%if 0%{?fedora} || 0%{?rhel} >= 7 %bcond_without systemd # enabled systemd %else %bcond_with systemd # disabled systemd %endif Summary: Fast and lean authoritative DNS Name Server Name: nsd Version: 4.1.10 Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/nsd/ Group: System Environment/Daemons Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?prever}.tar.gz Source1: nsd.conf %if %{with systemd} Source2: nsd.service Source3: nsd-keygen.service Source4: nsd-write.service Source5: nsd-write.timer Source6: tmpfiles-nsd.conf %else Source10: nsd.init Source12: nsd.sysconfig %endif BuildRequires: flex BuildRequires: openssl-devel BuildRequires: libevent-devel Requires(pre): shadow-utils %if %{with systemd} BuildRequires: systemd-units Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units %else Group: System Environment/Daemons Requires(post): /sbin/chkconfig Requires(preun): /sbin/service Requires(preun): /sbin/chkconfig Requires(postun): /sbin/service %endif %global _hardened_build 1 %description NSD is a complete implementation of an authoritative DNS name server. For further information about what NSD is and what NSD is not please consult the REQUIREMENTS document which is a part of this distribution. %prep %setup -q -n %{name}-%{version}%{?prever} %build CFLAGS="%{optflags} -fPIE -pie" LDFLAGS="-Wl,-z,relro,-z,now" export CFLAGS LDFLAGS %configure \ --enable-bind8-stats \ --enable-checking \ --enable-nsec3 \ --with-pidfile=%{_localstatedir}/run/nsd/nsd.pid \ --with-ssl \ --with-user=nsd \ --with-xfrdfile=%{_sharedstatedir}/nsd/ixfr.state \ --with-dbfile=%{_sharedstatedir}/nsd/nsd.db \ --enable-ratelimit \ --with-max-ips=1024 make %{?_smp_mflags} iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8 iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8 mv -f doc/RELNOTES.utf8 doc/RELNOTES mv -f doc/CREDITS.utf8 doc/CREDITS %install make DESTDIR=%{buildroot} install %if %{with systemd} mkdir -p %{buildroot}%{_unitdir} install -m 0644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} \ %{buildroot}%{_unitdir} mkdir -p %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/nsd.conf %else mkdir -p %{buildroot}%{_initddir} install -m 0755 %{SOURCE10} %{buildroot}%{_initddir}/nsd mkdir -p %{buildroot}%{_sysconfdir}/sysconfig install -m 0755 %{SOURCE12} %{buildroot}%{_sysconfdir}/sysconfig/nsd %endif mkdir -p %{buildroot}%{_localstatedir}/run/nsd mkdir -p %{buildroot}%{_sharedstatedir}/nsd # Install ghost files for name in control server; do for extension in key pem; do touch %{buildroot}%{_sysconfdir}/nsd/nsd_${name}.${extension} done done # Take care of the configuration mkdir -p %{buildroot}%{_sysconfdir}/nsd/conf.d mkdir -p %{buildroot}%{_sysconfdir}/nsd/server.d install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/nsd/nsd.conf rm %{buildroot}%{_sysconfdir}/nsd/nsd.conf.sample %files %doc doc/* %doc contrib/nsd.zones2nsd.conf %dir %{_sysconfdir}/nsd %config(noreplace) %{_sysconfdir}/nsd/nsd.conf %attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_server.key %attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_server.pem %attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_control.key %attr(0640,root,nsd) %ghost %{_sysconfdir}/nsd/nsd_control.pem %dir %{_sysconfdir}/nsd/conf.d %dir %{_sysconfdir}/nsd/server.d %if %{with systemd} %attr(0644,root,root) %{_unitdir}/nsd.service %attr(0644,root,root) %{_unitdir}/nsd-keygen.service %attr(0644,root,root) %{_unitdir}/nsd-write.service %attr(0644,root,root) %{_unitdir}/nsd-write.timer %attr(0644,root,root) %{_tmpfilesdir}/nsd.conf %else %attr(0755,root,root) %{_initddir}/nsd %config(noreplace) %{_sysconfdir}/sysconfig/nsd %endif %attr(0755,nsd,nsd) %dir %{_localstatedir}/run/nsd %attr(0750,nsd,nsd) %dir %{_sharedstatedir}/nsd %{_sbindir}/* %{_mandir}/*/* %pre getent group nsd >/dev/null || groupadd -r nsd getent passwd nsd >/dev/null || \ useradd -r -g nsd -d /etc/nsd -s /sbin/nologin \ -c "nsd daemon account" nsd exit 0 %post %if %{with systemd} %systemd_post nsd.service %systemd_post nsd-keygen.serivce %else /sbin/chkconfig --add nsd %endif %preun %if %{with systemd} %systemd_preun nsd.service %systemd_preun nsd-keygen.serivce %else if [ "$1" -eq 0 ]; then /sbin/service nsd stop >/dev/null 2>&1 /sbin/chkconfig --del nsd fi %endif %postun %if %{with systemd} %systemd_postun_with_restart nsd.service %systemd_postun nsd-keygen.service %else if [ "$1" -ge 1 ]; then /sbin/service nsd condrestart >/dev/null 2>&1 || : fi %endif %triggerin -- nsd < 4.0.0-0 chown nsd:nsd %{_sharedstatedir}/nsd/* 2>&1 || : %changelog * Wed Jun 15 2016 Fabio Alessandro Locati - 4.1.10-1 - Update to 4.1.10 * Tue Mar 15 2016 Paul Wouters - 4.1.9-1 - Update to 4.1.9 which fixes restart failures on nsd.db change * Sat Mar 12 2016 Fabio Alessandro Locati - 4.1.8-1 - Update to 4.1.8 * Thu Feb 04 2016 Fedora Release Engineering - 4.1.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jan 20 2016 Paul Wouters - 4.1.7-4 - Remove cronjob and enable zonefiles-write: in nsd.conf instead - Do not manually run nsd-control notify - daemon already does when needed - Do not remove xfrd.state state information * Mon Dec 28 2015 Paul Wouters - 4.1.7-3 - Removed Mass rebuild changelogs causing chronological order error - Bump EVR required due to epel7 build * Sun Dec 27 2015 Tuomo Soini - 4.1.7-2 - Enable PrivateTmp for nsd.service - Rename /etc/nsd/local.d/ to /etc/nsd/server.d/ - Add /etc/nsd/local.d for local server config - Add ghost entries for nsd_control and nsd_server key and certificate - Fix sysv init script by removing nsd3 specific NSDC_PROG options - Use signals whenever possible instead of using nsd-control - Use cron script on sysvinit systems only - Add nsd-write.service and nsd-write.timer (not enabled by default) - Remove old options from /etc/sysconfig/nsd - Install /etc/sysconfig/nsd on sysvinit systems only - Remove all example files from /etc/nsd/conf.d/ - don't belong to package - Add nsd-keygen.service to generate nsd-control keys - Add creation of nsd_control.key to nsd.init - nsd.service depends on nsd-keygen.service - Change nsd.service to use KillMode=mixed - Add triggerin for older nsd package to chown /var/lib/nsd/* - Update nsd.conf from upstream and add nsd-control section * Sun Dec 20 2015 Fabio Alessandro Locati - 4.1.7-1 - Update to last upstream - Multiple tests and fixes * Wed Jun 17 2015 Fedora Release Engineering - 3.2.18-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat Apr 11 2015 Paul Wouters - 4.1.1-1 - Updated to 4.1.1 - Updated cron job for new nsd-control - Updated nsd.conf - Updated nsd init script for use of nsd-control - Renamed --max_interfaces to --max-ips - Added BuildRequires for libevent-devel - Fix buglet in nsd user creation's exit command - Create nsd4 remote-control pem files for nsd-control - chown /var/lib/nsd/nsd.db to the nsd user required for nsd4 - Add logrotate support * Sun Aug 17 2014 Fedora Release Engineering - 3.2.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jul 28 2014 Paul Wouters - 3.2.18-1 - Updated to 3.2.18 - improved TXT parsing, new NSID option - Fix nsd.service daemonize option (rhbz#1089505) * Sun Mar 30 2014 Paul Wouters - 3.2.17-1 - Updated to 3.2.17 - Added --with-max-ips=1024 - Removed merged in patch * Thu Apr 18 2013 Paul Wouters - 3.2.15-4 - Enable hardened build - rhbz#850231 - Introduce new systemd-rpm macros in nsd spec file - Added -D option to nsd to allow us to use systemd service Type=simple - Switch from Fork to Simple systemd service - Use /run and not /var/run for pid - The cronjon now uses systemctl reload, which also triggers notifies (should speed up notifications to secondaries) * Mon Mar 25 2013 Peter Robinson 3.2.15-3 - Bump so rawhide/F19 has bigger NVR that older releases * Mon Feb 04 2013 Paul Wouters - 3.2.15-1 - Updates to 3.2.15 which contains rate limit code (fixes rhbz#842036 - nsd fails to start in fips mode) * Fri Nov 23 2012 Paul Wouters - 3.2.14-2 - Updated to 3.2.14 with minor bugfixes and TCP writev support - Only run nsdc rebuild hourly cronjob when nsd service is running * Fri Jul 27 2012 Paul Wouters - 3.2.13-1 - Updated to 3.2.13, addresses VU#517036 CVE-2012-2979 (note Fedora/EPEL packages are not vulnerable to this) * Mon Jul 23 2012 Paul Wouters - 3.2.12-2 - Add /var/run/nsd via tmpfiles (rhbz#842021) * Thu Jul 19 2012 Paul Wouters - 3.2.12-1 - Upgraded to 3.2.12 which fixes CVE-2012-2978 (rhbz#841268) * Mon Jul 16 2012 Paul Wouters - 3.2.11-1 - Updated to 3.2.11 - Remove execute perm from unitdir file * Fri Jan 13 2012 Fedora Release Engineering - 3.2.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Nov 29 2011 Paul Wouters - 3.2.9-2 - Change spec and initscript to chown /var/run/nsd to nsd user to work around the "nsdc restart" problem where it cannot update its own pid file * Sun Nov 27 2011 Paul Wouters - 3.2.9-1 - Updated to 3.2.9 * Mon Sep 12 2011 Tom Callaway - 3.2.8-7 - fix tmpfiles.d creation of /var/run/nsd to be owned by root * Mon Sep 12 2011 Tom Callaway - 3.2.8-6 - convert to systemd, tmpfiles.d * Fri Jun 3 2011 Paul Wouters - 3.2.8-5 - fix /var/run/nsd to be owned by root, not nsd * Fri Jun 3 2011 Tuomo Soini - 3.2.8-4 - fix init status to work as expected (bz#525107) - fix nsd.conf and nsd.conf.5 to have correct logfile - fix nsd.init syntax error by piddir change - fix initscript to create /var/run/nsd if missing (bz#710376) * Sun Mar 27 2011 Paul Wouters - 3.2.8-1 - updated to 3.2.8 * Wed Mar 09 2011 Paul Wouters - 3.2.7-5 - Fix misnamed variable NSD_AUTORELOAD which should be NSD_AUTOREBUILD - Fix for init script properly returning OK/Failed (bz#535107) by Noa Resare - Add ghost directive to /var/run/nsd (bz#656642) - Bump release for EVR * Tue Feb 08 2011 Fedora Release Engineering - 3.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Feb 03 2011 Paul Wouters - 3.2.7-1 - Updated to 3.2.7 * Mon Aug 02 2010 Paul Wouters - 3.2.6-1 - Updated to 3.2.6 - Removed obsolete --enable-nsid * Wed Jan 06 2010 Paul Wouters - 3.2.4-1 - Updated to nsd 3.2.4 * Tue Jan 05 2010 Paul Wouters - 3.2.3-4 - Incorporated Ville Mattila's fixes to nsd.cron - Support for NSD_AUTOREBUILD in /etc/sysconfig/nsd [Ville] * Fri Aug 21 2009 Tomas Mraz - 3.2.3-3 - rebuilt with new openssl * Thu Aug 20 2009 Ville Mattila - 3.2.3-2 - The 'nsdc patch' and 'nsdc rebuild' commands wrote a %%1 file by mistake * Mon Aug 17 2009 Paul Wouters - 3.2.3-1 -Updated to version 3.2.3 * Sat Jul 25 2009 Fedora Release Engineering - 3.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jun 06 2009 Paul Wouters - 3.2.2-3 - Fixed /dev/nul which cause a file \%%1 to be written by cron - Bump for EVR. * Mon May 18 2009 Paul Wouters - 3.2.2-1 - Upgraded to 3.2.2 security release http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html * Thu Apr 09 2009 Ville Mattila - 3.2.1-6 - Make various file paths used by the nsd.init script configurable from /etc/sysconfig/nsd. - Add template /etc/sysconfig/nsd. * Sun Mar 08 2009 Paul Wouters - 3.2.1-5 - nsd used the 'named' subsystem in one call in the init script * Wed Feb 25 2009 Fedora Release Engineering - 3.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Jan 26 2009 Paul Wouters - 3.2.1-3 - Fix init script 'unary operator' error. * Mon Jan 26 2009 Paul Wouters - 3.2.1-1 - Updated to new version 3.2.1 * Sat Jan 17 2009 Tomas Mraz - 3.2.0-4 - rebuild with new openssl * Mon Nov 24 2008 Paul Wouters - 3.2.0-3 - Updates summary as per Richard Hughes guidelines * Mon Nov 10 2008 Paul Wouters - 3.2.0-2 - Bump version after pre-release version correction. * Mon Nov 10 2008 Paul Wouters - 3.2.0-1 - 3.2.0-1 * Thu Oct 9 2008 Paul Wouters - 3.1.1-1 - updated to 3.1.1 * Mon Aug 11 2008 Tom "spot" Callaway - 3.1.0-2 - fix license tag - fix static user creation * Mon Jun 30 2008 Paul Wouters - 3.1.0-1 - Updated to 3.1.0 * Tue May 6 2008 Paul Wouters - 3.0.8-2 - Fix /dev/null redirection [Venkatesh Krishnamurthi] * Tue May 6 2008 Paul Wouters - 3.0.8-1 - Updated to 3.0.8 * Tue Feb 19 2008 Fedora Release Engineering - 3.0.7-3 - Autorebuild for GCC 4.3 * Wed Dec 5 2007 Paul Wouters - 3.0.7-2 - Rebuild for new libcrypto * Tue Nov 13 2007 Paul Wouters - 3.0.7-1 - Updated to new version - fix RELNOTES/README to be utf8 - Fix path to nsd.db in cron job. * Thu Nov 8 2007 Paul Wouters - 3.0.6-7 - Modified cron to only rebuild/reload when zone updates have been received * Wed Nov 7 2007 Paul Wouters - 3.0.6-6 - Added hourly cron job to do various maintenance tasks - Added nsd rebuild to create the proper nsd.db file on startup - Added nsd patch on shutdown to ensure zonefiles are up to date * Tue Oct 2 2007 Paul Wouters - 3.0.6-5 - nsdc update and nsdc notify are no longer needed in initscript. * Mon Sep 24 2007 Jesse Keating - 3.0.6-4 - Bump release for upgrade path. * Fri Sep 14 2007 Paul Wouters 3.0.6-3 - Do not include examples from nsd.conf.sample that causes bogus network traffic. * Fri Sep 14 2007 Paul Wouters 3.0.6-2 - Change locations of ixfr.db and xfrd.state to /var/lib/nsd - Enable NSEC3 - Delay running nsdc update until after nsd has started - Delete xfrd.state on nsd stop - Run nsdc notify in the background, since it can take a very long time when remote servers are unavailable. * Tue Sep 11 2007 Paul Wouters 3.0.6-1 - Upgraded to 3.0.6 - Do not include bind2nsd, since it didn't compile for me * Fri Jul 13 2007 Paul Wouters 3.0.5-2 - Fix init script, bug #245546 * Fri Mar 23 2007 Paul Wouters 3.0.5-1 - Upgraded to 3.0.5 * Thu Dec 7 2006 Paul Wouters 3.0.3-1 - Upgraded to 3.0.3 * Mon Nov 27 2006 Paul Wouters 3.0.2-1 - Upgraded to 3.0.2. - Use new configuration file nsd.conf. Still needs migration script. patch from Farkas Levente * Mon Oct 16 2006 Paul Wouters 2.3.6-2 - Bump version for upgrade path * Thu Oct 12 2006 Paul Wouters 2.3.6-1 - Upgraded to 2.3.6 - Removed obsolete workaround in nsd.init - Fixed spec file so daemon gets properly restarted on upgrade * Mon Sep 11 2006 Paul Wouters 2.3.5-4 - Rebuild requested for PT_GNU_HASH support from gcc - Removed dbaccess.c from doc section * Mon Jun 26 2006 Paul Wouters - 2.3.5-3 - Bump version for FC-x upgrade path * Mon Jun 26 2006 Paul Wouters - 2.3.5-1 - Upgraded to nsd-2.3.5 * Sun May 7 2006 Paul Wouters - 2.3.4-3 - Upgraded to nsd-2.3.4. - Removed manual install targets because DESTDIR is now supported - Re-enabled --checking, checking patch no longer needed and removed. - Work around in nsd.init for nsd failing to start when there is no ipv6 * Thu Dec 15 2005 Paul Wouters - 2.3.3-7 - chkconfig and attribute changes as proposed by Dmitry Butskoy * Thu Dec 15 2005 Paul Wouters - 2.3.3-6 - Moved pid file to /var/run/nsd/nsd.pid. - Use _localstatedir instead of "/var" * Tue Dec 13 2005 Paul Wouters - 2.3.3-5 - Added BuildRequires for openssl-devel, removed Requires for openssl. * Mon Dec 12 2005 Paul Wouters - 2.3.3-4 - upgraded to nsd-2.3.3 * Wed Dec 7 2005 Tom "spot" Callaway - 2.3.2-2 - minor cleanups * Mon Dec 5 2005 Paul Wouters - 2.3.2-1 - Upgraded to 2.3.2. Changed post scripts to comply to Fedora Extras policies (eg do not start daemon on fresh install) * Tue Oct 4 2005 Paul Wouters - 2.3.1-1 - Initial version