From 849d565ceabbe87e49c735061f7c99fde6307c88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Sat, 13 May 2023 02:03:47 +0200
Subject: [PATCH] Include TLS certificates in named-chroot

Create /etc/pki/tls directory in chroot and mount /etc/pki/tls/cert.pem
file into the chroot. Even though the that file is symlink, mount during
chroot setup will resolve it correctly.

Resolves: rhbz#2196699
---
 bind9-next.spec    | 3 ++-
 named-chroot.files | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/bind9-next.spec b/bind9-next.spec
index ce1b86d..22ec0e1 100644
--- a/bind9-next.spec
+++ b/bind9-next.spec
@@ -34,7 +34,7 @@
 %global        bind_dir          /var/named
 %global        chroot_prefix     %{bind_dir}/chroot
 %global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
-                                         %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
+                                         %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,pki/tls,named} \\\
                                          %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
 
 %global forgeurl0 https://gitlab.isc.org/isc-projects/bind9
@@ -913,6 +913,7 @@ fi;
 %dir %{chroot_prefix}%{_sysconfdir}/named
 %dir %{chroot_prefix}%{_sysconfdir}/pki
 %dir %{chroot_prefix}%{_sysconfdir}/pki/dnssec-keys
+%dir %{chroot_prefix}%{_sysconfdir}/pki/tls
 %dir %{chroot_prefix}%{_sysconfdir}/crypto-policies
 %dir %{chroot_prefix}%{_sysconfdir}/crypto-policies/back-ends
 %dir %{chroot_prefix}%{_localstatedir}
diff --git a/named-chroot.files b/named-chroot.files
index 08c21b2..c186664 100644
--- a/named-chroot.files
+++ b/named-chroot.files
@@ -13,6 +13,7 @@
 /etc/services
 /etc/named.dnssec.keys
 /etc/pki/dnssec-keys
+/etc/pki/tls/cert.pem
 /etc/named
 /usr/lib64/bind
 /usr/lib/bind