rpms / dnssec-trigger

Clone
Source Code
GIT

Blame dnssec-trigger.spec

c4 c5 c5-plus c6 c6-plus c7 c8-beta el6 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   52f40bd0a09f20f7c616f4885fc3502553e22405
  2.   dnssec-trigger.spec
Blob History Raw
Tomas Hozza 6d7e7f 
%global _hardened_build 1
Paul Wouters bf7ee1
Paul Wouters 9fcdf7 
Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving
Paul Wouters 9fcdf7 
Name: dnssec-trigger
Tomas Hozza 6d7e7f 
Version: 0.12
Pavel Šimerda 52f40b 
Release: 5%{?dist}
Paul Wouters 9fcdf7 
License: BSD
Paul Wouters 9fcdf7 
Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
Tomas Hozza 6d7e7f 
Source0: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz
Tomas Hozza 6d7e7f 
Source1: dnssec-trigger.conf
Tomas Hozza 6d7e7f 
Source2: dnssec-trigger.tmpfiles.d
Tomas Hozza 6d7e7f
Pavel Šimerda 654266 
# Fix dnssec-trigger-script (diff between 0.12 and what has been submitted to
Pavel Šimerda 654266 
# upstream)
Pavel Šimerda 654266 
#
Pavel Šimerda 654266 
# Upstream often squashes our patches so it's more practical to use just one
Pavel Šimerda 654266 
# patch. Please don't forget to submit the changes to upstream before
Pavel Šimerda 654266 
# updating the patch.
Pavel Šimerda ade490 
#
Pavel Šimerda ade490 
# https://bugzilla.redhat.com/show_bug.cgi?id=1100794
Pavel Šimerda ade490 
# https://bugzilla.redhat.com/show_bug.cgi?id=1100794
Pavel Šimerda 8d298e 
# https://bugzilla.redhat.com/show_bug.cgi?id=1105896
Pavel Šimerda 654266 
# https://bugzilla.redhat.com/show_bug.cgi?id=1111143
Pavel Šimerda 654266 
Patch2: dnssec-trigger-0.12-nm-script.patch
Tomas Hozza d4b16b
Paul Wouters 9fcdf7 
Requires(postun): initscripts
Tomas Hozza aadb7c 
Requires: ldns >= 1.6.10, NetworkManager, NetworkManager-glib, unbound, xdg-utils
Paul Wouters 9fcdf7 
Requires(pre): shadow-utils
Paul Wouters 9fcdf7 
BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel
Paul Wouters 9fcdf7 
BuildRequires: gtk2-devel, NetworkManager-devel
Paul Wouters 9fcdf7
Tomas Hozza 346967 
BuildRequires: systemd
Tomas Hozza 346967 
Requires(post): systemd
Tomas Hozza 346967 
Requires(preun): systemd
Tomas Hozza 346967 
Requires(postun): systemd
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%description
Paul Wouters 9fcdf7 
dnssec-trigger reconfigures the local unbound DNS server. This unbound DNS
Paul Wouters 9fcdf7 
server performs DNSSEC validation, but dnssec-trigger will signal it to
Paul Wouters 9fcdf7 
use the DHCP obtained forwarders if possible, and fallback to doing its
Paul Wouters 9fcdf7 
own AUTH queries if that fails, and if that fails prompt the user via
Paul Wouters 9fcdf7 
dnssec-trigger-applet the option to go with insecure DNS only.
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%prep
Paul Wouters 9fcdf7 
%setup -q
Paul Wouters e238d3 
# Fixup the name to not include "panel" in the menu item or name
Paul Wouters e238d3 
sed -i "s/ Panel//" panel/dnssec-trigger-panel.desktop.in
Paul Wouters e238d3 
sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in
Tomas Hozza 6d7e7f
Pavel Šimerda ade490 
%patch2 -p1
Tomas Hozza 6d7e7f
Paul Wouters bf7ee1 
# change default RSA key between deamon/control from 1536 to 3072
Paul Wouters bf7ee1 
sed -i "s/BITS=1536/BITS=3072/" dnssec-trigger-control-setup.sh.in
Tomas Hozza 6d7e7f 
# don't use DNSSEC for forward zones for now
Tomas Hozza 6d7e7f 
sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%build
Tomas Hozza 6d7e7f 
%configure  --with-keydir=/etc/dnssec-trigger --with-hooks=networkmanager
Paul Wouters 9fcdf7 
%{__make} %{?_smp_mflags}
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%install
Paul Wouters 9fcdf7 
rm -rf %{buildroot}
Paul Wouters 9fcdf7 
%{__make} DESTDIR=%{buildroot} install
Paul Wouters 9fcdf7 
install -d 0755 %{buildroot}%{_unitdir}
Tomas Hozza 6d7e7f 
install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
Paul Wouters 9fcdf7
Tomas Hozza f644e8 
mkdir -p %{buildroot}%{_libexecdir}
Tomas Hozza f644e8
Paul Wouters 9fcdf7 
desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop
Paul Wouters e238d3
Tomas Hozza 937e23 
# install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir
Tomas Hozza 937e23 
mkdir -p %{buildroot}%{_tmpfilesdir}
Tomas Hozza 6d7e7f 
install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf
Tomas Hozza 937e23 
# we must create the /var/run/dnssec-trigger directory
Tomas Hozza 937e23 
mkdir -p %{buildroot}%{_localstatedir}/run
Tomas Hozza 937e23 
install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
Tomas Hozza 937e23
Paul Wouters e238d3 
# supress the panel name everywhere including the gnome3 panel at the bottom
Paul Wouters e238d3 
ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger
Paul Wouters 9fcdf7
Adam Tkac b1de64 
# Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-*
Adam Tkac b1de64 
# executables
Adam Tkac b1de64 
for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do
Adam Tkac b1de64 
    ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8
Adam Tkac b1de64 
done
Adam Tkac 776946 
ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8
Adam Tkac b1de64
Paul Wouters 9fcdf7 
%clean
Paul Wouters 9fcdf7 
rm -rf ${RPM_BUILD_ROOT}
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%files
Paul Wouters 9fcdf7 
%defattr(-,root,root,-)
Paul Wouters 9fcdf7 
%doc README LICENSE
Paul Wouters 9fcdf7 
%{_unitdir}/%{name}d.service
Paul Wouters 9fcdf7 
%{_unitdir}/%{name}d-keygen.service
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
Tomas Hozza 6d7e7f 
%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger
Tomas Hozza aadb7c 
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnssec.conf
Paul Wouters 9fcdf7 
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf
Paul Wouters 9fcdf7 
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop
Tomas Hozza 937e23 
%dir %{_localstatedir}/run/%{name}
Tomas Hozza 937e23 
%{_tmpfilesdir}/%{name}.conf
Paul Wouters 9fcdf7 
%{_bindir}/dnssec-trigger-panel
Paul Wouters e238d3 
%{_bindir}/dnssec-trigger
Paul Wouters 9fcdf7 
%{_sbindir}/dnssec-trigger*
Tomas Hozza 6d7e7f 
%{_libexecdir}/dnssec-trigger-script
Paul Wouters 9fcdf7 
%{_mandir}/*/*
Paul Wouters 9fcdf7 
%attr(0755,root,root) %dir %{_datadir}/%{name}
Paul Wouters 9fcdf7 
%attr(0644,root,root) %{_datadir}/%{name}/*
Paul Wouters 9fcdf7 
%attr(0644,root,root) %{_datadir}/applications/dnssec-trigger-panel.desktop
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%post
Tomas Hozza 346967 
%systemd_post %{name}d.service
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%preun
Tomas Hozza 346967 
%systemd_preun %{name}d.service
Tomas Hozza 346967 
# Package removal, not upgrade
Paul Wouters 9fcdf7 
if [ "$1" -eq "0" ] ; then
Paul Wouters 9fcdf7 
    # dnssec-triggerd makes /etc/resolv.conf immutable, undo that on removal
Paul Wouters 9fcdf7 
    chattr -i /etc/resolv.conf
Paul Wouters 9fcdf7 
fi
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%postun
Tomas Hozza 346967 
%systemd_postun_with_restart %{name}d.service
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
%changelog
Pavel Šimerda 52f40b 
* Fri Jun 20 2014 Pavel Šimerda <psimerda@redhat.com> - 0.12-5
Pavel Šimerda 52f40b 
- Related: #842455 - remove a patch that is now redundant
Pavel Šimerda 52f40b
Pavel Šimerda 654266 
* Fri Jun 20 2014 Pavel Šimerda <psimerda@redhat.com> - 0.12-4
Pavel Šimerda 654266 
- update dnssec-trigger-script to current development submitted upstream
Pavel Šimerda 654266
Pavel Šimerda 8d298e 
* Wed Jun 18 2014 Pavel Šimerda <psimerda@redhat.com> - 0.12-3
Pavel Šimerda 8d298e 
- Resolves: #1105896 - the new script doesn't call dnssec-trigger-control submit
Pavel Šimerda 8d298e
Pavel Šimerda ade490 
* Fri Jun 06 2014 Pavel Šimerda <psimerda@redhat.com> - 0.12-2
Pavel Šimerda ade490 
- fix various dnssec-trigger-script issues
Pavel Šimerda ade490
Tomas Hozza 6d7e7f 
* Fri May 23 2014 Tomas Hozza <thozza@redhat.com> - 0.12-1
Tomas Hozza 6d7e7f 
- Update to 0.12 version
Tomas Hozza 6d7e7f 
- Drop merged patches
Tomas Hozza 6d7e7f 
- Drop downstream files (systemd, dispatcher scripts)
Tomas Hozza 6d7e7f
Paul Wouters bf7ee1 
* Tue May 13 2014 Paul Wouters <pwouters@redhat.com> - 0.11-21
Paul Wouters bf7ee1 
- Enable full hardening (includig PIE)
Paul Wouters bf7ee1 
- Resolves: rhbz#1045689 dnssec-trigger creates long-time RSA key with inappropriate size
Paul Wouters bf7ee1
Tomas Hozza 53f4b3 
* Wed Feb 19 2014 Tomas Hozza <thozza@redhat.com> - 0.11-20
Tomas Hozza 53f4b3 
- Restart NM on dnssec-trigger shutdown (let NM handle the resolv.conf content)
Tomas Hozza 53f4b3 
- HN-hook: Handle situation when connection does not have a device
Tomas Hozza 53f4b3
Tomas Hozza aadb7c 
* Wed Jan 29 2014 Tomas Hozza <thozza@redhat.com> - 0.11-19
Tomas Hozza aadb7c 
- Use new Python dispatcher script and ship /etc/dnssec.conf
Tomas Hozza aadb7c
Tomas Hozza 346967 
* Tue Jan 28 2014 Tomas Hozza <thozza@redhat.com> - 0.11-18
Tomas Hozza 346967 
- Use systemd macros instead of directly calling systemctl
Tomas Hozza 346967 
- simplify the systemd unit file for generating keys
Tomas Hozza 346967
Tomas Hozza f644e8 
* Thu Nov 21 2013 Tomas Hozza <thozza@redhat.com> - 0.11-17
Tomas Hozza f644e8 
- Add script to backup and restore resolv.conf on dnssec-trigger start/stop
Tomas Hozza f644e8
Tomas Hozza 0eaf1d 
* Mon Nov 18 2013 Tomas Hozza <thozza@redhat.com> - 0.11-16
Tomas Hozza 0eaf1d 
- Improve GUI dialogs texts
Tomas Hozza 0eaf1d
Tomas Hozza 19d33f 
* Tue Nov 12 2013 Tomas Hozza <thozza@redhat.com> - 0.11-15
Tomas Hozza 19d33f 
- Fix NM dispatcher script to work with NM >= 0.9.9.0 (#1029571)
Tomas Hozza 19d33f
Tomas Hozza d4b16b 
* Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 0.11-14
Tomas Hozza d4b16b 
- Fix errors found by static analysis of source
Tomas Hozza d4b16b
Tomas Hozza 937e23 
* Fri Aug 09 2013 Tomas Hozza <thozza@redhat.com> - 0.11-13
Tomas Hozza 937e23 
- Use improved NM dispatcher script from upstream
Tomas Hozza 937e23 
- Added tmpfiles.d config due to improved NM dispatcher script
Tomas Hozza 937e23
Dennis Gilmore 896902 
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11-12
Dennis Gilmore 896902 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
Dennis Gilmore 896902
Adam Tkac 776946 
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-11
Adam Tkac 776946 
- link dnssec-trigger.conf.8 to dnssec-trigger.8
Adam Tkac 776946 
- build dnssec-triggerd with full RELRO
Adam Tkac 776946
Adam Tkac 97cbe6 
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-10
Adam Tkac 97cbe6 
- remove deprecated "Application" keyword from desktop file
Adam Tkac 97cbe6
Adam Tkac b1de64 
* Mon Mar 04 2013 Adam Tkac <atkac redhat com> - 0.11-9
Adam Tkac b1de64 
- install various dnssec-trigger-* symlinks to dnssec-trigger.8 manpage
Adam Tkac b1de64
Dennis Gilmore eb41f3 
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11-8
Dennis Gilmore eb41f3 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
Dennis Gilmore eb41f3
Paul Wouters a73e54 
* Tue Jan 08 2013 Paul Wouters <pwouters@redhat.com> - 0.11-7
Paul Wouters a73e54 
- Use full path for systemd (rhbz#842455)
Paul Wouters a73e54
Paul Wouters faf862 
* Tue Jul 24 2012 Paul Wouters <pwouters@redhat.com> - 0.11-6
Paul Wouters faf862 
- Patched daemon to remove immutable attr (rhbz#842455) as the
Paul Wouters faf862 
  systemd ExecStopPost= target does not seem to work
Paul Wouters faf862
Paul Wouters 637203 
* Tue Jul 24 2012 Paul Wouters <pwouters@redhat.com> - 0.11-5
Paul Wouters 637203 
- On service stop, remove immutable attr from resolv.conf (rhbz#842455)
Paul Wouters 637203
Dennis Gilmore 5ccedd 
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11-4
Dennis Gilmore 5ccedd 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
Dennis Gilmore 5ccedd
Paul Wouters ee2493 
* Thu Jun 28 2012 Paul Wouters <pwouters@redhat.com> - 0.11-3
Paul Wouters ee2493 
- Fix DHCP hook for f17+ version of nmcli (rhbz#835298)
Paul Wouters ee2493
Paul Wouters 2e3ab8 
* Sun Jun 17 2012 Paul Wouters <pwouters@redhat.com> - 0.11-2
Paul Wouters 2e3ab8 
- Small textual changes to some popup windows
Paul Wouters 2e3ab8
Paul Wouters 7ac9ae 
* Fri Jun 15 2012 Paul Wouters <pwouters@redhat.com> - 0.11-1
Paul Wouters 7ac9ae 
- Updated to 0.11
Paul Wouters 7ac9ae 
- http Hotspot detection via fedoraproject.org/static/hotspot.html
Paul Wouters 7ac9ae 
- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org
Paul Wouters 7ac9ae
Paul Wouters 60e54d 
* Thu Feb 23 2012 Paul Wouters <pwouters@redhat.com> - 0.10-4
Paul Wouters 60e54d 
- Require: unbound
Paul Wouters 60e54d
Paul Wouters 1fa86d 
* Wed Feb 22 2012 Paul Wouters <pwouters@redhat.com> - 0.10-3
Paul Wouters 1fa86d 
- Fix the systemd startup to require unbound
Paul Wouters 1fa86d 
- dnssec-triggerd no longer forks, giving systemd more control
Paul Wouters 1b22d5 
- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service
Paul Wouters e238d3 
- Fix tcp80 entries in dnssec-triggerd.conf
Paul Wouters e238d3 
- symlink dnssec-trigger-panel to dnssec-trigger to supress the
Paul Wouters e238d3 
  "-panel" in the applet name shown in gnome3
Paul Wouters 1fa86d
Paul Wouters 60e54d
Paul Wouters 3851aa 
* Wed Feb 22 2012 Paul Wouters <pwouters@redhat.com> - 0.10-2
Paul Wouters 3851aa 
- The NM hook was not modified at the right time during build
Paul Wouters 3851aa
Paul Wouters c12723 
* Wed Feb 22 2012 Paul Wouters <pwouters@redhat.com> - 0.10-1
Paul Wouters 3b755a 
- Updated to 0.10
Paul Wouters 3b755a 
- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot
Paul Wouters 3b755a
Paul Wouters 82d6ee 
* Wed Feb 08 2012 Paul Wouters <pwouters@redhat.com> - 0.9-4
Paul Wouters 82d6ee 
- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted
Paul Wouters 82d6ee
Paul Wouters 9fcdf7 
* Mon Feb 06 2012 Paul Wouters <pwouters@redhat.com> - 0.9-3
Paul Wouters 9fcdf7 
- Convert from SysV to systemd for initial Fedora release
Paul Wouters 9fcdf7 
- Moved configs and pem files to /etc/dnssec-trigger/
Paul Wouters 9fcdf7 
- No more /var/run/dnssec-triggerd/
Paul Wouters 9fcdf7 
- Fix Build-requires
Paul Wouters 9fcdf7 
- Added commented tls443 port80 entries of pwouters resolvers
Paul Wouters 9fcdf7 
- On uninstall ensure there is no immutable bit on /etc/resolv.conf
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
* Sat Jan 07 2012 Paul Wouters <paul@xelerance.com> - 0.9-2
Paul Wouters 9fcdf7 
- Added LICENCE to doc section
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
* Mon Dec 19 2011 Paul Wouters <paul@xelerance.com> - 0.9-1
Paul Wouters 9fcdf7 
- Upgraded to 0.9
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
* Fri Oct 28 2011 Paul Wouters <paul@xelerance.com> - 0.7-1
Paul Wouters 9fcdf7 
- Upgraded to 0.7
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
* Fri Sep 23 2011 Paul Wouters <paul@xelerance.com> - 0.4-1
Paul Wouters 9fcdf7 
- Upgraded to 0.4
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
* Sat Sep 17 2011 Paul Wouters <paul@xelerance.com> - 0.3-5
Paul Wouters 9fcdf7 
- Start 01-dnssec-trigger-hook in daemon start
Paul Wouters 9fcdf7 
- Ensure dnssec-triggerd starts after NetworkManager
Paul Wouters 9fcdf7
Paul Wouters 9fcdf7 
* Fri Sep 16 2011 Paul Wouters <paul@xelerance.com> - 0.3-4
Paul Wouters 9fcdf7 
- Initial package

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation