%global _hardened_build 1 #%%global snapshot 20150714 Summary: Tool for dynamic reconfiguration of validating resolver Unbound Name: dnssec-trigger Version: 0.17 Release: %autorelease License: BSD-3-clause AND MIT AND ISC Url: https://www.nlnetlabs.nl/projects/dnssec-trigger/ %if 0%{?snapshot:1} # generated using './makedist.sh -s' in the cloned upstream trunk Source0: %{name}-%{version}_%{snapshot}.tar.gz %else Source0: https://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz Source1: https://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz.asc Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D#/wouter.asc %endif Source3: dnssec-trigger.tmpfiles.d #Source4: dnssec-trigger-default.conf #Source5: dnssec-trigger-workstation.conf Source6: ssh_config.conf # Patches # Downstream changes to configuration Patch1: dnssec-trigger-config-workstation.patch # Downstream changes to configuration Patch2: dnssec-trigger-config-default.patch Patch3: 0003-Move-the-NetworkManager-dispatcher-script-out-of-etc.patch # https://github.com/NLnetLabs/dnssec-trigger/pull/7 Patch4: 0004-Add-options-edns0-and-trust-ad.patch Patch5: dnssec-trigger-configure-c99.patch # https://github.com/NLnetLabs/dnssec-trigger/commit/f187c2be221a26f3c4ef4d9b16f1df67104ae634 Patch6: dnssec-trigger-0.17-allowed-characters.patch # to obsolete the version in which the panel was in main package Obsoletes: %{name} < 0.12-22 Suggests: %{name}-panel # Require a version of NetworkManager that doesn't forget to issue dhcp-change # https://bugzilla.redhat.com/show_bug.cgi?id=1112248 %if 0%{?rhel} >= 9 || 0%{?fedora} >= 31 Requires: NetworkManager >= 1.20 %elif 0%{?rhel} >= 7 Requires: NetworkManager >= 0.9.9.1-13 %elif 0%{?fedora} >= 21 Requires: NetworkManager >= 0.9.9.95-1 %else Requires: NetworkManager >= 0.9.9.0-40 %endif Requires: ldns >= 1.6.10, NetworkManager-libnm, unbound # needed by /usr/sbin/dnssec-trigger-control-setup # otherwise it ends with error: /usr/sbin/dnssec-trigger-control-setup: line 180: openssl: command not found Requires: openssl # needed for /usr/bin/chattr Requires: e2fsprogs BuildRequires: openssl-devel, ldns-devel, python3-devel, gcc BuildRequires: NetworkManager-libnm-devel %if 0%{?fedora} && ! 0%{?snapshot:1} BuildRequires: gnupg2 %endif BuildRequires: systemd-rpm-macros %{?systemd_ordering} # Provides Workstation specific configuration # - No captive portal detection and no action available on Captive portal (No UI) Provides: variant_config(Workstation) %description dnssec-trigger reconfigures the local Unbound DNS server. Unbound is a resolver performing DNSSEC validation. dnssec-trigger is a set of daemon and script. On every network configuration change dnssec-trigger performs set of tests and configures Unbound based on the current NetworkManager configuration, its own configuration and results of performed tests. %package panel Summary: Applet for interaction between the user and dnssec-trigger Requires: %{name} = %{version}-%{release} Obsoletes: %{name} < 0.12-22 Requires: xdg-utils BuildRequires: gtk2-devel, desktop-file-utils BuildRequires: make %description panel This package provides the GTK panel for interaction between the user and dnssec-trigger daemon. It is able to show the current state and results of probing performed by dnssec-trigger daemon. Also in case some user input is needed, the panel creates a dialog window. %prep %if 0%{?fedora} && ! 0%{?snapshot:1} %gpgverify -d 0 -s 1 -k 2 %endif %autosetup %{?snapshot:-n %{name}-%{version}_%{snapshot}} -N %autopatch -m 3 -p1 # don't use DNSSEC for forward zones for now sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf %build %configure \ --with-keydir=%{_sysconfdir}/dnssec-trigger \ --with-hooks=networkmanager \ %if 0%{?rhel} < 9 && 0%{?fedora} < 31 --with-networkmanager-dispatch=%{_sysconfdir}/NetworkManager/dispatcher.d \ %endif --with-python=%{__python3} \ --with-pidfile=%{_rundir}/%{name}d.pid \ --with-login-command=%{_bindir}/xdg-open \ --with-login-location="http://hotspot-nocache.fedoraproject.org/" # hotspot-nocache should have TTL=0 %make_build %autopatch -p1 2 cp -p example.conf dnssec-trigger-workstation.conf %autopatch -p1 1 %install # https://github.com/NLnetLabs/dnssec-trigger/pull/13 install -d -m 0755 %{buildroot}%{_libexecdir} %make_install install -d 0755 %{buildroot}%{_unitdir} install -p -m 0644 example.conf %{buildroot}%{_sysconfdir}/%{name}/dnssec-trigger-default.conf install -p -m 0644 dnssec-trigger-workstation.conf %{buildroot}%{_sysconfdir}/%{name}/ desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop # install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir mkdir -p %{buildroot}%{_tmpfilesdir} install -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf # we must create the /var/run/dnssec-trigger directory mkdir -p %{buildroot}%{_localstatedir}/run install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name} # supress the panel name everywhere including the gnome3 panel at the bottom ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger # Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-* # executables for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do ln -s dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8 done ln -s dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8 install -d -m 0755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d install -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf %post %systemd_post %{name}d.service %preun %systemd_preun %{name}d.service %postun %systemd_postun_with_restart %{name}d.service %posttrans # If we don't yet have a symlink or existing file for dnssec-trigger.conf, # create it.. if [ ! -e %{_sysconfdir}/%{name}/dnssec-trigger.conf ]; then # Import /etc/os-release to get the variant definition . /etc/os-release || : case "$VARIANT_ID" in workstation) ln -sf %{name}-workstation.conf %{_sysconfdir}/%{name}/dnssec-trigger.conf || : ;; *) ln -sf %{name}-default.conf %{_sysconfdir}/%{name}/dnssec-trigger.conf || : ;; esac fi %files %license LICENSE %doc README %{_bindir}/dnssec-trigger %{_sbindir}/dnssec-trigger* %{_libexecdir}/dnssec-trigger-script %{_unitdir}/%{name}d.service %{_unitdir}/%{name}d-keygen.service %if 0%{?rhel} >= 9 || 0%{?fedora} >= 31 %attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/01-dnssec-trigger %else %attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger %endif %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf %attr(0755,root,root) %dir %{_sysconfdir}/%{name} %attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-default.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger-workstation.conf %attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/10-%{name}.conf %dir %{_localstatedir}/run/%{name} %{_tmpfilesdir}/%{name}.conf %{_mandir}/man8/dnssec-trigger* %files panel %{_bindir}/dnssec-trigger-panel %attr(0755,root,root) %dir %{_datadir}/%{name} %attr(0644,root,root) %{_datadir}/%{name}/* %attr(0644,root,root) %{_datadir}/applications/dnssec-trigger-panel.desktop %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop %changelog %autochangelog