|
|
14d52d4 |
Summary: DNSSEC key and zone management software
|
|
|
14d52d4 |
Name: opendnssec
|
|
|
14d52d4 |
Version: 1.4.0
|
|
|
599e63b |
Release: 0.2.b1%{?dist}
|
|
|
14d52d4 |
License: BSD
|
|
|
14d52d4 |
Url: http://www.opendnssec.org/
|
|
Paul Wouters |
ab9e58c |
#Source: http://www.opendnssec.org/files/source/% {name}-% {version}.tar.gz
|
|
Paul Wouters |
ab9e58c |
Source: http://www.opendnssec.org/files/source/testing/%{name}-%{version}b1.tar.gz
|
|
|
14d52d4 |
Source1: ods-enforcerd.service
|
|
|
14d52d4 |
Source2: ods-signerd.service
|
|
|
14d52d4 |
Source3: ods.sysconfig
|
|
|
14d52d4 |
Source4: conf.xml
|
|
|
14d52d4 |
Source5: tmpfiles-opendnssec.conf
|
|
Paul Wouters |
ab9e58c |
Source6: opendnssec.cron
|
|
Paul Wouters |
ab9e58c |
PAtch1: opendnssec-1.4.0a3-aggressive-retry.patch
|
|
Paul Wouters |
ab9e58c |
Patch2: opendnssec-1.4.0a3-nsec3param.patch
|
|
|
14d52d4 |
Group: Applications/System
|
|
|
14d52d4 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
14d52d4 |
Requires: opencryptoki, softhsm, systemd-units
|
|
|
14d52d4 |
BuildRequires: ldns-devel >= 1.6.12, sqlite-devel , openssl-devel
|
|
|
14d52d4 |
BuildRequires: libxml2-devel CUnit-devel, doxygen
|
|
|
14d52d4 |
Requires(pre): shadow-utils
|
|
|
14d52d4 |
Requires(post): systemd-sysv
|
|
|
14d52d4 |
Requires(post): systemd-units
|
|
|
14d52d4 |
Requires(preun): systemd-units
|
|
|
14d52d4 |
Requires(postun): systemd-units
|
|
|
e682aee |
#For building snapshots
|
|
|
e682aee |
Buildrequires: autoconf, automake, libtool, java
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%description
|
|
|
14d52d4 |
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
|
|
|
14d52d4 |
It secures zone data just before it is published in an authoritative
|
|
|
14d52d4 |
name server. It requires a PKCS#11 crypto module library, such as softhsm
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%prep
|
|
Paul Wouters |
ab9e58c |
%setup -q -n %{name}-%{version}b1
|
|
Paul Wouters |
ab9e58c |
%patch1 -p1 -b .aggressive-retry
|
|
Paul Wouters |
ab9e58c |
%patch2 -p1 -b .nsec3param
|
|
|
9b8ffb6 |
|
|
|
14d52d4 |
%build
|
|
|
9b8ffb6 |
# for snapshots enable below
|
|
Paul Wouters |
ab9e58c |
# sh ./autogen.sh
|
|
Paul Wouters |
ab9e58c |
|
|
|
14d52d4 |
%configure --with-ldns=%{_libdir}
|
|
|
14d52d4 |
make %{?_smp_mflags}
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%check
|
|
|
14d52d4 |
# Requires sample db not shipped with upstream
|
|
|
14d52d4 |
# make check
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%install
|
|
|
14d52d4 |
rm -rf %{buildroot}
|
|
|
14d52d4 |
make DESTDIR=%{buildroot} install
|
|
|
14d52d4 |
mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}
|
|
|
14d52d4 |
|
|
Paul Wouters |
ab9e58c |
install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
|
|
Paul Wouters |
388d61a |
install -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
|
|
Paul Wouters |
ab9e58c |
|
|
|
14d52d4 |
# cleanup sample files
|
|
|
14d52d4 |
rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample
|
|
|
14d52d4 |
install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig
|
|
|
14d52d4 |
install -d -m 0755 %{buildroot}%{_unitdir}
|
|
|
14d52d4 |
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
|
|
|
14d52d4 |
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
|
|
|
14d52d4 |
install -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods
|
|
|
14d52d4 |
install -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/opendnssec/
|
|
|
14d52d4 |
# Install tmpfiles.d config
|
|
|
14d52d4 |
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
|
|
|
14d52d4 |
install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tmpfiles.d/opendnssec.conf
|
|
|
14d52d4 |
|
|
|
14d52d4 |
mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec
|
|
|
14d52d4 |
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%clean
|
|
|
14d52d4 |
rm -rf %{buildroot}
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%files
|
|
|
14d52d4 |
%defattr(-,root,root)
|
|
|
14d52d4 |
%{_unitdir}/ods-enforcerd.service
|
|
|
14d52d4 |
%{_unitdir}/ods-signerd.service
|
|
|
14d52d4 |
%config(noreplace) %{_sysconfdir}/tmpfiles.d/opendnssec.conf
|
|
|
14d52d4 |
%attr(0750,root,ods) %dir %{_sysconfdir}/opendnssec
|
|
|
14d52d4 |
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec
|
|
|
14d52d4 |
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/tmp
|
|
|
14d52d4 |
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signed
|
|
|
14d52d4 |
%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signconf
|
|
|
14d52d4 |
%attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml
|
|
|
14d52d4 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods
|
|
|
14d52d4 |
%attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec
|
|
Paul Wouters |
ab9e58c |
%attr(0644,root,root) %{_sysconfdir}/cron.d/opendnssec
|
|
|
f49c134 |
%doc NEWS README LICENSE
|
|
|
14d52d4 |
%{_mandir}/*/*
|
|
|
14d52d4 |
%{_sbindir}/*
|
|
|
14d52d4 |
%{_bindir}/*
|
|
|
14d52d4 |
%attr(0755,root,root) %dir %{_prefix}/share/%{name}
|
|
|
14d52d4 |
%{_prefix}/share/%{name}/*
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%pre
|
|
|
14d52d4 |
getent group ods >/dev/null || groupadd -r ods
|
|
|
14d52d4 |
getent passwd ods >/dev/null || \
|
|
|
14d52d4 |
useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \
|
|
|
14d52d4 |
-c "opendnssec daemon account" ods
|
|
|
14d52d4 |
exit 0
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%post
|
|
|
14d52d4 |
if [ $1 -eq 1 ] ; then
|
|
|
14d52d4 |
# Initial installation
|
|
|
14d52d4 |
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
14d52d4 |
fi
|
|
|
14d52d4 |
# Initialise a slot on the softhsm on first install
|
|
|
14d52d4 |
if [ "$1" -eq 1 ]; then
|
|
|
14d52d4 |
softhsm --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
|
|
|
14d52d4 |
fi
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%preun
|
|
|
14d52d4 |
if [ $1 -eq 0 ]; then
|
|
|
14d52d4 |
# Package removal, not upgrade
|
|
|
14d52d4 |
/bin/systemctl --no-reload disable ods-signerd.service > /dev/null 2>&1 || :
|
|
|
14d52d4 |
/bin/systemctl stop ods-signerd.service > /dev/null 2>&1 || :
|
|
|
14d52d4 |
/bin/systemctl --no-reload disable ods-enforcerd.service > /dev/null 2>&1 || :
|
|
|
14d52d4 |
/bin/systemctl stop ods-enforcerd.service > /dev/null 2>&1 || :
|
|
|
14d52d4 |
fi
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%postun
|
|
|
14d52d4 |
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
14d52d4 |
if [ $1 -ge 1 ] ; then
|
|
|
14d52d4 |
# Package upgrade, not uninstall
|
|
|
14d52d4 |
/bin/systemctl try-restart ods-enforcerd.service >/dev/null 2>&1 || :
|
|
|
14d52d4 |
/bin/systemctl try-restart ods-signerd.service >/dev/null 2>&1 || :
|
|
|
14d52d4 |
fi
|
|
|
14d52d4 |
|
|
|
14d52d4 |
%changelog
|
|
|
599e63b |
* Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.2.b1
|
|
|
599e63b |
- Just an EVR fix to the proper standard
|
|
|
599e63b |
|
|
Paul Wouters |
ab9e58c |
* Wed Sep 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.b1.1
|
|
Paul Wouters |
ab9e58c |
- Updated to 1.4.0b1
|
|
Paul Wouters |
ab9e58c |
- Patch for NSEC3PARAM TTL
|
|
Paul Wouters |
ab9e58c |
- Cron job to assist narrowing ods-enforcerd timing differences
|
|
Paul Wouters |
ab9e58c |
|
|
Paul Wouters |
ab9e58c |
* Wed Aug 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a3.1
|
|
Paul Wouters |
ab9e58c |
- Updated to 1.4.0a3
|
|
Paul Wouters |
ab9e58c |
- Patch to more aggressively try to resign
|
|
Paul Wouters |
ab9e58c |
- Patch to fix locking issue eating up cpu
|
|
Paul Wouters |
ab9e58c |
|
|
|
c51d9b8 |
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.0-0.a2.2
|
|
|
c51d9b8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
c51d9b8 |
|
|
|
9b8ffb6 |
* Tue Jun 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a2.1
|
|
|
9b8ffb6 |
- Updated to 1.4.0a2
|
|
|
9b8ffb6 |
- ksm-utils patch for ods-ksmutil to die sooner when it can't lock
|
|
|
9b8ffb6 |
the HSM.
|
|
|
9b8ffb6 |
|
|
|
5a22ec6 |
* Wed May 16 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.3
|
|
|
5a22ec6 |
- Patch for crasher with deleted RRsets and NSEC3/OPTOUT chains
|
|
|
5a22ec6 |
|
|
|
14d52d4 |
* Mon Mar 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.2
|
|
|
14d52d4 |
- Added opendnssec LICENSE file from trunk (Thanks Jakob!)
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Mon Mar 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.1
|
|
|
14d52d4 |
- Fix macros in comment
|
|
|
14d52d4 |
- Added missing -m to install target
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Sun Mar 25 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1
|
|
|
14d52d4 |
- The 1.4.x branch no longer needs ruby, as the auditor has been removed
|
|
|
14d52d4 |
- Added missing openssl-devel BuildRequire
|
|
|
14d52d4 |
- Comment out <SkipPublicKey/> so keys generated by ods can be used by bind
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Fri Feb 24 2012 Paul Wouters <pwouters@redhat.com> - 1.3.6-3
|
|
|
14d52d4 |
- Requires rubygem-soap4r when using ruby-1.9
|
|
|
14d52d4 |
- Don't ghost /var/run/opendnssec
|
|
|
14d52d4 |
- Converted initd to systemd
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Thu Nov 24 2011 root - 1.3.2-6
|
|
|
14d52d4 |
- Added rubygem-dnsruby requires as rpm does not pick it up automatically
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Tue Nov 22 2011 root - 1.3.2-5
|
|
|
14d52d4 |
- Added /var/opendnssec/signconf/ /as this temp dir is needed
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Mon Nov 21 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-4
|
|
|
14d52d4 |
- Added /var/opendnssec/signed/ as this is the default output dir
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Sun Nov 20 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-3
|
|
|
14d52d4 |
- Add ods user for opendnssec tasks
|
|
|
14d52d4 |
- Added initscripts and services for ods-signerd and ods-enforcerd
|
|
|
14d52d4 |
- Initialise OpenDNSSEC softhsm token on first install
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Wed Oct 05 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-1
|
|
|
14d52d4 |
- Updated to 1.3.2
|
|
|
14d52d4 |
- Added dependancies on opencryptoki and softhsm
|
|
|
14d52d4 |
- Don't install duplicate unreadable .sample files
|
|
|
14d52d4 |
- Fix upstream conf.xml to point to actually used library paths
|
|
|
14d52d4 |
|
|
|
14d52d4 |
* Thu Mar 3 2011 Paul Wouters <paul@xelerance.com> - 1.2.0-1
|
|
|
14d52d4 |
- Initial package for Fedora
|