From bae6343bb9e32046663c36b13839a0b771a99f6c Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Jun 29 2012 17:32:45 +0000 Subject: Merge branch 'f17' into f16 Conflicts: .gitignore dnssec-trigger.conf dnssec-trigger.spec sources --- diff --git a/.gitignore b/.gitignore index d0f0d1d..4685046 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -/dnssec-trigger-0.9.tar.gz -/dnssec-trigger-0.10.tar.gz +/dnssec-trigger-0.11.tar.gz diff --git a/01-dnssec-trigger-hook-nm-0.9.4 b/01-dnssec-trigger-hook-nm-0.9.4 new file mode 100755 index 0000000..85a8837 --- /dev/null +++ b/01-dnssec-trigger-hook-nm-0.9.4 @@ -0,0 +1,22 @@ +#!/bin/sh +# +# NetworkManager trigger for in dispatcher.d +# config items +nmcli="nmcli" + +# implementation +ifname="$1" +action="$2" + +# get ips from NetworkManager +if test -x "`which $nmcli 2>&1`"; then +ips="`$nmcli -f IP4,IP6 dev list | fgrep 'DNS' | awk '{print $2;}'`" +else +ips="`nm-tool | grep 'DNS:' | awk '{print $2;}'`" +fi +# fix whitespace +ips=`echo $ips` + +logger "dnssec-trigger-hook(networkmanager) $ifname $action DNS $ips" +/usr/sbin/dnssec-trigger-control submit "$ips" +exit 0 diff --git a/dnssec-trigger-0.11-gui.patch b/dnssec-trigger-0.11-gui.patch new file mode 100644 index 0000000..7b638e1 --- /dev/null +++ b/dnssec-trigger-0.11-gui.patch @@ -0,0 +1,40 @@ +diff -Naur dnssec-trigger-0.11-orig/panel/pui.xml dnssec-trigger-0.11/panel/pui.xml +--- dnssec-trigger-0.11-orig/panel/pui.xml 2012-03-29 09:48:23.000000000 -0400 ++++ dnssec-trigger-0.11/panel/pui.xml 2012-06-17 12:07:03.806278004 -0400 +@@ -17,7 +17,9 @@ + True + False + Some networks need insecure signon. After you log in to the +-network via its portal page, select <i>Reprobe</i> to get secure again. ++network via its portal page, the network will be secured again ++automatically. You can also select <i>Reprobe</i> to attempt to ++force it to go into secure mode. + + <i>Please, stay safe out there.</i> + True +@@ -81,7 +83,7 @@ + + False + 5 +- No Web Access ++ Web traffic hijacked + dialog + True + +@@ -138,12 +140,12 @@ + + True + False +- There is no web access on this network. Do you have to login for that? ++ The web traffic on this network is being hijacked. Is this a hotspot? + +-While you login you are <i>insecure</i>, for backwards compatibility, until +-dnssec-trigger can detect web access. ++While you login you are <i>insecure</i>, until the traffic hijacking has ++stopped and dnssec-trigger has detected regular web access. + +-<i>Skip</i> this if you do not have to log in on this network. ++<i>Skip</i> if you are not logging into a hotspot right now . + True + + diff --git a/dnssec-trigger.conf b/dnssec-trigger.conf index b728884..b7ee8f2 100644 --- a/dnssec-trigger.conf +++ b/dnssec-trigger.conf @@ -1,5 +1,4 @@ -# config for dnssec-trigger 0.9. -# this is a comment. there must be one statement per line. +# Fedora/EPEL version of dnssec-trigger.conf # logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. # verbosity: 1 @@ -30,6 +29,15 @@ pidfile: "/var/run/dnssec-triggerd.pid" # the search path from DHCP is not picked up, it could be used to misdirect. # search: "" +# the command to run to open login pages on hot spots, a web browser. +# empty string runs no command. +# login-command: "xdg-open" + +# the url to open to get hot spot login, it gets overridden by the hotspot. +# login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" +# should to be a ttl=0 entry +login-location: "http://hotspot-nocache.fedoraproject.org/" + # do not perform actions (unbound-control or resolv.conf), for a dry-run. # noaction: no @@ -43,6 +51,21 @@ server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" +# check for updates, download and ask to install them (for Windows, OSX). +# check-updates: no + +# webservers that are probed to see if internet access is possible. +# They serve a simple static page over HTTP port 80. It probes a random url: +# after a space is the content expected on the page, (the page can contain +# whitespace before and after this code). Without urls it skips http probes. + +# provided by NLnetLabs +# It is provided on a best effort basis, with no service guarantee. +# url: "http://ster.nlnetlabs.nl/hotspot.txt OK" + +# provided by FedoraProject +url: "http://fedoraproject.org/static/hotspot.txt OK" + # fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. # the ssl443 adds an ssl server IP, if you specify a hash it is checked, put # the following on one line: ssl443: diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec index 1150058..ea51c08 100644 --- a/dnssec-trigger.spec +++ b/dnssec-trigger.spec @@ -1,15 +1,17 @@ Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving Name: dnssec-trigger -Version: 0.10 -Release: 4%{?dist} +Version: 0.11 +Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/ Source: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz Source1:dnssec-triggerd.service Source2: dnssec-triggerd-keygen.service Source3: dnssec-trigger.conf +Source4: 01-dnssec-trigger-hook-nm-0.9.4 +Patch1: dnssec-trigger-0.11-gui.patch Requires(postun): initscripts -Requires: ldns >= 1.6.10, NetworkManager, unbound +Requires: ldns >= 1.6.10, NetworkManager >= 0.9.4, unbound, xdg-utils Requires(pre): shadow-utils BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel BuildRequires: gtk2-devel, NetworkManager-devel @@ -33,6 +35,8 @@ sed -i "s/ Panel//" panel/dnssec-trigger-panel.desktop.in sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in # NM has no /usr/sbin in path sed -i "s/^dnssec-trigger-control/\/usr\/sbin\/dnssec-trigger-control/" 01-dnssec-trigger-hook.sh.in +# change some text in the popups +%patch1 -p1 %build %configure --with-keydir=/etc/dnssec-trigger @@ -48,6 +52,9 @@ install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/ desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop +# overwrite the stock dhcp hook, as nmcli syntax changed on nm 0.9.[34] +cp -p %{SOURCE4} %{buildroot}/%{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook + # supress the panel name everywhere including the gnome3 panel at the bottom ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger @@ -94,26 +101,25 @@ fi /bin/systemctl daemon-reload >/dev/null 2>&1 || : %changelog -* Thu Feb 23 2012 Paul Wouters - 0.10-4 +* Fri Jun 29 2012 Paul Wouters - 0.11-1 +- Updated to 0.11 +- Fix DHCP hook for nm > 0.9.3 version of nmcli (rhbz#835298) +- Small textual changes to some popup windows +- http Hotspot detection via fedoraproject.org/static/hotspot.html +- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org + +* Fri Mar 23 2012 Paul Wouters - 0.10-4 +- Bump for EVR + +* Thu Feb 23 2012 Paul Wouters - 0.10-1 +- The NM hook lacked /usr/sbin in path, resulting in empty + resolv.conf on hotspot +- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service - Require: unbound - -* Wed Feb 22 2012 Paul Wouters - 0.10-3 - Fix the systemd startup to require unbound - dnssec-triggerd no longer forks, giving systemd more control -- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service -- Fix tcp80 entries in dnssec-triggerd.conf - symlink dnssec-trigger-panel to dnssec-trigger to supress the "-panel" in the applet name shown in gnome3 - - -* Wed Feb 22 2012 Paul Wouters - 0.10-2 -- The NM hook was not modified at the right time during build - -* Wed Feb 22 2012 Paul Wouters - 0.10-1 -- Updated to 0.10 -- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot - -* Wed Feb 08 2012 Paul Wouters - 0.9-4 - Updated tls443 / tls80 resolver instances supplied by Fedora Hosted * Mon Feb 06 2012 Paul Wouters - 0.9-3 diff --git a/sources b/sources index 2450a48..3131e3d 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -7c4b5b9e0060b47da6e08cfbe64e3563 dnssec-trigger-0.9.tar.gz -c978126c1a5f40a6022e459e30c87550 dnssec-trigger-0.10.tar.gz +7efb79cb5813b1fab10c4a9518810431 dnssec-trigger-0.11.tar.gz