|
|
6d7e7fa |
%global _hardened_build 1
|
|
|
bf7ee12 |
|
|
|
509bb75 |
#%%global snapshot 20150714
|
|
|
c44576a |
|
|
|
8bdd7d6 |
Summary: Tool for dynamic reconfiguration of validating resolver Unbound
|
|
|
9fcdf7c |
Name: dnssec-trigger
|
|
|
509bb75 |
Version: 0.17
|
|
|
6625e05 |
Release: %autorelease
|
|
|
afbbb0c |
License: BSD-3-clause AND MIT AND ISC
|
|
|
509bb75 |
Url: https://www.nlnetlabs.nl/projects/dnssec-trigger/
|
|
|
568ee12 |
|
|
|
509bb75 |
%if 0%{?snapshot:1}
|
|
|
c44576a |
# generated using './makedist.sh -s' in the cloned upstream trunk
|
|
|
509bb75 |
Source0: %{name}-%{version}_%{snapshot}.tar.gz
|
|
|
c44576a |
%else
|
|
|
509bb75 |
Source0: https://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
|
|
|
509bb75 |
Source1: https://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz.asc
|
|
|
509bb75 |
Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D#/wouter.asc
|
|
|
c44576a |
%endif
|
|
|
509bb75 |
Source3: dnssec-trigger.tmpfiles.d
|
|
|
c3df26f |
#Source4: dnssec-trigger-default.conf
|
|
|
c3df26f |
#Source5: dnssec-trigger-workstation.conf
|
|
|
0d30adf |
Source6: ssh_config.conf
|
|
|
6d7e7fa |
|
|
|
c44576a |
# Patches
|
|
|
c3df26f |
# Downstream changes to configuration
|
|
|
c3df26f |
Patch1: dnssec-trigger-config-workstation.patch
|
|
|
c3df26f |
# Downstream changes to configuration
|
|
|
c3df26f |
Patch2: dnssec-trigger-config-default.patch
|
|
|
0acdca4 |
Patch3: 0003-Move-the-NetworkManager-dispatcher-script-out-of-etc.patch
|
|
|
d87b323 |
# https://github.com/NLnetLabs/dnssec-trigger/pull/7
|
|
|
d87b323 |
Patch4: 0004-Add-options-edns0-and-trust-ad.patch
|
|
|
e3d1d48 |
Patch5: dnssec-trigger-configure-c99.patch
|
|
|
5cfc17c |
# https://github.com/NLnetLabs/dnssec-trigger/commit/f187c2be221a26f3c4ef4d9b16f1df67104ae634
|
|
|
5cfc17c |
Patch6: dnssec-trigger-0.17-allowed-characters.patch
|
|
|
d4b16b1 |
|
|
|
8bdd7d6 |
# to obsolete the version in which the panel was in main package
|
|
|
8bdd7d6 |
Obsoletes: %{name} < 0.12-22
|
|
|
8bdd7d6 |
Suggests: %{name}-panel
|
|
Pavel Šimerda |
41425b6 |
# Require a version of NetworkManager that doesn't forget to issue dhcp-change
|
|
Pavel Šimerda |
41425b6 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1112248
|
|
|
0acdca4 |
%if 0%{?rhel} >= 9 || 0%{?fedora} >= 31
|
|
|
0acdca4 |
Requires: NetworkManager >= 1.20
|
|
|
0acdca4 |
%elif 0%{?rhel} >= 7
|
|
Pavel Šimerda |
41425b6 |
Requires: NetworkManager >= 0.9.9.1-13
|
|
|
ac4b0ca |
%elif 0%{?fedora} >= 21
|
|
Pavel Šimerda |
41425b6 |
Requires: NetworkManager >= 0.9.9.95-1
|
|
Pavel Šimerda |
41425b6 |
%else
|
|
Pavel Šimerda |
41425b6 |
Requires: NetworkManager >= 0.9.9.0-40
|
|
Pavel Šimerda |
41425b6 |
%endif
|
|
|
ed9d0b1 |
Requires: ldns >= 1.6.10, NetworkManager-libnm, unbound
|
|
|
5406b2a |
# needed by /usr/sbin/dnssec-trigger-control-setup
|
|
|
5406b2a |
# otherwise it ends with error: /usr/sbin/dnssec-trigger-control-setup: line 180: openssl: command not found
|
|
|
5406b2a |
Requires: openssl
|
|
|
a4e54e9 |
# needed for /usr/bin/chattr
|
|
|
a4e54e9 |
Requires: e2fsprogs
|
|
|
aa02ab9 |
BuildRequires: openssl-devel, ldns-devel, python3-devel, gcc
|
|
|
ed9d0b1 |
BuildRequires: NetworkManager-libnm-devel
|
|
|
509bb75 |
%if 0%{?fedora} && ! 0%{?snapshot:1}
|
|
|
509bb75 |
BuildRequires: gnupg2
|
|
|
509bb75 |
%endif
|
|
|
9fcdf7c |
|
|
|
0c43f2e |
BuildRequires: systemd-rpm-macros
|
|
|
0c43f2e |
%{?systemd_ordering}
|
|
|
9fcdf7c |
|
|
|
9cf9994 |
# Provides Workstation specific configuration
|
|
|
9cf9994 |
# - No captive portal detection and no action available on Captive portal (No UI)
|
|
|
9cf9994 |
Provides: variant_config(Workstation)
|
|
|
9cf9994 |
|
|
|
9fcdf7c |
%description
|
|
|
8bdd7d6 |
dnssec-trigger reconfigures the local Unbound DNS server. Unbound is a
|
|
|
8bdd7d6 |
resolver performing DNSSEC validation. dnssec-trigger is a set of daemon
|
|
|
8bdd7d6 |
and script. On every network configuration change dnssec-trigger performs
|
|
|
8bdd7d6 |
set of tests and configures Unbound based on the current NetworkManager
|
|
|
8bdd7d6 |
configuration, its own configuration and results of performed tests.
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%package panel
|
|
|
8bdd7d6 |
Summary: Applet for interaction between the user and dnssec-trigger
|
|
|
8bdd7d6 |
Requires: %{name} = %{version}-%{release}
|
|
|
8bdd7d6 |
Obsoletes: %{name} < 0.12-22
|
|
|
8bdd7d6 |
Requires: xdg-utils
|
|
|
8bdd7d6 |
BuildRequires: gtk2-devel, desktop-file-utils
|
|
|
fdbf20d |
BuildRequires: make
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%description panel
|
|
|
8bdd7d6 |
This package provides the GTK panel for interaction between the user
|
|
|
8bdd7d6 |
and dnssec-trigger daemon. It is able to show the current state and
|
|
|
8bdd7d6 |
results of probing performed by dnssec-trigger daemon. Also in case
|
|
|
8bdd7d6 |
some user input is needed, the panel creates a dialog window.
|
|
|
8bdd7d6 |
|
|
|
9fcdf7c |
|
|
|
9fcdf7c |
%prep
|
|
|
509bb75 |
%if 0%{?fedora} && ! 0%{?snapshot:1}
|
|
|
509bb75 |
%gpgverify -d 0 -s 1 -k 2
|
|
|
509bb75 |
%endif
|
|
|
c3df26f |
%autosetup %{?snapshot:-n %{name}-%{version}_%{snapshot}} -N
|
|
|
c3df26f |
%autopatch -m 3 -p1
|
|
|
ed9d0b1 |
|
|
|
6d7e7fa |
# don't use DNSSEC for forward zones for now
|
|
|
6d7e7fa |
sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
|
|
|
9fcdf7c |
|
|
|
8bdd7d6 |
|
|
|
9fcdf7c |
%build
|
|
|
e6bfbb9 |
%configure \
|
|
|
8bdd7d6 |
--with-keydir=%{_sysconfdir}/dnssec-trigger \
|
|
|
e6bfbb9 |
--with-hooks=networkmanager \
|
|
|
0acdca4 |
%if 0%{?rhel} < 9 && 0%{?fedora} < 31
|
|
|
0acdca4 |
--with-networkmanager-dispatch=%{_sysconfdir}/NetworkManager/dispatcher.d \
|
|
|
0acdca4 |
%endif
|
|
|
8bdd7d6 |
--with-python=%{__python3} \
|
|
|
97da47c |
--with-pidfile=%{_rundir}/%{name}d.pid \
|
|
|
581364d |
--with-login-command=%{_bindir}/xdg-open \
|
|
|
581364d |
--with-login-location="http://hotspot-nocache.fedoraproject.org/"
|
|
|
581364d |
|
|
|
581364d |
# hotspot-nocache should have TTL=0
|
|
|
e6bfbb9 |
|
|
|
afbbb0c |
%make_build
|
|
|
9fcdf7c |
|
|
|
c3df26f |
%autopatch -p1 2
|
|
|
c3df26f |
cp -p example.conf dnssec-trigger-workstation.conf
|
|
|
c3df26f |
%autopatch -p1 1
|
|
|
c3df26f |
|
|
|
8bdd7d6 |
|
|
|
9fcdf7c |
%install
|
|
|
afbbb0c |
# https://github.com/NLnetLabs/dnssec-trigger/pull/13
|
|
|
afbbb0c |
install -d -m 0755 %{buildroot}%{_libexecdir}
|
|
|
afbbb0c |
%make_install
|
|
|
8bdd7d6 |
|
|
|
9fcdf7c |
install -d 0755 %{buildroot}%{_unitdir}
|
|
|
c3df26f |
install -p -m 0644 example.conf %{buildroot}%{_sysconfdir}/%{name}/dnssec-trigger-default.conf
|
|
|
c3df26f |
install -p -m 0644 dnssec-trigger-workstation.conf %{buildroot}%{_sysconfdir}/%{name}/
|
|
|
f644e8e |
|
|
|
9fcdf7c |
desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
|
|
|
e238d36 |
|
|
|
937e23b |
# install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir
|
|
|
937e23b |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
509bb75 |
install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf
|
|
|
937e23b |
# we must create the /var/run/dnssec-trigger directory
|
|
|
937e23b |
mkdir -p %{buildroot}%{_localstatedir}/run
|
|
|
937e23b |
install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
|
|
|
937e23b |
|
|
|
e238d36 |
# supress the panel name everywhere including the gnome3 panel at the bottom
|
|
|
e238d36 |
ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger
|
|
|
9fcdf7c |
|
|
Adam Tkac |
b1de641 |
# Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-*
|
|
Adam Tkac |
b1de641 |
# executables
|
|
Adam Tkac |
b1de641 |
for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do
|
|
|
afbbb0c |
ln -s dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8
|
|
Adam Tkac |
b1de641 |
done
|
|
|
afbbb0c |
ln -s dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8
|
|
Adam Tkac |
b1de641 |
|
|
|
0d30adf |
install -d -m 0755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d
|
|
|
0d30adf |
install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%post
|
|
|
8bdd7d6 |
%systemd_post %{name}d.service
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%preun
|
|
|
8bdd7d6 |
%systemd_preun %{name}d.service
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%postun
|
|
|
8bdd7d6 |
%systemd_postun_with_restart %{name}d.service
|
|
|
8bdd7d6 |
|
|
|
9cf9994 |
%posttrans
|
|
|
9cf9994 |
# If we don't yet have a symlink or existing file for dnssec-trigger.conf,
|
|
|
9cf9994 |
# create it..
|
|
|
9cf9994 |
if [ ! -e %{_sysconfdir}/%{name}/dnssec-trigger.conf ]; then
|
|
|
9cf9994 |
# Import /etc/os-release to get the variant definition
|
|
|
9cf9994 |
. /etc/os-release || :
|
|
|
9cf9994 |
|
|
|
9cf9994 |
case "$VARIANT_ID" in
|
|
|
9cf9994 |
workstation)
|
|
|
9cf9994 |
ln -sf %{name}-workstation.conf %{_sysconfdir}/%{name}/dnssec-trigger.conf || :
|
|
|
9cf9994 |
;;
|
|
|
9cf9994 |
*)
|
|
|
9cf9994 |
ln -sf %{name}-default.conf %{_sysconfdir}/%{name}/dnssec-trigger.conf || :
|
|
|
9cf9994 |
;;
|
|
|
9cf9994 |
esac
|
|
|
9cf9994 |
fi
|
|
|
9cf9994 |
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%files
|
|
|
8bdd7d6 |
%license LICENSE
|
|
|
8bdd7d6 |
%doc README
|
|
|
8bdd7d6 |
%{_bindir}/dnssec-trigger
|
|
|
8bdd7d6 |
%{_sbindir}/dnssec-trigger*
|
|
|
8bdd7d6 |
%{_libexecdir}/dnssec-trigger-script
|
|
|
9fcdf7c |
%{_unitdir}/%{name}d.service
|
|
|
9fcdf7c |
%{_unitdir}/%{name}d-keygen.service
|
|
|
0acdca4 |
%if 0%{?rhel} >= 9 || 0%{?fedora} >= 31
|
|
|
0acdca4 |
%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/01-dnssec-trigger
|
|
|
0acdca4 |
%else
|
|
|
6d7e7fa |
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger
|
|
|
0acdca4 |
%endif
|
|
|
aadb7cd |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf
|
|
|
9cf9994 |
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
|
|
|
9cf9994 |
%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf
|
|
|
9cf9994 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-default.conf
|
|
|
9cf9994 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-workstation.conf
|
|
|
0d30adf |
%attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d
|
|
|
6a16b9b |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf
|
|
|
937e23b |
%dir %{_localstatedir}/run/%{name}
|
|
|
937e23b |
%{_tmpfilesdir}/%{name}.conf
|
|
|
8bdd7d6 |
%{_mandir}/man8/dnssec-trigger*
|
|
|
8bdd7d6 |
|
|
|
8bdd7d6 |
%files panel
|
|
|
9fcdf7c |
%{_bindir}/dnssec-trigger-panel
|
|
|
9fcdf7c |
%attr(0755,root,root) %dir %{_datadir}/%{name}
|
|
|
9fcdf7c |
%attr(0644,root,root) %{_datadir}/%{name}/*
|
|
|
9fcdf7c |
%attr(0644,root,root) %{_datadir}/applications/dnssec-trigger-panel.desktop
|
|
|
8bdd7d6 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop
|
|
|
9fcdf7c |
|
|
|
9fcdf7c |
|
|
|
9fcdf7c |
%changelog
|
|
|
6625e05 |
%autochangelog
|