 @@ class Application: +- """Clean up after dnssec-trigger.""" ++ """Clean up after dnssec-trigger daemon ++ ++ Called by the service manager after stopping dnssec-trigger daemon. ++ """ ++ ++ self.run_restore() + stored_zones = Store('zones') ++ stored_servers = Store('servers') unbound_zones = UnboundZoneConfig() + # provide upgrade path for previous versions @@ -185,38 +350,121 @@ index b572dd1..32d7749 100644 log.debug("clearing unbound configuration") for zone in stored_zones: unbound_zones.remove(zone) -@@ -370,11 +412,14 @@ class Application: - log.debug("recovering /etc/resolv.conf") - subprocess.check_call(["chattr", "-i", "/etc/resolv.conf"]) - if not self.nm_handles_resolv_conf(): + stored_zones.remove(zone) ++ for server in stored_servers: ++ stored_servers.remove(server) + stored_zones.commit() +- +- log.debug("recovering /etc/resolv.conf") +- subprocess.check_call(["chattr", "-i", "/etc/resolv.conf"]) +- if not self.nm_handles_resolv_conf(): - shutil.copy("/var/run/dnssec-trigger/resolv.conf.bak", "/etc/resolv.conf") -+ try: -+ shutil.copy(self.resolvconf_backup, self.resolvconf) -+ except IOError as error: -+ log.warning("Cannot restore resolv.conf from {!r}: {}".format(self.resolvconf_backup, error.strerror)) - # NetworkManager currently doesn't support explicit /etc/resolv.conf - # write out. For now we simply restart the daemon. - elif os.path.exists("/sys/fs/cgroup/systemd"): +- # NetworkManager currently doesn't support explicit /etc/resolv.conf +- # write out. For now we simply restart the daemon. +- elif os.path.exists("/sys/fs/cgroup/systemd"): - subprocess.check_call(["systemctl", "try-restart", "NetworkManager.service"]) -+ subprocess.check_call(["systemctl", "--ignore-dependencies", "try-restart", "NetworkManager.service"]) - else: - subprocess.check_call(["/etc/init.d/NetworkManager", "restart"]) +- else: +- subprocess.check_call(["/etc/init.d/NetworkManager", "restart"]) ++ stored_servers.commit() -@@ -387,7 +432,7 @@ class Application: + def run_update(self): ++ """Update unbound and dnssec-trigger configuration.""" ++ + self.run_update_global_forwarders() + self.run_update_connection_zones() - subprocess.check_call(["dnssec-trigger-control", "status"], stdout=DEVNULL, stderr=DEVNULL) + def run_update_global_forwarders(self): + """Configure global forwarders using dnssec-trigger-control.""" + +- subprocess.check_call(["dnssec-trigger-control", "status"], stdout=DEVNULL, stderr=DEVNULL) ++ with Lock(): ++ subprocess.check_call(["dnssec-trigger-control", "status"], stdout=DEVNULL, stderr=DEVNULL) ++ ++ connections = None ++ if self.config.use_vpn_global_forwarders: ++ connections = list(ConnectionList(self.client, only_vpn=True)) ++ if not connections: ++ connections = list(ConnectionList(self.client, only_default=True)) - default_connections = ConnectionList(only_default=True) -+ default_connections = ConnectionList(self.client, only_default=True) - servers = Store('servers') +- servers = Store('servers') ++ servers = Store('servers') + +- if servers.update(sum((connection.servers for connection in default_connections), [])): +- subprocess.check_call(["unbound-control", "flush_zone", "."]) +- subprocess.check_call(["dnssec-trigger-control", "submit"] + list(servers)) +- servers.commit() +- log.info("Global forwarders: {}".format(' '.join(servers))) ++ if servers.update(sum((connection.servers for connection in connections), [])): ++ subprocess.check_call(["unbound-control", "flush_zone", "."]) ++ subprocess.check_call(["dnssec-trigger-control", "submit"] + list(servers)) ++ servers.commit() ++ log.info("Global forwarders: {}".format(' '.join(servers))) - if servers.update(sum((connection.servers for connection in default_connections), [])): -@@ -399,7 +444,7 @@ class Application: def run_update_connection_zones(self): """Configures forward zones in the unbound using unbound-control.""" - connections = ConnectionList(skip_wifi=not self.config.add_wifi_provided_zones).get_zone_connection_mapping() -+ connections = ConnectionList(self.client, skip_wifi=not self.config.add_wifi_provided_zones).get_zone_connection_mapping() - unbound_zones = UnboundZoneConfig() - stored_zones = Store('zones') +- unbound_zones = UnboundZoneConfig() +- stored_zones = Store('zones') +- +- # The purpose of the zone store is to keep the list of Unbound zones +- # that are managed by dnssec-trigger-script. We don't want to track +- # zones accoss Unbound restarts. We want to clear any Unbound zones +- # that are no longer active in NetworkManager. +- log.debug("removing stored zones not present in both unbound and an active connection") +- for zone in stored_zones: +- if zone not in unbound_zones: +- stored_zones.remove(zone) +- elif zone not in connections: +- unbound_zones.remove(zone) +- stored_zones.remove(zone) +- +- # We need to install zones that are not yet in Unbound. We also need to +- # reinstall zones that are already managed by dnssec-trigger in case their +- # list of nameservers was changed. +- # +- # TODO: In some cases, we don't seem to flush Unbound cache properly, +- # even when Unbound is restarted (and dnssec-trigger as well, because +- # of dependency). +- log.debug("installing connection provided zones") +- for zone in connections: +- if zone in stored_zones or zone not in unbound_zones: +- unbound_zones.add(zone, connections[zone].servers, secure=self.config.validate_connection_provided_zones) +- stored_zones.add(zone) +- +- stored_zones.commit() ++ with Lock(): ++ connections = ConnectionList(self.client, skip_wifi=not self.config.add_wifi_provided_zones).get_zone_connection_mapping() ++ unbound_zones = UnboundZoneConfig() ++ stored_zones = Store('zones') ++ ++ # The purpose of the zone store is to keep the list of Unbound zones ++ # that are managed by dnssec-trigger-script. We don't want to track ++ # zones accoss Unbound restarts. We want to clear any Unbound zones ++ # that are no longer active in NetworkManager. ++ log.debug("removing stored zones not present in both unbound and an active connection") ++ for zone in stored_zones: ++ if zone not in unbound_zones: ++ stored_zones.remove(zone) ++ elif zone not in connections: ++ unbound_zones.remove(zone) ++ stored_zones.remove(zone) ++ ++ # We need to install zones that are not yet in Unbound. We also need to ++ # reinstall zones that are already managed by dnssec-trigger in case their ++ # list of nameservers was changed. ++ # ++ # TODO: In some cases, we don't seem to flush Unbound cache properly, ++ # even when Unbound is restarted (and dnssec-trigger as well, because ++ # of dependency). ++ log.debug("installing connection provided zones") ++ for zone in connections: ++ if zone in stored_zones or zone not in unbound_zones: ++ unbound_zones.add(zone, connections[zone].servers, secure=self.config.validate_connection_provided_zones) ++ stored_zones.add(zone) ++ ++ stored_zones.commit() + if __name__ == "__main__": + try: diff --git a/dnssec-trigger-0.12-probe.patch b/dnssec-trigger-0.12-probe.patch new file mode 100644 index 0000000..ea2611b --- /dev/null +++ b/dnssec-trigger-0.12-probe.patch @@ -0,0 +1,39 @@ +diff --git a/riggerd/probe.c b/riggerd/probe.c +index b521b09..dcd83dd 100644 +--- a/riggerd/probe.c ++++ b/riggerd/probe.c +@@ -156,7 +156,7 @@ get_random_dest(void) + static const char* + get_random_nsec3_dest(void) + { +- const char* choices[] = { "com.", "uk.", "nl.", "de." }; ++ const char* choices[] = { "_probe.us.com.", "_probe.uk.com.", "_probe.kr.com.", "_probe.uk.net." }; + return choices[ ldns_get_random() % 4 ]; + } + +@@ -172,7 +172,7 @@ get_random_auth_ip4(void) + "198.41.0.4", /* a */ + "192.228.79.201", /* b */ + "192.33.4.12", /* c */ +- "128.8.10.90", /* d */ ++ "199.7.91.13", /* d */ + "192.203.230.10", /* e */ + "192.5.5.241", /* f */ + "192.112.36.4", /* g */ +@@ -193,6 +193,7 @@ get_random_auth_ip6(void) + /* list of root servers */ + const char* choices[] = { + "2001:503:ba3e::2:30", /* a */ ++ "2001:500:2::c", /* c */ + "2001:500:2d::d", /* d */ + "2001:500:2f::f", /* f */ + "2001:500:1::803f:235", /* h */ +@@ -202,7 +203,7 @@ get_random_auth_ip6(void) + "2001:500:3::42", /* l */ + "2001:dc3::35" /* m */ + }; +- return choices[ ldns_get_random() % 9 ]; ++ return choices[ ldns_get_random() % 10 ]; + } + + static const char* get_random_tcp80_ip4(struct cfg* cfg) diff --git a/dnssec-trigger-0.12-reshook.patch b/dnssec-trigger-0.12-reshook.patch new file mode 100644 index 0000000..52f5518 --- /dev/null +++ b/dnssec-trigger-0.12-reshook.patch @@ -0,0 +1,34 @@ +diff --git a/riggerd/reshook.c b/riggerd/reshook.c +index c5e6250..f35d4af 100644 +--- a/riggerd/reshook.c ++++ b/riggerd/reshook.c +@@ -256,6 +256,9 @@ void hook_resolv_localhost(struct cfg* cfg) + win_set_resolv("127.0.0.1"); + #else /* not on windows */ + # ifndef HOOKS_OSX /* on Linux/BSD */ ++ if (system("/usr/libexec/dnssec-trigger-script --setup") == 0) ++ return; ++ + if(really_set_to_localhost(cfg)) { + /* already done, do not do it again, that would open + * a brief moment of mutable resolv.conf */ +@@ -281,6 +284,9 @@ void hook_resolv_iplist(struct cfg* cfg, struct probe_ip* list) + #if defined(HOOKS_OSX) || defined(USE_WINSOCK) + char iplist[10240]; + iplist[0] = 0; ++#else ++ if (system("/usr/libexec/dnssec-trigger-script --restore") == 0) ++ return; + #endif + set_to_localhost = 0; + if(cfg->noaction) +@@ -323,7 +329,8 @@ void hook_resolv_flush(struct cfg* cfg) + (void)cfg; + #ifdef HOOKS_OSX + /* dscacheutil on 10.5 an later, lookupd before that */ +- system("dscacheutil -flushcache || lookupd -flushcache"); ++ system("dscacheutil -flushcache || lookupd -flushcache || discoveryutil udnsflushcaches"); ++ system("discoveryutil mdnsflushcache"); + #elif defined(USE_WINSOCK) + win_run_cmd("ipconfig /flushdns"); + #else diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec index 237c06d..b5c2288 100644 --- a/dnssec-trigger.spec +++ b/dnssec-trigger.spec @@ -3,16 +3,17 @@ Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving Name: dnssec-trigger Version: 0.12 -Release: 15%{?dist} +Release: 16%{?dist} License: BSD Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/ Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz Source1: dnssec-trigger.conf Source2: dnssec-trigger.tmpfiles.d -# Fix dnssec-trigger-script (diff between 0.12 and what has been submitted to -# upstream) -# +# Most patches are just diffs of specific files between 0.12 release and the +# current upstream head. Sometimes the patch also includes code that has just +# been submitted upstream. + # Upstream often squashes our patches so it's more practical to use just one # patch. Please don't forget to submit the changes to upstream before # updating the patch. @@ -23,11 +24,17 @@ Source2: dnssec-trigger.tmpfiles.d # https://bugzilla.redhat.com/show_bug.cgi?id=842455 # https://bugzilla.redhat.com/show_bug.cgi?id=1111143 # https://bugzilla.redhat.com/show_bug.cgi?id=1112248 +# https://bugzilla.redhat.com/show_bug.cgi?id=1165126 +# https://bugzilla.redhat.com/show_bug.cgi?id=1125267 +# https://bugzilla.redhat.com/show_bug.cgi?id=1089766 Patch2: dnssec-trigger-0.12-nm-script.patch -# Fix dnssec-triggerd.service -# # https://bugzilla.redhat.com/show_bug.cgi?id=1112248 Patch3: dnssec-trigger-0.12-service.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1165126 +# https://bugzilla.redhat.com/show_bug.cgi?id=1125267 +Patch4: dnssec-trigger-0.12-reshook.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=824219 +Patch5: dnssec-trigger-0.12-probe.patch Requires(postun): initscripts Requires: ldns >= 1.6.10, NetworkManager-glib, unbound, xdg-utils @@ -145,6 +152,9 @@ fi %systemd_postun_with_restart %{name}d.service %changelog +* Tue Jan 20 2015 Pavel Šimerda - 0.12-16 +- Resolves: #1165126, #1125267, #1089766, #1112248, #824219 - update + * Sat Aug 16 2014 Fedora Release Engineering - 0.12-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild