%global _hardened_build 1
Summary: Fast and lean authoritative DNS Name Server
Name: nsd
Version: 3.2.18
Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Source1: nsd.service
Source2: nsd.cron
Source3: nsd.sysconfig
Source4: tmpfiles-nsd.conf
Patch0: nsd-install.patch
Group: System Environment/Daemons
BuildRequires: flex, openssl-devel
BuildRequires: systemd-units
Requires(post): systemd-sysv
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(pre): shadow-utils
%description
NSD is a complete implementation of an authoritative DNS name server.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution
(thanks to Olaf).
%prep
%setup -q
%patch0 -p1 -b .install
%build
export CFLAGS="$RPM_OPT_FLAGS -fPIE -Wformat-nonliteral -Wformat-security"
export LDFLAGS="-pie -Wl,-z,relro,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
%configure --enable-bind8-stats --enable-checking --enable-nsec3 \
--with-pidfile=/run/%{name}/%{name}.pid --with-ssl \
--with-user=nsd --with-difffile=%{_localstatedir}/lib/%{name}/ixfr.db \
--with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \
--with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db \
--enable-ratelimit --with-max-ips=1024
%{__make} %{?_smp_mflags}
#convert to utf8
iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8
iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8
mv -f doc/RELNOTES.utf8 doc/RELNOTES
mv -f doc/CREDITS.utf8 doc/CREDITS
%install
%{__make} DESTDIR=%{buildroot} install
mkdir -p %{buildroot}%{_unitdir}
install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.hourly
install -c -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.hourly/nsd
install -m 0755 %{SOURCE1} %{buildroot}/%{_unitdir}/nsd.service
install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/%{name}
install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/tmpfiles.d/nsd.conf
# change .sample to normal config files
head -76 %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample > %{buildroot}%{_sysconfdir}/nsd/nsd.conf
rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample
echo "database: /var/lib/nsd/nsd.db" >> %{buildroot}%{_sysconfdir}/nsd/nsd.conf
echo "# include: \"/some/path/file\"" >> %{buildroot}%{_sysconfdir}/nsd/nsd.conf
%files
%doc doc/*
%doc contrib/nsd.zones2nsd.conf
%dir %{_sysconfdir}/nsd/
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/nsd/nsd.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/nsd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tmpfiles.d/nsd.conf
%attr(0644,root,root) %{_unitdir}/%{name}.service
%{_sysconfdir}/cron.hourly/nsd
%attr(0755,nsd,nsd) %dir /run/%{name}
%attr(0755,%{name},%{name}) %dir %{_localstatedir}/lib/%{name}
%{_sbindir}/*
%{_mandir}/*/*
%pre
getent group nsd >/dev/null || groupadd -r nsd
getent passwd nsd >/dev/null || \
useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \
-c "nsd daemon account" nsd
exit 0
%post
%systemd_post nsd.service
%preun
%systemd_preun nsd.service
%postun
%systemd_postun_with_restart nsd.service
%triggerun -- nsd < 3.2.8-6
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply nsd
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save nsd >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del nsd >/dev/null 2>&1 || :
/bin/systemctl try-restart nsd.service >/dev/null 2>&1 || :
%changelog
* Mon Jul 28 2014 Paul Wouters <pwouters@redhat.com> - 3.2.18-1
- Updated to 3.2.18 - improved TXT parsing, new NSID option
- Fix nsd.service daemonize option (rhbz#1089505)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Mar 30 2014 Paul Wouters <pwouters@redhat.com> - 3.2.17-1
- Updated to 3.2.17
- Added --with-max-ips=1024
- Removed merged in patch
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.15-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Apr 18 2013 Paul Wouters <pwouters@redhat.com> - 3.2.15-4
- Enable hardened build
- rhbz#850231 - Introduce new systemd-rpm macros in nsd spec file
- Added -D option to nsd to allow us to use systemd service Type=simple
- Switch from Fork to Simple systemd service
- Use /run and not /var/run for pid
- The cronjon now uses systemctl reload, which also triggers notifies
(should speed up notifications to secondaries)
* Mon Mar 25 2013 Peter Robinson <pbrobinson@fedoraproject.org> 3.2.15-3
- Bump so rawhide/F19 has bigger NVR that older releases
* Mon Feb 04 2013 Paul Wouters <pwouters@redhat.com> - 3.2.15-1
- Updates to 3.2.15 which contains rate limit code
(fixes rhbz#842036 - nsd fails to start in fips mode)
* Fri Nov 23 2012 Paul Wouters <pwouters@redhat.com> - 3.2.14-2
- Updated to 3.2.14 with minor bugfixes and TCP writev support
- Only run nsdc rebuild hourly cronjob when nsd service is running
* Fri Jul 27 2012 Paul Wouters <pwouters@redhat.com> - 3.2.13-1
- Updated to 3.2.13, addresses VU#517036 CVE-2012-2979
(note Fedora/EPEL packages are not vulnerable to this)
* Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 3.2.12-2
- Add /var/run/nsd via tmpfiles (rhbz#842021)
* Thu Jul 19 2012 Paul Wouters <pwouters@redhat.com> - 3.2.12-1
- Upgraded to 3.2.12 which fixes CVE-2012-2978 (rhbz#841268)
* Mon Jul 16 2012 Paul Wouters <pwouters@redhat.com> - 3.2.11-1
- Updated to 3.2.11
- Remove execute perm from unitdir file
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 29 2011 Paul Wouters <paul@xelerance.com> - 3.2.9-2
- Change spec and initscript to chown /var/run/nsd to nsd user to work around
the "nsdc restart" problem where it cannot update its own pid file
* Sun Nov 27 2011 Paul Wouters <paul@xelerance.com> - 3.2.9-1
- Updated to 3.2.9
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 3.2.8-7
- fix tmpfiles.d creation of /var/run/nsd to be owned by root
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 3.2.8-6
- convert to systemd, tmpfiles.d
* Fri Jun 3 2011 Paul Wouters <paul@xelerance.com> - 3.2.8-5
- fix /var/run/nsd to be owned by root, not nsd
* Fri Jun 3 2011 Tuomo Soini <tis@foobar.fi> - 3.2.8-4
- fix init status to work as expected (bz#525107)
- fix nsd.conf and nsd.conf.5 to have correct logfile
- fix nsd.init syntax error by piddir change
- fix initscript to create /var/run/nsd if missing (bz#710376)
* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 3.2.8-1
- updated to 3.2.8
* Wed Mar 09 2011 Paul Wouters <paul@xelerance.com> - 3.2.7-5
- Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD
- Fix for init script properly returning OK/Failed (bz#535107) by Noa Resare
- Add ghost directive to /var/run/nsd (bz#656642)
- Bump release for EVR
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Feb 03 2011 Paul Wouters <paul@xelerance.com> - 3.2.7-1
- Updated to 3.2.7
* Mon Aug 02 2010 Paul Wouters <paul@xelerance.com> - 3.2.6-1
- Updated to 3.2.6
- Removed obsolete --enable-nsid
* Wed Jan 06 2010 Paul Wouters <paul@xelerance.com> - 3.2.4-1
- Updated to nsd 3.2.4
* Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 3.2.3-4
- Incorporated Ville Mattila's fixes to nsd.cron
- Support for NSD_AUTOREBUILD in /etc/sysconfig/nsd [Ville]
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 3.2.3-3
- rebuilt with new openssl
* Thu Aug 20 2009 Ville Mattila <vmattila@csc.fi> - 3.2.3-2
- The 'nsdc patch' and 'nsdc rebuild' commands wrote a %%1 file by mistake
* Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 3.2.3-1
-Updated to version 3.2.3
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jun 06 2009 Paul Wouters <paul@xelerance.com> - 3.2.2-3
- Fixed /dev/nul which cause a file \%%1 to be written by cron
- Bump for EVR.
* Mon May 18 2009 Paul Wouters <paul@xelerance.com> - 3.2.2-1
- Upgraded to 3.2.2 security release
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
* Thu Apr 09 2009 Ville Mattila <vmattila@csc.fi> - 3.2.1-6
- Make various file paths used by the nsd.init script configurable
from /etc/sysconfig/nsd.
- Add template /etc/sysconfig/nsd.
* Sun Mar 08 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-5
- nsd used the 'named' subsystem in one call in the init script
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Jan 26 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-3
- Fix init script 'unary operator' error.
* Mon Jan 26 2009 Paul Wouters <paul@xelerance.com> - 3.2.1-1
- Updated to new version 3.2.1
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 3.2.0-4
- rebuild with new openssl
* Mon Nov 24 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-3
- Updates summary as per Richard Hughes guidelines
* Mon Nov 10 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-2
- Bump version after pre-release version correction.
* Mon Nov 10 2008 Paul Wouters <paul@xelerance.com> - 3.2.0-1
- 3.2.0-1
* Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 3.1.1-1
- updated to 3.1.1
* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 3.1.0-2
- fix license tag
- fix static user creation
* Mon Jun 30 2008 Paul Wouters <paul@xelerance.com> - 3.1.0-1
- Updated to 3.1.0
* Tue May 6 2008 Paul Wouters <paul@xelerance.com> - 3.0.8-2
- Fix /dev/null redirection [Venkatesh Krishnamurthi]
* Tue May 6 2008 Paul Wouters <paul@xelerance.com> - 3.0.8-1
- Updated to 3.0.8
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.0.7-3
- Autorebuild for GCC 4.3
* Wed Dec 5 2007 Paul Wouters <paul@xelerance.com> - 3.0.7-2
- Rebuild for new libcrypto
* Tue Nov 13 2007 Paul Wouters <paul@xelerance.com> - 3.0.7-1
- Updated to new version
- fix RELNOTES/README to be utf8
- Fix path to nsd.db in cron job.
* Thu Nov 8 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-7
- Modified cron to only rebuild/reload when zone updates
have been received
* Wed Nov 7 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-6
- Added hourly cron job to do various maintenance tasks
- Added nsd rebuild to create the proper nsd.db file on startup
- Added nsd patch on shutdown to ensure zonefiles are up to date
* Tue Oct 2 2007 Paul Wouters <paul@xelerance.com> - 3.0.6-5
- nsdc update and nsdc notify are no longer needed in initscript.
* Mon Sep 24 2007 Jesse Keating <jkeating@redhat.com> - 3.0.6-4
- Bump release for upgrade path.
* Fri Sep 14 2007 Paul Wouters <paul@xelerance.com> 3.0.6-3
- Do not include examples from nsd.conf.sample that causes
bogus network traffic.
* Fri Sep 14 2007 Paul Wouters <paul@xelerance.com> 3.0.6-2
- Change locations of ixfr.db and xfrd.state to /var/lib/nsd
- Enable NSEC3
- Delay running nsdc update until after nsd has started
- Delete xfrd.state on nsd stop
- Run nsdc notify in the background, since it can take
a very long time when remote servers are unavailable.
* Tue Sep 11 2007 Paul Wouters <paul@xelerance.com> 3.0.6-1
- Upgraded to 3.0.6
- Do not include bind2nsd, since it didn't compile for me
* Fri Jul 13 2007 Paul Wouters <paul@xelerance.com> 3.0.5-2
- Fix init script, bug #245546
* Fri Mar 23 2007 Paul Wouters <paul@xelerance.com> 3.0.5-1
- Upgraded to 3.0.5
* Thu Dec 7 2006 Paul Wouters <paul@xelerance.com> 3.0.3-1
- Upgraded to 3.0.3
* Mon Nov 27 2006 Paul Wouters <paul@xelerance.com> 3.0.2-1
- Upgraded to 3.0.2.
- Use new configuration file nsd.conf. Still needs migration script.
patch from Farkas Levente <lfarkas@bppiac.hu>
* Mon Oct 16 2006 Paul Wouters <paul@xelerance.com> 2.3.6-2
- Bump version for upgrade path
* Thu Oct 12 2006 Paul Wouters <paul@xelerance.com> 2.3.6-1
- Upgraded to 2.3.6
- Removed obsolete workaround in nsd.init
- Fixed spec file so daemon gets properly restarted on upgrade
* Mon Sep 11 2006 Paul Wouters <paul@xelerance.com> 2.3.5-4
- Rebuild requested for PT_GNU_HASH support from gcc
- Removed dbaccess.c from doc section
* Mon Jun 26 2006 Paul Wouters <paul@xelerance.com> - 2.3.5-3
- Bump version for FC-x upgrade path
* Mon Jun 26 2006 Paul Wouters <paul@xelerance.com> - 2.3.5-1
- Upgraded to nsd-2.3.5
* Sun May 7 2006 Paul Wouters <paul@xelerance.com> - 2.3.4-3
- Upgraded to nsd-2.3.4.
- Removed manual install targets because DESTDIR is now supported
- Re-enabled --checking, checking patch no longer needed and removed.
- Work around in nsd.init for nsd failing to start when there is no ipv6
* Thu Dec 15 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-7
- chkconfig and attribute changes as proposed by Dmitry Butskoy
* Thu Dec 15 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-6
- Moved pid file to /var/run/nsd/nsd.pid.
- Use _localstatedir instead of "/var"
* Tue Dec 13 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-5
- Added BuildRequires for openssl-devel, removed Requires for openssl.
* Mon Dec 12 2005 Paul Wouters <paul@xelerance.com> - 2.3.3-4
- upgraded to nsd-2.3.3
* Wed Dec 7 2005 Tom "spot" Callaway <tcallawa@redhat.com> - 2.3.2-2
- minor cleanups
* Mon Dec 5 2005 Paul Wouters <paul@xelerance.com> - 2.3.2-1
- Upgraded to 2.3.2. Changed post scripts to comply to Fedora
Extras policies (eg do not start daemon on fresh install)
* Tue Oct 4 2005 Paul Wouters <paul@xelerance.com> - 2.3.1-1
- Initial version