14d52d
Summary: DNSSEC key and zone management software
14d52d
Name: opendnssec
14d52d
Version: 1.4.0
14d52d
Release: 0.a1%{?dist}.2
14d52d
License: BSD
14d52d
Url: http://www.opendnssec.org/
14d52d
#Source: http://www.opendnssec.org/files/source/% {name}-% {version}a1.tar.gz
14d52d
Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}a1.tar.gz
14d52d
Source1: ods-enforcerd.service
14d52d
Source2: ods-signerd.service
14d52d
Source3: ods.sysconfig
14d52d
Source4: conf.xml
14d52d
Source5: tmpfiles-opendnssec.conf
14d52d
Source6: opendnssec-LICENSE
14d52d
Group: Applications/System
14d52d
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
14d52d
Requires: opencryptoki, softhsm, systemd-units
14d52d
BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
14d52d
BuildRequires: libxml2-devel CUnit-devel, doxygen
14d52d
Requires(pre): shadow-utils
14d52d
Requires(post): systemd-sysv
14d52d
Requires(post): systemd-units
14d52d
Requires(preun): systemd-units
14d52d
Requires(postun): systemd-units
14d52d
14d52d
%description
14d52d
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
14d52d
It secures zone data just before it is published in an authoritative
14d52d
name server. It requires a PKCS#11 crypto module library, such as softhsm
14d52d
14d52d
%prep
14d52d
%setup -q -n %{name}-%{version}a1
14d52d
14d52d
%build
14d52d
%configure --with-ldns=%{_libdir}
14d52d
make %{?_smp_mflags}
14d52d
14d52d
%check
14d52d
# Requires sample db not shipped with upstream
14d52d
# make check
14d52d
14d52d
%install
14d52d
rm -rf %{buildroot}
14d52d
make DESTDIR=%{buildroot} install
14d52d
mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
14d52d
14d52d
# cleanup sample files
14d52d
rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
14d52d
install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig 
14d52d
install -d -m 0755 %{buildroot}%{_unitdir}
14d52d
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
14d52d
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
14d52d
install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
14d52d
install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
14d52d
# Install tmpfiles.d config
14d52d
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
14d52d
install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tmpfiles.d/opendnssec.conf
14d52d
14d52d
mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
14d52d
14d52d
14d52d
%clean
14d52d
rm -rf %{buildroot}
14d52d
14d52d
%files 
14d52d
%defattr(-,root,root)
14d52d
%{_unitdir}/ods-enforcerd.service
14d52d
%{_unitdir}/ods-signerd.service
14d52d
%config(noreplace) %{_sysconfdir}/tmpfiles.d/opendnssec.conf
14d52d
%attr(0750,root,ods) %dir %{_sysconfdir}/opendnssec
14d52d
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec
14d52d
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/tmp
14d52d
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signed
14d52d
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signconf
14d52d
%attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml
14d52d
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods
14d52d
%attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec
14d52d
%doc NEWS README %{SOURCE6}
14d52d
%{_mandir}/*/*
14d52d
%{_sbindir}/*
14d52d
%{_bindir}/*
14d52d
%attr(0755,root,root) %dir %{_prefix}/share/%{name}
14d52d
%{_prefix}/share/%{name}/*
14d52d
14d52d
%pre
14d52d
getent group ods >/dev/null || groupadd -r ods
14d52d
getent passwd ods >/dev/null || \
14d52d
useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \
14d52d
-c "opendnssec daemon account" ods
14d52d
exit 0
14d52d
14d52d
%post
14d52d
if [ $1 -eq 1 ] ; then
14d52d
    # Initial installation 
14d52d
    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
14d52d
fi
14d52d
# Initialise a slot on the softhsm on first install
14d52d
if [ "$1" -eq 1 ]; then
14d52d
        softhsm --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
14d52d
fi
14d52d
14d52d
%preun
14d52d
if [ $1 -eq 0 ]; then
14d52d
    # Package removal, not upgrade
14d52d
    /bin/systemctl --no-reload disable ods-signerd.service > /dev/null 2>&1 || :
14d52d
    /bin/systemctl stop ods-signerd.service > /dev/null 2>&1 || :
14d52d
    /bin/systemctl --no-reload disable ods-enforcerd.service > /dev/null 2>&1 || :
14d52d
    /bin/systemctl stop ods-enforcerd.service > /dev/null 2>&1 || :
14d52d
fi
14d52d
14d52d
%postun
14d52d
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
14d52d
if [ $1 -ge 1 ] ; then
14d52d
    # Package upgrade, not uninstall
14d52d
    /bin/systemctl try-restart ods-enforcerd.service >/dev/null 2>&1 || :
14d52d
    /bin/systemctl try-restart ods-signerd.service >/dev/null 2>&1 || :
14d52d
fi
14d52d
14d52d
%changelog
14d52d
* Mon Mar 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.2
14d52d
- Added opendnssec LICENSE file from trunk (Thanks Jakob!) 
14d52d
14d52d
* Mon Mar 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.1
14d52d
- Fix macros in comment
14d52d
- Added missing -m to install target
14d52d
14d52d
* Sun Mar 25 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1
14d52d
- The 1.4.x branch no longer needs ruby, as the auditor has been removed
14d52d
- Added missing openssl-devel BuildRequire
14d52d
- Comment out <skippublickey/> so keys generated by ods can be used by bind
14d52d
14d52d
* Fri Feb 24 2012 Paul Wouters <pwouters@redhat.com> - 1.3.6-3
14d52d
- Requires rubygem-soap4r when using ruby-1.9
14d52d
- Don't ghost /var/run/opendnssec
14d52d
- Converted initd to systemd
14d52d
14d52d
* Thu Nov 24 2011 root - 1.3.2-6
14d52d
- Added rubygem-dnsruby requires as rpm does not pick it up automatically
14d52d
14d52d
* Tue Nov 22 2011 root - 1.3.2-5
14d52d
- Added /var/opendnssec/signconf/ /as this temp dir is needed
14d52d
14d52d
* Mon Nov 21 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-4
14d52d
- Added /var/opendnssec/signed/ as this is the default output dir
14d52d
14d52d
* Sun Nov 20 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-3
14d52d
- Add ods user for opendnssec tasks
14d52d
- Added initscripts and services for ods-signerd and ods-enforcerd
14d52d
- Initialise OpenDNSSEC softhsm token on first install
14d52d
14d52d
* Wed Oct 05 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-1
14d52d
- Updated to 1.3.2
14d52d
- Added dependancies on opencryptoki and softhsm
14d52d
- Don't install duplicate unreadable .sample files
14d52d
- Fix upstream conf.xml to point to actually used library paths
14d52d
14d52d
* Thu Mar  3 2011 Paul Wouters <paul@xelerance.com> - 1.2.0-1
14d52d
- Initial package for Fedora