Include TLS certificates in named-chroot

Create /etc/pki/tls directory in chroot and mount /etc/pki/tls/cert.pem file into the chroot. Even though the that file is symlink, mount during chroot setup will resolve it correctly. Resolves: rhbz#2196699
2023-05-13 02:03:47 +02:00 · 2023-05-13 02:03:47 +02:00 · 849d565cea
parent fd4193618b
commit 849d565cea
2 changed files with 3 additions and 1 deletions
--- a/bind9-next.spec
+++ b/bind9-next.spec
@ -34,7 +34,7 @@
 %global        bind_dir          /var/named
 %global        chroot_prefix     %{bind_dir}/chroot
 %global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
-                                         %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
+                                         %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,pki/tls,named} \\\
                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4

 %global forgeurl0 https://gitlab.isc.org/isc-projects/bind9
@ -913,6 +913,7 @@ fi;
 %dir %{chroot_prefix}%{_sysconfdir}/named
 %dir %{chroot_prefix}%{_sysconfdir}/pki
 %dir %{chroot_prefix}%{_sysconfdir}/pki/dnssec-keys
+%dir %{chroot_prefix}%{_sysconfdir}/pki/tls
 %dir %{chroot_prefix}%{_sysconfdir}/crypto-policies
 %dir %{chroot_prefix}%{_sysconfdir}/crypto-policies/back-ends
 %dir %{chroot_prefix}%{_localstatedir}
--- a/named-chroot.files
+++ b/named-chroot.files
@ -13,6 +13,7 @@
 /etc/services
 /etc/named.dnssec.keys
 /etc/pki/dnssec-keys
+/etc/pki/tls/cert.pem
 /etc/named
 /usr/lib64/bind
 /usr/lib/bind