diff --git a/dnssec-trigger.conf b/dnssec-trigger.conf index c25d7c8..b728884 100644 --- a/dnssec-trigger.conf +++ b/dnssec-trigger.conf @@ -49,17 +49,25 @@ control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" # hash is output of openssl x509 -sha256 -fingerprint -in server.pem # You can add more with extra config lines. -# provided by fedoraproject.org -# Soon :) - -# provided by Paul Wouters (pwouters at Fedora/RedHat) +# Provided by fedoraproject.org, #fedora-admin +# It is provided on a best effort basis, with no service guarantee. +ssl443: 80.239.156.220 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 80.239.156.220 +ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 66.35.62.163 +ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 152.19.134.150 +ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 +tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 + +# provided by Paul Wouters (pwouters@redhat.com) # It is provided on a best effort basis, with no service guarantee. -# tcp80: 193.110.157.123 -# tcp80: 2001:888:2003:1004::123 -# ssl443: 193.110.157.123 AF:E3:D3:12:01:3B:58:51:42:23:99:46:9C:9F:A0:34:FE:C9:34:0A:27:E9:DF:32:26:8A:65:08:8B:64:5F:08 -# ssl443: 2001:888:2003:1004::123 AF:E3:D3:12:01:3B:58:51:42:23:99:46:9C:9F:A0:34:FE:C9:34:0A:27:E9:DF:32:26:8A:65:08:8B:64:5F:08 +# tcp80: 193.110.157.123 +# tcp80: 2001:888:2003:1004::123 +# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 +# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 -# provided by NLnetLabs +# provided by NLnetLabs (www.nlnetlabs.nl) # It is provided on a best effort basis, with no service guarantee. # tcp80: 213.154.224.3 # tcp80: 2001:7b8:206:1:bb:: diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec index ac00081..a63e84e 100644 --- a/dnssec-trigger.spec +++ b/dnssec-trigger.spec @@ -1,7 +1,7 @@ Summary: NetworkManager plugin to update/reconfigure DNSSEC resolving Name: dnssec-trigger -Version: 0.9 -Release: 3%{?dist} +Version: 0.10 +Release: 1%{?dist} License: BSD Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/ Source: http://www.nlnetlabs.nl/downloads/dnssec-trigger/%{name}-%{version}.tar.gz @@ -28,12 +28,15 @@ dnssec-trigger-applet the option to go with insecure DNS only. %prep %setup -q +# Fixup the name to not include "panel" in the menu item or name +sed -i "s/ Panel//" panel/dnssec-trigger-panel.desktop.in +sed -i "s/-panel//" panel/dnssec-trigger-panel.desktop.in +# NM has no /usr/sbin in path +sed -i "s/^dnssec-trigger-control/\/usr\/sbin\/dnssec-trigger-control/" 01-dnssec-trigger-hook.sh.in %build %configure --with-keydir=/etc/dnssec-trigger %{__make} %{?_smp_mflags} -# Fixup the name to not include "Panel" in the menu item -sed -i "s/ Panel//" dnssec-trigger-panel.desktop %install rm -rf %{buildroot} @@ -45,6 +48,9 @@ install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/ desktop-file-install --dir=%{buildroot}%{_datadir}/applications dnssec-trigger-panel.desktop +# supress the panel name everywhere including the gnome3 panel at the bottom +ln -s dnssec-trigger-panel %{buildroot}%{_bindir}/dnssec-trigger + %clean rm -rf ${RPM_BUILD_ROOT} @@ -59,6 +65,7 @@ rm -rf ${RPM_BUILD_ROOT} %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dnssec-trigger.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/dnssec-trigger-panel.desktop %{_bindir}/dnssec-trigger-panel +%{_bindir}/dnssec-trigger %{_sbindir}/dnssec-trigger* %{_mandir}/*/* %attr(0755,root,root) %dir %{_datadir}/%{name} @@ -87,6 +94,17 @@ fi /bin/systemctl daemon-reload >/dev/null 2>&1 || : %changelog +* Thu Feb 23 2012 Paul Wouters - 0.10-1 +- The NM hook lacked /usr/sbin in path, resulting in empty + resolv.conf on hotspot +- Fire NM dispatcher in ExecStartPost of dnssec-triggerd.service +- Require: unbound +- Fix the systemd startup to require unbound +- dnssec-triggerd no longer forks, giving systemd more control +- symlink dnssec-trigger-panel to dnssec-trigger to supress the + "-panel" in the applet name shown in gnome3 +- Updated tls443 / tls80 resolver instances supplied by Fedora Hosted + * Mon Feb 06 2012 Paul Wouters - 0.9-3 - Convert from SysV to systemd for initial Fedora release - Moved configs and pem files to /etc/dnssec-trigger/ diff --git a/dnssec-triggerd.service b/dnssec-triggerd.service index 5251e99..4d2a2c7 100644 --- a/dnssec-triggerd.service +++ b/dnssec-triggerd.service @@ -3,12 +3,16 @@ Description=Reconfigure local DNS(SEC) resolver on network change After=syslog.target network.target After=dnssec-triggerd-keygen.service Wants=dnssec-triggerd-keygen.service +After=unbound.service +Wants=unbound.service [Service] -Type=forking PIDFile=/var/run/dnssec-triggerd.pid #EnvironmentFile=-/etc/sysconfig/dnssec-trigger -ExecStart=/usr/sbin/dnssec-triggerd +ExecStart=/usr/sbin/dnssec-triggerd -d +ExecStartPost=/etc/NetworkManager/dispatcher.d/01-dnssec-trigger-hook +Restart=always +RestartSec=0 [Install] WantedBy=multi-user.target