diff --git a/.dnssec-trigger.metadata b/.dnssec-trigger.metadata new file mode 100644 index 0000000..b9d76c5 --- /dev/null +++ b/.dnssec-trigger.metadata @@ -0,0 +1 @@ +3e67ed39b936ce8297fb3888c09c1dba6e86c2ad SOURCES/dnssec-trigger-0.11.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/01-dnssec-trigger-hook b/SOURCES/01-dnssec-trigger-hook new file mode 100755 index 0000000..f6c7d2a --- /dev/null +++ b/SOURCES/01-dnssec-trigger-hook @@ -0,0 +1,98 @@ +#!/bin/sh +# +# NetworkManager trigger for in dispatcher.d +# config items +alias unbound-control="/usr/sbin/unbound-control" +alias dnssec-trigger-control="/usr/sbin/dnssec-trigger-control" +alias pidof="/usr/sbin/pidof" +alias nmcli="/usr/bin/nmcli" + +state_dir="/var/run/dnssec-trigger" +validate_forward_zones="no" + +# implementation +ifname="$1" +action="$2" +domains="" +nameservers="" +global_nameservers="" +conn_zones_file="$state_dir/$CONNECTION_UUID" + +################################################################ +# get domains and nameservers if provided by connection going up +case "$action" in + "vpn-up" ) + domains="`echo $VPN_IP4_DOMAINS $VPN_IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`" + nameservers="`echo $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS`" + ;; + "up" ) + domains="`echo $IP4_DOMAINS $IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`" + nameservers="`echo $IP4_NAMESERVERS $IP6_NAMESERVERS`" + ;; +esac + +######################### +# get global nameservers +if [ -x "`which $nmcli 2>&1`" ]; then + global_nameservers="`$nmcli -f IP4,IP6 dev list | fgrep 'DNS' | awk '{print $2;}'`" +else + global_nameservers="`nm-tool | grep 'DNS:' | awk '{print $2;}'`" +fi +# fix whitespaces +global_nameservers="`echo $global_nameservers`" + + +############################################################ +# configure global nameservers using dnssec-trigger-control +if [ -n "`pidof dnssec-triggerd`" ] ; then + dnssec-trigger-control submit "$global_nameservers" &> /dev/null + logger "dnssec-trigger-hook(networkmanager) $ifname $action added global DNS $global_nameservers" +else + logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added global DNS - dnssec-triggerd is not running" +fi + +###################################################### +# add forward zones into unbound using unbound-control +if [ -n "`pidof unbound`" ]; then + if [ -r "$conn_zones_file" ]; then + for domain in `cat $conn_zones_file`; do + # Remove forward zone from unbound + if [ "$validate_forward_zones" == "no" ]; then + unbound-control forward_remove +i $domain &> /dev/null + else + unbound-control forward_remove $domain &> /dev/null + fi + unbound-control flush_zone $domain &> /dev/null + unbound-control flush_requestlist &> /dev/null + + logger "dnssec-trigger-hook(networkmanager) $ifname $action removed forward DNS zone $domain" + done + + # Remove file with zones for this connection + rm -f $conn_zones_file &> /dev/null + fi + + if [ "$action" == "vpn-up" ] || [ "$action" == "up" ]; then + if [ -n "$domains" ]; then + for domain in $domains; do + # Add forward zone into unbound + if [ "$validate_forward_zones" == "no" ]; then + unbound-control forward_add +i $domain $nameservers &> /dev/null + else + unbound-control forward_add $domain $nameservers &> /dev/null + fi + unbound-control flush_zone $domain &> /dev/null + unbound-control flush_requestlist &> /dev/null + + # Create zone info file + echo $domain >> $conn_zones_file + + logger "dnssec-trigger-hook(networkmanager) $ifname $action added forward DNS zone $domain $nameservers" + done + fi + fi +else + logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added forward DNS zone(s) - unbound is not running" +fi + +exit 0 diff --git a/SOURCES/dnssec-trigger-0.11-coverity_scan.patch b/SOURCES/dnssec-trigger-0.11-coverity_scan.patch new file mode 100644 index 0000000..30a70e3 --- /dev/null +++ b/SOURCES/dnssec-trigger-0.11-coverity_scan.patch @@ -0,0 +1,39 @@ +From b6e3deeef71a78c575d6e169d007956c02abc5da Mon Sep 17 00:00:00 2001 +From: wouter +Date: Mon, 26 Aug 2013 08:41:03 +0000 +Subject: [PATCH] - Fix#522: Errors found by static analysis of source from + Tomas Hozza. + +git-svn-id: http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk@649 14dc9c71-5cc2-e011-b339-0019d10b89f4 +--- + riggerd/riggerd.c | 1 + + riggerd/update.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/riggerd/riggerd.c b/riggerd/riggerd.c +index dc61216..ef46691 100644 +--- a/riggerd/riggerd.c ++++ b/riggerd/riggerd.c +@@ -110,6 +110,7 @@ static RETSIGTYPE record_sigh(int sig) + #ifdef SIGHUP + case SIGHUP: + sig_reload = 1; ++ /* fall through and exit commbase with reload boolean set */ + #endif + case SIGTERM: + #ifdef SIGQUIT +diff --git a/riggerd/update.c b/riggerd/update.c +index 437f981..dff5380 100644 +--- a/riggerd/update.c ++++ b/riggerd/update.c +@@ -573,6 +573,7 @@ selfupdate_write_file(struct selfupdate* se, struct http_get* hg) + out)) { + log_err("cannot write to file %s: %s", se->download_file, + strerror(errno)); ++ fclose(out); + goto fail; + } + fclose(out); +-- +1.8.3.1 + diff --git a/SOURCES/dnssec-trigger-0.11-gui.patch b/SOURCES/dnssec-trigger-0.11-gui.patch new file mode 100644 index 0000000..7b638e1 --- /dev/null +++ b/SOURCES/dnssec-trigger-0.11-gui.patch @@ -0,0 +1,40 @@ +diff -Naur dnssec-trigger-0.11-orig/panel/pui.xml dnssec-trigger-0.11/panel/pui.xml +--- dnssec-trigger-0.11-orig/panel/pui.xml 2012-03-29 09:48:23.000000000 -0400 ++++ dnssec-trigger-0.11/panel/pui.xml 2012-06-17 12:07:03.806278004 -0400 +@@ -17,7 +17,9 @@ + True + False + Some networks need insecure signon. After you log in to the +-network via its portal page, select <i>Reprobe</i> to get secure again. ++network via its portal page, the network will be secured again ++automatically. You can also select <i>Reprobe</i> to attempt to ++force it to go into secure mode. + + <i>Please, stay safe out there.</i> + True +@@ -81,7 +83,7 @@ + + False + 5 +- No Web Access ++ Web traffic hijacked + dialog + True + +@@ -138,12 +140,12 @@ + + True + False +- There is no web access on this network. Do you have to login for that? ++ The web traffic on this network is being hijacked. Is this a hotspot? + +-While you login you are <i>insecure</i>, for backwards compatibility, until +-dnssec-trigger can detect web access. ++While you login you are <i>insecure</i>, until the traffic hijacking has ++stopped and dnssec-trigger has detected regular web access. + +-<i>Skip</i> this if you do not have to log in on this network. ++<i>Skip</i> if you are not logging into a hotspot right now . + True + + diff --git a/SOURCES/dnssec-trigger-0.11-nl489.patch b/SOURCES/dnssec-trigger-0.11-nl489.patch new file mode 100644 index 0000000..7af6ab3 --- /dev/null +++ b/SOURCES/dnssec-trigger-0.11-nl489.patch @@ -0,0 +1,12 @@ +diff -up dnssec-trigger-0.11/panel/dnssec-trigger-panel.desktop.in.nl489 dnssec-trigger-0.11/panel/dnssec-trigger-panel.desktop.in +--- dnssec-trigger-0.11/panel/dnssec-trigger-panel.desktop.in.nl489 2013-03-04 18:48:38.606852783 +0100 ++++ dnssec-trigger-0.11/panel/dnssec-trigger-panel.desktop.in 2013-03-04 18:48:46.838834610 +0100 +@@ -8,7 +8,7 @@ Comment=Shows DNS state and warning dial + Exec=0bindir0/dnssec-trigger + Icon=0uidir0/status-icon.png + Terminal=false +-Categories=Application;Utility; ++Categories=Utility; + X-KDE-StartupNotify=false + StartupNotify=false + diff --git a/SOURCES/dnssec-trigger-842455.patch b/SOURCES/dnssec-trigger-842455.patch new file mode 100644 index 0000000..c92cc6c --- /dev/null +++ b/SOURCES/dnssec-trigger-842455.patch @@ -0,0 +1,10 @@ +--- dnssec-trigger-0.11-orig/riggerd/riggerd.c 2012-07-24 10:27:43.638865272 -0400 ++++ dnssec-trigger-0.11/riggerd/riggerd.c 2012-07-24 10:51:39.910814143 -0400 +@@ -298,6 +298,7 @@ + so that during the reboot there is no window of opportunity */ + if(svr->insecure_state) + hook_resolv_localhost(cfg); ++ hook_resolv_uninstall(cfg); /* we want to remove immutable flag on TERM when systemd signals us */ + unlink_pid(cfg->pidfile); + log_info("%s stop", PACKAGE_STRING); + svr_delete(svr); diff --git a/SOURCES/dnssec-trigger.conf b/SOURCES/dnssec-trigger.conf new file mode 100644 index 0000000..619756d --- /dev/null +++ b/SOURCES/dnssec-trigger.conf @@ -0,0 +1,84 @@ +# Fedora/EPEL version of dnssec-trigger.conf + +# logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail. +# verbosity: 1 + +# pidfile location +pidfile: "/var/run/dnssec-triggerd.pid" + +# log to a file instead of syslog, default is to syslog +# logfile: "/var/log/dnssec-trigger.log" + +# log to syslog, or (log to to stderr or a logfile if specified). yes or no. +# use-syslog: yes + +# chroot to this directory +# chroot: "" + +# the unbound-control binary if not found in PATH. +# commandline options can be appended "unbound-control -c my.conf" if you wish. +# unbound-control: "/usr/sbin/unbound-control" + +# where is resolv.conf to edit. +# resolvconf: "/etc/resolv.conf" + +# the domain example.com line (if any) to add to resolv.conf(5). default none. +# domain: "" + +# domain name search path to add to resolv.conf(5). default none. +# the search path from DHCP is not picked up, it could be used to misdirect. +# search: "" + +# the command to run to open login pages on hot spots, a web browser. +# empty string runs no command. +# login-command: "xdg-open" + +# the url to open to get hot spot login, it gets overridden by the hotspot. +login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger" +# should to be a ttl=0 entry + +# do not perform actions (unbound-control or resolv.conf), for a dry-run. +# noaction: no + +# port number to use for probe daemon. +# port: 8955 + +# keys and certificates generated by the dnssec-trigger-keygen systemd service +# (which called dnssec-trigger-control-setup) +server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key" +server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem" +control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key" +control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" + +# check for updates, download and ask to install them (for Windows, OSX). +# check-updates: no + +# webservers that are probed to see if internet access is possible. +# They serve a simple static page over HTTP port 80. It probes a random url: +# after a space is the content expected on the page, (the page can contain +# whitespace before and after this code). Without urls it skips http probes. + +# provided by NLnetLabs +# It is provided on a best effort basis, with no service guarantee. +url: "http://ster.nlnetlabs.nl/hotspot.txt OK" + +# fallback open DNSSEC resolvers that run on TCP port 80 and TCP port 443. +# the ssl443 adds an ssl server IP, if you specify a hash it is checked, put +# the following on one line: ssl443: +# hash is output of openssl x509 -sha256 -fingerprint -in server.pem +# You can add more with extra config lines. + +# provided by Paul Wouters (pwouters@redhat.com) +# It is provided on a best effort basis, with no service guarantee. +# tcp80: 193.110.157.123 +# tcp80: 2001:888:2003:1004::123 +# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 +# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 + +# provided by NLnetLabs (www.nlnetlabs.nl) +# It is provided on a best effort basis, with no service guarantee. +tcp80: 213.154.224.3 +tcp80: 2001:7b8:206:1:bb:: +ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F + diff --git a/SOURCES/dnssec-trigger.tmpfiles.d b/SOURCES/dnssec-trigger.tmpfiles.d new file mode 100644 index 0000000..000d918 --- /dev/null +++ b/SOURCES/dnssec-trigger.tmpfiles.d @@ -0,0 +1 @@ +d /var/run/dnssec-trigger 0755 root root - diff --git a/SOURCES/dnssec-triggerd-keygen.service b/SOURCES/dnssec-triggerd-keygen.service new file mode 100644 index 0000000..fcff223 --- /dev/null +++ b/SOURCES/dnssec-triggerd-keygen.service @@ -0,0 +1,15 @@ +[Unit] +Description=dnssec-triggerd Control Key And Certificate Generator +After=syslog.target +Before=dnssec-triggerd.service +ConditionPathExists=!/etc/dnssec-trigger/dnssec_trigger_control.key + +[Service] +Type=oneshot +#Group=dnssec-trigger +ExecStart=/usr/sbin/dnssec-trigger-control-setup -d /etc/dnssec-trigger/ +ExecStart=/sbin/restorecon /etc/dnssec-trigger/* +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/dnssec-triggerd.service b/SOURCES/dnssec-triggerd.service new file mode 100644 index 0000000..bc8fcd8 --- /dev/null +++ b/SOURCES/dnssec-triggerd.service @@ -0,0 +1,20 @@ +[Unit] +Description=Reconfigure local DNS(SEC) resolver on network change +After=syslog.target network.target +After=dnssec-triggerd-keygen.service +Wants=dnssec-triggerd-keygen.service +After=unbound.service +Wants=unbound.service + +[Service] +Type=simple +Restart=always +#EnvironmentFile=-/etc/sysconfig/dnssec-trigger +ExecStart=/usr/sbin/dnssec-triggerd -d +ExecStartPost=/etc/NetworkManager/dispatcher.d/01-dnssec-trigger-hook +RestartSec=0 +ExecStopPost=/usr/bin/chattr -i /etc/resolv.conf + +[Install] +WantedBy=multi-user.target +Alias=dnssec-trigger.service diff --git a/SPECS/dnssec-trigger.spec b/SPECS/dnssec-trigger.spec new file mode 100644 index 0000000..9b893b7 --- /dev/null +++ b/SPECS/dnssec-trigger.spec @@ -0,0 +1,227 @@ +Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving +Name: dnssec-trigger +Version: 0.11 +Release: 14%{?dist} +License: BSD +Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/ +Source: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz +Source1:dnssec-triggerd.service +Source2: dnssec-triggerd-keygen.service +Source3: dnssec-trigger.conf +# Latest NM dispatcher hook from upstream SVN +# http://www.nlnetlabs.nl/svn/dnssec-trigger/trunk/01-dnssec-trigger-hook.sh.in +Source4: 01-dnssec-trigger-hook +Source5: dnssec-trigger.tmpfiles.d +Patch1: dnssec-trigger-0.11-gui.patch +Patch2: dnssec-trigger-842455.patch +# https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=489 +Patch3: dnssec-trigger-0.11-nl489.patch +Patch4: dnssec-trigger-0.11-coverity_scan.patch + +Requires(postun): initscripts +Requires: ldns >= 1.6.10, NetworkManager, unbound, xdg-utils +Requires(pre): shadow-utils +BuildRequires: desktop-file-utils systemd-units, openssl-devel, ldns-devel +BuildRequires: gtk2-devel, NetworkManager-devel + +Requires(post): systemd-sysv +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +%description +dnssec-trigger reconfigures the local unbound DNS server. This unbound DNS +server performs DNSSEC validation, but dnssec-trigger will signal it to +use the DHCP obtained forwarders if possible, and fallback to doing its +own AUTH queries if that fails, and if that fails prompt the user via +dnssec-trigger-applet the option to go with insecure DNS only. + +%prep +%setup -q +# Fixup the name to not include "panel" in the menu item or name +sed -i "s/ Panel//" panel/dnssec-trigger-panel.desktop.in +sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in +# NM has no /usr/sbin in path +sed -i "s/^dnssec-trigger-control/\/usr\/sbin\/dnssec-trigger-control/" 01-dnssec-trigger-hook.sh.in +# change some text in the popups +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 + +%build +export LDFLAGS="$LDFLAGS -Wl,-z,now" + +%configure --with-keydir=/etc/dnssec-trigger +%{__make} %{?_smp_mflags} + +%install +rm -rf %{buildroot} +%{__make} DESTDIR=%{buildroot} install +install -d 0755 %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}d.service +install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}d-keygen.service +install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/ + +desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop + +# overwrite the stock NM hook since there is new one in upstream SVN that has not been released yet +cp -p %{SOURCE4} %{buildroot}/%{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook + +# install the configuration for /var/run/dnssec-trigger into tmpfiles.d dir +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE5} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}.conf +# we must create the /var/run/dnssec-trigger directory +mkdir -p %{buildroot}%{_localstatedir}/run +install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name} + +# supress the panel name everywhere including the gnome3 panel at the bottom +ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger + +# Make dnssec-trigger.8 manpage available under names of all dnssec-trigger-* +# executables +for all in dnssec-trigger-control dnssec-trigger-control-setup dnssec-triggerd; do + ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/"$all".8 +done +ln -s %{_mandir}/man8/dnssec-trigger.8 %{buildroot}/%{_mandir}/man8/dnssec-trigger.conf.8 + +%clean +rm -rf ${RPM_BUILD_ROOT} + +%files +%defattr(-,root,root,-) +%doc README LICENSE +%{_unitdir}/%{name}d.service +%{_unitdir}/%{name}d-keygen.service + +%attr(0755,root,root) %dir %{_sysconfdir}/%{name} +%attr(0755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-dnssec-trigger-hook +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop +%dir %{_localstatedir}/run/%{name} +%{_tmpfilesdir}/%{name}.conf +%{_bindir}/dnssec-trigger-panel +%{_bindir}/dnssec-trigger +%{_sbindir}/dnssec-trigger* +%{_mandir}/*/* +%attr(0755,root,root) %dir %{_datadir}/%{name} +%attr(0644,root,root) %{_datadir}/%{name}/* +%attr(0644,root,root) %{_datadir}/applications/dnssec-trigger-panel.desktop + + +%post +# Enable (but don't start) the units by default + /bin/systemctl enable %{name}d.service >/dev/null 2>&1 || : + /bin/systemctl enable %{name}d-keygen.service >/dev/null 2>&1 || : + + +%preun +if [ "$1" -eq "0" ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable %{name}d.service > /dev/null 2>&1 || : + /bin/systemctl --no-reload disable %{name}d-keygen.service > /dev/null 2>&1 || : + /bin/systemctl stop %{name}d.service >/dev/null 2>&1 || : + /bin/systemctl stop %{name}d-keygen.service >/dev/null 2>&1 || : + # dnssec-triggerd makes /etc/resolv.conf immutable, undo that on removal + chattr -i /etc/resolv.conf +fi + +%postun + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%changelog +* Mon Aug 26 2013 Tomas Hozza - 0.11-14 +- Fix errors found by static analysis of source + +* Fri Aug 09 2013 Tomas Hozza - 0.11-13 +- Use improved NM dispatcher script from upstream (#980036) +- Added tmpfiles.d config due to improved NM dispatcher script + +* Mon Jul 22 2013 Tomas Hozza - 0.11-12 +- Removed Fedora infrastructure from dnssec-trigger.conf (#955149) + +* Mon Mar 04 2013 Adam Tkac - 0.11-11 +- link dnssec-trigger.conf.8 to dnssec-trigger.8 +- build dnssec-triggerd with full RELRO + +* Mon Mar 04 2013 Adam Tkac - 0.11-10 +- remove deprecated "Application" keyword from desktop file + +* Mon Mar 04 2013 Adam Tkac - 0.11-9 +- install various dnssec-trigger-* symlinks to dnssec-trigger.8 manpage + +* Wed Feb 13 2013 Fedora Release Engineering - 0.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jan 08 2013 Paul Wouters - 0.11-7 +- Use full path for systemd (rhbz#842455) + +* Tue Jul 24 2012 Paul Wouters - 0.11-6 +- Patched daemon to remove immutable attr (rhbz#842455) as the + systemd ExecStopPost= target does not seem to work + +* Tue Jul 24 2012 Paul Wouters - 0.11-5 +- On service stop, remove immutable attr from resolv.conf (rhbz#842455) + +* Wed Jul 18 2012 Fedora Release Engineering - 0.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Paul Wouters - 0.11-3 +- Fix DHCP hook for f17+ version of nmcli (rhbz#835298) + +* Sun Jun 17 2012 Paul Wouters - 0.11-2 +- Small textual changes to some popup windows + +* Fri Jun 15 2012 Paul Wouters - 0.11-1 +- Updated to 0.11 +- http Hotspot detection via fedoraproject.org/static/hotspot.html +- http Hotspot Login page via uses hotspot-nocache.fedoraproject.org + +* Thu Feb 23 2012 Paul Wouters - 0.10-4 +- Require: unbound + +* Wed Feb 22 2012 Paul Wouters - 0.10-3 +- Fix the systemd startup to require unbound +- dnssec-triggerd no longer forks, giving systemd more control +- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service +- Fix tcp80 entries in dnssec-triggerd.conf +- symlink dnssec-trigger-panel to dnssec-trigger to supress the + "-panel" in the applet name shown in gnome3 + + +* Wed Feb 22 2012 Paul Wouters - 0.10-2 +- The NM hook was not modified at the right time during build + +* Wed Feb 22 2012 Paul Wouters - 0.10-1 +- Updated to 0.10 +- The NM hook lacks /usr/sbin in path, resulting in empty resolv.conf on hotspot + +* Wed Feb 08 2012 Paul Wouters - 0.9-4 +- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted + +* Mon Feb 06 2012 Paul Wouters - 0.9-3 +- Convert from SysV to systemd for initial Fedora release +- Moved configs and pem files to /etc/dnssec-trigger/ +- No more /var/run/dnssec-triggerd/ +- Fix Build-requires +- Added commented tls443 port80 entries of pwouters resolvers +- On uninstall ensure there is no immutable bit on /etc/resolv.conf + +* Sat Jan 07 2012 Paul Wouters - 0.9-2 +- Added LICENCE to doc section + +* Mon Dec 19 2011 Paul Wouters - 0.9-1 +- Upgraded to 0.9 + +* Fri Oct 28 2011 Paul Wouters - 0.7-1 +- Upgraded to 0.7 + +* Fri Sep 23 2011 Paul Wouters - 0.4-1 +- Upgraded to 0.4 + +* Sat Sep 17 2011 Paul Wouters - 0.3-5 +- Start 01-dnssec-trigger-hook in daemon start +- Ensure dnssec-triggerd starts after NetworkManager + +* Fri Sep 16 2011 Paul Wouters - 0.3-4 +- Initial package