From 63ec81828732ae8b46c229f4693a4f80809f39f3 Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@fedoraproject.org>
Date: Jun 28 2010 11:23:00 +0000
Subject: - update to 9.7.1

- patches merged
- bind97-managed-keyfile.patch
- bind97-rh554316.patch
- improve the "dnssec-conf" trigger
- set "managed-keys-directory" to /var/named/dynamic to avoid
    incompatibility in the stable Fedora release

---

diff --git a/.cvsignore b/.cvsignore
index b9cf005..2f184bf 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,2 +1,2 @@
-bind-9.7.0-P2.tar.gz
+bind-9.7.1.tar.gz
 config-6.tar.bz2
diff --git a/bind.spec b/bind.spec
index 6be9a4d..5c56b05 100644
--- a/bind.spec
+++ b/bind.spec
@@ -2,11 +2,11 @@
 # Red Hat BIND package .spec file
 #
 
-%define PATCHVER P2
-#%define VERSION %{version}
+#%define PATCHVER P2
 #%define PREVER rc2
 #%define VERSION %{version}%{PREVER}
-%define VERSION %{version}-%{PATCHVER}
+#%define VERSION %{version}-%{PATCHVER}
+%define VERSION %{version}
 
 %{?!SDB:       %define SDB       1}
 %{?!test:      %define test      0}
@@ -20,8 +20,8 @@
 Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
 Name:     bind
 License:  ISC
-Version:  9.7.0
-Release:  10.%{PATCHVER}%{?dist}
+Version:  9.7.1
+Release:  1%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -57,10 +57,9 @@ Patch101:bind-96-old-api.patch
 Patch102:bind-95-rh452060.patch
 Patch106:bind93-rh490837.patch
 Patch107:bind97-dist-pkcs11.patch
-Patch108:bind97-managed-keyfile.patch
 Patch109:bind97-rh478718.patch
 Patch110:bind97-rh507429.patch
-Patch111:bind97-rh554316.patch
+Patch111:bind97-compat-default-keysdir.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -193,7 +192,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
 %patch10 -p1 -b .PIE
 %patch16 -p1 -b .redhat_doc
 %patch104 -p1 -b .dyndb
-%patch108 -p1 -b .managed-keyfile
+%patch111 -p1 -b .compat-default-keysdir
 %if %{SDB}
 %patch101 -p1 -b .old-api
 mkdir bin/named-sdb
@@ -244,7 +243,6 @@ mkdir m4
 %patch107 -p1 -b .dist-pkcs11
 %patch109 -p1 -b .rh478718
 %patch110 -p1 -b .rh507429
-%patch111 -p1 -b .rh554316
 
 # Sparc and s390 arches need to use -fPIE
 %ifarch sparcv9 sparc64 s390 s390x
@@ -462,18 +460,36 @@ fi
 
 # Automatically update configuration from "dnssec-conf-based" to "BIND-based"
 %triggerpostun -n bind -- dnssec-conf
-[ -r '/etc/named.conf' ] || exit 0
+if [ -r '/etc/named.conf' ]; then
 cp -fp /etc/named.conf /etc/named.conf.rpmsave
 if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then
   if grep -q 'dlv.isc.org.conf' /etc/named.conf; then
     # DLV is configured, reconfigure it to new configuration
     sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\
-bindkeys-file "\/etc\/named.iscdlv.key";/' /etc/named.conf
+bindkeys-file "\/etc\/named.iscdlv.key";\
+managed-keys-directory "\/var\/named\/dynamic";/' /etc/named.conf
   fi
   sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
     /etc/named.conf
   /sbin/service named try-restart > /dev/null 2>&1 || :;
 fi
+fi
+
+# Ditto for chroot
+if [ -r '/var/named/chroot/etc/named.conf' ]; then
+cp -fp /var/named/chroot/etc/named.conf /var/named/chroot/etc/named.conf.rpmsave
+if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /var/named/chroot/etc/named.conf; then
+  if grep -q 'dlv.isc.org.conf' /var/named/chroot/etc/named.conf; then
+    # DLV is configured, reconfigure it to new configuration
+    sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\
+bindkeys-file "\/etc\/named.iscdlv.key";\
+managed-keys-directory "\/var\/named\/dynamic";/' /var/named/chroot/etc/named.conf
+  fi
+  sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
+    /var/named/chroot/etc/named.conf
+  /sbin/service named try-restart > /dev/null 2>&1 || :;
+fi
+fi
 
 %post chroot
 if [ "$1" -gt 0 ]; then
@@ -668,6 +684,15 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Jun 28 2010 Adam Tkac <atkac redhat com> 32:9.7.1-1
+- update to 9.7.1
+- patches merged
+  - bind97-managed-keyfile.patch
+  - bind97-rh554316.patch
+- improve the "dnssec-conf" trigger
+- set "managed-keys-directory" to /var/named/dynamic to avoid incompatibility
+  in the stable Fedora release
+
 * Thu May 20 2010 Adam Tkac <atkac redhat com> 32:9.7.0-10.P2
 - update to 9.7.0-P2
 
diff --git a/bind97-compat-default-keysdir.patch b/bind97-compat-default-keysdir.patch
new file mode 100644
index 0000000..895835d
--- /dev/null
+++ b/bind97-compat-default-keysdir.patch
@@ -0,0 +1,12 @@
+diff -up bind-9.7.1/bin/named/server.c.compat-default-keysdir bind-9.7.1/bin/named/server.c
+--- bind-9.7.1/bin/named/server.c.compat-default-keysdir	2010-06-28 13:05:21.109461735 +0200
++++ bind-9.7.1/bin/named/server.c	2010-06-28 13:05:36.228734577 +0200
+@@ -734,7 +734,7 @@ configure_view_dnsseckeys(dns_view_t *vi
+ 	 */
+ 	obj = NULL;
+ 	(void)ns_config_get(maps, "managed-keys-directory", &obj);
+-	directory = obj != NULL ? cfg_obj_asstring(obj) : NULL;
++	directory = obj != NULL ? cfg_obj_asstring(obj) : "/var/named/dynamic";
+ 	CHECK(add_keydata_zone(view, directory, ns_g_mctx));
+ 
+   cleanup:
diff --git a/bind97-managed-keyfile.patch b/bind97-managed-keyfile.patch
deleted file mode 100644
index 3bd86f2..0000000
--- a/bind97-managed-keyfile.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -up bind-9.7.0rc2/bin/named/server.c.managed-keyfile bind-9.7.0rc2/bin/named/server.c
---- bind-9.7.0rc2/bin/named/server.c.managed-keyfile	2010-02-15 16:17:26.051369348 +0100
-+++ bind-9.7.0rc2/bin/named/server.c	2010-02-15 16:24:16.408368990 +0100
-@@ -3020,6 +3020,7 @@ configure_zone(const cfg_obj_t *config, 
-  */
- 
- #define KEYZONE "managed-keys.bind"
-+#define KEYFILE "dynamic/managed-keys.bind"
- 
- static isc_result_t
- add_keydata_zone(dns_view_t *view, isc_mem_t *mctx) {
-@@ -3040,7 +3041,7 @@ add_keydata_zone(dns_view_t *view, isc_m
- 	CHECK(dns_zone_setorigin(zone, &zname));
- 	dns_name_free(&zname, mctx);
- 
--	CHECK(dns_zone_setfile(zone, KEYZONE));
-+	CHECK(dns_zone_setfile(zone, KEYFILE));
- 
- 	if (view->hints == NULL)
- 		dns_view_sethints(view, ns_g_server->in_roothints);
diff --git a/bind97-rh554316.patch b/bind97-rh554316.patch
deleted file mode 100644
index 161cdb0..0000000
--- a/bind97-rh554316.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -up bind-9.7.0-P1/lib/dns/validator.c.rh554316 bind-9.7.0-P1/lib/dns/validator.c
---- bind-9.7.0-P1/lib/dns/validator.c.rh554316	2010-02-25 06:26:27.000000000 +0100
-+++ bind-9.7.0-P1/lib/dns/validator.c	2010-03-26 15:37:56.113969498 +0100
-@@ -2211,7 +2211,7 @@ validatezonekey(dns_validator_t *val) {
- 		     result == ISC_R_SUCCESS;
- 		     result = dns_rdataset_next(val->event->sigrdataset))
- 		{
--			dns_keynode_t *keynode = NULL, *nextnode = NULL;
-+			dns_keynode_t *keynode = NULL;
- 
- 			dns_rdata_reset(&sigrdata);
- 			dns_rdataset_current(val->event->sigrdataset,
-@@ -2231,6 +2231,7 @@ validatezonekey(dns_validator_t *val) {
- 			    result == ISC_R_SUCCESS)
- 				atsep = ISC_TRUE;
- 			while (result == ISC_R_SUCCESS) {
-+				dns_keynode_t *nextnode = NULL;
- 				dstkey = dns_keynode_key(keynode);
- 				if (dstkey == NULL) {
- 					dns_keytable_detachkeynode(
diff --git a/sources b/sources
index 8ec5771..64825c7 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-47fc341901f00c1d815bef12ab4533de  bind-9.7.0-P2.tar.gz
+712c425e59cb4aa9309bc4716283742f  bind-9.7.1.tar.gz
 90bd7f32fd5717b8294313b6b5ccc742  config-6.tar.bz2