Tree - rpms/opendnssec - src.fedoraproject.org

rpms / opendnssec

Blame opendnssec.spec

Blob History Raw

	512b369	`#global prever rc3`
	512b369	`%global _hardened_build 1`
	512b369
Paul Wouters	1b5392c	`Summary: DNSSEC key and zone management software`
	7dba5ea	`Name: opendnssec`
	7dba5ea	`Version: 1.4.0`
	512b369	`Release: 1%{?prever}%{?dist}`
	7dba5ea	`License: BSD`
	7dba5ea	`Url: http://www.opendnssec.org/`
	424a1e1	`Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz`
	7dba5ea	`Source1: ods-enforcerd.init`
	7dba5ea	`Source2: ods-signerd.init`
	7dba5ea	`Source3: ods.sysconfig`
	7dba5ea	`Source4: conf.xml`
	4d395df	`Source5: opendnssec.cron`
	859e03c	`Source6: kasp.xml`
	7dba5ea	`Group: Applications/System`
	ac57231	`Requires: opencryptoki, softhsm`
	4d395df	`BuildRequires: ldns-devel >= 1.6.13, sqlite-devel , openssl-devel`
	7dba5ea	`BuildRequires: libxml2-devel CUnit-devel, doxygen`
	ce79f0a	`# It tests for pkill/killall and would use /bin/false if not found`
	ce79f0a	`BuildRequires: procps`
	ce79f0a
	7dba5ea	`Requires(pre): shadow-utils`
	424a1e1	`%if 0%{?prever:1}`
	424a1e1	`# For building snapshots`
	424a1e1	`Buildrequires: autoconf, automake, libtool, java`
	424a1e1	`%endif`
	7dba5ea
	7dba5ea	`%description`
	7dba5ea	`OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.`
	7dba5ea	`It secures zone data just before it is published in an authoritative`
	7dba5ea	`name server. It requires a PKCS#11 crypto module library, such as softhsm`
	7dba5ea
	7dba5ea	`%prep`
	424a1e1	`%setup -q -n %{name}-%{version}%{?prever}`
	7dba5ea
	7dba5ea	`%build`
	512b369	`export LDFLAGS="-Wl,-z,relro,-z,now -pie"`
	512b369	`export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"`
	512b369
	7dba5ea	`%configure --with-ldns=%{_libdir}`
	7dba5ea	`make %{?_smp_mflags}`
	7dba5ea
	7dba5ea	`%check`
	7dba5ea	`# Requires sample db not shipped with upstream`
	7dba5ea	`# make check`
	7dba5ea
	7dba5ea	`%install`
	7dba5ea	`rm -rf %{buildroot}`
	7dba5ea	`make DESTDIR=%{buildroot} install`
	7dba5ea	`mkdir -p %{buildroot}/var/opendnssec/{tmp,signed,signconf}`
	4d395df	`mkdir -p %{buildroot}/%{_initrddir}`
	859e03c	`install -p -m 0755 %{SOURCE1} %{buildroot}/%{_initrddir}/ods-enforcerd`
	859e03c	`install -p -m 0755 %{SOURCE2} %{buildroot}/%{_initrddir}/ods-signerd`
	b2b6b57	`install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/`
	859e03c	`install -p -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec`
	7dba5ea
	7dba5ea	`# cleanup sample files`
	7dba5ea	`rm -f %{buildroot}/%{_sysconfdir}/opendnssec/*.sample`
	7dba5ea	`install -d -m 0755 %{buildroot}/%{_sysconfdir}/sysconfig`
	859e03c	`install -p -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/ods`
	859e03c	`install -p -m 0644 %{SOURCE4} %{SOURCE6} %{buildroot}/%{_sysconfdir}/opendnssec/`
	7dba5ea	`mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec`
	7dba5ea
	7dba5ea	`%files`
	7dba5ea	`%attr(0755,root,root) %{_initrddir}/ods-enforcerd`
	7dba5ea	`%attr(0755,root,root) %{_initrddir}/ods-signerd`
	7dba5ea	`%attr(0750,root,ods) %dir %{_sysconfdir}/opendnssec`
	7dba5ea	`%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec`
	7dba5ea	`%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/tmp`
	7dba5ea	`%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signed`
	7dba5ea	`%attr(0770,root,ods) %dir %{_localstatedir}/opendnssec/signconf`
	7dba5ea	`%attr(0660,root,ods) %config(noreplace) %{_sysconfdir}/opendnssec/*.xml`
	7dba5ea	`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ods`
	7dba5ea	`%attr(0770,root,ods) %dir %{_localstatedir}/run/opendnssec`
	4d395df	`%attr(0644,root,root) %{_sysconfdir}/cron.d/opendnssec`
	7dba5ea	`%doc NEWS README LICENSE`
	7dba5ea	`%{_mandir}//`
	7dba5ea	`%{_sbindir}/*`
	7dba5ea	`%{_bindir}/*`
	424a1e1	`%attr(0755,root,root) %dir %{_datadir}/%{name}`
	424a1e1	`%{_datadir}/%{name}/*`
	7dba5ea
	7dba5ea	`%pre`
	7dba5ea	`getent group ods >/dev/null \|\| groupadd -r ods`
	7dba5ea	`getent passwd ods >/dev/null \|\| \`
	7dba5ea	`useradd -r -g ods -d /etc/opendnssec -s /sbin/nologin \`
	7dba5ea	`-c "opendnssec daemon account" ods`
	7dba5ea	`exit 0`
	7dba5ea
	7dba5ea	`%post`
	7dba5ea	`/sbin/chkconfig --add ods-enforcerd`
	7dba5ea	`/sbin/chkconfig --add ods-signerd`
	7dba5ea	`# Initialise a slot on the softhsm on first install`
	7dba5ea	`if [ "$1" -eq 1 ]; then`
	b2b6b57	`if [ ! -f /var/softhsm/slot0.db ]; then`
	7dba5ea	`softhsm --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234`
	b2b6b57	`fi`
	7dba5ea	`fi`
	7dba5ea
	7dba5ea	`%preun`
	7dba5ea	`if [ $1 -eq 0 ]; then`
	7dba5ea	`/sbin/service ods-signerd stop >/dev/null 2>&1`
	7dba5ea	`/sbin/service ods-enforcerd stop >/dev/null 2>&1`
	7dba5ea	`/sbin/chkconfig --del ods-enforcerd`
	7dba5ea	`/sbin/chkconfig --del ods-signerd`
	7dba5ea	`fi`
	7dba5ea
	7dba5ea	`%postun`
	7dba5ea	`if [ "$1" -ge "1" ]; then`
	b7e0073	`ods-ksmutil update all \|\|: >/dev/null 2>/dev/null`
	7dba5ea	`/sbin/service ods-enforcerd condrestart >/dev/null 2>&1 \|\| :`
	7dba5ea	`/sbin/service ods-signerd condrestart >/dev/null 2>&1 \|\| :`
	7dba5ea	`fi`
	7dba5ea
	7dba5ea	`%changelog`
	512b369	`* Sat May 11 2013 Paul Wouters <pwouters@redhat.com> - 1.4.0-1`
	512b369	`- Updated to 1.4.0`
	512b369	`- Enabled full relro/pie protection`
	512b369
	bd02f3b	`* Mon Apr 15 2013 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.8.rc3`
	e440db7	`- Updated to 1.4.0rc3`
	e440db7
	b8dacaf	`* Mon Jan 28 2013 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.7.rc2`
	b8dacaf	`- Updaed to 1.4.0rc2`
	b8dacaf	`- This merges in r6952`
	b8dacaf
Patrick Uiterwijk	e86b6e9	`* Fri Jan 18 2013 Patrick Uiterwijk <puiterwijk@gmail.com> - 1.4.0-0.6.rc1`
Patrick Uiterwijk	e86b6e9	`- Updated to 1.4.0rc1`
Patrick Uiterwijk	e86b6e9	`- Applied opendnssec-ksk-premature-retirement.patch (svn r6952)`
Patrick Uiterwijk	e86b6e9
	f910073	`* Tue Dec 18 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.6.b2`
	f910073	`- Updated to 1.4.0b2`
	f910073	`- All patches synced to/from with new release`
	f910073
	35f76dc	`* Fri Nov 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.6.b1`
	35f76dc	`- Patch for empty nonterminal NSEC3 records`
	35f76dc
	9b702c2	`* Sat Nov 10 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.5.b1`
	9b702c2	`- Patch r6816 fixes enforcer/signer communication`
	9b702c2	`- Patch r6817 Don't add double RRSIGs generated by same key for DNSKEY RRset`
	9b702c2
	b7e0073	`* Tue Oct 30 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.4.b1`
	b7e0073	`- Added BuildRequires: procps-ng for bug OPENDNSSEC-345`
	b7e0073	`- Change RRSIG inception offset to -2h to avoid possible`
	b7e0073	`daylight saving issues on resolvers`
	b7e0073	`- Patch to prevent removal of occluded data`
	ce79f0a
	424a1e1	`* Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.2.b1`
	424a1e1	`- Just an EVR fix to the proper standard`
	424a1e1	`- Remove accidentally added (but not released) Epoch:`
	424a1e1	`- Minor spec file cleanup`
	424a1e1
	424a1e1	`* Wed Sep 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.b1.1`
	4d395df	`- Updated to 1.4.0b1`
	4d395df	`- Patch to more aggressively try to take lock for resigning`
	4d395df	`- Patch to give NSEC3PARAM record a TTL=0`
	4d395df
	b2b6b57	`* Tue Aug 07 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a3.2`
	b2b6b57	`- Updated to 1.4.0a3`
	4d395df	`- Added opendnssec.cron to sync key rollovers over multiple servers`
	b2b6b57	`- Removed merged in patch.`
	b2b6b57	`- Added patch for cpu lock from trunk`
	b2b6b57	`- Don't re-init softhsm on remove+install of opendnssec (as opposed to upgrade)`
	b2b6b57
	ea882ee	`* Wed May 16 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.4`
	ea882ee	`- Missed the actual patch line, so previous build did not have the patch`
	ea882ee
	ac57231	`* Tue Apr 17 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.3`
	ac57231	`- Remove bad artifact dependancy on systemd-units from Fedora branch`
	ac57231
	7dba5ea	`* Thu Mar 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.2`
	7dba5ea	`- Added opendnssec LICENSE file from trunk (Thanks Jakob!)`
	7dba5ea	`- Convert back to sysv for EL5/EL6 repos`
	7dba5ea
	7dba5ea	`* Mon Mar 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1.1`
	7dba5ea	`- Fix macros in comment`
	7dba5ea	`- Added missing -m to install target`
	7dba5ea
	7dba5ea	`* Sun Mar 25 2012 Paul Wouters <pwouters@redhat.com> - 1.4.0-0.a1`
	7dba5ea	`- The 1.4.x branch no longer needs ruby, as the auditor has been removed`
	7dba5ea	`- Added missing openssl-devel BuildRequire`
	7dba5ea	`- Comment out <SkipPublicKey/> so keys generated by ods can be used by bind`
	7dba5ea
	7dba5ea	`* Fri Feb 24 2012 Paul Wouters <pwouters@redhat.com> - 1.3.6-3`
	7dba5ea	`- Requires rubygem-soap4r when using ruby-1.9`
	7dba5ea	`- Don't ghost /var/run/opendnssec`
	7dba5ea	`- Converted initd to systemd`
	7dba5ea
	7dba5ea	`* Thu Nov 24 2011 root - 1.3.2-6`
	7dba5ea	`- Added rubygem-dnsruby requires as rpm does not pick it up automatically`
	7dba5ea
	7dba5ea	`* Tue Nov 22 2011 root - 1.3.2-5`
	7dba5ea	`- Added /var/opendnssec/signconf/ /as this temp dir is needed`
	7dba5ea
	7dba5ea	`* Mon Nov 21 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-4`
	7dba5ea	`- Added /var/opendnssec/signed/ as this is the default output dir`
	7dba5ea
	7dba5ea	`* Sun Nov 20 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-3`
	7dba5ea	`- Add ods user for opendnssec tasks`
	7dba5ea	`- Added initscripts and services for ods-signerd and ods-enforcerd`
	7dba5ea	`- Initialise OpenDNSSEC softhsm token on first install`
	7dba5ea
	7dba5ea	`* Wed Oct 05 2011 Paul Wouters <paul@xelerance.com> - 1.3.2-1`
	7dba5ea	`- Updated to 1.3.2`
	7dba5ea	`- Added dependancies on opencryptoki and softhsm`
	7dba5ea	`- Don't install duplicate unreadable .sample files`
	7dba5ea	`- Fix upstream conf.xml to point to actually used library paths`
	7dba5ea
	7dba5ea	`* Thu Mar 3 2011 Paul Wouters <paul@xelerance.com> - 1.2.0-1`
	7dba5ea	`- Initial package for Fedora`

rpms / opendnssec

Source Code

Blame opendnssec.spec