Import some data from bind branch bind9-dev
Imports commit 7e1db866748aef3c07657e0761b19aec6de9bf6f
This commit is contained in:
parent
9ba673cd0e
commit
990ae7c669
|
@ -0,0 +1,116 @@
|
|||
bind-9.7.1-P2.tar.gz
|
||||
config-8.tar.bz2
|
||||
bind-9.7.2b1.tar.gz
|
||||
/config-8.tar.bz2
|
||||
/bind-9.7.2rc1.tar.gz
|
||||
/bind-9.7.2.tar.gz
|
||||
/bind-9.7.2-P2.tar.gz
|
||||
/bind-9.7.2-P3.tar.gz
|
||||
/bind-9.7.3b1.tar.gz
|
||||
/bind-9.7.3rc1.tar.gz
|
||||
/bind-9.7.3.tar.gz
|
||||
/bind-9.8.0rc1.tar.gz
|
||||
/bind-9.8.0.tar.gz
|
||||
/bind-9.8.0-P1.tar.gz
|
||||
/bind-9.8.0-P2.tar.gz
|
||||
/bind-9.8.0-P4.tar.gz
|
||||
/bind-9.8.1rc1.tar.gz
|
||||
/bind-9.8.1.tar.gz
|
||||
/bind-9.9.0b1.tar.gz
|
||||
/bind-9.9.0b2.tar.gz
|
||||
/bind-9.9.0rc1.tar.gz
|
||||
/bind-9.9.0rc2.tar.gz
|
||||
/bind-9.9.0.tar.gz
|
||||
/bind-9.9.1.tar.gz
|
||||
/bind-9.9.1-P1.tar.gz
|
||||
/bind-9.9.1-P2.tar.gz
|
||||
/bind-9.9.1-P3.tar.gz
|
||||
/bind-9.9.2.tar.gz
|
||||
/bind-9.9.2-P1.tar.gz
|
||||
/config-9.tar.bz2
|
||||
/config-10.tar.bz2
|
||||
/bind-9.9.2-P2.tar.gz
|
||||
/bind-9.9.3rc1.tar.gz
|
||||
/config-11.tar.bz2
|
||||
/bind-9.9.3rc2.tar.gz
|
||||
/bind-9.9.3.tar.gz
|
||||
/bind-9.9.3-P1.tar.gz
|
||||
/bind-9.9.4b1.tar.gz
|
||||
/bind-9.9.4rc1.tar.gz
|
||||
/bind-9.9.4rc2.tar.gz
|
||||
/bind-9.9.4.tar.gz
|
||||
/config-12.tar.bz2
|
||||
/bind-9.9.5b1.tar.gz
|
||||
/bind-9.9.5rc2.tar.gz
|
||||
/bind-9.9.5.tar.gz
|
||||
/bind-9.9.5-P1.tar.gz
|
||||
/bind-9.9.6.tar.gz
|
||||
/bind-9.9.6-P1.tar.gz
|
||||
/bind-9.10.1b2.tar.gz
|
||||
/bind-9.10.1.tar.gz
|
||||
/bind-9.10.1-P1.tar.gz
|
||||
/bind-9.10.2rc1.tar.gz
|
||||
/bind-9.10.2rc2.tar.gz
|
||||
/bind-9.10.2.tar.gz
|
||||
/config-13.tar.bz2
|
||||
/config-14.tar.bz2
|
||||
/bind-9.10.2-P1.tar.gz
|
||||
/bind-9.10.2-P2.tar.gz
|
||||
/bind-9.10.2-P3.tar.gz
|
||||
/bind-9.10.3rc1.tar.gz
|
||||
/bind-9.10.3.tar.gz
|
||||
/bind-9.10.3-P2.tar.gz
|
||||
/config-15.tar.bz2
|
||||
/bind-9.10.3-P3.tar.gz
|
||||
/bind-9.10.3-P4.tar.gz
|
||||
/bind-9.10.4-P1.tar.gz
|
||||
/bind-9.10.4-P2.tar.gz
|
||||
/bind-9.10.4-P3.tar.gz
|
||||
/bind-9.10.4-P4.tar.gz
|
||||
/bind-9.11.0-P1.tar.gz
|
||||
/bind-9.11.0-P2.tar.gz
|
||||
/bind-9.11.0-P3.tar.gz
|
||||
/bind-9.11.0-P5.tar.gz
|
||||
/config-16.tar.bz2
|
||||
/bind-9.11.1-P1.tar.gz
|
||||
/bind-9.11.1-P2.tar.gz
|
||||
/bind-9.11.1-P3.tar.gz
|
||||
/bind-9.11.2b1.tar.gz
|
||||
/bind-9.11.2.tar.gz
|
||||
/config-17.tar.bz2
|
||||
/bind-9.11.2-P1.tar.gz
|
||||
/bind-9.11.3b1.tar.gz
|
||||
/bind-9.11.3.tar.gz
|
||||
/config-18.tar.bz2
|
||||
/bind-9.11.4rc1.tar.gz
|
||||
/bind-9.11.4.tar.gz
|
||||
/bind-9.11.4-P1.tar.gz
|
||||
/bind-9.11.4-P2.tar.gz
|
||||
/bind-9.11.5.tar.gz
|
||||
/bind-9.11.5-P1.tar.gz
|
||||
/config-19.tar.bz2
|
||||
/bind-9.11.5-P4.tar.gz
|
||||
/bind-9.11.6.tar.gz
|
||||
/bind-9.11.6-P1.tar.gz
|
||||
/bind-9.14.4.tar.gz
|
||||
/bind-9.11.7.tar.gz
|
||||
/bind-9.11.8.tar.gz
|
||||
/bind-9.11.9.tar.gz
|
||||
/bind-9.11.10.tar.gz
|
||||
/bind-9.11.11.tar.gz
|
||||
/bind-9.11.12.tar.gz
|
||||
/bind-9.11.13.tar.gz
|
||||
/bind-9.11.13.tar.gz.asc
|
||||
/bind-9.11.14.tar.gz
|
||||
/bind-9.11.14.tar.gz.asc
|
||||
/bind-9.16.1.tar.xz
|
||||
/bind-9.16.1.tar.xz.asc
|
||||
/bind-9.17.0.tar.xz
|
||||
/bind-9.17.0.tar.xz.asc
|
||||
/bind-9.17.4.tar.xz
|
||||
/bind-9.17.4.tar.xz.asc
|
||||
/bind-9.17.15.tar.xz
|
||||
/bind-9.17.15.tar.xz.asc
|
||||
/bind-9.17.20.tar.xz
|
||||
/bind-9.17.20.tar.xz.asc
|
||||
/isc-logo.pdf
|
|
@ -0,0 +1,12 @@
|
|||
= Changes in BIND9 package =
|
||||
|
||||
== 9.14 ==
|
||||
|
||||
- single thread support removed. Cannot provide bind-export-libs for DHCP
|
||||
- lwres support completely removed. Both daemon and library
|
||||
- common parts of daemon moved into libns shared library
|
||||
- introduced plugin for filtering aaaa responses
|
||||
- some SDB utilities no longer supported
|
||||
|
||||
=== 9.14.7 ===
|
||||
[notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
34
README.md
34
README.md
|
@ -1,3 +1,33 @@
|
|||
# bind9-next
|
||||
# BIND 9
|
||||
|
||||
The bind9-next package
|
||||
[BIND (Berkeley Internet Name Domain)](https://www.isc.org/downloads/bind/doc/) is a complete, highly portable
|
||||
implementation of the DNS (Domain Name System) protocol.
|
||||
|
||||
Internet Systems Consortium
|
||||
([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
|
||||
corporation dedicated to providing software and services in support of the
|
||||
Internet infrastructure, developed BIND 9 and is responsible for its
|
||||
ongoing maintenance and improvement.
|
||||
|
||||
More details about upstream project can be found on their
|
||||
[gitlab](https://gitlab.isc.org/isc-projects/bind9). This repository contains
|
||||
only upstream sources and packaging instructions for
|
||||
[Fedora Project](https://fedoraproject.org).
|
||||
|
||||
## Subpackages
|
||||
|
||||
The package contains several subpackages, some of them can be disabled on rebuild.
|
||||
|
||||
* **bind** -- *named* daemon providing DNS server
|
||||
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
|
||||
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
|
||||
* **bind-license** -- Shared license for all packages but bind-export-libs.
|
||||
* **bind-libs** -- Shared libraries used by some others programs
|
||||
* **bind-devel** -- Development headers for libs. Can be disabled by `--without DEVEL`
|
||||
|
||||
|
||||
## Optional features
|
||||
|
||||
* *GSSTSIG* -- Support for Kerberos authentication in BIND.
|
||||
* *LMDB* -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
|
||||
* *DLZ* -- Support for dynamic loaded modules providing support for features *bind-sdb* provides, but only small module is required.
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
diff --git a/bin/named-sdb/Makefile.in b/bin/named-sdb/Makefile.in
|
||||
index 1894830..445182a 100644
|
||||
--- a/bin/named-sdb/Makefile.in
|
||||
+++ b/bin/named-sdb/Makefile.in
|
||||
@@ -34,10 +34,10 @@ top_srcdir = @top_srcdir@
|
||||
#
|
||||
# Add database drivers here.
|
||||
#
|
||||
-DBDRIVER_OBJS = ldapdb.@O@ pgsqldb.@O@ dirdb.@O@
|
||||
-DBDRIVER_SRCS = ldapdb.c pgsqldb.c dirdb.c
|
||||
+DBDRIVER_OBJS = ldapdb.@O@ pgsqldb.@O@ sqlitedb.@O@ dirdb.@O@
|
||||
+DBDRIVER_SRCS = ldapdb.c pgsqldb.c sqlitedb.c dirdb.c
|
||||
DBDRIVER_INCLUDES =
|
||||
-DBDRIVER_LIBS = -lldap -llber -lpq
|
||||
+DBDRIVER_LIBS = -lldap -llber -lsqlite3 -lpq
|
||||
|
||||
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
|
||||
|
||||
diff --git a/bin/sdb_tools/Makefile.in b/bin/sdb_tools/Makefile.in
|
||||
index 7f3c5e2..b1bca66 100644
|
||||
--- a/bin/sdb_tools/Makefile.in
|
||||
+++ b/bin/sdb_tools/Makefile.in
|
||||
@@ -32,11 +32,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
|
||||
LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
|
||||
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
|
||||
|
||||
-TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@
|
||||
+TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@
|
||||
|
||||
-OBJS = zone2ldap.@O@ zonetodb.@O@
|
||||
+OBJS = zone2ldap.@O@ zonetodb.@O@ zone2sqlite.@O@
|
||||
|
||||
-SRCS = zone2ldap.c zonetodb.c
|
||||
+SRCS = zone2ldap.c zonetodb.c zone2sqlite.c
|
||||
|
||||
MANPAGES = zone2ldap.1
|
||||
|
||||
@@ -50,6 +50,9 @@ zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS}
|
||||
zonetodb@EXEEXT@: zonetodb.@O@ ${DEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zonetodb.@O@ -lpq ${LIBS}
|
||||
|
||||
+zone2sqlite@EXEEXT@: zone2sqlite.@O@ ${DEPLIBS}
|
||||
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ zone2sqlite.@O@ -lsqlite3 -lssl ${LIBS}
|
||||
+
|
||||
clean distclean manclean maintainer-clean::
|
||||
rm -f ${TARGETS} ${OBJS}
|
||||
|
||||
@@ -60,4 +63,5 @@ installdirs:
|
||||
install:: ${TARGETS} installdirs
|
||||
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
|
|
@ -0,0 +1,18 @@
|
|||
diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c
|
||||
index d56bc56..99c3314 100644
|
||||
--- a/bin/sdb_tools/zone2ldap.c
|
||||
+++ b/bin/sdb_tools/zone2ldap.c
|
||||
@@ -817,11 +817,11 @@ build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone)
|
||||
}
|
||||
|
||||
|
||||
- strlcat (dn, tmp, sizeof (dn));
|
||||
+ strncat (dn, tmp, sizeof (dn) - strlen (dn));
|
||||
}
|
||||
|
||||
sprintf (tmp, "dc=%s", dc_list[0]);
|
||||
- strlcat (dn, tmp, sizeof (dn));
|
||||
+ strncat (dn, tmp, sizeof (dn) - strlen (dn));
|
||||
|
||||
fflush(NULL);
|
||||
return dn;
|
|
@ -0,0 +1,65 @@
|
|||
From 2b0dce163a119f5f62eb4428b485f7575f321d6f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 11:54:03 +0200
|
||||
Subject: [PATCH] Allow explicit disabling of autodisabled MD5
|
||||
|
||||
Default security policy might include explicitly disabled RSAMD5
|
||||
algorithm. Current FIPS code automatically disables in FIPS mode. But if
|
||||
RSAMD5 is included in security policy, it fails to start, because that
|
||||
algorithm is not recognized. Allow it disabled, but fail on any
|
||||
other usage.
|
||||
---
|
||||
bin/named/server.c | 4 ++--
|
||||
lib/bind9/check.c | 4 ++++
|
||||
lib/dns/rcode.c | 1 +
|
||||
3 files changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index ee23f10..22a5c01 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -1689,12 +1689,12 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
|
||||
r.length = strlen(r.base);
|
||||
|
||||
result = dns_secalg_fromtext(&alg, &r);
|
||||
- if (result != ISC_R_SUCCESS) {
|
||||
+ if (result != ISC_R_SUCCESS && result != ISC_R_DISABLED) {
|
||||
uint8_t ui;
|
||||
result = isc_parse_uint8(&ui, r.base, 10);
|
||||
alg = ui;
|
||||
}
|
||||
- if (result != ISC_R_SUCCESS) {
|
||||
+ if (result != ISC_R_SUCCESS && result != ISC_R_DISABLED) {
|
||||
cfg_obj_log(cfg_listelt_value(element), named_g_lctx,
|
||||
ISC_LOG_ERROR, "invalid algorithm");
|
||||
CHECK(result);
|
||||
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
|
||||
index f49a346..dbf9ddb 100644
|
||||
--- a/lib/bind9/check.c
|
||||
+++ b/lib/bind9/check.c
|
||||
@@ -317,6 +317,10 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) {
|
||||
r.length = strlen(r.base);
|
||||
|
||||
tresult = dns_secalg_fromtext(&alg, &r);
|
||||
+ if (tresult == ISC_R_DISABLED) {
|
||||
+ // Recognize disabled algorithms, disable it explicitly
|
||||
+ tresult = ISC_R_SUCCESS;
|
||||
+ }
|
||||
if (tresult != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(cfg_listelt_value(element), logctx,
|
||||
ISC_LOG_ERROR, "invalid algorithm '%s'",
|
||||
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
|
||||
index 327248e..78adf63 100644
|
||||
--- a/lib/dns/rcode.c
|
||||
+++ b/lib/dns/rcode.c
|
||||
@@ -152,6 +152,7 @@ static struct tbl rcodes[] = { RCODENAMES ERCODENAMES };
|
||||
static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES };
|
||||
static struct tbl certs[] = { CERTNAMES };
|
||||
static struct tbl secalgs[] = { SECALGNAMES };
|
||||
+static struct tbl md5_secalgs[] = { MD5_SECALGNAMES };
|
||||
static struct tbl secprotos[] = { SECPROTONAMES };
|
||||
static struct tbl hashalgs[] = { HASHALGNAMES };
|
||||
static struct tbl dsdigests[] = { DSDIGESTNAMES };
|
||||
--
|
||||
2.21.1
|
||||
|
|
@ -0,0 +1,922 @@
|
|||
From 0e06aaa5fdd3a537d9646801082c569dbeda4ac3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Squashed commit of the following:
|
||||
|
||||
commit 09e5eb48698d4fef2fc1031870de86c553b6bfaa
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 20:35:13 2018 +0100
|
||||
|
||||
Fix nsupdate test. Do not use md5 by default for rndc, skip gracefully md5 if not available.
|
||||
|
||||
commit ab303db70082db76ecf36493d0b82ef3e8750cad
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 18:11:10 2018 +0100
|
||||
|
||||
Changed root key to be RSASHA256
|
||||
|
||||
Change bad trusted key to be the same algorithm.
|
||||
|
||||
commit 88ab07c0e14cc71247e1f9d11a1ea832b64c1ee8
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 16:56:17 2018 +0100
|
||||
|
||||
Change used key to not use hmac-md5
|
||||
|
||||
Fix upforwd test, do not use hmac-md5
|
||||
|
||||
commit aec891571626f053acfb4d0a247240cbc21a84e9
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 15:54:11 2018 +0100
|
||||
|
||||
Increase bitsize of DSA key to pass FIPS 140-2 mode.
|
||||
|
||||
commit bca8e164fa0d9aff2f946b8b4eb0f1f7e0bf6696
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 15:41:08 2018 +0100
|
||||
|
||||
Fix tsig and rndc tests for disabled md5
|
||||
|
||||
Use hmac-sha256 instead of hmac-md5.
|
||||
|
||||
commit 0d314c1ab6151aa13574a21ad22f28d3b7f42a67
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 13:21:00 2018 +0100
|
||||
|
||||
Add md5 availability detection to featuretest
|
||||
|
||||
commit f389a918803e2853e4b55fed62765dc4a492e34f
|
||||
Author: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
|
||||
Change tests to not use hmac-md5 algorithms if not required
|
||||
|
||||
Use hmac-sha256 instead of default hmac-md5 for allow-query
|
||||
---
|
||||
bin/tests/system/acl/ns2/named1.conf.in | 4 +-
|
||||
bin/tests/system/acl/ns2/named2.conf.in | 4 +-
|
||||
bin/tests/system/acl/ns2/named3.conf.in | 6 +-
|
||||
bin/tests/system/acl/ns2/named4.conf.in | 4 +-
|
||||
bin/tests/system/acl/ns2/named5.conf.in | 4 +-
|
||||
bin/tests/system/acl/tests.sh | 32 ++++-----
|
||||
.../system/allow-query/ns2/named10.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named11.conf.in | 4 +-
|
||||
.../system/allow-query/ns2/named12.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named30.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named31.conf.in | 4 +-
|
||||
.../system/allow-query/ns2/named32.conf.in | 2 +-
|
||||
.../system/allow-query/ns2/named40.conf.in | 4 +-
|
||||
bin/tests/system/allow-query/tests.sh | 18 ++---
|
||||
bin/tests/system/catz/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/catz/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
||||
bin/tests/system/checkconf/good.conf | 2 +-
|
||||
bin/tests/system/feature-test.c | 14 ++++
|
||||
bin/tests/system/notify/ns5/named.conf.in | 6 +-
|
||||
bin/tests/system/notify/tests.sh | 6 +-
|
||||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/setup.sh | 6 +-
|
||||
bin/tests/system/nsupdate/tests.sh | 11 +++-
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 22 ++++---
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 65 ++++++++++++-------
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
32 files changed, 149 insertions(+), 106 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 60f22e1..249f672 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index ada97bc..f82d858 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 97684e4..de6a2e9 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -33,17 +33,17 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key three {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 462b3fa..994b35c 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index 728da58..8f00d09 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
||||
index a48f868..fab277b 100644
|
||||
--- a/bin/tests/system/acl/tests.sh
|
||||
+++ b/bin/tests/system/acl/tests.sh
|
||||
@@ -21,14 +21,14 @@ echo_i "testing basic ACL processing"
|
||||
# key "one" should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
|
||||
# any other key should be fine
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
copy_setports ns2/named2.conf.in ns2/named.conf
|
||||
@@ -38,18 +38,18 @@ sleep 5
|
||||
# prefix 10/8 should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# any other address should work, as long as it sends key "one"
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing nested ACL processing"
|
||||
@@ -61,31 +61,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# but only one or the other should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
@@ -96,7 +96,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
||||
# and other values? right out
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:three:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
|
||||
@@ -107,31 +107,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
- @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
+ @10.53.0.2 -b 10.53.0.3 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
index 7d43e36..f7b25f9 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
index 2952518..121557e 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
index 0c01071..ceabbb5 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
index 4c17292..9cd9d1f 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
index a2690a4..f488730 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
index a0708c8..51fa457 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
index 687768e..d24d6d2 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
@@ -14,12 +14,12 @@ acl accept { 10.53.0.2; };
|
||||
acl badaccept { 10.53.0.1; };
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
||||
index cdc970a..e06ede2 100644
|
||||
--- a/bin/tests/system/allow-query/tests.sh
|
||||
+++ b/bin/tests/system/allow-query/tests.sh
|
||||
@@ -181,7 +181,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key allowed - query allowed"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -194,7 +194,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -207,7 +207,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -340,7 +340,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key allowed - query allowed"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -353,7 +353,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -499,7 +499,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key allowed - query allowed"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -509,7 +509,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key not allowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -519,7 +519,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key disallowed - query refused"
|
||||
ret=0
|
||||
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||
index 1218669..e62715e 100644
|
||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||
@@ -61,5 +61,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
|
||||
index 3a017b1..5417463 100644
|
||||
--- a/bin/tests/system/catz/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns2/named.conf.in
|
||||
@@ -70,5 +70,5 @@ zone "catalog4.example" {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
index 21be03e..e57c308 100644
|
||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
/* Bad secret */
|
||||
key "badtsig" {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "jEdD+BPKg==";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index 2373425..7b87b04 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -268,6 +268,6 @@ dyndb "name" "library.so" {
|
||||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index 72c09ae..4095d92 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -14,6 +14,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#include <isc/md.h>
|
||||
#include <isc/net.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/util.h>
|
||||
@@ -129,6 +130,19 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
+ if (strcmp(argv[1], "--md5") == 0) {
|
||||
+ unsigned char digest[ISC_MAX_MD_SIZE];
|
||||
+ const unsigned char test[] = "test";
|
||||
+ unsigned int size = sizeof(digest);
|
||||
+
|
||||
+ if (isc_md(ISC_MD_MD5, test, sizeof(test),
|
||||
+ digest, &size) == ISC_R_SUCCESS) {
|
||||
+ return (0);
|
||||
+ } else {
|
||||
+ return (1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (strcmp(argv[1], "--ipv6only=no") == 0) {
|
||||
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||
int s;
|
||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||
index 1ee8df4..2b75d9a 100644
|
||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||
@@ -10,17 +10,17 @@
|
||||
*/
|
||||
|
||||
key "a" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "aaaaaaaaaaaaaaaaaaaa";
|
||||
};
|
||||
|
||||
key "b" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "bbbbbbbbbbbbbbbbbbbb";
|
||||
};
|
||||
|
||||
key "c" {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "cccccccccccccccccccc";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index e8a00ea..978082c 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -211,16 +211,16 @@ ret=0
|
||||
$NSUPDATE << EOF
|
||||
server 10.53.0.5 ${PORT}
|
||||
zone x21
|
||||
-key a aaaaaaaaaaaaaaaaaaaa
|
||||
+key hmac-sha256:a aaaaaaaaaaaaaaaaaaaa
|
||||
update add added.x21 0 in txt "test string"
|
||||
send
|
||||
EOF
|
||||
|
||||
for i in 1 2 3 4 5 6 7 8 9
|
||||
do
|
||||
- $DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
txt > dig.out.b.ns5.test$n || ret=1
|
||||
- $DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
||||
txt > dig.out.c.ns5.test$n || ret=1
|
||||
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
||||
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index b51e700..436c97d 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -37,7 +37,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha512;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index da6b3b4..c547e47 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -32,7 +32,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha512;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index be8c7f8..e465216 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -70,7 +70,11 @@ EOF
|
||||
|
||||
$TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
|
||||
|
||||
-$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
|
||||
+if $FEATURETEST --md5; then
|
||||
+ $TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
|
||||
+else
|
||||
+ echo -n > ns1/md5.key
|
||||
+fi
|
||||
$TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
|
||||
$TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
|
||||
$TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 88910f9..56c57db 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -822,7 +822,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ ALGS="md5 sha1 sha224 sha256 sha384 sha512"
|
||||
+else
|
||||
+ ALGS="sha1 sha224 sha256 sha384 sha512"
|
||||
+ echo_i "skipping disabled md5 algorithm"
|
||||
+fi
|
||||
+for alg in $ALGS; do
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -830,7 +837,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+for alg in $ALGS; do
|
||||
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||
index b7721a3..0204e4d 100644
|
||||
--- a/bin/tests/system/rndc/setup.sh
|
||||
+++ b/bin/tests/system/rndc/setup.sh
|
||||
@@ -45,7 +45,7 @@ make_key () {
|
||||
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
||||
}
|
||||
|
||||
-make_key 1 ${EXTRAPORT1} hmac-md5
|
||||
+$FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5
|
||||
make_key 2 ${EXTRAPORT2} hmac-sha1
|
||||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index df3ef3a..eaaffe6 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -348,15 +348,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
n=$((n+1))
|
||||
-echo_i "testing rndc with hmac-md5 ($n)"
|
||||
-ret=0
|
||||
-$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
-for i in 2 3 4 5 6
|
||||
-do
|
||||
- $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
||||
-done
|
||||
-if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
-status=$((status+ret))
|
||||
+if $FEATURETEST --md5
|
||||
+ echo_i "testing rndc with hmac-md5 ($n)"
|
||||
+ ret=0
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
+ for i in 2 3 4 5 6
|
||||
+ do
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
||||
+ done
|
||||
+ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
+ status=$((status+ret))
|
||||
+else
|
||||
+ echo_i "skipping rndc with hmac-md5 ($n)"
|
||||
+fi
|
||||
|
||||
n=$((n+1))
|
||||
echo_i "testing rndc with hmac-sha1 ($n)"
|
||||
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
index 3470c4f..cf539cd 100644
|
||||
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
@@ -21,10 +21,7 @@ options {
|
||||
notify no;
|
||||
};
|
||||
|
||||
-key "md5" {
|
||||
- secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
- algorithm hmac-md5;
|
||||
-};
|
||||
+# md5 key appended by setup.sh at the end
|
||||
|
||||
key "sha1" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
@@ -51,10 +48,7 @@ key "sha512" {
|
||||
algorithm hmac-sha512;
|
||||
};
|
||||
|
||||
-key "md5-trunc" {
|
||||
- secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
- algorithm hmac-md5-80;
|
||||
-};
|
||||
+# md5-trunc key appended by setup.sh at the end
|
||||
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index 3210f1b..5b5e992 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
+++ b/bin/tests/system/tsig/setup.sh
|
||||
@@ -14,3 +14,8 @@
|
||||
$SHELL clean.sh
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
+
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
||||
+fi
|
||||
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
||||
index a9bf42b..f95ee09 100644
|
||||
--- a/bin/tests/system/tsig/tests.sh
|
||||
+++ b/bin/tests/system/tsig/tests.sh
|
||||
@@ -25,20 +25,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
|
||||
status=0
|
||||
|
||||
-echo_i "fetching using hmac-md5 (old form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
-fi
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (old form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
|
||||
+ grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+ echo_i "fetching using hmac-md5 (new form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
+ grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+else
|
||||
+ echo_i "skipping using hmac-md5"
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1"
|
||||
@@ -86,12 +91,17 @@ fi
|
||||
# Truncated TSIG
|
||||
#
|
||||
#
|
||||
-echo_i "fetching using hmac-md5 (trunc)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
|
||||
-grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (trunc)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
|
||||
+ grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+else
|
||||
+ echo_i "skipping using hmac-md5 (trunc)"
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1 (trunc)"
|
||||
@@ -140,12 +150,17 @@ fi
|
||||
# Check for bad truncation.
|
||||
#
|
||||
#
|
||||
-echo_i "fetching using hmac-md5-80 (BADTRUNC)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
|
||||
-grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5-80 (BADTRUNC)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
|
||||
+ grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+else
|
||||
+ echo_i "skipping using hmac-md5-80 (BADTRUNC)"
|
||||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
index 3873c7c..b359a5a 100644
|
||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
key "update.example." {
|
||||
- algorithm "hmac-md5";
|
||||
+ algorithm "hmac-sha256";
|
||||
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
||||
index 2011b7f..052170e 100644
|
||||
--- a/bin/tests/system/upforwd/tests.sh
|
||||
+++ b/bin/tests/system/upforwd/tests.sh
|
||||
@@ -78,7 +78,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
|
||||
echo_i "updating zone (signed) ($n)"
|
||||
ret=0
|
||||
-$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
|
||||
+$NSUPDATE -y hmac-sha256:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
update add updated.example. 600 A 10.10.10.1
|
||||
update add updated.example. 600 TXT Foo
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
From fdfc8ad6a1069eea6b012972c972798003d58312 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Tue, 29 Jan 2019 18:07:44 +0100
|
||||
Subject: [PATCH] Fallback to ASCII on output IDN conversion error
|
||||
|
||||
It is possible dig used ACE encoded name in locale, which does not
|
||||
support converting it to unicode. Instead of fatal error, fallback to
|
||||
ACE name on output.
|
||||
|
||||
(cherry picked from commit 7f4cb8f9584597fea16de6557124ac8b1bd47440)
|
||||
|
||||
Modify idna test to fallback to ACE
|
||||
|
||||
Test valid A-label on input would be displayed as A-label on output if
|
||||
locale does not allow U-label.
|
||||
|
||||
(cherry picked from commit 4ce232f8605bdbe0594ebe5a71383c9d4e6f263b)
|
||||
|
||||
Emit warning on IDN output failure
|
||||
|
||||
Warning is emitted before any dig headers.
|
||||
|
||||
(cherry picked from commit 4b410038c531fbb902cd5fb83174eed1f06cb7d7)
|
||||
---
|
||||
bin/dig/dighost.c | 15 +++++++++++++--
|
||||
bin/tests/system/idna/tests.sh | 17 +++++++++++++++++
|
||||
2 files changed, 30 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
|
||||
index 73aaab8..375f99f 100644
|
||||
--- a/bin/dig/dighost.c
|
||||
+++ b/bin/dig/dighost.c
|
||||
@@ -4877,9 +4877,20 @@ idn_ace_to_locale(const char *from, char *to, size_t tolen) {
|
||||
*/
|
||||
res = idn2_to_unicode_8zlz(utf8_src, &tmp_str, 0);
|
||||
if (res != IDN2_OK) {
|
||||
- fatal("Cannot represent '%s' in the current locale (%s), "
|
||||
- "use +noidnout or a different locale",
|
||||
+ static bool warned = false;
|
||||
+
|
||||
+ res = idn2_to_ascii_8z(utf8_src, &tmp_str, 0);
|
||||
+ if (res != IDN2_OK) {
|
||||
+ fatal("Cannot represent '%s' "
|
||||
+ "in the current locale nor ascii (%s), "
|
||||
+ "use +noidnout or a different locale",
|
||||
from, idn2_strerror(res));
|
||||
+ } else if (!warned) {
|
||||
+ fprintf(stderr, ";; Warning: cannot represent '%s' "
|
||||
+ "in the current locale",
|
||||
+ tmp_str);
|
||||
+ warned = true;
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/bin/tests/system/idna/tests.sh b/bin/tests/system/idna/tests.sh
|
||||
index 7acb0fa..0269bcd 100644
|
||||
--- a/bin/tests/system/idna/tests.sh
|
||||
+++ b/bin/tests/system/idna/tests.sh
|
||||
@@ -244,6 +244,23 @@ idna_enabled_test() {
|
||||
idna_test "$text" "+idnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
|
||||
idna_test "$text" "+idnin +idnout" "xn--nxasmq6b.com" "βόλοσ.com."
|
||||
|
||||
+ # Test of valid A-label in locale that cannot display it
|
||||
+ #
|
||||
+ # +noidnout: The string is sent as-is to the server and the returned qname
|
||||
+ # is displayed in the same form.
|
||||
+ # +idnout: The string is sent as-is to the server and the returned qname
|
||||
+ # is displayed as the corresponding A-label.
|
||||
+ #
|
||||
+ # The "+[no]idnout" flag has no effect in these cases.
|
||||
+ text="Checking valid A-label in C locale"
|
||||
+ label="xn--nxasmq6b.com"
|
||||
+ LC_ALL=C idna_test "$text" "" "$label" "$label."
|
||||
+ LC_ALL=C idna_test "$text" "+noidnin +noidnout" "$label" "$label."
|
||||
+ LC_ALL=C idna_test "$text" "+noidnin +idnout" "$label" "$label."
|
||||
+ LC_ALL=C idna_test "$text" "+idnin +noidnout" "$label" "$label."
|
||||
+ LC_ALL=C idna_test "$text" "+idnin +idnout" "$label" "$label."
|
||||
+ LC_ALL=C idna_test "$text" "+noidnin +idnout" "$label" "$label."
|
||||
+
|
||||
|
||||
|
||||
# Tests of invalid A-labels
|
||||
--
|
||||
2.20.1
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
From 3466dfd7d44940821f195a36fceb0f1100f77c4e Mon Sep 17 00:00:00 2001
|
||||
From: Mark Andrews <marka@isc.org>
|
||||
Date: Tue, 5 Nov 2019 12:56:18 +1100
|
||||
Subject: [PATCH] The default geoip-directory should be
|
||||
<MAXMINDDB_PREFIX>/share/GeoIP
|
||||
|
||||
(cherry picked from commit fcd765a59db9b9a2b187448a90f3dbe6aa72fb84)
|
||||
(cherry picked from commit 7e79ebeebada6bcca81e8368eef72efbaae3c8c7)
|
||||
---
|
||||
bin/named/config.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bin/named/config.c b/bin/named/config.c
|
||||
index 833c1dc9d3..63da4b03f6 100644
|
||||
--- a/bin/named/config.c
|
||||
+++ b/bin/named/config.c
|
||||
@@ -72,7 +72,7 @@ options {\n\
|
||||
" files unlimited;\n"
|
||||
#endif
|
||||
#if defined(HAVE_GEOIP2) && !defined(WIN32)
|
||||
-" geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP2\";\n"
|
||||
+" geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n"
|
||||
#elif defined(HAVE_GEOIP2)
|
||||
" geoip-directory \".\";\n"
|
||||
#endif
|
||||
--
|
||||
2.20.1
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMooACgkQdLtrmky7
|
||||
PThv2RAAnXNLYTzXtH6ls29tRm5Hc+D6UaeqcWDNQ4BpkRVhrFxtukalGCi9mmB6
|
||||
NPJzFyXmaOW654pypCIuEgqJNFUpDtLzLzT7SUF+mhm+5plsaRSBnh4mq87l5KSp
|
||||
twODAPnfCJV+HBk5RmToLEstAbGQ7xEBTyQtZoFkY+V7zEFwENKiCvWsoSWOkYR3
|
||||
zXo3sKjc83HV9ShbW/mCtbZf5L0qlbrKOAzqJfAFMhNNJi8kMbmr/Zi2sIfN+Rhv
|
||||
g8HQo89Epv6r51yAdeED8idIX4rKjjcEtHrZeDmLdCcdHgSEj2sIlH92Joce6vL0
|
||||
S59A0rItIXm6fW8sz6WNpcj4tVtWYbIYjXZ4SPFNkaUrHv8cUekq+5vbI+v07Gh3
|
||||
2bhtDsDyTY5I1/AsY/EFmwkCAjUS00jZryBnuJpLB3v5JtUog4ek32yLBzPrqRBo
|
||||
1876j4nlXAia8mG0OgJNWZ0gHyUPe/TgfR8fQDLmHxHHlKrJNTEwY6bLW8jzFTX1
|
||||
zk510fI1K7J9tiQgf5wcBQ2h3EBlqzDNIJDovoATzLYIf0HKyVegh/vnQdtdEhUR
|
||||
1DzJAt3bsBfAP1AFfWPD/ACu5Zdm7SxY1wE/pjkwttDU3sRZqOfuwNBGeolu3cVN
|
||||
O9/h1zsyVeVS0ui2vu4+V4EvNitmXsVbG2doDq9L5yBiIKGO2Ew=
|
||||
=GCy6
|
||||
-----END PGP SIGNATURE-----
|
|
@ -0,0 +1,95 @@
|
|||
From 0698eb93f6e618d2882ae2c8758c5fa87524bea6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Tue, 23 Jul 2019 12:10:39 +0200
|
||||
Subject: [PATCH] Allow explicitly using json-c but not libjson
|
||||
|
||||
Separate detection of json support. Allows explicit use of json-c when
|
||||
jsoncpp package is found. Have to use --without-libjson --with-json-c.
|
||||
---
|
||||
configure.ac | 52 +++++++++++++++++++++++++++++++++++++++++-----------
|
||||
1 file changed, 41 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index f7978e4..40b4f9f 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1331,7 +1331,6 @@ AC_ARG_WITH(libjson,
|
||||
use_libjson="$withval", use_libjson="auto")
|
||||
|
||||
have_libjson=""
|
||||
-have_libjson_c=""
|
||||
case "$use_libjson" in
|
||||
no)
|
||||
libjson_libs=""
|
||||
@@ -1347,7 +1346,43 @@ case "$use_libjson" in
|
||||
LIBS="$LIBS -L${d}/lib"
|
||||
fi
|
||||
have_libjson="yes"
|
||||
- elif test -f "${d}/include/json-c/json.h"
|
||||
+ fi
|
||||
+ done
|
||||
+ ;;
|
||||
+ *)
|
||||
+ if test -f "${use_libjson}/include/json/json.h"
|
||||
+ then
|
||||
+ libjson_cflags="-I${use_libjson}/include"
|
||||
+ LIBS="$LIBS -L${use_libjson}/lib"
|
||||
+ have_libjson="yes"
|
||||
+ else
|
||||
+ AC_MSG_ERROR([$use_libjson/include/json/json.h not found.])
|
||||
+ fi
|
||||
+ ;;
|
||||
+esac
|
||||
+
|
||||
+#
|
||||
+# was --with-json-c specified?
|
||||
+#
|
||||
+AC_ARG_WITH(json-c,
|
||||
+ AS_HELP_STRING([--with-json-c[=PATH]],
|
||||
+ [build with json-c library [yes|no|path]]),
|
||||
+ use_json_c="$withval", use_json_c="$use_libjson")
|
||||
+
|
||||
+if test "X${have_libjson}" != "X"
|
||||
+then
|
||||
+ # Do not use if libjson were found
|
||||
+ use_json_c=no
|
||||
+fi
|
||||
+
|
||||
+have_libjson_c=""
|
||||
+case "$use_json_c" in
|
||||
+ no)
|
||||
+ ;;
|
||||
+ auto|yes)
|
||||
+ for d in /usr /usr/local /opt/local
|
||||
+ do
|
||||
+ if test -f "${d}/include/json-c/json.h"
|
||||
then
|
||||
if test ${d} != /usr
|
||||
then
|
||||
@@ -1360,19 +1395,14 @@ case "$use_libjson" in
|
||||
done
|
||||
;;
|
||||
*)
|
||||
- if test -f "${use_libjson}/include/json/json.h"
|
||||
- then
|
||||
- libjson_cflags="-I${use_libjson}/include"
|
||||
- LIBS="$LIBS -L${use_libjson}/lib"
|
||||
- have_libjson="yes"
|
||||
- elif test -f "${use_libjson}/include/json-c/json.h"
|
||||
+ if test -f "${use_json_c}/include/json-c/json.h"
|
||||
then
|
||||
- libjson_cflags="-I${use_libjson}/include"
|
||||
- LIBS="$LIBS -L${use_libjson}/lib"
|
||||
+ libjson_cflags="-I${use_json_c}/include"
|
||||
+ LIBS="$LIBS -L${use_json_c}/lib"
|
||||
have_libjson="yes"
|
||||
have_libjson_c="yes"
|
||||
else
|
||||
- AC_MSG_ERROR([$use_libjson/include/json{,-c}/json.h not found.])
|
||||
+ AC_MSG_ERROR([$use_json_c/include/json-c/json.h not found.])
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
--
|
||||
2.20.1
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMpEACgkQdLtrmky7
|
||||
PTh/sg//QbNRAQvADQfwF1PPo+JxB+3WzQ9oJAWeHbOoiubwkUwO9xE+BEnTNd5o
|
||||
oM1lSLqFxNykOTaoeJlqPftPod1cxo7lSzkwflugGyB/59wliCpqCg053YV4x9mO
|
||||
QggvA/E50+0FI/Om/7v4GHGADu/JE83FovOueWAB0LgqfDSD6QFcNFF9sUJJ4P7r
|
||||
FcEXSWj8QbrHMWBKncZUOpD2ECotvtrYmi0DTHl1XfigESDQpWtsnTFuabCCsvkh
|
||||
ch9wQRplAes2Mf/aS5tl1y0QKKBFuEjtGiTdgrDl6o9GLnx6CueX5saZehu2EVkr
|
||||
fq2vEYUC2lRQSjuxSMMJ3L0TGUcl7+ixlAIISS2K9L5Xx7MhBXt/EH5KiKPfsEet
|
||||
3EH+DhxV5uXjDU7MgvREnxT+ssV23e0HWTz4tVVQ9LpvYmWPIgLcSOhHCc57yoQF
|
||||
c46V0f69dMWbMAlQ93EZSG274ZvpIszpK8+3hGI3/TuDFFgiQJeJJBFVtYJMle69
|
||||
3mEEclfzO7fBiXZFec6nVx2309bL64bafN7zszPKXl4XgoefOfD0v0eWqQT4fxfm
|
||||
dnGC0qMqSZs5F+d0fISV5JUUNYzt9PZjvnzqLLGOeTF6l3/n9G1mmNsXcxJ1OEIF
|
||||
6qh1oO7JTPjt0MFhKac4QjNQi/Bnp25O3I/PRyWZCbiwXkyvyQU=
|
||||
=ZT7s
|
||||
-----END PGP SIGNATURE-----
|
|
@ -0,0 +1,65 @@
|
|||
From baec1c0c1822d3ba89cc7e5e530888c865a899f7 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 23:17:13 +0200
|
||||
Subject: [PATCH] Update man named with Red Hat specifics
|
||||
|
||||
This is almost unmodified text and requires revalidation. Some of those
|
||||
statements are no longer correct.
|
||||
---
|
||||
bin/named/named.rst | 40 ++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 40 insertions(+)
|
||||
|
||||
diff --git a/bin/named/named.rst b/bin/named/named.rst
|
||||
index 3fa96e0..4390e73 100644
|
||||
--- a/bin/named/named.rst
|
||||
+++ b/bin/named/named.rst
|
||||
@@ -236,6 +236,46 @@ Files
|
||||
``/var/run/named/named.pid``
|
||||
The default process-id file.
|
||||
|
||||
+Notes
|
||||
+~~~~~
|
||||
+
|
||||
+**Red Hat SELinux BIND Security Profile:**
|
||||
+
|
||||
+By default, Red Hat ships BIND with the most secure SELinux policy
|
||||
+that will not prevent normal BIND operation and will prevent exploitation
|
||||
+of all known BIND security vulnerabilities . See the selinux(8) man page
|
||||
+for information about SElinux.
|
||||
+
|
||||
+It is not necessary to run named in a chroot environment if the Red Hat
|
||||
+SELinux policy for named is enabled. When enabled, this policy is far
|
||||
+more secure than a chroot environment. Users are recommended to enable
|
||||
+SELinux and remove the bind-chroot package.
|
||||
+
|
||||
+*With this extra security comes some restrictions:*
|
||||
+
|
||||
+By default, the SELinux policy does not allow named to write any master
|
||||
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
|
||||
+zone database file directory (the options { "directory" } option), where
|
||||
+$ROOTDIR is set in /etc/sysconfig/named.
|
||||
+
|
||||
+The "named" group must be granted read privelege to
|
||||
+these files in order for named to be enabled to read them.
|
||||
+
|
||||
+Any file created in the zone database file directory is automatically assigned
|
||||
+the SELinux file context *named_zone_t* .
|
||||
+
|
||||
+By default, SELinux prevents any role from modifying *named_zone_t* files; this
|
||||
+means that files in the zone database directory cannot be modified by dynamic
|
||||
+DNS (DDNS) updates or zone transfers.
|
||||
+
|
||||
+The Red Hat BIND distribution and SELinux policy creates three directories where
|
||||
+named is allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
|
||||
+*/var/named/data*. By placing files you want named to modify, such as
|
||||
+slave or DDNS updateable zone files and database / statistics dump files in
|
||||
+these directories, named will work normally and no further operator action is
|
||||
+required. Files in these directories are automatically assigned the '*named_cache_t*'
|
||||
+file context, which SELinux allows named to write.
|
||||
+
|
||||
See Also
|
||||
~~~~~~~~
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -0,0 +1,508 @@
|
|||
From f11331c0b021196f18a51cfde203d8d221beb865 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Sun, 23 Aug 2020 00:54:23 +0200
|
||||
Subject: [PATCH] Modify build to create also pkcs11 version
|
||||
|
||||
---
|
||||
Makefile.top | 19 ++++++++++
|
||||
bin/Makefile.am | 2 ++
|
||||
bin/dnssec-pkcs11/Makefile.am | 56 ++++++++++++++++++++++-------
|
||||
bin/named-pkcs11/Makefile.am | 18 +++++-----
|
||||
configure.ac | 7 ++++
|
||||
lib/Makefile.am | 1 +
|
||||
lib/dns-pkcs11/Makefile.am | 62 ++++++++++++++++----------------
|
||||
lib/dns-pkcs11/tests/Makefile.am | 4 +--
|
||||
lib/ns-pkcs11/Makefile.am | 22 ++++++------
|
||||
lib/ns-pkcs11/tests/Makefile.am | 8 ++---
|
||||
10 files changed, 129 insertions(+), 70 deletions(-)
|
||||
|
||||
diff --git a/Makefile.top b/Makefile.top
|
||||
index 140ab44..a2410b2 100644
|
||||
--- a/Makefile.top
|
||||
+++ b/Makefile.top
|
||||
@@ -42,14 +42,26 @@ LIBDNS_CFLAGS = \
|
||||
LIBDNS_LIBS = \
|
||||
$(top_builddir)/lib/dns/libdns.la
|
||||
|
||||
+LIBDNS_PKCS11_CFLAGS = \
|
||||
+ -DUSE_PKCS11 \
|
||||
+ -I$(top_srcdir)/lib/dns-pkcs11/include \
|
||||
+ -I$(top_builddir)/lib/dns-pkcs11/include
|
||||
+
|
||||
+LIBDNS_PKCS11_LIBS = \
|
||||
+ $(top_builddir)/lib/dns-pkcs11/libdns-pkcs11.la
|
||||
+
|
||||
if HAVE_DNSTAP
|
||||
LIBDNS_CFLAGS += \
|
||||
$(DNSTAP_CFLAGS)
|
||||
+LIBDNS_PKCS11_CFLAGS += \
|
||||
+ $(DNSTAP_CFLAGS)
|
||||
endif HAVE_DNSTAP
|
||||
|
||||
if HAVE_LMDB
|
||||
LIBDNS_CFLAGS += \
|
||||
$(LMDB_CFLAGS)
|
||||
+LIBDNS_PKCS11_CFLAGS += \
|
||||
+ $(LMDB_CFLAGS)
|
||||
endif HAVE_LMDB
|
||||
|
||||
LIBNS_CFLAGS = \
|
||||
@@ -58,6 +70,13 @@ LIBNS_CFLAGS = \
|
||||
LIBNS_LIBS = \
|
||||
$(top_builddir)/lib/ns/libns.la
|
||||
|
||||
+LIBNS_PKCS11_CFLAGS = \
|
||||
+ -I$(top_srcdir)/lib/ns-pkcs11/include \
|
||||
+ -DUSE_PKCS11
|
||||
+
|
||||
+LIBNS_PKCS11_LIBS = \
|
||||
+ $(top_builddir)/lib/ns-pkcs11/libns-pkcs11.la
|
||||
+
|
||||
LIBIRS_CFLAGS = \
|
||||
-I$(top_srcdir)/lib/irs/include
|
||||
|
||||
diff --git a/bin/Makefile.am b/bin/Makefile.am
|
||||
index 296a022..bf0a68c 100644
|
||||
--- a/bin/Makefile.am
|
||||
+++ b/bin/Makefile.am
|
||||
@@ -3,3 +3,5 @@ SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
|
||||
if HAVE_PKCS11
|
||||
SUBDIRS += pkcs11
|
||||
endif
|
||||
+
|
||||
+SUBDIRS += named-pkcs11 dnssec-pkcs11
|
||||
diff --git a/bin/dnssec-pkcs11/Makefile.am b/bin/dnssec-pkcs11/Makefile.am
|
||||
index 7aeaccc..efcc90b 100644
|
||||
--- a/bin/dnssec-pkcs11/Makefile.am
|
||||
+++ b/bin/dnssec-pkcs11/Makefile.am
|
||||
@@ -2,37 +2,67 @@ include $(top_srcdir)/Makefile.top
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
$(LIBISC_CFLAGS) \
|
||||
- $(LIBDNS_CFLAGS)
|
||||
+ $(LIBDNS_PKCS11_CFLAGS)
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
- -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
|
||||
+ -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" \
|
||||
+ -DUSE_PKCS11=1
|
||||
+
|
||||
+EXEEXT = -pkcs11
|
||||
|
||||
noinst_LTLIBRARIES = libdnssectool.la
|
||||
|
||||
LDADD = \
|
||||
libdnssectool.la \
|
||||
$(LIBISC_LIBS) \
|
||||
- $(LIBDNS_LIBS)
|
||||
+ $(LIBDNS_PKCS11_LIBS)
|
||||
|
||||
bin_PROGRAMS = \
|
||||
dnssec-cds \
|
||||
- dnssec-dsfromkey \
|
||||
- dnssec-importkey \
|
||||
- dnssec-keyfromlabel \
|
||||
- dnssec-keygen \
|
||||
- dnssec-revoke \
|
||||
- dnssec-settime \
|
||||
- dnssec-signzone \
|
||||
- dnssec-verify
|
||||
+ dnssec-dsfromkey-pkcs11 \
|
||||
+ dnssec-importkey-pkcs11 \
|
||||
+ dnssec-keyfromlabel-pkcs11 \
|
||||
+ dnssec-keygen-pkcs11 \
|
||||
+ dnssec-revoke-pkcs11 \
|
||||
+ dnssec-settime-pkcs11 \
|
||||
+ dnssec-signzone-pkcs11 \
|
||||
+ dnssec-verify-pkcs11
|
||||
|
||||
libdnssectool_la_SOURCES = \
|
||||
dnssectool.h \
|
||||
dnssectool.c
|
||||
|
||||
-dnssec_keygen_CPPFLAGS = \
|
||||
+dnssec_keygen_pkcs11_CPPFLAGS = \
|
||||
$(AM_CPPFLAGS) \
|
||||
$(LIBISCCFG_CFLAGS)
|
||||
|
||||
-dnssec_keygen_LDADD = \
|
||||
+dnssec_keygen_pkcs11_LDADD = \
|
||||
$(LDADD) \
|
||||
$(LIBISCCFG_LIBS)
|
||||
+
|
||||
+dnssec_cds_pkcs11_SOURCES = \
|
||||
+ dnssec-cds.c
|
||||
+
|
||||
+dnssec_keygen_pkcs11_SOURCES = \
|
||||
+ dnssec-keygen.c
|
||||
+
|
||||
+dnssec_dsfromkey_pkcs11_SOURCES = \
|
||||
+ dnssec-dsfromkey.c
|
||||
+
|
||||
+dnssec_importkey_pkcs11_SOURCES = \
|
||||
+ dnssec-importkey.c
|
||||
+
|
||||
+dnssec_keyfromlabel_pkcs11_SOURCES = \
|
||||
+ dnssec-keyfromlabel.c
|
||||
+
|
||||
+dnssec_revoke_pkcs11_SOURCES = \
|
||||
+ dnssec-revoke.c
|
||||
+
|
||||
+dnssec_settime_pkcs11_SOURCES = \
|
||||
+ dnssec-settime.c
|
||||
+
|
||||
+dnssec_signzone_pkcs11_SOURCES = \
|
||||
+ dnssec-signzone.c
|
||||
+
|
||||
+dnssec_verify_pkcs11_SOURCES = \
|
||||
+ dnssec-verify.c
|
||||
diff --git a/bin/named-pkcs11/Makefile.am b/bin/named-pkcs11/Makefile.am
|
||||
index 90ebc3a..c6b992c 100644
|
||||
--- a/bin/named-pkcs11/Makefile.am
|
||||
+++ b/bin/named-pkcs11/Makefile.am
|
||||
@@ -4,8 +4,8 @@ AM_CPPFLAGS += \
|
||||
-I$(srcdir)/unix/include \
|
||||
-I$(top_builddir)/include \
|
||||
$(LIBISC_CFLAGS) \
|
||||
- $(LIBDNS_CFLAGS) \
|
||||
- $(LIBNS_CFLAGS) \
|
||||
+ $(LIBDNS_PKCS11_CFLAGS) \
|
||||
+ $(LIBNS_PKCS11_CFLAGS) \
|
||||
$(LIBISCCC_CFLAGS) \
|
||||
$(LIBISCCFG_CFLAGS) \
|
||||
$(LIBBIND9_CFLAGS) \
|
||||
@@ -32,7 +32,7 @@ AM_CPPFLAGS += \
|
||||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
|
||||
-sbin_PROGRAMS = named
|
||||
+sbin_PROGRAMS = named-pkcs11
|
||||
|
||||
bin_PROGRAMS = \
|
||||
feature-test \
|
||||
@@ -58,7 +58,7 @@ xsl.c: bind9.xsl Makefile
|
||||
echo ";") \
|
||||
< "${srcdir}/bind9.xsl" > $@
|
||||
|
||||
-named_SOURCES = \
|
||||
+named_pkcs11_SOURCES = \
|
||||
builtin.c \
|
||||
config.c \
|
||||
control.c \
|
||||
@@ -97,14 +97,14 @@ named_SOURCES = \
|
||||
if HAVE_GEOIP2
|
||||
AM_CPPFLAGS += \
|
||||
-DMAXMINDDB_PREFIX=\"@MAXMINDDB_PREFIX@\"
|
||||
-named_SOURCES += \
|
||||
+named_pkcs11_SOURCES += \
|
||||
geoip.c
|
||||
endif
|
||||
|
||||
-named_LDADD = \
|
||||
+named_pkcs11_LDADD = \
|
||||
$(LIBISC_LIBS) \
|
||||
- $(LIBDNS_LIBS) \
|
||||
- $(LIBNS_LIBS) \
|
||||
+ $(LIBDNS_PKCS11_LIBS) \
|
||||
+ $(LIBNS_PKCS11_LIBS) \
|
||||
$(LIBISCCC_LIBS) \
|
||||
$(LIBISCCFG_LIBS) \
|
||||
$(LIBBIND9_LIBS) \
|
||||
@@ -118,7 +118,7 @@ named_LDADD = \
|
||||
$(ZLIB_LIBS)
|
||||
|
||||
if HAVE_JSON_C
|
||||
-named_LDADD += \
|
||||
+named_pkcs11_LDADD += \
|
||||
$(JSON_C_LIBS)
|
||||
endif HAVE_JSON_C
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index fcb7cfd..36040f5 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1672,6 +1672,13 @@ AC_CONFIG_FILES([bin/tests/Makefile
|
||||
bin/tests/system/dyndb/driver/Makefile
|
||||
bin/tests/system/dlzexternal/driver/Makefile])
|
||||
|
||||
+# PKCS11 binaries
|
||||
+AC_CONFIG_FILES([bin/dnssec-pkcs11/Makefile
|
||||
+ bin/named-pkcs11/Makefile
|
||||
+ lib/dns-pkcs11/Makefile
|
||||
+ lib/ns-pkcs11/Makefile
|
||||
+ lib/ns-pkcs11/tests/Makefile])
|
||||
+
|
||||
AC_CONFIG_FILES([bin/tests/system/ifconfig.sh],
|
||||
[chmod +x bin/tests/system/ifconfig.sh])
|
||||
AC_CONFIG_FILES([bin/tests/system/run.sh],
|
||||
diff --git a/lib/Makefile.am b/lib/Makefile.am
|
||||
index 5cbaf3c..43ea73c 100644
|
||||
--- a/lib/Makefile.am
|
||||
+++ b/lib/Makefile.am
|
||||
@@ -1,3 +1,4 @@
|
||||
include $(top_srcdir)/Makefile.top
|
||||
|
||||
SUBDIRS = isc dns isccc ns isccfg bind9 irs samples
|
||||
+SUBDIRS += dns-pkcs11 ns-pkcs11
|
||||
diff --git a/lib/dns-pkcs11/Makefile.am b/lib/dns-pkcs11/Makefile.am
|
||||
index 78a2752..0503763 100644
|
||||
--- a/lib/dns-pkcs11/Makefile.am
|
||||
+++ b/lib/dns-pkcs11/Makefile.am
|
||||
@@ -1,12 +1,12 @@
|
||||
include $(top_srcdir)/Makefile.top
|
||||
|
||||
-lib_LTLIBRARIES = libdns.la
|
||||
+lib_LTLIBRARIES = libdns-pkcs11.la
|
||||
|
||||
-nodist_libdns_ladir = $(includedir)/dns
|
||||
+nodist_libdns_ladir = $(includedir)/dns-pkcs11
|
||||
nodist_libdns_la_HEADERS = \
|
||||
- include/dns/enumclass.h \
|
||||
- include/dns/enumtype.h \
|
||||
- include/dns/rdatastruct.h
|
||||
+ include/dns-pkcs11/enumclass.h \
|
||||
+ include/dns-pkcs11/enumtype.h \
|
||||
+ include/dns-pkcs11/rdatastruct.h
|
||||
|
||||
nodist_libdns_la_SOURCES = \
|
||||
$(nodist_libdns_la_HEADERS) \
|
||||
@@ -48,8 +48,8 @@ include/dns/rdatastruct.h: gen rdata/rdatastructpre.h rdata/rdatastructsuf.h Mak
|
||||
code.h: gen Makefile
|
||||
$(builddir)/gen -s $(srcdir) > $@
|
||||
|
||||
-libdns_ladir = $(includedir)/dns
|
||||
-libdns_la_HEADERS = \
|
||||
+libdns_pkcs11_ladir = $(includedir)/dns-pkcs11
|
||||
+libdns_pkcs11_la_HEADERS = \
|
||||
include/dns/acl.h \
|
||||
include/dns/adb.h \
|
||||
include/dns/badcache.h \
|
||||
@@ -154,8 +154,8 @@ dst_HEADERS = \
|
||||
include/dst/gssapi.h \
|
||||
include/dst/result.h
|
||||
|
||||
-libdns_la_SOURCES = \
|
||||
- $(libdns_la_HEADERS) \
|
||||
+libdns_pkcs11_la_SOURCES = \
|
||||
+ $(libdns_pkcs11_la_HEADERS) \
|
||||
$(dst_HEADERS) \
|
||||
acl.c \
|
||||
adb.c \
|
||||
@@ -257,92 +257,92 @@ libdns_la_SOURCES = \
|
||||
zone_p.h
|
||||
|
||||
if HAVE_GSSAPI
|
||||
-libdns_la_SOURCES += \
|
||||
+libdns_pkcs11_la_SOURCES += \
|
||||
gssapi_link.c
|
||||
endif
|
||||
|
||||
if HAVE_PKCS11
|
||||
-libdns_la_SOURCES += \
|
||||
+libdns_pkcs11_la_SOURCES += \
|
||||
pkcs11.c \
|
||||
pkcs11ecdsa_link.c \
|
||||
pkcs11eddsa_link.c \
|
||||
pkcs11rsa_link.c
|
||||
else !HAVE_PKCS11
|
||||
-libdns_la_SOURCES += \
|
||||
+libdns_pkcs11_la_SOURCES += \
|
||||
opensslecdsa_link.c \
|
||||
openssleddsa_link.c \
|
||||
opensslrsa_link.c
|
||||
endif
|
||||
|
||||
if HAVE_GEOIP2
|
||||
-libdns_la_SOURCES += \
|
||||
+libdns_pkcs11_la_SOURCES += \
|
||||
geoip2.c
|
||||
endif
|
||||
|
||||
-libdns_la_CPPFLAGS = \
|
||||
+libdns_pkcs11_la_CPPFLAGS = \
|
||||
$(AM_CPPFLAGS) \
|
||||
$(LIBISC_CFLAGS) \
|
||||
- $(LIBDNS_CFLAGS) \
|
||||
+ $(LIBDNS_PKCS11_CFLAGS) \
|
||||
$(OPENSSL_CFLAGS) \
|
||||
$(LIBLTDL_CFLAGS)
|
||||
|
||||
-libdns_la_LDFLAGS = \
|
||||
+libdns_pkcs11_la_LDFLAGS = \
|
||||
$(libdns_VERSION_INFO)
|
||||
|
||||
-libdns_la_LIBADD = \
|
||||
+libdns_pkcs11_la_LIBADD = \
|
||||
$(LIBISC_LIBS) \
|
||||
$(OPENSSL_LIBS)
|
||||
|
||||
if HAVE_JSON_C
|
||||
-libdns_la_CPPFLAGS += \
|
||||
+libdns_pkcs11_la_CPPFLAGS += \
|
||||
$(JSON_C_CFLAGS)
|
||||
|
||||
-libdns_la_LIBADD += \
|
||||
+libdns_pkcs11_la_LIBADD += \
|
||||
$(JSON_C_LIBS)
|
||||
endif HAVE_JSON_C
|
||||
|
||||
if HAVE_LIBXML2
|
||||
-libdns_la_CPPFLAGS += \
|
||||
+libdns_pkcs11_la_CPPFLAGS += \
|
||||
$(LIBXML2_CFLAGS)
|
||||
|
||||
-libdns_la_LIBADD += \
|
||||
+libdns_pkcs11_la_LIBADD += \
|
||||
$(LIBXML2_LIBS)
|
||||
endif HAVE_LIBXML2
|
||||
|
||||
if HAVE_GSSAPI
|
||||
-libdns_la_CPPFLAGS += \
|
||||
+libdns_pkcs11_la_CPPFLAGS += \
|
||||
$(GSSAPI_CFLAGS) \
|
||||
$(KRB5_CFLAGS)
|
||||
-libdns_la_LIBADD += \
|
||||
+libdns_pkcs11_la_LIBADD += \
|
||||
$(GSSAPI_LIBS) \
|
||||
$(KRB5_LIBS)
|
||||
endif
|
||||
|
||||
if HAVE_GEOIP2
|
||||
-libdns_la_CPPFLAGS += \
|
||||
+libdns_pkcs11_la_CPPFLAGS += \
|
||||
$(MAXMINDDB_CFLAGS)
|
||||
-libdns_la_LDFLAGS += \
|
||||
+libdns_pkcs11_la_LDFLAGS += \
|
||||
$(MAXMINDDB_LIBS)
|
||||
endif
|
||||
|
||||
if HAVE_DNSTAP
|
||||
-nodist_libdns_la_SOURCES += \
|
||||
+nodist_libdns_pkcs11_la_SOURCES += \
|
||||
dnstap.pb-c.h \
|
||||
dnstap.pb-c.c
|
||||
|
||||
-libdns_la_SOURCES += \
|
||||
+libdns_pkcs11_la_SOURCES += \
|
||||
dnstap.c
|
||||
|
||||
dnstap.pb-c.h dnstap.pb-c.c: dnstap.proto
|
||||
$(PROTOC_C) --proto_path=$(srcdir) --c_out=. dnstap.proto
|
||||
|
||||
-libdns_la_CPPFLAGS += $(DNSTAP_CFLAGS)
|
||||
-libdns_la_LIBADD += $(DNSTAP_LIBS)
|
||||
+libdns_pkcs11_la_CPPFLAGS += $(DNSTAP_CFLAGS)
|
||||
+libdns_pkcs11_la_LIBADD += $(DNSTAP_LIBS)
|
||||
endif
|
||||
|
||||
if HAVE_LMDB
|
||||
-libdns_la_CPPFLAGS += $(LMDB_CFLAGS)
|
||||
-libdns_la_LIBADD += $(LMDB_LIBS)
|
||||
+libdns_pkcs11_la_CPPFLAGS += $(LMDB_CFLAGS)
|
||||
+libdns_pkcs11_la_LIBADD += $(LMDB_LIBS)
|
||||
endif
|
||||
|
||||
if HAVE_CMOCKA
|
||||
diff --git a/lib/dns-pkcs11/tests/Makefile.am b/lib/dns-pkcs11/tests/Makefile.am
|
||||
index 04ef09c..35b2eac 100644
|
||||
--- a/lib/dns-pkcs11/tests/Makefile.am
|
||||
+++ b/lib/dns-pkcs11/tests/Makefile.am
|
||||
@@ -3,7 +3,7 @@ include $(top_srcdir)/Makefile.tests
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
$(LIBISC_CFLAGS) \
|
||||
- $(LIBDNS_CFLAGS) \
|
||||
+ $(LIBDNS_PKCS11_CFLAGS) \
|
||||
$(KRB5_CFLAGS) \
|
||||
-DSRCDIR=\"$(abs_srcdir)\" \
|
||||
-DBUILDDIR=\"$(abs_builddir)\"
|
||||
@@ -11,7 +11,7 @@ AM_CPPFLAGS += \
|
||||
LDADD += \
|
||||
libdnstest.la \
|
||||
$(LIBISC_LIBS) \
|
||||
- $(LIBDNS_LIBS)
|
||||
+ $(LIBDNS_PKCS11_LIBS)
|
||||
|
||||
check_LTLIBRARIES = libdnstest.la
|
||||
libdnstest_la_SOURCES = dnstest.c dnstest.h
|
||||
diff --git a/lib/ns-pkcs11/Makefile.am b/lib/ns-pkcs11/Makefile.am
|
||||
index b2f81cc..b77b1ee 100644
|
||||
--- a/lib/ns-pkcs11/Makefile.am
|
||||
+++ b/lib/ns-pkcs11/Makefile.am
|
||||
@@ -3,11 +3,11 @@ include $(top_srcdir)/Makefile.top
|
||||
AM_CPPFLAGS += \
|
||||
-DNAMED_PLUGINDIR=\"$(libdir)/named\"
|
||||
|
||||
-lib_LTLIBRARIES = libns.la
|
||||
+lib_LTLIBRARIES = libns-pkcs11.la
|
||||
|
||||
-libns_ladir = $(includedir)/ns
|
||||
+libns_pkcs11_ladir = $(includedir)/ns
|
||||
|
||||
-libns_la_HEADERS = \
|
||||
+libns_pkcs11_la_HEADERS = \
|
||||
include/ns/client.h \
|
||||
include/ns/hooks.h \
|
||||
include/ns/interfacemgr.h \
|
||||
@@ -23,8 +23,8 @@ libns_la_HEADERS = \
|
||||
include/ns/update.h \
|
||||
include/ns/xfrout.h
|
||||
|
||||
-libns_la_SOURCES = \
|
||||
- $(libns_la_HEADERS) \
|
||||
+libns_pkcs11_la_SOURCES = \
|
||||
+ $(libns_pkcs11_la_HEADERS) \
|
||||
client.c \
|
||||
hooks.c \
|
||||
interfacemgr.c \
|
||||
@@ -39,18 +39,18 @@ libns_la_SOURCES = \
|
||||
update.c \
|
||||
xfrout.c
|
||||
|
||||
-libns_la_CPPFLAGS = \
|
||||
+libns_pkcs11_la_CPPFLAGS = \
|
||||
$(AM_CPPFLAGS) \
|
||||
$(LIBISC_CFLAGS) \
|
||||
- $(LIBDNS_CFLAGS) \
|
||||
- $(LIBNS_CFLAGS) \
|
||||
+ $(LIBDNS_PKCS11_CFLAGS) \
|
||||
+ $(LIBNS_PKCS11_CFLAGS) \
|
||||
$(LIBLTDL_CFLAGS)
|
||||
|
||||
-libns_la_LIBADD = \
|
||||
+libns_pkcs11_la_LIBADD = \
|
||||
$(LIBISC_LIBS) \
|
||||
- $(LIBDNS_LIBS)
|
||||
+ $(LIBDNS_PKCS11_LIBS)
|
||||
|
||||
-libns_la_LDFLAGS = \
|
||||
+libns_pkcs11_la_LDFLAGS = \
|
||||
$(libns_VERSION_INFO)
|
||||
|
||||
if HAVE_CMOCKA
|
||||
diff --git a/lib/ns-pkcs11/tests/Makefile.am b/lib/ns-pkcs11/tests/Makefile.am
|
||||
index 092360c..b07c9f7 100644
|
||||
--- a/lib/ns-pkcs11/tests/Makefile.am
|
||||
+++ b/lib/ns-pkcs11/tests/Makefile.am
|
||||
@@ -3,14 +3,14 @@ include $(top_srcdir)/Makefile.tests
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
$(LIBISC_CFLAGS) \
|
||||
- $(LIBDNS_CFLAGS) \
|
||||
- $(LIBNS_CFLAGS)
|
||||
+ $(LIBDNS_PKCS11_CFLAGS) \
|
||||
+ $(LIBNS_PKCS11_CFLAGS)
|
||||
|
||||
LDADD += \
|
||||
libnstest.la \
|
||||
$(LIBISC_LIBS) \
|
||||
- $(LIBDNS_LIBS) \
|
||||
- $(LIBNS_LIBS)
|
||||
+ $(LIBDNS_PKCS11_LIBS) \
|
||||
+ $(LIBNS_PKCS11_LIBS)
|
||||
|
||||
check_LTLIBRARIES = libnstest.la
|
||||
libnstest_la_SOURCES = nstest.c nstest.h
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
|
||||
index 7065a90..e2e485b 100644
|
||||
--- a/bin/named/Makefile.am
|
||||
+++ b/bin/named/Makefile.am
|
||||
@@ -32,6 +32,7 @@ AM_CPPFLAGS += \
|
||||
endif HAVE_LIBXML2
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
+ -fpie \
|
||||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
|
||||
@@ -122,5 +123,7 @@ named_LDADD += \
|
||||
$(LIBNGHTTP2_LIBS)
|
||||
endif HAVE_LIBNGHTTP2
|
||||
|
||||
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
MAINTAINERCLEANFILES = \
|
||||
named.conf.rst
|
|
@ -0,0 +1 @@
|
|||
d /run/named 0755 named named -
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,34 @@
|
|||
diff --git a/lib/isc/errno2result.c b/lib/isc/errno2result.c
|
||||
index 623ac6d..7f34e45 100644
|
||||
--- a/lib/isc/errno2result.c
|
||||
+++ b/lib/isc/errno2result.c
|
||||
@@ -36,6 +36,7 @@ isc___errno2result(int posixerrno, bool dolog, const char *file,
|
||||
case EINVAL: /* XXX sometimes this is not for files */
|
||||
case ENAMETOOLONG:
|
||||
case EBADF:
|
||||
+ case EISDIR:
|
||||
return (ISC_R_INVALIDFILE);
|
||||
case ENOENT:
|
||||
return (ISC_R_FILENOTFOUND);
|
||||
diff --git a/lib/isc/lex.c b/lib/isc/lex.c
|
||||
index 8ab3682..b198000 100644
|
||||
--- a/lib/isc/lex.c
|
||||
+++ b/lib/isc/lex.c
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <isc/string.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
+#include "errno2result.h"
|
||||
+
|
||||
typedef struct inputsource {
|
||||
isc_result_t result;
|
||||
bool is_file;
|
||||
@@ -425,7 +427,7 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
|
||||
#endif /* if defined(HAVE_FLOCKFILE) && defined(HAVE_GETC_UNLOCKED) */
|
||||
if (c == EOF) {
|
||||
if (ferror(stream)) {
|
||||
- source->result = ISC_R_IOERROR;
|
||||
+ source->result = isc__errno2result(errno);
|
||||
result = source->result;
|
||||
goto done;
|
||||
}
|
|
@ -0,0 +1,226 @@
|
|||
diff -up bind-9.9.3rc2/isc-config.sh.in.exportlib bind-9.9.3rc2/isc-config.sh.in
|
||||
diff -up bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib bind-9.9.3rc2/lib/export/dns/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/dns/Makefile.in 2013-05-13 10:45:22.574089729 +0200
|
||||
@@ -35,9 +35,9 @@ CDEFINES = -DUSE_MD5 @USE_OPENSSL@ @USE_
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
|
||||
-ISCDEPLIBS = ../isc/libisc.@A@
|
||||
+ISCDEPLIBS = ../isc/libisc-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -116,29 +116,29 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libdns.@SA@: ${OBJS}
|
||||
+libdns-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libdns.la: ${OBJS}
|
||||
+libdns-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
|
||||
-timestamp: libdns.@A@
|
||||
+timestamp: libdns-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libdns.@A@ timestamp
|
||||
+ rm -f libdns-export.@A@ timestamp
|
||||
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
||||
rm -f include/dns/rdatastruct.h
|
||||
|
||||
diff -up bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib bind-9.9.3rc2/lib/export/irs/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/irs/Makefile.in 2013-05-13 10:45:22.575089729 +0200
|
||||
@@ -43,9 +43,9 @@ SRCS = context.c \
|
||||
gai_sterror.c getaddrinfo.c getnameinfo.c \
|
||||
resconf.c
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-DNSLIBS = ../dns/libdns.@A@
|
||||
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@
|
||||
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -62,26 +62,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libirs.@SA@: ${OBJS} version.@O@
|
||||
+libirs-export.@SA@: ${OBJS} version.@O@
|
||||
${AR} ${ARFLAGS} $@ ${OBJS} version.@O@
|
||||
${RANLIB} $@
|
||||
|
||||
-libirs.la: ${OBJS} version.@O@
|
||||
+libirs-export.la: ${OBJS} version.@O@
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} version.@O@ ${LIBS} ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS}
|
||||
|
||||
-timestamp: libirs.@A@
|
||||
+timestamp: libirs-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libirs-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libirs.@A@ libirs.la timestamp
|
||||
+ rm -f libirs-export.@A@ libirs-export.la timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isccfg/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/isccfg/Makefile.in 2013-05-13 10:45:22.576089729 +0200
|
||||
@@ -30,11 +30,11 @@ CINCLUDES = -I. ${DNS_INCLUDES} -I${expo
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
|
||||
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
-ISCCFGDEPLIBS = libisccfg.@A@
|
||||
+ISCCFGDEPLIBS = libisccfg-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -58,26 +58,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libisccfg.@SA@: ${OBJS}
|
||||
+libisccfg-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libisccfg.la: ${OBJS}
|
||||
+libisccfg-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${LIBS} ${DNSLIBS} ${ISCLIBS}
|
||||
|
||||
-timestamp: libisccfg.@A@
|
||||
+timestamp: libisccfg-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccfg-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libisccfg.@A@ timestamp
|
||||
+ rm -f libisccfg-export.@A@ timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isc/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/isc/Makefile.in 2013-05-13 10:45:22.576089729 +0200
|
||||
@@ -100,6 +100,10 @@ SRCS = @ISC_EXTRA_SRCS@ \
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
+# Note: the order of SUBDIRS is important.
|
||||
+# Attempt to disable parallel processing.
|
||||
+.NOTPARALLEL:
|
||||
+.NO_PARALLEL:
|
||||
SUBDIRS = include unix nls @ISC_THREAD_DIR@
|
||||
TARGETS = timestamp
|
||||
|
||||
@@ -113,26 +117,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libisc.@SA@: ${OBJS}
|
||||
+libisc-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libisc.la: ${OBJS}
|
||||
+libisc-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${LIBS}
|
||||
|
||||
-timestamp: libisc.@A@
|
||||
+timestamp: libisc-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
|
||||
${DESTDIR}${export_libdir}
|
||||
|
||||
clean distclean::
|
||||
- rm -f libisc.@A@ libisc.la timestamp
|
||||
+ rm -f libisc-export.@A@ libisc-export.la timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib bind-9.9.3rc2/lib/export/samples/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/samples/Makefile.in 2013-05-13 10:45:22.577089729 +0200
|
||||
@@ -31,15 +31,15 @@ CINCLUDES = -I${srcdir}/include -I../dns
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
|
||||
-IRSLIBS = ../irs/libirs.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
|
||||
+IRSLIBS = ../irs/libirs-export.@A@
|
||||
|
||||
-DNSDEPLIBS = ../dns/libdns.@A@
|
||||
-ISCDEPLIBS = ../isc/libisc.@A@
|
||||
-ISCCFGDEPLIBS = ../isccfg/libisccfg.@A@
|
||||
-IRSDEPLIBS = ../irs/libirs.@A@
|
||||
+DNSDEPLIBS = ../dns/libdns-export.@A@
|
||||
+ISCDEPLIBS = ../isc/libisc-export.@A@
|
||||
+ISCCFGDEPLIBS = ../isccfg/libisccfg-export.@A@
|
||||
+IRSDEPLIBS = ../irs/libirs-export.@A@
|
||||
|
||||
DEPLIBS = ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index edbe344..a7a2c53 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -1719,7 +1719,7 @@ fctx_done(fetchctx_t *fctx, isc_result_t result, int line) {
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
if (fctx->qmin_warning != ISC_R_SUCCESS) {
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
|
||||
- DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
|
||||
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
|
||||
"success resolving '%s' "
|
||||
"after disabling qname minimization due "
|
||||
"to '%s'",
|
||||
@@ -4929,7 +4929,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
|
||||
dns_name_format(fctx->domain, domainbuf, sizeof(domainbuf));
|
||||
isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
|
||||
- DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
|
||||
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
|
||||
"lame server resolving '%s' (in '%s'?): %s", namebuf,
|
||||
domainbuf, addrbuf);
|
||||
}
|
||||
@@ -4947,7 +4947,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) {
|
||||
isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf));
|
||||
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
|
||||
- DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
|
||||
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
|
||||
"DNS format error from %s resolving %s for %s: %s", nsbuf,
|
||||
fctx->info, fctx->clientstr, msgbuf);
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
|
||||
index 1079421..f11abd1 100644
|
||||
--- a/bin/dig/dig.docbook
|
||||
+++ b/bin/dig/dig.docbook
|
||||
@@ -1177,6 +1177,39 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
+ <refsection><info><title>RETURN CODES</title></info>
|
||||
+ <para>
|
||||
+ <command>Dig</command> return codes are:
|
||||
+ <variablelist>
|
||||
+ <varlistentry>
|
||||
+ <listitem>
|
||||
+ <para>0: Everything went well, including things like NXDOMAIN</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <listitem>
|
||||
+ <para>1: Usage error</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <listitem>
|
||||
+ <para>8: Couldn't open batch file</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <listitem>
|
||||
+ <para>9: No reply from server</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <listitem>
|
||||
+ <para>10: Internal error</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ </variablelist>
|
||||
+ </para>
|
||||
+ </refsection>
|
||||
+
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
<para><filename>/etc/resolv.conf</filename>
|
|
@ -0,0 +1,252 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Comment: GPGTools - http://gpgtools.org
|
||||
|
||||
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
|
||||
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
|
||||
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
|
||||
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
|
||||
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
|
||||
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
|
||||
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
|
||||
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
|
||||
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
|
||||
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
|
||||
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
|
||||
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
|
||||
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
|
||||
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
|
||||
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
|
||||
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
|
||||
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
|
||||
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
|
||||
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
|
||||
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
|
||||
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
|
||||
6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ
|
||||
lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ
|
||||
yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+
|
||||
Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94
|
||||
1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV
|
||||
+JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS
|
||||
Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6
|
||||
0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg
|
||||
bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3
|
||||
/EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM
|
||||
gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b
|
||||
+C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624
|
||||
9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf
|
||||
SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw
|
||||
XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs
|
||||
NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29
|
||||
ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU
|
||||
+BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd
|
||||
0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk
|
||||
X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m
|
||||
+8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2
|
||||
8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6
|
||||
fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i
|
||||
P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg
|
||||
9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU
|
||||
ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa
|
||||
FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE
|
||||
zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb
|
||||
9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr
|
||||
c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm
|
||||
Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ
|
||||
LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0
|
||||
dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L
|
||||
Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu
|
||||
EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX
|
||||
TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA
|
||||
JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM
|
||||
uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S
|
||||
Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5
|
||||
rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq
|
||||
iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo
|
||||
Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3
|
||||
w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA
|
||||
9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3
|
||||
EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9
|
||||
8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT
|
||||
VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs
|
||||
puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB
|
||||
EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1
|
||||
+7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK
|
||||
7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza
|
||||
md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg
|
||||
KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB
|
||||
kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV
|
||||
uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT
|
||||
1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C
|
||||
j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn
|
||||
riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z
|
||||
PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm
|
||||
FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7
|
||||
PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft
|
||||
XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd
|
||||
1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT
|
||||
wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL
|
||||
dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi
|
||||
oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT
|
||||
5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA
|
||||
Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX
|
||||
zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1
|
||||
uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ
|
||||
R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j
|
||||
V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz
|
||||
I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy
|
||||
NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7
|
||||
QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+
|
||||
LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C
|
||||
aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR
|
||||
Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq
|
||||
A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7
|
||||
AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d
|
||||
r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34
|
||||
c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC
|
||||
mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg
|
||||
ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax
|
||||
iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH
|
||||
Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg
|
||||
QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN
|
||||
wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z
|
||||
1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb
|
||||
IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh
|
||||
wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9
|
||||
/S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3
|
||||
S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw
|
||||
/D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ
|
||||
/AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd
|
||||
FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf
|
||||
rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi
|
||||
BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA
|
||||
fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII
|
||||
8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI
|
||||
Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7
|
||||
Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO
|
||||
irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97
|
||||
GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/
|
||||
Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97
|
||||
ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp
|
||||
lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+
|
||||
cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V
|
||||
87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL
|
||||
JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh
|
||||
AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi
|
||||
4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra
|
||||
QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf
|
||||
h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6
|
||||
+TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id
|
||||
37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ
|
||||
5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH
|
||||
H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c
|
||||
zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P
|
||||
96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC
|
||||
B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi
|
||||
/z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H
|
||||
0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/
|
||||
EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH
|
||||
NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL
|
||||
cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE
|
||||
VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5
|
||||
Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw
|
||||
kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9
|
||||
OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360
|
||||
tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky
|
||||
pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb
|
||||
xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h
|
||||
hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe
|
||||
P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h
|
||||
5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy
|
||||
wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl
|
||||
uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s
|
||||
wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS
|
||||
h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L
|
||||
J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0
|
||||
1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq
|
||||
hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN
|
||||
8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G
|
||||
CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09
|
||||
rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb
|
||||
sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh
|
||||
GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2
|
||||
5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy
|
||||
0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq
|
||||
z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ
|
||||
sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d
|
||||
8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx
|
||||
te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz
|
||||
EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo
|
||||
p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2
|
||||
HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB
|
||||
hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT
|
||||
4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3
|
||||
MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy
|
||||
vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v
|
||||
fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2
|
||||
qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4
|
||||
QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF
|
||||
CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK
|
||||
eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG
|
||||
2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP
|
||||
rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB
|
||||
ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD
|
||||
L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I
|
||||
wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr
|
||||
SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a
|
||||
sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO
|
||||
SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd
|
||||
Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m
|
||||
PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x
|
||||
LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c
|
||||
aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh
|
||||
AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD
|
||||
3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb
|
||||
x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76
|
||||
gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6
|
||||
NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi
|
||||
BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu
|
||||
AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq
|
||||
BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2
|
||||
cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc
|
||||
W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW
|
||||
vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0
|
||||
s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K
|
||||
yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt
|
||||
nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l
|
||||
NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3
|
||||
LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M
|
||||
yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6
|
||||
0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu
|
||||
76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX
|
||||
tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY
|
||||
AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7
|
||||
a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ
|
||||
F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H
|
||||
TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO
|
||||
y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT
|
||||
94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B
|
||||
0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5
|
||||
eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8
|
||||
k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku
|
||||
PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r
|
||||
pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki
|
||||
0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i
|
||||
6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+
|
||||
I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm
|
||||
++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd
|
||||
CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f
|
||||
ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy
|
||||
rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey
|
||||
WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC
|
||||
hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT
|
||||
uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT
|
||||
RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+
|
||||
XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT
|
||||
nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0=
|
||||
=MkGo
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,534 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
|
||||
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
|
||||
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
|
||||
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
|
||||
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
|
||||
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
|
||||
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
|
||||
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
|
||||
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
|
||||
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
|
||||
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
|
||||
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
|
||||
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
|
||||
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
|
||||
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
|
||||
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
|
||||
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
|
||||
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
|
||||
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
|
||||
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
|
||||
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
|
||||
6f2op3tMuQINBFwq9BQBEAC59lflbMmvSVkCHFoakdjokwGviNU4I/hOsNmHALYr
|
||||
gJc0z88ss2KxbOq6JZoW9QOEHz2QLGsSGKnBUViEGvXoINDGuvzKFqHdEjGsExiF
|
||||
FPGAgCQA2CSEZZ8MlITNdq4DuSti1LetjCF9d7hw2xOQs9ucxSXIslyqPbCdlxki
|
||||
33tov40VE/J8jDUp9Rv27e0H2x4Nhu9MRQt4vTtpOcelYzl/dtPAmsnY4U/Nex4I
|
||||
LM+JU2HcG/5i0nWkxOtz9Qc7kOgm4cuwXTCJw9KukPS3CykV1H/StPp43JyxoK1X
|
||||
gZDMFww+9jupqLletmYKqCW6jVbqXr4Xlisq9Ey3LIWRQ0Zw/LB2NKU/jgnJGtLa
|
||||
7O8VRWJKwkCtyYUbZMksKiGex7zCqPDR0hRVuYNsTjONobnrOS+7ST7ThbCndc+A
|
||||
5mtuXpxuFffIuG78a3R3N30RF6g18peTfaEHMpqz+914HkNl6Ns445Zh+2rJkLUu
|
||||
8O++tgWEUrpUajN9nosWaXWHOf7E9qGnm1G/3f9P3Nd5U+b3OKUYyqb+CNGCHyiN
|
||||
bE1Cg3MnKpM9Yi9aZu4Qg/dPdxMWrqUmkmyDf6x/Oh8ZZkIacFlAaqbysQ6hRaJo
|
||||
p7UG9AJfXHynj/Hz+1dNpUOlAIairFe3T2mWQO4Yy6IMgLEGVodZRHaMugdzZwus
|
||||
HwARAQABiQI8BBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlwq9BQCGwwF
|
||||
CQPslwAACgkQdLtrmky7PTikHw/8CZ+DnggV4AuI86spuMLdtUBDOux/T0gvyxSW
|
||||
f8sJkjH0eAYAmP9/flJDfmwra5yNaINfqoLFWtaYLpxpBcWBc4VIoiWqVp2aaCPi
|
||||
wh0sznCPiduiYcKGkHmupX8aCQXBYFDeQ8Jq1e9zwGD7Mon7BeBO48Vd5/IT1H5I
|
||||
u5qzaCtD2ECO9MYdhuqJjFKU0MVzVocsBDdtLvrfnUwe4wc6kvOgHQ6RkMJU1bgY
|
||||
0Sqstsg12vnREAr4uihnZQEihsRmNdiiv0DYVaRK92PLPpfVAox1Axq2HpH3WT87
|
||||
RpsFruXLj/zTl4AZczfDVd/Z4yWmJSzr0F5igkGSUrxo0ye2kNES6cmOGI9TgmgP
|
||||
NLGXlC/su5fKXKjRgkD1ibJ0qFNNxF3Cwpz/+cav9ySDgFGX5Vu0kFi93fEYHshD
|
||||
6lP9M5qS/2oKiykCGvcRCNU/9emdYlF37H52rxRerBaZN6dYMTjZw2vsEMUl06pL
|
||||
llbLiwjPix2OlLFcwH3yKJG0pKkpEImBdJwHtJh5uHzfkSAbZjJAZ2Ekw7sLqiT0
|
||||
85hAGovywGpHMiYkqhNUO84fjZYCsrAlZMdriY92IMcQhmWQ416t5zcle2Xgx+/x
|
||||
zBnktvx9KIH/HwBa+qym5z/uFC2S6zhNyC61LV/CEDCmcUi2lUXr7vcIxCsmxuUF
|
||||
1ONbRP65Ag0EXFtUfAEQAN5tk4luE92Ed4E92VlgTetGMHyxwOlZ2OsK6l+Z5ML0
|
||||
wzomAITgMQwG0FeT6HX7vB+luVhg0XAZUW/K0bme8ZEO0dbHB3Vn07wXHhmq7QXH
|
||||
/ACftkvevIT610dHskrtIvE5rZfj1P/wtjRTxDrkjhlGj9vhUxxcCkKadzDdBJGo
|
||||
dP+Zh02d/4cc++LePNqZ3eJWm0JLghqKxzTv0MV1r6G1ZeykFzXeWY+La8ZCRaON
|
||||
LcHjI7wlpyTJA9WGmyAphtEHM4fQqKLxtebIDo7m4glgR12nlV6B53gUT96PcKuA
|
||||
Y/UPRiTV6nHyUtuL1EGTAVLsMDmtDbdSdtLLVbJXVmA+tapABa4amMxNVNY3QSUj
|
||||
cAbECcTyVmVJfIT5fJW4eOMhWtrIGMspWoO5It0pl4K8jhCzIcfoXQ0olCSeC9fE
|
||||
tljE7qzRzYQUUvN1VZPVX0Yw/xSwOutv4mxmNRWY9HW1M/jGoRAboqN8WhCbldak
|
||||
a0XCH3U4rWXB/8HHb8KP4+q4ssVyPuEQ/v1UNNRk9AB25NPEh5PMdcf7HU8IcUHX
|
||||
THEfd7zZVJ0l4FSsnGeuJfMrnRIpNOYX65ikeoTwmDU3ZjWfmSy7F5hTLw8WOEB4
|
||||
EKpnplyV1QN/j3317/M9PxvB8IOvyNF2okeurtHFMmI/lGwy51akp6iHMkbBDm5n
|
||||
ABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9OAUCXFtUfAIbAgUJ
|
||||
A70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBJXO2iVrHKChXzAvtZUhp+1drOkY
|
||||
BQJcW1R8AAoJEJUhp+1drOkY94wQAKb2fED9Up/xHEOjZm5ODK5LCVHy0KMATiTf
|
||||
5SiJhRtqaRbimPH1WB3XMLls3FJZnm+UngIfwCsoWo0rksFUNmqFi6t4Cj/UB/Zv
|
||||
29EnDT9BAeG5fP+Op5PDCsu4qnLv3oam35oV9yZLRkLhBd/EkRGEA/q27WnpiYCx
|
||||
Jv5uPOJBWQqu32aE6st23PpY/QWDWOhGPfcWCecu1rIe+2BCs0UjfO0KOT8HYWNh
|
||||
nGpsEZ+TmDKjRxMTYWKguEb9evEihl6kUwmQZgROdhBes63Yq4ku9rBXvRhCYbwS
|
||||
odhjx2soDRcNmzxNV1Ply8a+2bwRHPnOeyyxEHFAwjkyXo7ZqGtenwSriG0LOW87
|
||||
y3Yw63O+oAlGLIB3psBSj4wZVGme9485HVICAFcJ3jXqsXSIJdzW61nGerB2r2Qk
|
||||
Bn7yYIvHg3iOToB0alfNw2QuDtCZTNefvlHFnoashRhkk0yWzBerleFJbijx4+Vr
|
||||
FaOH35BO1T3rgBmGkDW6gewoZMHEcmzTDoxxmbXiRvY+5o7b+ul/yzwhnJz3f5jk
|
||||
7+Adnr9qAGMD2o3rCRBHV3lSEkLhBL+bfmsEYEor1fd+pDFoEKKjpDP6bgDcZyGv
|
||||
O0mmr7Y/6ZrnKWxOrmNXieOTLbpY22tXv43QLgyiPcjhCfphT95IxqdNfMfOiI9k
|
||||
IQf8g7GBciIP/1mbdnMj6Hg0J9IbI/XX/DWATOVMdDhq38VcggOHRjZk2lY99+4V
|
||||
Au1wRHa/Io/CENikYzI00deSzhrN+tdUK/TCZI0Ft5Lykmti2ilmkIQGsBuD9gu/
|
||||
2bmWkNJEdpHeC/+oxntDFj43CpyKpPAarrw+4XiYNK+1+4WZsQRL0jJuKJ754v/o
|
||||
NTaSd8GOCyFR7q8SVH4tig9DjkZjYjFFMnWkxdpnDX56/AfdS+x5EaRHKCJoGChT
|
||||
+pHimvKe+MxBxpwJr4JpGddklin+6xUF5jTG6322hz385wsagGvmH2XliOu47a+7
|
||||
xUei7w3S1qtVCfdhtBEWL5i021yVYlrw+rUCwpFMIXAPA/p44O/qY06sQXJ01Fym
|
||||
JCbOnjtVYX9gdF8fMKoDXAcvEtSulBNpXDongWp50BDfVoA7h9oDsxL5kw0GpkJn
|
||||
uVMYLpO+iOqoEA3bJfsCedilkcz6UamLb+6RXMupKQaZ006Bu75Rm+h6PdicdiKD
|
||||
jJY/7PbGuUmXxuSFT92v0hATlpEIQ8H8laEcnb8apiX2qOyGUHnb7pfYoNqvCm06
|
||||
3NP2igCtiGkzAohiHfhztfy2UApiTtXmPu3EhEUMooB+0Lt0zzY+e1cnFKRbJHvQ
|
||||
ZidiOJfKuqp6upPvEgKYMRCAU4+nLT3MVbralo726JnDqrDJvCqAamhfuQINBFxb
|
||||
VNsBEADcRGjaY+/ZVWBlQWvgy08ObhQbTRglb8thrcPeTR7211JJwAJemuTWwCjF
|
||||
SVDH8JJ0Ss8rBcbitrGI3i3mcgJRQ1hILR2HT0bbmMLufCxZzQBjJm76H8XN++k6
|
||||
bd8HCYGXMguUaHRRHAcV+P18e3qGizgL7c8Vln9fbhowkX9yi/WhiL2uoXC3+XSa
|
||||
C08TzwjKPb9Wnct6uCBAzMp8S7KW6P18vZyBTRBrugA9eZrGEe25rhy9szlJcajc
|
||||
VeMiDMf058z7ait5t43AfUzd5zrD6c+ZGYIku88oY55LsZVcvn9o7I+UNbNJdiek
|
||||
IpLae3Dgrie3QgDyfzPV1vXT2X8LaegOsNIkSo6jzjdKE0ZNg4xVSuPdr5jujYBN
|
||||
z2k1lqV/Q/Ccpqzs0NsgnXnY8RDDrrmJhdy/ZrCMsXpbTK5KryR+JoDEiuyJ7YO2
|
||||
jTOCo6zQ631jvi7XUeHAFIdQ7eYRklJwABwj/IMXY++O8JBLO7iZ1dvvu3pfY7pg
|
||||
dQvPgDttVAIxrNxMMj39LRbb6LE+eclWcTfGCMr3O6LOOLwkMnDWEkJAz7JMtWqr
|
||||
2l+9xF9Dq7CkxHPP87dLTMNGIDr38bJ83CSmDPlBoaljTYgrlatBTV2hGMjPgEcB
|
||||
jOgg6QyRGpO2N0SVBnD8PfBI7a7CwQw3BHOJtH8vPUkXZoafoQARAQABiQRyBBgB
|
||||
CAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVNsCGwIFCQO9IQACQAkQdLtr
|
||||
mky7PTjBdCAEGQEIAB0WIQTXDITmS1WOW8zsByEy4hdfHXV6KgUCXFtU2wAKCRAy
|
||||
4hdfHXV6KoJ9D/9IUN+s4gSiyWnqfq+UK5q86DTbC+OyQpAY/U/VDi/jQXDUaXzu
|
||||
f25cCgyl4Xgf6nNTE6IEdgJCL4R6bChxJOHNpZ8/N3ckb/Q5xHKZ/5k5wFv7nxUk
|
||||
vunzxB0wUgCLkn4oy4B8QbTMuRz1qcSdehUyZAlfkr7o/J5UO8FtgaMuNACxZNlO
|
||||
JW5AjTDdbEW0MZapAgjx7+oTQMDtz9q4afuPaGJ3fTz4Vx1+mYt59b1h6xaMTXJi
|
||||
8egJF0U4n/tJ+3gxAIhF7tQRPdNEwG+2Kw/YNyrLMY+nbazhlgUIIkk2IH3Ztd0S
|
||||
XnNd7gV/slN80T9CtHtaDlH2FkeAd1unynxsDd/TLb1gLHem5iDsFuZBaIyHetdY
|
||||
TlvT3SlKnDQr0FBTe86Kuv7n/ZNoU4lceXhUXTcataxKdxKEJt2x1Ei/hMHSVjaY
|
||||
3ir57tuOUDMkl6hpL3sYiq7cMGUAnLH9nBZbbcNdfChDiM24mGmXaNoITutVAHS4
|
||||
uNunSL1l13hJ1hnGY79j4l+CgnPx7LHzBmLh4PPWKM3RYqwgaPEkflVQr1JOOKMM
|
||||
x4bpllEtzpvVAIaF73tlsOQRRN1Aah67gvkWKqiZrXc0Sx/yh8EO/6bImb87rtVr
|
||||
0kjeDGEiuGYXsszNBCmVjHal5kLUKaESefzd223zeaFe9foO2HrnsFb9B34ZD/9J
|
||||
W5M+42QFd+tOLh1ue/5xToiyggGh1MX9axDqHiRu2w+E7kNuuws2426aupUQ3yPD
|
||||
4dSwR428U14ytM90bZXztKFDgFAaQJ/4YVEGPSbLHFc4VlhDHpGljl8J7vI5xPOm
|
||||
Ruc9aabtXwd065nQ2csk1DliiA4jpS9dUq/flH2oGj4b2OSGFvR5oC7oERHMpUA0
|
||||
p+wY3vnjkSVnWqV98yEBCFcZvpOy8J5KDZxYZvZydUvZ3ny5W6QPg8OKriqrCAKW
|
||||
QXds47vRIiAasK14duLgex6il7HmboaqqOhRhevtBAHBJpB1z6Aq0SMwcKwdtTId
|
||||
GTSoQd0R77ZGYvR3StpAwl8rJhCNwJHu2euA3hYPWHg0pF0L8pFbfUwOYf1dU+uQ
|
||||
4xAJQKcCteQ7B0pawp+Hxp/0erB5c5PUUck38ze1ZoGm/oqh24XZ/amPVWE9nYSo
|
||||
VTJwnbqWsfI6mzKdBHr5MP5zW5ei0PAo3lFb5gvVzJ2TqaGJvrh907I9R5Nwd6GM
|
||||
wAWAzZ/nCLflSNyPyJ3ftxY6pGyCBJsycY7gBQD9i1xU0bxONltqSyifwQ0rt7yr
|
||||
iwSI0VRnv8K3M2iTAdDm44bX6oHzljgiYachlV6IGmO3vdVVrCDhm+b+ia1bnQ/1
|
||||
H7itWEwllkUCCtaDwEcf8o3OdbS9S5KEbwH7YUD967kCDQRcW1UMARAAvl+0jUaB
|
||||
UkQWBflWy4Wd8Gcf3lzOqbARdpM/iztebc7RbLnv0TNFQPV4TD9RoP+rY4dJzC8w
|
||||
/rlxlhD3DiGcI3of3o/3pN6jss4wKyy9Jcg7uCo/fcspOoPOwigAUfBYTd2rWNvI
|
||||
/pPUl7zmavQR2+TyQ4IHWG52zAABGej/tf3Ma6WGHC4QeTkh7LtHn3JFRCoFy101
|
||||
x60bJqIWONfR6+5UAOL/P+zTteEMsO3v7dWCWHX/tcYLrhCEH1CNnyPS7v7TF+Ys
|
||||
uOGL7sSmQOUAcgldfUfTACw84YqViu5BSYiww18Eg1l66UcQFnhwB3fTGwzb3oPM
|
||||
npAv2wAZ9gyFGzRgcH8QnXRm/SLDWlTaMIJS//0p/gXifCAdBZA/skBt+E4hQ5Sr
|
||||
9iXGNMueR3bn7u8Pcoc1DpSJENE5H0nB62l3/OiSl/k7mJMGlUv6wKr42xNnIM6M
|
||||
hO97axjRXy/XQz5n6ktyn9xRngkQNL9Ynj+i8E0k/xv5jA39EGAKOXxQFf8357sA
|
||||
DnZ5g/Yf0Yr1c+TNIIRXER/k/KMavB52mguTNqCsewO5aje4Gq4vKd5P+jOKGopA
|
||||
C4idTLkHutZTiakod7lW2jmjpm6P7oyAeAhDNEroNrbOIw0SaujHBmJtxgK1Q929
|
||||
y/EaH5vJyWfMFyUqM7CQBqUU/HRLERsebM8AEQEAAYkEcgQYAQgAJhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcW1UMAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkB
|
||||
CAAdFiEErtYi/gIHfrS1wUbBQqJ50kjNwxAFAlxbVQwACgkQQqJ50kjNwxAf5xAA
|
||||
hBhcOeqLgeXbUu0CCTKlnG6D7H8sQJWXCSsh9pAXffv58b4f0ntJ1TztKfVd79hS
|
||||
BCcXRc/9+MhUUzR79NvFWWZMWqJ6MucjAkkOBRoc7c85PawYTI7e1zSapLPJEHG0
|
||||
xDzK8ClxwGEvlA4O/eGGVFaCTkxdTQg95fDXfghab6j89GI8Ghc9rC9V8RUgGVQV
|
||||
qJJkBJ/gECJJp3holB4/w/I/sU+9AHXGKJvSJJ62fpmY143Y5JQk+I8DxoT0kIq4
|
||||
W2iZVAQMzQGpAOXkDuHk7a7J/QuL78CuoG98GOsfTd7nNsgPTZ07cPYGOxXeNR5U
|
||||
9DlYOBWDwsf6d+D+tHLB8KzH3MWnWa3crjE3a/sgrDEad0CmAJzHXuCyPMy8vPQn
|
||||
uxIai/gw2POq8YQMoKW5S80perLuN73FxAumjK9a2hYVdZNtABwrlW/6ELruv1se
|
||||
mMjUq6oDyFio0rGy/uzCItl13hIr1Ii7B/SPz9dNnCagV8aiUmKXRk3HKoEXf34I
|
||||
xWlod0szWopnP31NXNKHihs46ORSMrjnzFKjRcJsnipdins+DHJYroYhtOjNtsb/
|
||||
WV3D4tSerG3xKF/v3ssn2VsjcgK5HY/k9iUol/dvoP0bJ+rKs/fzt8oAqEexiRnV
|
||||
cPnj/zAiBOt1940+0vTWaNYOPDkq872S48GNybOC342u2xAAnAp5myKostxjyQn3
|
||||
E/7/G1OWHaJW5kx/HCqHCWjgwwLOmhssNn8kpTf3ybvt5uhMolIF95RjFB3gBOfU
|
||||
vw0sqMvEoBoGSMSTSc3zD05RBsWWFD9qwvPMXtn0gYaH39ISAFnxXrtrQ7dDD1d2
|
||||
LcBErdttnxEhUnT4/0YIat+r2PhmYYDYviKsuOy8MC/sJIxvhYEpbyPQnPksUzA4
|
||||
wmAbVNPlzqU2oWPrLT2tlxUue3z6VS/YHDcsLSgjVOMWSusLMh1+D76Y+Lcr9kVz
|
||||
nRu+dYXh4I6OBnlT1VuzEVmrf69NFwh8j3PaVn0I0NEDU7mMa+5W0QYuJIsXZonq
|
||||
SI2uIu64ZOVd+D8WmCEZO/Kmk5PMXs+0fMcFD9mOeFaiOdz+PIlHAsrxwKXr4Q5z
|
||||
zzu/wEOaqAVa2bJywTbl8MntQUY/XeD94MvdlSAwO3Ll1BpQ5NfXjm3YpP6Uyqlj
|
||||
pkrYQL56iqucgYn61jLSXhFHGLXSZs2G48ggN2mHtf6ZQeAJ4D2DIXRj4uqIHoJf
|
||||
7MWDui8u+cJsw/F0ZerPsCN/CpkEoj4FW4F4O3JbiieYSUK7lxc0qyDdbQiVCVl/
|
||||
08wNToe3RctSzsQ99tCwfVWqLVcTVb+0aeSaNykb+qW30bHW7AUYs/qKiapQFzZz
|
||||
QZnpHXGmVe93fDfILx3yUCA8Yia5Ag0EXFtVOgEQAOS7GFDH2DGXPMJzSdS7a/zZ
|
||||
ewP4bM42n2Ku3XiCyXG173p4ppNdOLS3l7JrRflMhjfBtETCOV8B4z0B9wCZZywz
|
||||
iLOt8+0A0zpY7EHZNvMRjZyq/s0FCKLtnlqo/KNwiJPRvQazZ6+UOSffEQEGpNKs
|
||||
1ycZIDb1tk8iRpRvtCin8CeLRLf+2BxHbWBewnCSCl80rC89PTcvPf+jmtcDJqDQ
|
||||
z/blp2CT1JUo1xdzyHYdIa/kQ2PBQo02ejBVs0vDjbzuYVQzZV3q6cYnYwGPtpTB
|
||||
Ot8GXuA1X3qYx0MlZwGEYpiTFS+Ju4cJrYofuBOudXpfux2uAPkJskw+ro5k1I/q
|
||||
fptRWDbZ4fGgROmUXBPg29XdyVExYgAbVeBdHWX30sCHs8+c8wzWkdAY/BgdCySg
|
||||
EVLiDmSfMekH2H1N9ncwzhwNlHk2BaYTR9hWdZ7lrH7BbT8g6SVSge/eqgvjKI33
|
||||
AUmragvNQ1B3362yqLK/FJOHyJiYd6DKfkq4E+ysw+C+qIo51qVNkqRqT0M7HhwZ
|
||||
AvaoeykrGIE5vq6jHa9+MxDlsN5Sf7gNgx2dk0d7LAJR6AmYNqRS2V+837XfogMc
|
||||
bB90ZyK2rOzDN3f48jaqXA8TX2CSun01RoPdCPZm0M/uxTZxOFzoatrkpEVbx/3x
|
||||
sjvuPVa7qkKdgUuo/PhBABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2ua
|
||||
TLs9OAUCXFtVOgIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBHkdfriO
|
||||
vI0BOENKrDPfNZrnpgp5BQJcW1U6AAoJEDPfNZrnpgp5JY4QAMry7TcsRIZJCVlC
|
||||
qecIAjyJizWz5dEwScba0BDU4rv/h42CvXJlySZpbgUEyB4SBggEnu/dKVbsd/t0
|
||||
TXRNg80Zs/pTFVbwcg+sDgIg1wZldZbClLfvgk0xLoDl5vq+K4SAQwSLTSPHQyYu
|
||||
8IxkrKmbBdBSXlgnmcHK2lDXrzWYJDEYEyFPV4pC3cHicCygSc/4eepUz+crEF6Z
|
||||
IE1df4LRv9h5CgsLewMv5nQ1EjxTo9mX1GiSh3e7KcfS98FgIQl3oy+yO2cmVVVq
|
||||
x5ggDcRI2sUbXa3D3kjAo2tUIA1nUMFLIrii+aZawOsf64VMdIs2OXEi5XFR+Zdw
|
||||
t+Bx6lUKZ3/tntStZitJdK8/RUbhmYQ8Tu01vxt/IAN+07VxWyZwcFB5KuC+lKtO
|
||||
/0vwyhyiOlHm8lzV/5qwFPusB4bNk/2uLPUaavJdrBpmB0t9pol/NFCRzW5MKFvu
|
||||
Qw35QyFVR0IBeaGjRc5J9yxbzi78umN1iHZbDjXFA7oRa9tkM2AP8V2anxSHUyon
|
||||
UN6OuLqSM2frA8iZcl0S7qcepYNF1ix9PhdQHXy0H7hoikXMLIiCl/unW5pVTs6q
|
||||
KnmxmRz9ZcqvvuVXbeY9C+kZE0LOBTZMljuS1Hcs69RU3rA18swfN5CTXw12ZwQZ
|
||||
SsnRhi2X28Tn8SD0vrEsEf08q3XshDwP/0MvBBfymXd+5MzxlvMg8vGJeFuDMEFN
|
||||
cpETa7Xzzz5Eir3ETtxpUWPCriqmCpnlIWidNwbg+LlyTeYUDPIDnMtEX5ySmYGn
|
||||
BI8ykvAKm/XTfr0PWOEAXcmxTC3oMhvYEhIyGHZOFJQxIo7vmrwZKi2wqMnKMPq+
|
||||
XXHgvtZe5tNbESI27APeQCMVZLVnVVa0D1JRFYBuwNoJXhWbAIKlIjBGv05NvK71
|
||||
e4x0zEY2mXxLBbsxVBvHhpg29HseX/AhHvUAcBehJ+sqnenXZqdeNhgBIeZubXq6
|
||||
A/gfscswF/Ocp63Z/vqAjEmvUKwAxNKrKlwLVShVvobPx2N4hH4ZT7p58cjhMhQz
|
||||
Lm4whTHy1hvBIR6j/Lo2eOkkVhiMlrrvWJIAEic3Gzj5f7XOsVr7CXjkSdoXHOIR
|
||||
63ZDO/9Wy6ygu8vCdiIFlyRyUBLnGhUYVbRYnTU58tQMfEYy30ZKF4vxz4Ysxoy1
|
||||
oJa6emaa33Nn1Z2kE64AaW4wbUJ57nROuFdoYTwJ02vyc51J4s0C94EA+a5VrQkN
|
||||
J7bT8P9G5gksp4b1WyoFm+O4aU5Sx+XpSO2IZFuBL05anF57Pm6Bz3LJX6sEYima
|
||||
chv72q7PYeYbETrl4DZxE2xlEiMUvN4DH/RExpPWeUsVMFtS5n60n5+AW1EYyGJ9
|
||||
mfWlvZ0xCjQ3uQINBFxbVW4BEAC/gtho2rZl6/+/szkOfEumAdFwyQbtM5CnJyuU
|
||||
rnrneWWlnNPLeaHml5a9yrcgOZ15QgnFD5YOHZ/S9L40goML8cB118etk9uE7vMv
|
||||
EtwxbkqZXTlqdxpFI/SzT4jJCa9XFQ2uA+KdmKmGW9EagtdLql2B9ziMhH0Ha6Y9
|
||||
5x+9+7/oRYU+ddmAbwrJjdn6bCuYQ7QVpccFC67qdpy2I97v03hst7yGT1FbrIjE
|
||||
sF4nMig6Uhwma5Edqm2dLaVXeZ+Fl0WeQCnWjprZMvkHCAxjTBlQpmvvwcQwqHot
|
||||
s832s96l/Sd5R6r+TWU0lTtXpcxL6t7MXfW+BInkqg0ZiHG1Znni6SwfatzDv6W2
|
||||
lJW2pj3Ub++JulEIkbct1f+TEeeLU0RbJmWlL/qe24fodKg1ixH0gyxsRKzdBUIf
|
||||
vgCkrzwLFgJEHRISjQzIASVtDdt8QoIqX8XALgjMBgAnZqtYrAEdFImWys0K1zOu
|
||||
MbuPcTImufz5ObnKM7rRMdCO9z+cHGs0TT2vUvPPuOsNYL1GX4EfrCp2eLKahjJQ
|
||||
BCxfatn4mFqHVmR/4a7vqq1j4Qfj3h08z7QVrNwGWAF3r8nmaHdaT0m55xctMRQa
|
||||
3N3UaYj0IQ08CSUJq5e005Z5Oinbt2O4paxnG4/UbJXpRiLEVU5Ja17IBsDfZydx
|
||||
W//ZlQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVW4C
|
||||
GwIFCQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQQVaJBoXqDfahNx7yAXzF2x
|
||||
8AiEBwUCXFtVbgAKCRAXzF2x8AiEB3iPEACI735VFBDd4E6wlGAA12Av+XnWSruo
|
||||
Te7zGdKo2SuZ1gN1PYdNgflbifYCYajnQENp92N3q263Sq3MDf+EZYKijJ3EoU6y
|
||||
chjOJR6ge+UgKPdGQc7Lu61wWECBFaL6TMXCedcZ/Xd0xT2IbvK8qsKsITDjiDOh
|
||||
DUqdjVeyPXyfkmSrF5P3hvNxJvPbQ6k5Igx9JA+unLXxatljAeh1whnchRQAIKkx
|
||||
l19Nr1z+odFD+tzCX4HQmUfHRXgBiJICyIxWB+U7USqLtqk+7DE893meceSt0Mz0
|
||||
JgLct0E5EFfCdwbehnl5NJeay8XEdcfjUkeyb/VAVxWYUBiG72okUIaIP7xR5MW1
|
||||
P6ecdTr0GzOC1SySpfyT0+ot0rtXGSnXrBzpY6nU14hDoV3g/FMas+qz1smTtOVi
|
||||
1MVakDRf4QyP9Jqf4q4/GosRrgBvXZHi+zWkKuf+DXPcL/q6MfgHvQc6tFMh5ONQ
|
||||
snrF3Bca3BQDT2GKjSukeG3JmECHmKtQk22jhk6T9DJ3518yw29El9tUgraaZ5Fo
|
||||
Gen3TYCxA2BhV2LYCSLSHiTPdtUsbDuIP/FXaFXr34nAtKKOSSY6nP8SMzCPSEMN
|
||||
iscfdjejR1Xd012T/mLqVCBzFJWyX2RaUdygSWUpt/QdvWa4pXCgYZjEVidraOws
|
||||
VWMbb0zuI9KCseOaD/4jd+awtnRUj2SbGeJSVnqDPk0Hk8ndFebAo70uQGATkLXC
|
||||
m5ls0RDU2xHZumuUk+b74Y1KjwdqF65NEmfjaSQ6B8gnCO69eKHcUT821ED9bwfa
|
||||
4XpgsOMEoZklvFByax0JMS4JEJU/xfsLmfeuXVirN9Z82vxAXG8fuK8bso6VLG/J
|
||||
Mpxhq1Zv24NQ+uevvh9loyWMcaw3IqPvQzNlyuuya3rXJYZHSH7TauYgqWySXiGS
|
||||
H6oXl6Ej4GR3t5uWwHKvEREQer+KPZV3uXRnrTpgITy+PxZ9ywmPwmPBHcD6c0P+
|
||||
g0lNNtDdvw69qy+oh7JaqqYaDvedseN39UgBSx++ewRhq0OTikAD/BCv1zhPizlD
|
||||
9BHAOsCxrgnz0WsONYKFAE8vtNo/wB//djf/zqMsI3iWdbWqM9e/muEEV4jQRWLW
|
||||
TWp1XTqqvkc6TsLBBNO5zisJ0VwSfDyRUplr/IWeUl9FrRngjBJqF2nl90US5p3o
|
||||
uk5wUWdjFa0haFyDgZNFwyFr85mex+o6qIC3oif7UjC4kHPe4wzvHDYAxrHMB6MY
|
||||
QvrcXzULmInot3qRAr5duUNbQbrjdtVvOQFvjowBP5Scu5ZBSzc0O2TUUSKgnJZS
|
||||
Bs7+yswfgyhYzusbxlOdA+iE2Y8GuovamGYTbsdCxDStOMfZnaiXuLL04Uy1PQ==
|
||||
=fX+D
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS
|
||||
ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW
|
||||
AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/
|
||||
41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka
|
||||
4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z
|
||||
XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u
|
||||
/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5
|
||||
0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa
|
||||
9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM
|
||||
uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ
|
||||
hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA
|
||||
MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+
|
||||
ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID
|
||||
4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ
|
||||
JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J
|
||||
QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV
|
||||
3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1
|
||||
8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/
|
||||
/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8
|
||||
LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk
|
||||
QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH
|
||||
sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9
|
||||
BzWkJcrbuQINBF/u5P4BEACso8iLzFJ+M1wqcsCDup+GtRMzte04CAlLmaLgyzfL
|
||||
3xxBo4AUgX6UbUCGycG878JVn52S6Nsl6FlasmyH00MGjZt1CuNz4htfSmLGcBMj
|
||||
IwQv1CYR8bm9EPwR15NaWdgzJHShCduMHv4HdfqSa6UQfzO/P8mwioER19fkDQSE
|
||||
U1KsY0yl//ipWiW3ZJGShGHLnn4YbxogQtsRPESKUsQ9MtzuMt3ehGtkN4RguOXC
|
||||
6pCWP8J4F9lgjSZ+uLOQKV4rmpbSMXntOJi2nu+14Zj36enW8xyAXO/w5z/wci2G
|
||||
LN/aa/v2a3GM3WJQsPNzpDwB+pr1n0Kp+wK6K7siVmDoV+WecD2KNNgOuSyUve7h
|
||||
BjWRM9W13LsgLGhKJA8yUpPvhXk91vLRUhwFJ2GUirxLPLs2TSTjHlHvhcPy6aX2
|
||||
HxbHkcOt53n2h0zx7ntl1N7XHozMWmHphPsSvOZ5StuQRAFvfE63EyfR84KUPIbZ
|
||||
kvftbAJPKCJC8W6GqhfORzYZqldDNNva5iYHF1OItF79ZLGI56diNsBV9SOVKk4d
|
||||
f9Qp6urYOd+9RGQGmCQte/WSFaU9z9QYPEGl1NlmGAWt7KKyB6QXZH1oEMwXtPd8
|
||||
4GQX3XGtyggEp6BGwkFFWRQzF1EZ0maRPrpN4bpQqLXSJiqQxsX+FAcOkhpo6X7b
|
||||
8QARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5P4CGwIF
|
||||
CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQTpq255IzwEFuiZP0UMA6+pClln
|
||||
xAUCX+7k/gAKCRAMA6+pCllnxDtmD/0YCUccmKudW9PiQw7mI1HSuwL6aS+MlG6/
|
||||
LJ79nmi6TTpe87NDcEv2bBpVWYcQK87smCxIYyuj4SCZuBQivjyuecipRoG14PUh
|
||||
KU8UiqdF+vKDvUAA7huOBlR4dgr7/KvjirnbwO3mGouwZszDOLvaHuO403+TPm1b
|
||||
mJtEA9y6Wbk/+PTtfPymQwnaiJkPhQ6Q7ZbyasRIisO3MRPacUjt2DXFi5VV/Mya
|
||||
8o5Pae3zY+5SjMyE2siPnVE4/nzp424jDzSq4DGEUip/x+QYHFwxhCJmdZlRIFmn
|
||||
vSCAGXBpyPVbckC0Gw8kZ8HsGzNbMbx/VjDG3LFT8TR2Djsh99/6icO1J+jDkPNn
|
||||
IFEsYjAw7Tos5IPhIT1XkSCW84KqBG5pGI5h7fJzf19sR7Ki6XyFe6VYvggeQIS7
|
||||
VN1ISl3tRN/dk0GbrKkUKr0OVfaRD0wXQHTzbec8Fs43G0z/DKoFutGB/J3yjAmw
|
||||
IOcP5R6rqjhVp4APQpsB51XCaaqEXaXZyMWrKILbPIjlE6FHeh1qd+zdIjullnF2
|
||||
YZv89HU9dIXxKr35CM8f3BWm4D4cRjsUOWoGhMNwdHzHYOdys6T72KBK9D2irz8C
|
||||
L0bycjN+SIpde/auo+dQKqKD3/ipr4dyKJyOUsls9cyhxkFp031cZ5rWbXcLJ8/s
|
||||
1BeVPjFCngqPD/9rMKA6kCSnTo+rSqZRxo9RlQwy4K6xfPPdHZvBi3A4UYCsurgl
|
||||
qLtFtGG8SMWigmUZWLT6uhsi0orR5wfG7vzajF0Hcd8yuWa4zGeu0rFJXgG64Pyj
|
||||
nJHtv2Tzi8DNY5Y+8mfXqUewyEUXQLxnLqpGlPjNUAJKvjm4SstNadewgWeb6F8x
|
||||
UQJc8owGmK5+yZQ5LZj6bjt9Dr3SCM3Og/iS5XK5POGUJgtgXLXp3uy7p9SzsJ73
|
||||
qhrDII/YqSwToMu8tUv4xEGxyceVPDm+ywde5SXYmtvMYrq5DBdlalZ9kBlC5fyc
|
||||
IIzKoIOOkKKpa/YAyKdLTk8ZByjDk1RrdcOyP4VNpCvyisf6JPwWfKdM5mxf47hb
|
||||
s7zioUH7miUGA6i5TNi1e+DU2mL92sJwQ0WkHw6KaUez2Y9CaD8hZnQw/h/JcNq6
|
||||
nb8y0GR8h7qWms3K0rtSs8SuDXUsdZrFAeURivccmohXddtt0FDzkheKGXs27SSl
|
||||
8oOCh+jl/hEUzz2mJGFwRBo0FI5ipN51IfjhMJ8zzSmvfrtdwT2Tu6wSY9DLsYR7
|
||||
0tWGOc2HA6o7kdcC1V0p2jvQct281FrC9dTXFgcDuGUBYhzEZeWwjuYQXBzMquF6
|
||||
ersVnPo/Z5l1SnkK+wVBQbf4igHOaobl0AQxnb86W4CXBTZ3CvRq6o8vWbkCDQRf
|
||||
7uUlARAA7oTlVZXhdVlPnSQlnI5JwovG2jEIrRifpbyavlhlosX+rgtQ5EILn0DS
|
||||
PJ35CNfOAeOcLQeRrJAZj6w/x9FHWfKRAHUeiTTsVDzTrDyJBCVuC40ck587KVUc
|
||||
GuB3vee03/y8qAczj5TZNaDdl+4qAzOFQuV4MjwJOx5fsXZw3dUAS7pw1mTkAYTh
|
||||
nz557buc8JJCxrebT6FvN8bugk7LJ8SYmI154Q5wCdXB6Q42sdSMFlKKPYRRmIvX
|
||||
vI4Ytl/J35v43gCLbXccTWQpBX+ra75sndS2hYGQhcC+WdNtt4THgU6Sb7ErpJK7
|
||||
7A1r1Wf0WSioQ2VWjT0QbUE+6IXD1J8duh6ZgzuqppMm13aDdMDZGwdcxlFw+vlo
|
||||
bM+IAX+QgzPjslM3FHVvvfCLka+ctMO+lL0bz1G4njNEXcIAILhmoqRI4ItVH7Nl
|
||||
ZI3pAfLLB4qbhTKTIiS+uIoA82RU86ozr5oJZCsJa5N5EpJnYxnjv2tYhU42eh+j
|
||||
hyM+5ra1dXtveKvL5SkVuRUlPZvgOuwQ14Qnj6sv8CmtBpyVpupHmY2RbNtLVLdH
|
||||
Ix3lyQbgVo9iMJIoXiPXmcRWCgLgOeuETjFXsEcFLxuN+D0My0dtwWcg+271vtPn
|
||||
0orTObxkctFK+V32ByJYxVvytNCW245bICpxCicxmh5kYEmQCnMAEQEAAYkEcgQY
|
||||
AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uUlAhsCBQkD60WAAkAJEHUP
|
||||
PIdyPkASwXQgBBkBCAAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAl/u5SUACgkQ
|
||||
xbTukxqfnf2aeg//ZspIr4ETVf3ai0dXCm2Pf6gpM7QUfI9fPUHymvBhNrNhfZqN
|
||||
ADpzbJefzLif8as7kUr904zTc5Jse5a0MzCrMyEwTDIoCKDv2ktLq1L20bwflZs+
|
||||
oP27CYC5FkJYgLYPrQZ/7hRC8EWjgn6v3seJtEo8G73kiVEBOnxVEfGZ8zxmX1Cp
|
||||
aOWfhiFYCmkEe6Ck9hG+OaWt7+WW0wWT1UFiluzRRAEMROcCUtyB5IPCqCH/Rz/m
|
||||
/bE6G+lHZo6OY/wY2q/oW2f9JB/4QyJeSI+fkjY/wDjfNQjiPMLfZctv25IeZYVY
|
||||
ZvIKrdnjbzRe+GwYLg5G/SbpSOEb5O55Ps8mNUpYFaMCfefW+DG48a4WyUGzFr52
|
||||
BMKvHKtc6c7P3+muBAqcNZYxRqyLIQiYiV9CCjpIV1WgUeedroHUXvJF/SAvNVvB
|
||||
ZR00I/D2hsD9BFh3B1FEYbw7GuYuG27Z6fgRolOQUeTabjQLI386SV3IxZ1KFwm4
|
||||
GU8BTbUA2zwT3hu/BaaCI5jTSLyBpdo10b1wgMEnqmXG6AbNdxFVEWwE+CE++BHW
|
||||
0YBhKp8fghHwwN1fwTCV+QyA4Qn6EBVDkTrUPKqTeCmHzt3AQh8WVrsmrodyr5Yp
|
||||
69LoRnlkLcGJiOCKMOmkop9Z32ckGieYHrl24Dw6hmUSWDG+pBn0ezbSPit3FhAA
|
||||
qD2y1VzqxsaCOD634Ltq8AbvphP8XZPrrsC3DIA36ITaCQDa5Cn7madLCXy/uP6N
|
||||
+tojtzXf4tUzumwGJGFLtdMXNmuEuXrj++NrU1xcscbvDn5O4NDMadwI1EDlQo7w
|
||||
uWK9jaQAVhF7iDEBEazZe26knQFxC0my4SyO1uQaEg3BKHj6z7dkAjzWJaQZhzql
|
||||
yrRzbCiVUUI8ZkrgM/+/6NJohUG/had6DoefgK6H8/yjgVx1Wtx+XAuBQ2cvclhc
|
||||
TAmHs128dWduNHxI2Yx+uM4kuHYpPKBwdEh91ZNeNqtBJURfSVjBCjKkTYiS7kiv
|
||||
XyvQOBdZVeSVpj/QoAfaUlQoBVm7aF6xf7GtYlVzjMsLYdpjXhy4ZbQQVUuPI+1f
|
||||
yFkw8PpASZ3gvO6KQ4V2w3hOYAxYQ1kSwTtaA7+18nyv65VolTmAotmLun94UKn7
|
||||
zjopByBnC/XEqsU3tibg9A7xQ2KUpWkpmG35f4ZR9aEIxSe2Jmm+Se0JfiAq6Szf
|
||||
dyWvr/TzaS/BZL4WEPk2Vw/mzWEPZOscpIkBFGK+Ul7yuXvbrbwr+zmAikHmTb1V
|
||||
XfPb9eBnwDDuRHhLBym4FMrPjzeziAxxkScTfDjWq6rvMmaEe1CX+dj6ldx9Jp9d
|
||||
iUngol89eSgAQOtptjcit5o0Y0Mu/RF6KIBG89ghFly5Ag0EX+7lVAEQAKFx5asK
|
||||
W7A9BNKPkaXgym0AlW2szQR1nwxi3APLVLS0Al9Y/3mnBbYyO84HDr82AtMSWSMY
|
||||
UZIKtkUj2sVqUb+xHOPkY/MenyoBrCl2qaTVJ89nnWMUjtrX2qk0O09+ByoYXTit
|
||||
BVPAIZ/qZfGNB+Dsp1haNKRdowkf6WXkw7A9dHB5isVmaM/Z0THNJRHwc6mcqbEV
|
||||
M4fDL+OCx6m2KQHTHirk+OE9Nwral82IIqj3d5UBHmjHAbQNXTDzZbWg6tYbLN3I
|
||||
EYxSRQpkJZIVheyBmWFZuivm4hCDZxJlZ1sgxQeIZk6wR2LBR6ccTW6PH11PhIpr
|
||||
6O8aQh8JUMg+/aJK2eQXINozYdjOTUjnWAUeUqML7Pg/vERRAgHXO9Z+NTIEWEOo
|
||||
Ee+8WOFmrmfjb9Uz27DtymhUjOl0ryiG6F1b90t1rZvVKWR2OaCUhICm88o3MCgb
|
||||
HFeOh7v3tnQb2Uot7kY1hgch6j1MNYWGb8LjwoTAmx9okEv9mh119k+SdVJP6wsX
|
||||
ZtL4860vTfTw6RQM7rkZBzTyf4qCvU5uRSd2u6JqtUhw4m/gkKQyW8jLEkqX7JaT
|
||||
+iEBgPzjALvfSWDbDgst0szqU5jltYpgjG3On7/ZGFFJrkB06orUvovxLThWWvm1
|
||||
iugw4/av3n64hl/yfxvKQHLQA3Kfkjjzc3oPABEBAAGJBHIEGAEIACYWIQR+HJGs
|
||||
gDClpZ0e+rl1DzyHcj5AEgUCX+7lVAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ
|
||||
AQgAHRYhBGFPhWcuJXtdQn6ZBiGZBzrXgrS4BQJf7uVUAAoJECGZBzrXgrS4jfkP
|
||||
/ApYZIRnBL+LdTPYdbZDYXotkE6RO6ZsPdcV1G6na5jJ7igdVuvoz5nP3rX+oQoH
|
||||
6k9DysQzyh/SkXRPnbOOyvQsI7atmH7SkhNn7ke8zmEJLzApHA0ZMGXtBJHQkZwA
|
||||
5LDWIQb8HbtJTBr2DyJcQdpRmP3hHDgyYgwg0AUG/2JEwYqps+/pqJCrLSP+GLOA
|
||||
ia+wRH9xwv1Vl2gIxWXqEO6U3puqUg+0z1Av4Gj/xzuw1F3eLrOfgklhpASc8QtC
|
||||
89kx1nhFS+OybQfRAH7YN9DKE5L1kJxQ4t+uW8TiXf9r+MdcVMEI3LATZRtgowFc
|
||||
493g7EkTppmqabFns9OamyxXdIzLAKoKvykr7HPCBWUnZn2I2RrcGQltRBQlR0Mb
|
||||
jO+sFi89XnFPwXIw/t/9zoq1bXCGTt7H5RtrfxC1wTYXqLEdV9pptNj7j5mlff9g
|
||||
DMw1v3MfUxbz9gIDzs7ANnw3SkWi+d0v0bLadWdItkq2WKvvgB58NJtKPc8Jwilh
|
||||
nO7W31U/kv8FR9JcFXzS9+Y6ejIClF4FAwr5tK07N/xSFAKEs5kyAYEKxP6vI59m
|
||||
5h+tO8cws+pi4gqfWa3t3b+dVzKl9AIkWAYjq9FvbfiqZgKTlTviSUMpmK5qJVld
|
||||
72+NiolUVniJbw9Z10ps4G4zmXSl1ZxyKnehUzcKyPieEEsP/1/tctQx1LhVu0TJ
|
||||
RLtWrE523hqxpqDdF8/QrNp9dX3YVoEkMQW3YYir2oERtaosWXmRjldq5dNfgtwc
|
||||
lhG+/CP5rxNeCJlI+b64pC/yQMCrbz/V74aAipuv7ZZMflgr7ZD5i3jyM/7/AunS
|
||||
qOUPwkKrjetNF85eibeO7c0Y9/HhILkLQ8EoNfJshdc0/scwMZEpLHTMAHSrxCAV
|
||||
FuhLsF9epenA6IbtuMsp43aSxshX05RH7F94uj4VCMUSs/90viB5njItpPdZCqUH
|
||||
eXSvLSjxqsmS4Tz9Dn+uWvxleBLRRcpZykuNLGgwVXafWftWbA+U9KaJnDWFdzjJ
|
||||
+gAsWfHfFBOa1RfXYP++e+VJflcHaEZ4byLG5Zf1HqAvvcaShAVuMXY1hoYJinvh
|
||||
uk1zJRW9dP7apZx7BXWxbWcn8LMR5GFfunl/M2iNASmkqxJ9gvy6TBRWJu2QeNbN
|
||||
5Ks0/GDUawQqvhmM3V6zFQWVsPwaHpufIaGqnKC2gXaIHXPP0ldyXdLXwgZ+6A7D
|
||||
IEqHQB2BDbiJtovk6GaK8PUCEHTiDmRF/mBzlpBJOn+Hc5ELufgr9E2lkrKJzFag
|
||||
CBCucNhVEaUedFrycxfSALing7DJPWb5cobu9K+3T9L3k57XgxSAj+g6vOxHuxHL
|
||||
ve1IPheCWfkKpJH5faFDWKpJYYPauQINBF/u5YABEADgWTS7wFA39XvpWNHSfAAR
|
||||
2/nlGWuTvD7zoirzUwOd2+I2XYwgl910KsznhlqDrHZlqKuGRjQlbpyTbsOH2N5k
|
||||
IE+0uEXidU3iwslSZ33RLL0h9+czDnlgijYXLCg5ScswBEC1E/kXX685AUCTPX2n
|
||||
D1+Ymxxgov3AvItVxKDd3N5ERsy6hYWPK4ACXt47hJFqPfPtnQe2IdFkRm3bOuX/
|
||||
X79Kb5N6cAoao65Tpsix1pm6tTNww0+THzIWzK/yhi1/tUOv/QJMEVAxeBAPr+Pm
|
||||
mvjHvsI9RNQt7VnoHVkqJhPDxyQZR2IOVQXvlYyCtkPA4WQlyxLzWM24TG8xhD1v
|
||||
zZzA8qs//o9QI8OLg2ZYxplC4lW6GEZk3GnrTXs7bW6HUq+RlayIbDw7oMs30jAv
|
||||
YyDdQpZrYuZvsWKbKu+65Yi3M5kW0v96LT3ueMJaL/RanL9JhAWuEqyezffsBZ5a
|
||||
88/i0n9FJ8cQ1fZq2/GLq/mN2JZ3e/HSWynTnlmk+qGk2bq0cRFJNHAs2HNAm0Id
|
||||
pjSFCPmek9j30wp2c2knML+SsSw5h6570mwILuKwFr6i2hyFlPk4H7nP04vPQ8P2
|
||||
Pu5O/Cfg9rPSBjIi9FsNS8/a29sSuOmsSGHZnMrVUpGw+iKmx/jVejOtqe6hYydu
|
||||
MSQtIU59E2fq5TM4tub6qwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88
|
||||
h3I+QBIFAl/u5YACGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQjoUGa
|
||||
YHzyVyZWN3UsTffOV4ELlAUCX+7lgAAKCRAsTffOV4ELlDerEACBP9kAH17GHloL
|
||||
XJjd1IHttRWU2Qs/VV0H14g14hgRz2/Qa7KRR4mGrXPKS/ctMkDXwlvs4HPUTeO4
|
||||
MMT38hwxv54AjW7CtF8DR3EQFXKR51roICQognvqpPe1auNERdLzAdcn+NoHEQB7
|
||||
eyPqjQM3OGGq0SVRwNnv777o+Kd8Ncv/4fR1xvA20Ds94G5vCYpHB6J+lPPVXBmz
|
||||
rOYSf+QZWsXjAZdnAAYkpEjfJhNrqvqSoRxZ0dweCqieenm8Nzt/vdL9nT3+4AGy
|
||||
5hmaAG2ENj5AhI194gtgACvKwCl5hF0VKMhtm5d9SWS+1quHzgn3UFh3VZrfjPid
|
||||
CR64mIu3RpZe7EcR+lMl7gCJxdFlHVD3z1lbz2V6u+xH4ZsLrTY+v8kDxzY8ojM/
|
||||
zDbnlEK+xzA9akhlaD3D3wKXRVuSlrxfEVv14mwKN5AYHN7bLL3bjOo9WYtLznH6
|
||||
Av4GqXSQ+LOl0+6bLKmD68/N0q2IiZwUSOsxTE1fUdYPF8eiN8L+35Qt0jwybieU
|
||||
a3JYtmO8EW4ZEmjJGwKgyrf+eigJN2/0AeBwcJyUw1YfzaqqS35NNyn5eKANyFQ2
|
||||
ZhIjuXRyBOoUMBAx2TSm7FGeFOIw+aQgap6HuGbZ0EZBz6hr9ogNC9FVXCPENKo+
|
||||
GdTGoIEs0n6gGOPP5ssp7xUK3420AM3HEACSmYaNC1Gfq2d81fI0TBJ9ATCRPo14
|
||||
MjJGiWaFaXoVp/lQeOvlX2JyBG2I6fhMGPGKntCfX+/MERLNAiahQgOjvnOCQdlL
|
||||
hbq+6loQ1eSTX2AXpRlQpvyxLuebbM+HX3N/9mqAksgQdljmqoJQbiE/HqXqjmKe
|
||||
16ylU3Rjabyc2p/31p7hm0IJ/3yqDsM06FUBJ108SALQyVvKqRA6q1t/Odb3xgt2
|
||||
isbCEgvhJ8kYz3LQkvTW75rSa1cM53Udd1rbyo1t0PaOSGeUZw73/nY1+6LtUEg7
|
||||
Q0x4ohL1UE7z7+14mAtn4OvGDuZJil7Lf4cPszf0SFoHPs8iUFpSorBwn3u+5ZXW
|
||||
NYFblPU2WK3O52qZqsjuQI/gK7uQhXjJO5nA5M8Yv7bVrbLMOj64hdOpNbd56Ycc
|
||||
qwYbHZL3WyRAN7TNg5ZlHgIVac22StawjXiHWDGaAXpCaHJn8ryM3LY+LTz16R2M
|
||||
bi+HVaw+0fY9f/mIcOdT6AyDg+V200GkGXL6aw0LZkBZmDin+OMmL7AS8TZ4dvZt
|
||||
zj+sykcT8DsaFj5Au6zHJoCnsuShMquHOA/vcUkhoe8/E2Y2QdiX7zwDM8vFM8tX
|
||||
DujFLNPIZuItcVEpE3ysFV2ZfVgBXoxTlZUQxdgJBQ0zg6Ez7rDYEAhVqo2gY9sk
|
||||
XtN80X/unsjGSbkCDQRf7uWiARAA3i7pu8/QvukeIBoIk1V0GHGPjX+GeV3fR4fu
|
||||
ciYgx+NKTXT/oJ/89KVeetT4CSnGEZcEpAvsBL3hsiblJYyLVmeoCniFlU+rMem4
|
||||
zYP2PnEX70Q56d6SjBArs3K1FZK25S5qqv5ceM10NVRwPufV1RIuui6mQLm2ZwlY
|
||||
JyyANZZXMrHMJdaHpK9mMBSSF42MFQZhcauQCrhMhcpmZKn0D2+PpRveYwSr43Qi
|
||||
qBWR2INTDmj/V3ERMviE7vLajWQcmDdcrBp4u3miAJcJSn3XR5SiuL5W77jFEzgJ
|
||||
zR8yTC4hWE60nWJOk8UrEbpLyr7mBE0Tr7+1IBMgVXh8WHyzLE2ENREFvtp8KlSS
|
||||
y47Ky9n+5aqPI4M7epMNwU/ZGQnC8o3yX0zZL1tKq0fTAw1Ly4NGE1gRbmzrQcCh
|
||||
qUHg/J4KFYBMg8eCAzuPp4CRk8wUzu4fRWrOraoz/7bvhH8ilgPu1teLLKzDdOdx
|
||||
QAaiz/nGy00ICNbYqifR5m73K/rDdjtIqgsMp9Az0mEpgVNq8SPzM5grqAnP/iww
|
||||
QxwFftiXq/pEP2d8rn65e8NikN42Q28PH1D/uBYnOuVdZUvjU9wwywmfyr+NZMaH
|
||||
X9sN8R3Kk990W9VxwdOTITpAjz0qMtpE7i/GwPEtpZPTIfl54+cVKvyUjBuTXkWn
|
||||
vXN+6MkAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uWi
|
||||
AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEEBjEqvVaiYb6sKxATk1aQ
|
||||
aqvQi4MFAl/u5aIACgkQk1aQaqvQi4P2Mg/9FXfsIZAgPN/Dq95y1fHG8jsPXEoY
|
||||
VNY1codxxAaNqvBXZkfJbFwSYpLY3xIbyxHuGuOtC9NpIy9M1+PR7MsxtZAvSjP+
|
||||
flP/12x+6nP2H3NWOICpsY1tNOnQe2SjKJxZXHFnDqDBgKpv3QfKUHmYEdExJe3p
|
||||
NQrjZAgmdbEHeoj+P2VV5vqRrJoqNV/pUbM9czfEHeMVMm/mwWNOi/paCh1y/PxZ
|
||||
Mkj2bqLMRFfML9O/7QOJRxu3wQwl6jJHj4o6CHks6t237FSB+qZhhQP+vR2CZl5w
|
||||
lQ4trw0wpNgbZRIMlU3tUfFQ+KdFsM7UqwzwrVgWFur5r7KrFzJN88EKSplrIY0q
|
||||
se6S5b58H7Tw1jtfjb/xF6jQz5aoZ9xemd8roLReRpKPq70o2eIP1HkjCtqmd5Xc
|
||||
RQaVEUvlv34WZQ5w2eA1bEBESjbrKhX+H0Un0msUS0JpnpegRNZqW3Bedeos0usy
|
||||
MsfqMYmZEcZb3hw51XnSb8B/WhkSmcoEuECRxeCu1tw0pn7o4GemAeqT5ng8LXeE
|
||||
RJhrUTlCIyRab8TIQZvmf6XjneT0stZLKCoZUXO+7FH7F7nPsew1dU+WFIauQX71
|
||||
PkZp2JMT7W57HKPuEillF8v5+H1k9Jq/2k+ZdgmT1Gd27nALBOc7q8rr00Lf6BU3
|
||||
K+XsfWo+p08CXKudfQ/+JFzzpyKeX5nVqiqbxqUakPy/Ot010/7457YVpvcLmcvT
|
||||
Yn4cR0dottl96lp5wT1jN7VXfZu/tsHEtTg1ofeExNuCL8DZVsSN836idRmObhLP
|
||||
dnYmThZcXBJ3RgSniQNwvuuGUtpH7OXb5vnAOe42+n3yucxhPI9Gzo5g6fTqWwb+
|
||||
qwh39ydxtiv3v3jgFixJLj/HH3MsxTm6cNUTWNLzvX+HugBeuOfyDG9++fe3UmZe
|
||||
MczAF9N9tDFP+0b1diXywJWfSdVLBmMARYeh0Swjud60SQLTqaqXVfPSECGo9LVc
|
||||
wot2u4q67QhUC2OTKiTkF6QVE05iKoPEPkCTmMvSpbHF3ERZE3J6YsVg17Uc7LrZ
|
||||
7DRRF+03mu4njS8LvIoeBuqsB96mNQNH/PwLSANWTtclCwj2C9W1HKy3zKjnu3kC
|
||||
PHLzwQFEO28TE5EsblnBdA8ozNIV887V7yw89MxPhpuXRn8BVAU1S9Dj7j3mNHLj
|
||||
rVAgZmr/nx3oDt8VfOZpK8u3u1voZdC+cnTBdcG2gzM8Ya+h8C60Y8dFzykr8hr4
|
||||
b5gDeDI1OkQ2vOQHtnQPdscYKl0v1ntHq2wrFuCIol4WneKh3Jrvdb37cL971u4g
|
||||
dpw0jTO/ykCvLlipxjJ/NrnXFb6TriZRgWZqiIwY2lKEfZDXqc/iOa2L0yBr21a5
|
||||
Ag0EX+7luwEQAM/CQdinTzIHaEJsCe42g6tt4dBC/UC4wD367rJcyJbEd+qaLJwS
|
||||
CQUbg/wrEdRT+aROHVKLwrvXxtgJs0x15vvFTurkn1BnNMh7p8woYwip7PKrNn2+
|
||||
96Yg7Aqc3a3gkDQeF8Q7uipOH/5feJh6l7Iu718pvnDUw4UFZt/RUrdqseFXVwr/
|
||||
ffSalLx7gJhL3mYuU1qpJZxsonNwAS43eViagI0FHSqixB5kPgFcbBf3BIiisOCy
|
||||
a1L9a+zSt1y1aEFC7m+9YlGJA3C0/X8s+dK0VWOrJlP/WmKUp3Epxpu6srsBItcT
|
||||
YMuGA82/03YAJ+jpGMRb+X1Dq9vuOUxvDjG+G10Cgew2EjiAkXpVg/1NsCrQWRbs
|
||||
KtFf5PXGfKCO0i8hEzwmJLd5OlNIIiup450iX4eS77Tey69hGyweLIC4YDPDwFpp
|
||||
bkDdRG6nDvePbEHi5z1L41NaWNa0wEyh28OqrmD0FCcGukk24pBVemVEx0En4siQ
|
||||
la6/1QXQlG/wTi7Yi71V/4oz7iZ4lSPWs0ACFGD9W5InlRykiRXC1cV27f+qMw9u
|
||||
Y6UbgvN70cWflK5C7e2h/eAQfxj+seYFUjMnJTkXiZE85m63p1Yu2A1c9+jqJ0L3
|
||||
Lfn5YIQdtWdY3Qc1RIQYPVRl5NcgXIPV7TwjvnjowuHjWX0IQbhv61lNABEBAAGJ
|
||||
BHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7luwIbAgUJA+tFgAJA
|
||||
CRB1DzyHcj5AEsF0IAQZAQgAHRYhBOJesM8c6ASdR/HZpjPhDkoYOo5GBQJf7uW7
|
||||
AAoJEDPhDkoYOo5GhpcQALowCpZ8UowMWlQFfZ2ySJalnZM6S2RxCFiss4W9pGuu
|
||||
9PKuN2wdXW3HGkBGDAuQgLwanSfhGSt/urT3+DT40OlDMzanRwEK0qiSaSs/xBtK
|
||||
dNL7JmGbcWTXpNP3aHhfYhVOg7NJnsfZ8Ti3dfuv3ZrjcLvgdnZ/s6O9S3gU8DtH
|
||||
fpnOfE3hxjUEHEw9hs9Otc6foCqMDZDvfU3emYduD5AvTiXYdeD/mZBD4OmF99II
|
||||
XWNuQexAJ+xgOPdvXaYt0lBuXmfMcn/1hrU3RJqguwnPZ2cU5zo41/uSbdsFrTHK
|
||||
yEOLTn0XYYk07mZGdscljzmXbpsbAC4Jp8CDBhUfdzfi1n3AOyblk1nywfionLlz
|
||||
HDtfWQYCxp16N8S2MU7tA1w8rFNwVDVwmxIfgjLrjPAgvqSpCmLHTXNBfdLUYRAv
|
||||
SpY9TR+U4YOOuEx2Niwnprdjm1qilN+fmPR3tWvVChlD3kHmSpi1+9ix+xizlBjN
|
||||
eZ08Eq5rDBPsTpqJmoNS8pHE0EL3IVpcB1pZ5rd6UBSa7LoMLeWwWm7Ap5VZALfp
|
||||
jMNws4SA2q5OTRY2or/+m1+cfDWIP+2XQV4YaNFMbO7XKr3vnUOxY9gyADqfRJiv
|
||||
DljHiw5iLzbkaHs7dYJOPNMGMlRzZfkkxg6Patx44TQ2rO7LnyCgVdFZWDHNevgR
|
||||
Z8AP/152xfh3qsOnT+R32Rt8CcwXmKFxLylgpjegcUmbutow9zdlX26qZ67cJ/3p
|
||||
hNLZgAYKPrGecGA0BJ2UzsPEKKz8I/dAp96LpHo/24WqUamh1z2PRAgyJGC43zm0
|
||||
rA/KAlcht8bbI/VuZ5eAYXjH01QfPS7i7fFOryYYFqfH+BTp3ZEr/A7FkcOZXmNV
|
||||
Gg4+oC2t6cJnzDsM0MUJ7dgNAHTLGx6RZZahdE3LJ8oVJ8Vek9KtjJbPr143EZLt
|
||||
ymkiy93pzLUaKWfCZJCCI9nfJnNZnvoQXv0l3wnrQIFE14Fv0jbTALHRgRJlB4cZ
|
||||
i3teEuf7shSDsd13JDdfmxMsxnfeVsIUPa+J0GBSbe14JHXlcd0t03cpbzO547Qb
|
||||
rFpD98XO6Y7OefWD3pwDF2Izjnn4Cny/hpUIEO1A2j4qHhUkqmnFmBO6yIFic637
|
||||
CJnYe3uU7ss/TNIUKLhujqlcNl8WeOMVPbhnCuOhyQh2aioAKn1yiQ1EgNSIGIVD
|
||||
LwqMt0kxI52/aDkZgCcEfBFC1c17IeUH+G0HMGm49/acFHkhX61S4efXhvzH5J0l
|
||||
Dr+0qk4aVKNwqkUNp56GSMLhiiSYivX9Xa4qQGNlmrki1pC2DamlTXDLB67XQcRp
|
||||
dAc+4nNTK4E/czrr0+wlkgz7pC1MAllCLilyTSPGnKIPlOd2uQINBF/u5d0BEADF
|
||||
+6hDuKvzbmKWZNXjJK6Em/5nnzBOa155YQLN91zMs6COI4p+YuIVPPzVWZYR0yHs
|
||||
gTWw45cMV+RYwuL/P+1Z84bgOyPloIVF9VQjOC+wB3Gn4qmTzobr6q+UfQVvUiUQ
|
||||
8fGG11teWvYpWiG91uialjHZmrpAOQxjHRxHPpi0cZtTFEqinCIy6c942xbtZnzf
|
||||
nzPpxkKl0a8s1eKZ0KlDK6Ab59nxAinilohXRg/U6sqypsyLl41L0qMZek5dEt4C
|
||||
r3spdSkZgxqJpLTqQy/5VB4pcfEaIaank3sLxhpil/oQiq+38WA0VkICQyeiCsvf
|
||||
eEKyt1C6COBNH+olegUxudTKDHFthyGMPRz3McI5jHxCyru0mfLJag2hHXzgGoaD
|
||||
VkYIwkvyVsHWDqrZMMXcCIUVlpphxtHo1M32AATnWFe4K1nFdbejR9XC5xWOgwbT
|
||||
zCblqporHzU0c8WBbfJ0Y10IDrHsa/F08PkFvVN48Ydik6rcwowSPxP+59Q9AKLh
|
||||
Isd2hzfWU2zAbG5Ph1wecwlYR3tp/0i3uSTDXfuuaY+vrqpoECN6fnSg8NxiBbjU
|
||||
JR0Ju6KDM2SeBUz5hp9BzL8+OPTogRZoinxBogrRAvdGLOnLG5hMjBezzF8UEvp6
|
||||
IMisGHBZgXoX4Juvf78RE8JOwHa+HUejj5kYiQW6TwARAQABiQRyBBgBCAAmFiEE
|
||||
fhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5d0CGwIFCQPrRYACQAkQdQ88h3I+QBLB
|
||||
dCAEGQEIAB0WIQT2AU9wN9W7TuO6I3E56nu98JFFWwUCX+7l3QAKCRA56nu98JFF
|
||||
W5whD/9Hu5cnJ0hnzqk3MQsdMXbTNLsv+KePV71kcMRat4hjw2Li/TUaC8xtA81d
|
||||
O/1obmsuoDAgv82KlQ7DLDXjFk2q45lJdgZxAkN3dEoYakdTIEi11FvwbhV+qxZK
|
||||
jTq3jFQho4i3GDLgrvBMG4B1TGMH0IPux9fmBGpxYKmp1GjhpgoMXp9bqzsV/mPZ
|
||||
TxPlmIpeJEO2jeCWKhHHw6rzwGjF68G3HiJ0TqvjdCtcNrwd3GTDsdEJtUl49aqF
|
||||
M7VfoqKjVdRO/YDL//+TJNOYz5EBGjIZxbhgZJ9Qz+geSBx9GJtDWdq193ofFi39
|
||||
oleTFnEMj+OeIr1Bc2pc8Z3HJttFknicJDkeze3mM0CZAkhVkLFy6DvAQkXrgvfp
|
||||
AUYFACQW8E2XmRBiKd4huojWYz5QGSEIk2fYRVhse2HAUZ9gTODSX2L13nls+BEi
|
||||
sArsmSFA/RQslDXW+Jl+P0e37BzN51uk2Dg4ylJUBgcpTRUn4Q8c1DgHDhkEVnBI
|
||||
ny2H/MFuhImw9g5xqlBfCEKh5D8D0e4fX28MhSsBlOCeIKJoY85U3GNY0tlIwAt8
|
||||
M7IIHe1n1qncPbAMmq0K48J1lfyTEbXpnSfArzEdbnosjBUaiQX5EwA656eZ6wb3
|
||||
Vq02UDei6KPuOosl4Voy+Ffq5MCkanVMA97/0wV3CeCvQYGbsvsUD/9fLYc3yH7A
|
||||
0xksK7PImztDR8MLsUPoiv/vnfZ+WJJ+YJ0TKAHm1ZO3NqeZmD7XoWHKwh83zsK8
|
||||
x/JUASCBN16isC+Ym6IwF83/HXJfKNvvotkr2WG6Dv8Vg1Hhk2Iv5y3EMbFa9rfv
|
||||
6vjxho+0sYrraJH8qQAM08IIOi7+afrkR/ikgA8V7ymqmdxtMMHZqG+h5R0VGTVw
|
||||
QBxZ5/ZiY56Qn5UH2m0Tc2AHOcAQTvCEwyb19IPyhif+rek3npSvKtDc6WBJioyi
|
||||
gvDhl+jgIfcIo77w6GthgbFc9k68Je56Peu2J30zWj76Z+Di1OJhAj1wFr4/XT5o
|
||||
c1MB/Vfyx3hEPRDNz7dRaDqoVnYVdoI0blyCiSkD9I4/axb4X3xN2SK4XA/zv+Lb
|
||||
1FbCM1XFL2aF+09tk+77EVdWsBmQpOArD0d54E1YulBGaxVm5QKfov23KiqHIFVF
|
||||
8WYqJqNJwbJRZii7klczkVm3wFte3NWK7HW8kfF147lv0z3AiZYnk0O6Mj1ip3R8
|
||||
Qm5yiv57DbbgIMkSPWCpEtFGHIoK2msJ2bQcizh2WGxLos00RTx3IVAeSAS54+kr
|
||||
rMBg50wNczcGHKPDUKLwkYczgHonUtljAkeXnTl69rifChI+KpjHNtF6dFgC1aSt
|
||||
MOud6HhAcd0f3lmuPzCGGp4YOQx9tV139bkCDQRf7uX4ARAAxaybudQK4fMIzLiV
|
||||
grIzthhb3/DK83PNohTNMemM2V2z1Ij5Dlu2XNDypMdR0rKM/QI3zWud1+vd2h/l
|
||||
QZlg58FspvrY6I7hI+cbdRldVaAKDGQHo5Bi0a7BkonZvS/0wnNUPIhy/znzXtXR
|
||||
f4L7ePZMofH/2shz4TZ1yNpU8zaomY6eNjSc51P4vVxtDQ4QofQeJEn8aO9a4whu
|
||||
O0TVEAPKRYBRgjM8faDuUJtLfiC3OrhLg+B7JVSF3di4JITAyafPbZACLjV7Umxb
|
||||
SUL3qTJZVpIuhF0xQOCE+WRx3Xs7lkPdHMqP2OaJ8Y4ymR08cSfIP2XFKsQFtoqT
|
||||
VyMQgGgI6VXF8OfnCnGgx0Do1vJNoL0neFzVXpCPPzh1RbcrtndZWum/1R4egkYg
|
||||
J8TPQH5X391J58Uwd5l9/ZDdoSeeQYdtTR4YQ8//ATFO3hoSRvES4U6ZwO8LM6di
|
||||
ra6pqb6j0liT+DdcBwE4C1bGJMJ6d93S5SfH3llDIMJo7uJDbKILFMES9rg7S6I8
|
||||
+SW75TjKUk4Y7L8R8qwURqEyuOOGfaQXirqvji4PdcGDBiIk2Oq69Ky6lmlJgyIH
|
||||
SZ7SO1JXk0yAJTXb+a6FJTLFxidkIZzu+LhLBn/MhAPjVyv3qCTQ7O0lu8Mfcqg5
|
||||
8hhJ6IE79PBHS3z8ok+mFK0iGrcAEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWlnR76
|
||||
uXUPPIdyPkASBQJf7uX4AhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAdFiEE
|
||||
JFV3TUL9/mucOD64/hACvFlwgR8FAl/u5fgACgkQ/hACvFlwgR+LoRAAgtIgaKb4
|
||||
ZY8qoAFZeph+Syg+mMKfPJkBuGUedJl6IxbHBSg2mhnCjJ0bmdqxsAXgtcSUqmtZ
|
||||
Yw9NyoGgiVjs+gu5sQp1Oxc2/keQXaVksTkoXwdnf+2iXyp1WPeeLGySHmzuwy9c
|
||||
eExt+h0mVmBgFls2wNdFGPbVfiT3PvFkwqsnta6HebDTN4pMzvG1IIGV7L5KRo1E
|
||||
dmkrt3lXQWmdgHl3JoNQ9v/Jgf4jo6gDw53YvJFKJcaOOAS3d4CzPWmcLzcy4mf0
|
||||
9YI3DoQCbYL3cRNelUwzUF2L6QyPCwonXemLCmfkBgsSVqvW4fq8qbEHGF2fK7x3
|
||||
d7bZEsUiGCt/tXOkDkNJ31T/mC35nxZfcj8AMPixO+BnAeKeYC37LbQD76jrw526
|
||||
tUXsAF+QON5DPeot+e8bIx9qSbvdqpXDkK4lGcRTuS2OVC8J9XfDTch4wm3Kd4P4
|
||||
lDdRAJWnLfVay0m05LGlekWdEzcjP8KDaICH9rEs6f9e1gy6mTEBnBW//41BxELT
|
||||
KxoTGlcX3yEhCmK36g5C/+d6b7Ji5arGGTCa96v/xG32KYc1zfn3TYkCx06pPUbz
|
||||
iAl2l0MTpGeqz2hJMOGA3JuxwlksJKqnPYy0hHKdVW4Pnn25NeXcBp8wpkt8VZOR
|
||||
bzjw/TJB7qvJHoRo1tat85Uij9rAXqTyO8Ea0hAAi/EfuiDDy3GV7bvjFSA1XEjL
|
||||
d+F40g2X0QG/PHTScYB4rFJwV0GFUxLHr4g7iypAVI+BB4EYikx8gpee6B0g3J+r
|
||||
aCFDDrRPDKdqrpZK53oYcBPkdSBbCr5MAa/M3DerKBEgoBVUbaSHWN7OH2ae+5R6
|
||||
X2ERmYZdW4PCj6lw7a+RhkAsgKo8RjonjV61ehQPZh20noI19Q80BYYSCfHHvzy5
|
||||
vwvByhmTMJNrl3PDpBy9/TwBR5DpnHfOPJX6bnl3pdu65F2TRM6yoFbfoUiEqrXV
|
||||
4wC1I++N9VjrQvXSp0ik/XaMWq87wLIg+1owElJIzwyZWukQkZMAYtesVFz20YwC
|
||||
7Nu8SNr/NTSCH1EqLsS4YhBTsjpc2T8AqUlgxKrilmLbrj64PXgMsQ9WYm5zwlC5
|
||||
UA5eky5YhETFJ25dIaplMm47aIbPSH5f9y5eYPkfOCoMu5oDzDzoXdH9V1YfsHqa
|
||||
8bboSgTdariC23x38E9PaWQNyY2MFKL6cFt2ilIsMSSD6JAm1x8kBtn1bBopG588
|
||||
7mTDtlqHCw/QrTuLreJG9KJ1dQFJ/Q42+csH09l081wlv4BBuVlN1Xmj+c2sWn90
|
||||
l1BPZfYHd9jhggI96yTZhfTfFbSMSuGPQyqHnwDYdA3cNj5BYievBkO5FZaCe9SZ
|
||||
4xcYgqlVpv15O7VrD+I=
|
||||
=Uugw
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# This script generates /etc/rndc.key if doesn't exist AND if there is no rndc.conf
|
||||
|
||||
if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
|
||||
echo -n $"Generating /etc/rndc.key:"
|
||||
if /usr/sbin/rndc-confgen -a -A hmac-sha256 > /dev/null 2>&1
|
||||
then
|
||||
chmod 640 /etc/rndc.key
|
||||
chown root:named /etc/rndc.key
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
|
||||
success $"/etc/rndc.key generation"
|
||||
echo
|
||||
else
|
||||
failure $"/etc/rndc.key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
|
@ -0,0 +1,411 @@
|
|||
/*
|
||||
* Copyright (C) 2004, 2005 Stig Venaas <venaas@uninett.no>
|
||||
* $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*/
|
||||
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include <ldap.h>
|
||||
|
||||
struct string {
|
||||
void *data;
|
||||
size_t len;
|
||||
};
|
||||
|
||||
struct assstack_entry {
|
||||
struct string key;
|
||||
struct string val;
|
||||
struct assstack_entry *next;
|
||||
};
|
||||
|
||||
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key);
|
||||
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item);
|
||||
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item);
|
||||
void printsoa(struct string *soa);
|
||||
void printrrs(char *defaultttl, struct assstack_entry *item);
|
||||
void print_zone(char *defaultttl, struct assstack_entry *stack);
|
||||
void usage(char *name);
|
||||
void err(char *name, const char *msg);
|
||||
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val);
|
||||
|
||||
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) {
|
||||
for (; stack; stack = stack->next)
|
||||
if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len))
|
||||
return stack;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) {
|
||||
item->next = *stack;
|
||||
*stack = item;
|
||||
}
|
||||
|
||||
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) {
|
||||
struct assstack_entry *p;
|
||||
|
||||
item->next = NULL;
|
||||
if (!*stack) {
|
||||
*stack = item;
|
||||
return;
|
||||
}
|
||||
/* find end, should keep track of end somewhere */
|
||||
/* really a queue, not a stack */
|
||||
p = *stack;
|
||||
while (p->next)
|
||||
p = p->next;
|
||||
p->next = item;
|
||||
}
|
||||
|
||||
void printsoa(struct string *soa) {
|
||||
char *s;
|
||||
size_t i;
|
||||
|
||||
s = (char *)soa->data;
|
||||
i = 0;
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
printf("(\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
printf("; Serialnumber\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Refresh\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Retry\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Expire\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
putchar(s[i++]);
|
||||
}
|
||||
printf(" )\t; Minimum TTL\n");
|
||||
}
|
||||
|
||||
void printrrs(char *defaultttl, struct assstack_entry *item) {
|
||||
struct assstack_entry *stack;
|
||||
char *s;
|
||||
int first;
|
||||
size_t i;
|
||||
char *ttl, *type;
|
||||
int top;
|
||||
|
||||
s = (char *)item->key.data;
|
||||
|
||||
if (item->key.len == 1 && *s == '@') {
|
||||
top = 1;
|
||||
printf("@\t");
|
||||
} else {
|
||||
top = 0;
|
||||
for (i = 0; i < item->key.len; i++)
|
||||
putchar(s[i]);
|
||||
if (item->key.len < 8)
|
||||
putchar('\t');
|
||||
putchar('\t');
|
||||
}
|
||||
|
||||
first = 1;
|
||||
for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) {
|
||||
ttl = (char *)stack->key.data;
|
||||
s = strchr(ttl, ' ');
|
||||
*s++ = '\0';
|
||||
type = s;
|
||||
|
||||
if (first)
|
||||
first = 0;
|
||||
else
|
||||
printf("\t\t");
|
||||
|
||||
if (strcmp(defaultttl, ttl))
|
||||
printf("%s", ttl);
|
||||
putchar('\t');
|
||||
|
||||
if (top) {
|
||||
top = 0;
|
||||
printf("IN\t%s\t", type);
|
||||
/* Should always be SOA here */
|
||||
if (!strcmp(type, "SOA")) {
|
||||
printsoa(&stack->val);
|
||||
continue;
|
||||
}
|
||||
} else
|
||||
printf("%s\t", type);
|
||||
|
||||
s = (char *)stack->val.data;
|
||||
for (i = 0; i < stack->val.len; i++)
|
||||
putchar(s[i]);
|
||||
putchar('\n');
|
||||
}
|
||||
}
|
||||
|
||||
void print_zone(char *defaultttl, struct assstack_entry *stack) {
|
||||
printf("$TTL %s\n", defaultttl);
|
||||
for (; stack; stack = stack->next)
|
||||
printrrs(defaultttl, stack);
|
||||
};
|
||||
|
||||
void usage(char *name) {
|
||||
fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
void err(char *name, const char *msg) {
|
||||
fprintf(stderr, "%s: %s\n", name, msg);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) {
|
||||
struct string key;
|
||||
struct assstack_entry *rr, *rrdata;
|
||||
|
||||
/* Do nothing if name or value have 0 length */
|
||||
if (!name->bv_len || !val->bv_len)
|
||||
return 0;
|
||||
|
||||
/* see if already have an entry for this name */
|
||||
key.len = name->bv_len;
|
||||
key.data = name->bv_val;
|
||||
|
||||
rr = assstack_find(*stack, &key);
|
||||
if (!rr) {
|
||||
/* Not found, create and push new entry */
|
||||
rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
|
||||
if (!rr)
|
||||
return -1;
|
||||
rr->key.len = name->bv_len;
|
||||
rr->key.data = (void *) malloc(rr->key.len);
|
||||
if (!rr->key.data) {
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
memcpy(rr->key.data, name->bv_val, name->bv_len);
|
||||
rr->val.len = sizeof(void *);
|
||||
rr->val.data = NULL;
|
||||
if (name->bv_len == 1 && *(char *)name->bv_val == '@')
|
||||
assstack_push(stack, rr);
|
||||
else
|
||||
assstack_insertbottom(stack, rr);
|
||||
}
|
||||
|
||||
rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
|
||||
if (!rrdata) {
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
rrdata->key.len = strlen(type) + strlen(ttl) + 1;
|
||||
rrdata->key.data = (void *) malloc(rrdata->key.len);
|
||||
if (!rrdata->key.data) {
|
||||
free(rrdata);
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
sprintf((char *)rrdata->key.data, "%s %s", ttl, type);
|
||||
|
||||
rrdata->val.len = val->bv_len;
|
||||
rrdata->val.data = (void *) malloc(val->bv_len);
|
||||
if (!rrdata->val.data) {
|
||||
free(rrdata->key.data);
|
||||
free(rrdata);
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
memcpy(rrdata->val.data, val->bv_val, val->bv_len);
|
||||
|
||||
if (!strcmp(type, "SOA"))
|
||||
assstack_push((struct assstack_entry **) &(rr->val.data), rrdata);
|
||||
else
|
||||
assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
char *s, *hostporturl, *base = NULL;
|
||||
char *ttl, *defaultttl;
|
||||
LDAP *ld;
|
||||
char *fltr = NULL;
|
||||
LDAPMessage *res, *e;
|
||||
char *a, **ttlvals, **soavals, *serial;
|
||||
struct berval **vals, **names;
|
||||
char type[64];
|
||||
BerElement *ptr;
|
||||
int i, j, rc, msgid;
|
||||
struct assstack_entry *zone = NULL;
|
||||
|
||||
if (argc < 4 || argc > 5)
|
||||
usage(argv[0]);
|
||||
|
||||
hostporturl = argv[2];
|
||||
|
||||
if (hostporturl != strstr( hostporturl, "ldap"))
|
||||
err(argv[0], "Not an LDAP URL");
|
||||
|
||||
s = strchr(hostporturl, ':');
|
||||
|
||||
if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/')
|
||||
err(argv[0], "Not an LDAP URL");
|
||||
|
||||
s = strchr(s+3, '/');
|
||||
if (s) {
|
||||
*s++ = '\0';
|
||||
base = s;
|
||||
s = strchr(base, '?');
|
||||
if (s)
|
||||
err(argv[0], "LDAP URL can only contain host, port and base");
|
||||
}
|
||||
|
||||
defaultttl = argv[3];
|
||||
|
||||
rc = ldap_initialize(&ld, hostporturl);
|
||||
if (rc != LDAP_SUCCESS)
|
||||
err(argv[0], "ldap_initialize() failed");
|
||||
|
||||
if (argc == 5) {
|
||||
/* serial number specified, check if different from one in SOA */
|
||||
fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1);
|
||||
sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]);
|
||||
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
|
||||
if (msgid == -1)
|
||||
err(argv[0], "ldap_search() failed");
|
||||
|
||||
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
|
||||
/* not supporting continuation references at present */
|
||||
if (rc != LDAP_RES_SEARCH_ENTRY)
|
||||
err(argv[0], "ldap_result() returned cont.ref? Exiting");
|
||||
|
||||
/* only one entry per result message */
|
||||
e = ldap_first_entry(ld, res);
|
||||
if (e == NULL) {
|
||||
ldap_msgfree(res);
|
||||
err(argv[0], "ldap_first_entry() failed");
|
||||
}
|
||||
|
||||
soavals = ldap_get_values(ld, e, "SOARecord");
|
||||
if (soavals)
|
||||
break;
|
||||
}
|
||||
|
||||
ldap_msgfree(res);
|
||||
if (!soavals) {
|
||||
err(argv[0], "No SOA Record found");
|
||||
}
|
||||
|
||||
/* We have a SOA, compare serial numbers */
|
||||
/* Only checkinf first value, should be only one */
|
||||
s = strchr(soavals[0], ' ');
|
||||
s++;
|
||||
s = strchr(s, ' ');
|
||||
s++;
|
||||
serial = s;
|
||||
s = strchr(s, ' ');
|
||||
*s = '\0';
|
||||
if (!strcmp(serial, argv[4])) {
|
||||
ldap_value_free(soavals);
|
||||
err(argv[0], "serial numbers match");
|
||||
}
|
||||
ldap_value_free(soavals);
|
||||
}
|
||||
|
||||
if (!fltr)
|
||||
fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1);
|
||||
if (!fltr)
|
||||
err(argv[0], "Malloc failed");
|
||||
sprintf(fltr, "(zoneName=%s)", argv[1]);
|
||||
|
||||
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
|
||||
if (msgid == -1)
|
||||
err(argv[0], "ldap_search() failed");
|
||||
|
||||
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
|
||||
/* not supporting continuation references at present */
|
||||
if (rc != LDAP_RES_SEARCH_ENTRY)
|
||||
err(argv[0], "ldap_result() returned cont.ref? Exiting");
|
||||
|
||||
/* only one entry per result message */
|
||||
e = ldap_first_entry(ld, res);
|
||||
if (e == NULL) {
|
||||
ldap_msgfree(res);
|
||||
err(argv[0], "ldap_first_entry() failed");
|
||||
}
|
||||
|
||||
names = ldap_get_values_len(ld, e, "relativeDomainName");
|
||||
if (!names)
|
||||
continue;
|
||||
|
||||
ttlvals = ldap_get_values(ld, e, "dNSTTL");
|
||||
ttl = ttlvals ? ttlvals[0] : defaultttl;
|
||||
|
||||
for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) {
|
||||
char *s;
|
||||
|
||||
for (s = a; *s; s++)
|
||||
*s = toupper(*s);
|
||||
s = strstr(a, "RECORD");
|
||||
if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) {
|
||||
ldap_memfree(a);
|
||||
continue;
|
||||
}
|
||||
|
||||
strncpy(type, a, s - a);
|
||||
type[s - a] = '\0';
|
||||
vals = ldap_get_values_len(ld, e, a);
|
||||
if (vals) {
|
||||
for (i = 0; vals[i]; i++)
|
||||
for (j = 0; names[j]; j++)
|
||||
if (putrr(&zone, names[j], type, ttl, vals[i]))
|
||||
err(argv[0], "malloc failed");
|
||||
ldap_value_free_len(vals);
|
||||
}
|
||||
ldap_memfree(a);
|
||||
}
|
||||
|
||||
if (ptr)
|
||||
ber_free(ptr, 0);
|
||||
if (ttlvals)
|
||||
ldap_value_free(ttlvals);
|
||||
ldap_value_free_len(names);
|
||||
/* free this result */
|
||||
ldap_msgfree(res);
|
||||
}
|
||||
|
||||
/* free final result */
|
||||
ldap_msgfree(res);
|
||||
|
||||
print_zone(defaultttl, zone);
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,143 @@
|
|||
#!/usr/bin/python3
|
||||
#
|
||||
# Makefile modificator
|
||||
#
|
||||
# Should help in building bin/tests/system tests standalone,
|
||||
# linked to libraries installed into the system.
|
||||
# TODO:
|
||||
# - Fix top_srcdir, because dyndb/driver/Makefile uses $TOPSRC/mkinstalldirs
|
||||
# - Fix conf.sh to contain paths to system tools
|
||||
# - Export $TOP/version somewhere, where it would be used
|
||||
# - system tests needs bin/tests code. Do not include just bin/tests/system
|
||||
#
|
||||
# Possible solution:
|
||||
#
|
||||
# sed -e 's/$TOP\/s\?bin\/\(delv\|confgen\|named\|nsupdate\|pkcs11\|python\|rndc\|check\|dig\|dnssec\|tools\)\/\([[:alnum:]-]\+\)/`type -p \2`/' conf.sh
|
||||
# sed -e 's,../../../../\(isc-config.sh\),\1,' builtin/tests.sh
|
||||
# or use: $NAMED -V | head -1 | cut -d ' ' -f 2
|
||||
|
||||
import re
|
||||
import argparse
|
||||
|
||||
"""
|
||||
Script for replacing Makefile ISC_INCLUDES with runtime flags.
|
||||
|
||||
Should translate part of Makefile to use isc-config.sh instead static linked sources.
|
||||
ISC_INCLUDES = -I/home/pemensik/rhel/bind/bind-9.11.12/build/lib/isc/include \
|
||||
-I${top_srcdir}/lib/isc \
|
||||
-I${top_srcdir}/lib/isc/include \
|
||||
-I${top_srcdir}/lib/isc/unix/include \
|
||||
-I${top_srcdir}/lib/isc/pthreads/include \
|
||||
-I${top_srcdir}/lib/isc/x86_32/include
|
||||
|
||||
Should be translated to:
|
||||
ISC_INCLUDES = $(shell isc-config.sh --cflags isc)
|
||||
"""
|
||||
|
||||
def isc_config(mode, lib):
|
||||
if mode:
|
||||
return '$(shell isc-config.sh {mode} {lib})'.format(mode=mode, lib=lib)
|
||||
else:
|
||||
return ''
|
||||
|
||||
def check_match(match, debug=False):
|
||||
"""
|
||||
Check this definition is handled by internal library
|
||||
"""
|
||||
if not match:
|
||||
return False
|
||||
lib = match.group(2).lower()
|
||||
ok = not lib_filter or lib in lib_filter
|
||||
if debug:
|
||||
print('{status} {lib}: {text}'.format(status=ok, lib=lib, text=match.group(1)))
|
||||
return ok
|
||||
|
||||
def fix_line(match, mode):
|
||||
lib = match.group(2).lower()
|
||||
return match.group(1)+isc_config(mode, lib)+"\n"
|
||||
|
||||
def fix_file_lines(path, debug=False):
|
||||
"""
|
||||
Opens file and scans fixes selected parameters
|
||||
|
||||
Returns list of lines if something should be changed,
|
||||
None if no action is required
|
||||
"""
|
||||
fixed = []
|
||||
changed = False
|
||||
with open(path, 'r') as fin:
|
||||
fout = None
|
||||
|
||||
line = next(fin, None)
|
||||
while line:
|
||||
appended = False
|
||||
while line.endswith("\\\n"):
|
||||
line += next(fin, None)
|
||||
|
||||
inc = re_includes.match(line)
|
||||
deplibs = re_deplibs.match(line)
|
||||
libs = re_libs.match(line)
|
||||
newline = None
|
||||
if check_match(inc, debug=debug):
|
||||
newline = fix_line(inc, '--cflags')
|
||||
elif check_match(deplibs, debug=debug):
|
||||
newline = fix_line(libs, None)
|
||||
elif check_match(libs, debug=debug):
|
||||
newline = fix_line(libs, '--libs')
|
||||
|
||||
if newline and line != newline:
|
||||
changed = True
|
||||
line = newline
|
||||
|
||||
fixed.append(line)
|
||||
line = next(fin, None)
|
||||
|
||||
if not changed:
|
||||
return None
|
||||
else:
|
||||
return fixed
|
||||
|
||||
def write_lines(path, lines):
|
||||
fout = open(path, 'w')
|
||||
for line in lines:
|
||||
fout.write(line)
|
||||
fout.close()
|
||||
|
||||
def print_lines(lines):
|
||||
for line in lines:
|
||||
print(line, end='')
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Makefile multiline include replacer')
|
||||
parser.add_argument('files', nargs='+')
|
||||
parser.add_argument('--filter', type=str,
|
||||
default='isc isccc isccfg dns lwres bind9 irs',
|
||||
help='List of libraries supported by isc-config.sh')
|
||||
parser.add_argument('--check', action='store_true',
|
||||
help='Test file only')
|
||||
parser.add_argument('--print', action='store_true',
|
||||
help='Print changed file only')
|
||||
parser.add_argument('--debug', action='store_true',
|
||||
help='Enable debug outputs')
|
||||
|
||||
args = parser.parse_args()
|
||||
lib_filter = None
|
||||
|
||||
re_includes = re.compile(r'^\s*((\w+)_INCLUDES\s+=\s*).*')
|
||||
re_deplibs = re.compile(r'^\s*((\w+)DEPLIBS\s*=).*')
|
||||
re_libs = re.compile(r'^\s*((\w+)LIBS\s*=).*')
|
||||
|
||||
if args.filter:
|
||||
lib_filter = set(args.filter.split(' '))
|
||||
pass
|
||||
|
||||
for path in args.files:
|
||||
lines = fix_file_lines(path, debug=args.debug)
|
||||
if lines:
|
||||
if args.print:
|
||||
print_lines(lines)
|
||||
elif not args.check:
|
||||
write_lines(path, lines)
|
||||
print('File {path} was fixed'.format(path=path))
|
||||
else:
|
||||
print('File {path} does not need fixing'.format(path=path))
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=Set-up/destroy chroot environment for named (DNS)
|
||||
BindsTo=named-chroot.service
|
||||
Wants=named-setup-rndc.service
|
||||
After=named-setup-rndc.service
|
||||
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on /etc/named-chroot.files
|
||||
ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off /etc/named-chroot.files
|
|
@ -0,0 +1,25 @@
|
|||
# Configuration of files used in chroot
|
||||
# Following files are made available after named-chroot.service start
|
||||
# if they are missing or empty in target directory.
|
||||
/etc/localtime
|
||||
/etc/named.root.key
|
||||
/etc/named.conf
|
||||
/etc/named.rfc1912.zones
|
||||
/etc/rndc.conf
|
||||
/etc/rndc.key
|
||||
/etc/named.iscdlv.key
|
||||
/etc/crypto-policies/back-ends/bind.config
|
||||
/etc/protocols
|
||||
/etc/services
|
||||
/etc/named.dnssec.keys
|
||||
/etc/pki/dnssec-keys
|
||||
/etc/named
|
||||
/usr/lib64/bind
|
||||
/usr/lib/bind
|
||||
/usr/share/GeoIP
|
||||
/run/named
|
||||
/proc/sys/net/ipv4/ip_local_port_range
|
||||
# Warning: the order is important
|
||||
# If a directory containing $ROOTDIR is listed here,
|
||||
# it MUST be listed last. (/var/named contains /var/named/chroot)
|
||||
/var/named
|
|
@ -0,0 +1,30 @@
|
|||
# Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
|
||||
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
|
||||
# broken when rsyslogd daemon is restarted (due update, for example).
|
||||
|
||||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS)
|
||||
Wants=nss-lookup.target
|
||||
Requires=named-chroot-setup.service
|
||||
Before=nss-lookup.target
|
||||
After=named-chroot-setup.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/var/named/chroot/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=false
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,26 @@
|
|||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS) with native PKCS#11
|
||||
Wants=nss-lookup.target
|
||||
Wants=named-setup-rndc.service
|
||||
Before=nss-lookup.target
|
||||
After=network.target
|
||||
After=named-setup-rndc.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named-pkcs11 -u named -c ${NAMEDCONF} $OPTIONS
|
||||
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,7 @@
|
|||
[Unit]
|
||||
Description=Generate rndc key for BIND (DNS)
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
||||
ExecStart=/usr/libexec/generate-rndc-key.sh
|
|
@ -0,0 +1,59 @@
|
|||
//
|
||||
// named.conf
|
||||
//
|
||||
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
|
||||
// server as a caching only nameserver (as a localhost DNS resolver only).
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
|
||||
options {
|
||||
listen-on port 53 { 127.0.0.1; };
|
||||
listen-on-v6 port 53 { ::1; };
|
||||
directory "/var/named";
|
||||
dump-file "/var/named/data/cache_dump.db";
|
||||
statistics-file "/var/named/data/named_stats.txt";
|
||||
memstatistics-file "/var/named/data/named_mem_stats.txt";
|
||||
secroots-file "/var/named/data/named.secroots";
|
||||
recursing-file "/var/named/data/named.recursing";
|
||||
allow-query { localhost; };
|
||||
|
||||
/*
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
dnssec-validation yes;
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
geoip-directory "/usr/share/GeoIP";
|
||||
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
|
||||
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
|
||||
include "/etc/crypto-policies/back-ends/bind.config";
|
||||
};
|
||||
|
||||
logging {
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "named.ca";
|
||||
};
|
||||
|
||||
include "/etc/named.rfc1912.zones";
|
||||
include "/etc/named.root.key";
|
||||
|
|
@ -0,0 +1,243 @@
|
|||
/*
|
||||
Sample named.conf BIND DNS server 'named' configuration file
|
||||
for the Red Hat BIND distribution.
|
||||
|
||||
See the BIND Administrator's Reference Manual (ARM) for details, in:
|
||||
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
|
||||
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
|
||||
its manual.
|
||||
*/
|
||||
|
||||
options
|
||||
{
|
||||
// Put files that named is allowed to write in the data/ directory:
|
||||
directory "/var/named"; // "Working" directory
|
||||
dump-file "data/cache_dump.db";
|
||||
statistics-file "data/named_stats.txt";
|
||||
memstatistics-file "data/named_mem_stats.txt";
|
||||
secroots-file "data/named.secroots";
|
||||
recursing-file "data/named.recursing";
|
||||
|
||||
|
||||
/*
|
||||
Specify listenning interfaces. You can use list of addresses (';' is
|
||||
delimiter) or keywords "any"/"none"
|
||||
*/
|
||||
//listen-on port 53 { any; };
|
||||
listen-on port 53 { 127.0.0.1; };
|
||||
|
||||
//listen-on-v6 port 53 { any; };
|
||||
listen-on-v6 port 53 { ::1; };
|
||||
|
||||
/*
|
||||
Access restrictions
|
||||
|
||||
There are two important options:
|
||||
allow-query { argument; };
|
||||
- allow queries for authoritative data
|
||||
|
||||
allow-query-cache { argument; };
|
||||
- allow queries for non-authoritative data (mostly cached data)
|
||||
|
||||
You can use address, network address or keywords "any"/"localhost"/"none" as argument
|
||||
Examples:
|
||||
allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
|
||||
allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
|
||||
*/
|
||||
|
||||
allow-query { localhost; };
|
||||
allow-query-cache { localhost; };
|
||||
|
||||
/* Enable/disable recursion - recursion yes/no;
|
||||
|
||||
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
|
||||
- If you are building a RECURSIVE (caching) DNS server, you need to enable
|
||||
recursion.
|
||||
- If your recursive DNS server has a public IP address, you MUST enable access
|
||||
control to limit queries to your legitimate users. Failing to do so will
|
||||
cause your server to become part of large scale DNS amplification
|
||||
attacks. Implementing BCP38 within your network would greatly
|
||||
reduce such attack surface
|
||||
*/
|
||||
recursion yes;
|
||||
|
||||
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
|
||||
|
||||
/* Enable DNSSEC validation on recursive servers */
|
||||
dnssec-validation yes;
|
||||
|
||||
/* In Fedora we use /run/named instead of default /var/run/named
|
||||
so we have to configure paths properly. */
|
||||
pid-file "/run/named/named.pid";
|
||||
session-keyfile "/run/named/session.key";
|
||||
|
||||
managed-keys-directory "/var/named/dynamic";
|
||||
|
||||
/* In Fedora we use system-wide Crypto Policy */
|
||||
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
|
||||
include "/etc/crypto-policies/back-ends/bind.config";
|
||||
};
|
||||
|
||||
logging
|
||||
{
|
||||
/* If you want to enable debugging, eg. using the 'rndc trace' command,
|
||||
* named will try to write the 'named.run' file in the $directory (/var/named).
|
||||
* By default, SELinux policy does not allow named to modify the /var/named directory,
|
||||
* so put the default debug log file in data/ :
|
||||
*/
|
||||
channel default_debug {
|
||||
file "data/named.run";
|
||||
severity dynamic;
|
||||
};
|
||||
};
|
||||
|
||||
/*
|
||||
Views let a name server answer a DNS query differently depending on who is asking.
|
||||
|
||||
By default, if named.conf contains no "view" clauses, all zones are in the
|
||||
"default" view, which matches all clients.
|
||||
|
||||
Views are processed sequentially. The first match is used so the last view should
|
||||
match "any" - it's fallback and the most restricted view.
|
||||
|
||||
If named.conf contains any "view" clause, then all zones MUST be in a view.
|
||||
*/
|
||||
|
||||
view "localhost_resolver"
|
||||
{
|
||||
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
|
||||
* If all you want is a caching-only nameserver, then you need only define this view:
|
||||
*/
|
||||
match-clients { localhost; };
|
||||
recursion yes;
|
||||
|
||||
# all views must contain the root hints zone:
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
/* these are zones that contain definitions for all the localhost
|
||||
* names and addresses, as recommended in RFC1912 - these names should
|
||||
* not leak to the other nameservers:
|
||||
*/
|
||||
include "/etc/named.rfc1912.zones";
|
||||
};
|
||||
view "internal"
|
||||
{
|
||||
/* This view will contain zones you want to serve only to "internal" clients
|
||||
that connect via your directly attached LAN interfaces - "localnets" .
|
||||
*/
|
||||
match-clients { localnets; };
|
||||
recursion yes;
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
/* these are zones that contain definitions for all the localhost
|
||||
* names and addresses, as recommended in RFC1912 - these names should
|
||||
* not leak to the other nameservers:
|
||||
*/
|
||||
include "/etc/named.rfc1912.zones";
|
||||
|
||||
// These are your "authoritative" internal zones, and would probably
|
||||
// also be included in the "localhost_resolver" view above :
|
||||
|
||||
/*
|
||||
NOTE for dynamic DNS zones and secondary zones:
|
||||
|
||||
DO NOT USE SAME FILES IN MULTIPLE VIEWS!
|
||||
|
||||
If you are using views and DDNS/secondary zones it is strongly
|
||||
recommended to read FAQ on ISC site (www.isc.org), section
|
||||
"Configuration and Setup Questions", questions
|
||||
"How do I share a dynamic zone between multiple views?" and
|
||||
"How can I make a server a slave for both an internal and an external
|
||||
view at the same time?"
|
||||
*/
|
||||
|
||||
zone "my.internal.zone" {
|
||||
type master;
|
||||
file "my.internal.zone.db";
|
||||
};
|
||||
zone "my.slave.internal.zone" {
|
||||
type slave;
|
||||
file "slaves/my.slave.internal.zone.db";
|
||||
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
|
||||
// put slave zones in the slaves/ directory so named can update them
|
||||
};
|
||||
zone "my.ddns.internal.zone" {
|
||||
type master;
|
||||
allow-update { key ddns_key; };
|
||||
file "dynamic/my.ddns.internal.zone.db";
|
||||
// put dynamically updateable zones in the slaves/ directory so named can update them
|
||||
};
|
||||
};
|
||||
|
||||
key ddns_key
|
||||
{
|
||||
algorithm hmac-sha256;
|
||||
secret "use /usr/sbin/ddns-confgen to generate TSIG keys";
|
||||
};
|
||||
|
||||
view "external"
|
||||
{
|
||||
/* This view will contain zones you want to serve only to "external" clients
|
||||
* that have addresses that are not match any above view:
|
||||
*/
|
||||
match-clients { any; };
|
||||
|
||||
zone "." IN {
|
||||
type hint;
|
||||
file "/var/named/named.ca";
|
||||
};
|
||||
|
||||
recursion no;
|
||||
// you'd probably want to deny recursion to external clients, so you don't
|
||||
// end up providing free DNS service to all takers
|
||||
|
||||
// These are your "authoritative" external zones, and would probably
|
||||
// contain entries for just your web and mail servers:
|
||||
|
||||
zone "my.external.zone" {
|
||||
type master;
|
||||
file "my.external.zone.db";
|
||||
};
|
||||
};
|
||||
|
||||
/* Trusted keys
|
||||
|
||||
This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
|
||||
should configure at least one trusted key.
|
||||
|
||||
Note that no key written below is valid. Especially root key because root zone
|
||||
is not signed yet.
|
||||
*/
|
||||
/*
|
||||
trust-anchors {
|
||||
// Root Key
|
||||
. initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
|
||||
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
|
||||
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
|
||||
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
|
||||
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
|
||||
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
|
||||
R1AkUTV74bU=";
|
||||
|
||||
// Key for forward zone
|
||||
example.com. static-key 257 3 8 "AwEAAZ0aqu1rJ6orJynrRfNpPmayJZoAx9Ic2/Rl9VQW
|
||||
LMHyjxxem3VUSoNUIFXERQbj0A9Ogp0zDM9YIccKLRd6
|
||||
LmWiDCt7UJQxVdD+heb5Ec4qlqGmyX9MDabkvX2NvMws
|
||||
UecbYBq8oXeTT9LRmCUt9KUt/WOi6DKECxoG/bWTykrX
|
||||
yBR8elD+SQY43OAVjlWrVltHxgp4/rhBCvRbmdflunaP
|
||||
Igu27eE2U4myDSLT8a4A0rB5uHG4PkOa9dIRs9y00M2m
|
||||
Wf4lyPee7vi5few2dbayHXmieGcaAHrx76NGAABeY393
|
||||
xjlmDNcUkF1gpNWUla4fWZbbaYQzA93mLdrng+M=";
|
||||
|
||||
|
||||
// Key for reverse zone.
|
||||
2.0.192.IN-ADDRPA.NET. initial-ds 31406 8 2 "F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D8F6B916D";
|
||||
};
|
||||
*/
|
|
@ -0,0 +1,10 @@
|
|||
$TTL 3H
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
|
@ -0,0 +1,10 @@
|
|||
$TTL 1D
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
|
@ -0,0 +1,12 @@
|
|||
/var/named/data/named.run {
|
||||
missingok
|
||||
su named named
|
||||
create 0644 named named
|
||||
postrotate
|
||||
/usr/bin/systemctl reload named.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
|
||||
/usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
$TTL 1D
|
||||
@ IN SOA @ rname.invalid. (
|
||||
0 ; serial
|
||||
1D ; refresh
|
||||
1H ; retry
|
||||
1W ; expire
|
||||
3H ) ; minimum
|
||||
NS @
|
||||
A 127.0.0.1
|
||||
AAAA ::1
|
||||
PTR localhost.
|
|
@ -0,0 +1,45 @@
|
|||
// named.rfc1912.zones:
|
||||
//
|
||||
// Provided by Red Hat caching-nameserver package
|
||||
//
|
||||
// ISC BIND named zone configuration for zones recommended by
|
||||
// RFC 1912 section 4.1 : localhost TLDs and address zones
|
||||
// and https://tools.ietf.org/html/rfc6303
|
||||
// (c)2007 R W Franks
|
||||
//
|
||||
// See /usr/share/doc/bind*/sample/ for example named configuration files.
|
||||
//
|
||||
// Note: empty-zones-enable yes; option is default.
|
||||
// If private ranges should be forwarded, add
|
||||
// disable-empty-zone "."; into options
|
||||
//
|
||||
|
||||
zone "localhost.localdomain" IN {
|
||||
type master;
|
||||
file "named.localhost";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "localhost" IN {
|
||||
type master;
|
||||
file "named.localhost";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
|
||||
type master;
|
||||
file "named.loopback";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "1.0.0.127.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "named.loopback";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
||||
zone "0.in-addr.arpa" IN {
|
||||
type master;
|
||||
file "named.empty";
|
||||
allow-update { none; };
|
||||
};
|
|
@ -0,0 +1,92 @@
|
|||
; This file holds the information on root name servers needed to
|
||||
; initialize cache of Internet domain name servers
|
||||
; (e.g. reference this file in the "cache . <file>"
|
||||
; configuration file of BIND domain name servers).
|
||||
;
|
||||
; This file is made available by InterNIC
|
||||
; under anonymous FTP as
|
||||
; file /domain/named.cache
|
||||
; on server FTP.INTERNIC.NET
|
||||
; -OR- RS.INTERNIC.NET
|
||||
;
|
||||
; last update: June 24, 2021
|
||||
; related version of root zone: 2021062401
|
||||
;
|
||||
; FORMERLY NS.INTERNIC.NET
|
||||
;
|
||||
. 3600000 NS A.ROOT-SERVERS.NET.
|
||||
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
|
||||
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
|
||||
;
|
||||
; FORMERLY NS1.ISI.EDU
|
||||
;
|
||||
. 3600000 NS B.ROOT-SERVERS.NET.
|
||||
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
|
||||
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
|
||||
;
|
||||
; FORMERLY C.PSI.NET
|
||||
;
|
||||
. 3600000 NS C.ROOT-SERVERS.NET.
|
||||
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
|
||||
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
|
||||
;
|
||||
; FORMERLY TERP.UMD.EDU
|
||||
;
|
||||
. 3600000 NS D.ROOT-SERVERS.NET.
|
||||
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
|
||||
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
|
||||
;
|
||||
; FORMERLY NS.NASA.GOV
|
||||
;
|
||||
. 3600000 NS E.ROOT-SERVERS.NET.
|
||||
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
|
||||
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
|
||||
;
|
||||
; FORMERLY NS.ISC.ORG
|
||||
;
|
||||
. 3600000 NS F.ROOT-SERVERS.NET.
|
||||
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
|
||||
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
|
||||
;
|
||||
; FORMERLY NS.NIC.DDN.MIL
|
||||
;
|
||||
. 3600000 NS G.ROOT-SERVERS.NET.
|
||||
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
|
||||
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
|
||||
;
|
||||
; FORMERLY AOS.ARL.ARMY.MIL
|
||||
;
|
||||
. 3600000 NS H.ROOT-SERVERS.NET.
|
||||
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
|
||||
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
|
||||
;
|
||||
; FORMERLY NIC.NORDU.NET
|
||||
;
|
||||
. 3600000 NS I.ROOT-SERVERS.NET.
|
||||
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
|
||||
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
|
||||
;
|
||||
; OPERATED BY VERISIGN, INC.
|
||||
;
|
||||
. 3600000 NS J.ROOT-SERVERS.NET.
|
||||
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
|
||||
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
|
||||
;
|
||||
; OPERATED BY RIPE NCC
|
||||
;
|
||||
. 3600000 NS K.ROOT-SERVERS.NET.
|
||||
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
|
||||
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
|
||||
;
|
||||
; OPERATED BY ICANN
|
||||
;
|
||||
. 3600000 NS L.ROOT-SERVERS.NET.
|
||||
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
|
||||
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
|
||||
;
|
||||
; OPERATED BY WIDE
|
||||
;
|
||||
. 3600000 NS M.ROOT-SERVERS.NET.
|
||||
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
|
||||
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
|
||||
; End of file
|
|
@ -0,0 +1,13 @@
|
|||
trust-anchors {
|
||||
# ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
|
||||
# for current trust anchor information.
|
||||
#
|
||||
# This key (20326) was published in the root zone in 2017.
|
||||
# Servers which were already using the old key (19036) should
|
||||
# roll seamlessly to this new one via RFC 5011 rollover. Servers
|
||||
# being set up for the first time can use the contents of this
|
||||
# file as initializing keys; thereafter, the keys in the
|
||||
# managed key database will be trusted and maintained
|
||||
# automatically.
|
||||
. initial-ds 20326 8 2 "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
|
||||
};
|
|
@ -0,0 +1,6 @@
|
|||
dirs /var/named
|
||||
|
||||
files /var/named/named.ca
|
||||
files /var/named/named.empty
|
||||
files /var/named/named.localhost
|
||||
files /var/named/named.loopback
|
|
@ -0,0 +1,25 @@
|
|||
[Unit]
|
||||
Description=Berkeley Internet Name Domain (DNS)
|
||||
Wants=nss-lookup.target
|
||||
Wants=named-setup-rndc.service
|
||||
Before=nss-lookup.target
|
||||
After=named-setup-rndc.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
Environment=NAMEDCONF=/etc/named.conf
|
||||
EnvironmentFile=-/etc/sysconfig/named
|
||||
Environment=KRB5_KTNAME=/etc/named.keytab
|
||||
PIDFile=/run/named/named.pid
|
||||
|
||||
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
|
||||
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
|
||||
ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'
|
||||
|
||||
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
|
||||
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,17 @@
|
|||
# BIND named process options
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# OPTIONS="whatever" -- These additional options will be passed to named
|
||||
# at startup. Don't add -t here, enable proper
|
||||
# -chroot.service unit file.
|
||||
#
|
||||
# NAMEDCONF=/etc/named/alternate.conf
|
||||
# -- Don't use -c to change configuration file.
|
||||
# Extend systemd named.service instead or use this
|
||||
# variable.
|
||||
#
|
||||
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
|
||||
# utility for every zone to ensure all zones are
|
||||
# valid before named starts. If you set this option
|
||||
# to 'yes' then service file doesn't perform those
|
||||
# checks.
|
|
@ -0,0 +1,117 @@
|
|||
#!/bin/bash
|
||||
|
||||
ROOTDIR="$1"
|
||||
CONFIG_FILES="${3:-/etc/named-chroot.files}"
|
||||
|
||||
usage()
|
||||
{
|
||||
echo
|
||||
echo 'This script setups chroot environment for BIND'
|
||||
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> [chroot.files]'
|
||||
}
|
||||
|
||||
if ! [ "$#" -ge 2 -a "$#" -le 3 ]; then
|
||||
echo 'Wrong number of arguments'
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Exit if ROOTDIR doesn't exist
|
||||
if ! [ -d "$ROOTDIR" ]; then
|
||||
echo "Root directory $ROOTDIR doesn't exist"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [ -r "$CONFIG_FILES" ]; then
|
||||
echo "Files list $CONFIG_FILES doesn't exist" 2>&1
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
dev_create()
|
||||
{
|
||||
DEVNAME="$ROOTDIR/dev/$1"
|
||||
shift
|
||||
if ! [ -e "$DEVNAME" ]; then
|
||||
/bin/mknod -m 0664 "$DEVNAME" $@
|
||||
/bin/chgrp named "$DEVNAME"
|
||||
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
|
||||
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null || :
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
dev_chroot_prep()
|
||||
{
|
||||
dev_create random c 1 8
|
||||
dev_create urandom c 1 9
|
||||
dev_create zero c 1 5
|
||||
dev_create null c 1 3
|
||||
}
|
||||
|
||||
files_comment_filter()
|
||||
{
|
||||
if [ -d "$1" ]; then
|
||||
grep -v '^[[:space:]]*#' "$1"/*.files
|
||||
else
|
||||
grep -v '^[[:space:]]*#' "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
mount_chroot_conf()
|
||||
{
|
||||
if [ -n "$ROOTDIR" ]; then
|
||||
# Check devices are prepared
|
||||
dev_chroot_prep
|
||||
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||
# Skip nonexistant files
|
||||
[ -e "$all" ] || continue
|
||||
|
||||
# If mount source is a file
|
||||
if ! [ -d "$all" ]; then
|
||||
# mount it only if it is not present in chroot or it is empty
|
||||
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
|
||||
touch "$ROOTDIR$all"
|
||||
mount --bind "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
else
|
||||
# Mount source is a directory. Mount it only if directory in chroot is
|
||||
# empty.
|
||||
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
|
||||
mount --bind --make-private "$all" "$ROOTDIR$all"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
umount_chroot_conf()
|
||||
{
|
||||
if [ -n "$ROOTDIR" ]; then
|
||||
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
||||
# Check if file is mount target. Do not use /proc/mounts because detecting
|
||||
# of modified mounted files can fail.
|
||||
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
||||
umount "$ROOTDIR$all"
|
||||
# Remove temporary created files
|
||||
[ -f "$all" ] && rm -f "$ROOTDIR$all"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
case "$2" in
|
||||
on)
|
||||
mount_chroot_conf
|
||||
;;
|
||||
off)
|
||||
umount_chroot_conf
|
||||
;;
|
||||
*)
|
||||
echo 'Second argument has to be "on" or "off"'
|
||||
usage
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,124 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# This script will initialise token storage of softhsm PKCS11 provider
|
||||
# in custom location. Is useful to store tokens in non-standard location.
|
||||
#
|
||||
# Output can be evaluated from bash, it will prepare it for usage of temporary tokens.
|
||||
# Quotes around eval are mandatory!
|
||||
# Recommended use:
|
||||
# eval "$(bash setup-named-softhsm.sh -A)"
|
||||
#
|
||||
|
||||
SOFTHSM2_CONF="$1"
|
||||
TOKENPATH="$2"
|
||||
GROUPNAME="$3"
|
||||
# Do not use this script for real keys worth protection
|
||||
# This is intended for crypto accelerators using PKCS11 interface.
|
||||
# Uninitialized token would fail any crypto operation.
|
||||
PIN=1234
|
||||
SO_PIN=1234
|
||||
LABEL=rpm
|
||||
|
||||
set -e
|
||||
|
||||
echo_i()
|
||||
{
|
||||
echo "#" $@
|
||||
}
|
||||
|
||||
random()
|
||||
{
|
||||
if [ -x "$(which openssl 2>/dev/null)" ]; then
|
||||
openssl rand -base64 $1
|
||||
else
|
||||
dd if=/dev/urandom bs=1c count=$1 | base64
|
||||
fi
|
||||
}
|
||||
|
||||
usage()
|
||||
{
|
||||
echo "Usage: $0 -A [token directory] [group]"
|
||||
echo " or: $0 <config file> <token directory> [group]"
|
||||
}
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" -a -z "$TOKENPATH" ]; then
|
||||
TOKENPATH=$(mktemp -d /var/tmp/softhsm-XXXXXX)
|
||||
fi
|
||||
|
||||
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" ]; then
|
||||
# Automagic mode instead
|
||||
MODE=secure
|
||||
SOFTHSM2_CONF="$TOKENPATH/softhsm2.conf"
|
||||
PIN_SOURCE="$TOKENPATH/pin"
|
||||
SOPIN_SOURCE="$TOKENPATH/so-pin"
|
||||
TOKENPATH="$TOKENPATH/tokens"
|
||||
else
|
||||
MODE=legacy
|
||||
fi
|
||||
|
||||
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH"
|
||||
|
||||
umask 0022
|
||||
|
||||
if ! [ -f "$SOFTHSM2_CONF" ]; then
|
||||
cat << SED > "$SOFTHSM2_CONF"
|
||||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = ${TOKENPATH}
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
||||
SED
|
||||
else
|
||||
echo_i "Config file $SOFTHSM2_CONF already exists" >&2
|
||||
fi
|
||||
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
touch "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod 0600 "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp "$GROUPNAME" "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod g+r "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
fi
|
||||
fi
|
||||
|
||||
export SOFTHSM2_CONF
|
||||
|
||||
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null
|
||||
then
|
||||
echo_i "Token in ${TOKENPATH} is already initialized" >&2
|
||||
|
||||
[ -f "$PIN_SOURCE" ] && PIN=$(cat "$PIN_SOURCE")
|
||||
[ -f "$SOPIN_SOURCE" ] && SO_PIN=$(cat "$SOPIN_SOURCE")
|
||||
else
|
||||
PIN=$(random 6)
|
||||
SO_PIN=$(random 18)
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
echo -n "$PIN" > "$PIN_SOURCE"
|
||||
echo -n "$SO_PIN" > "$SOPIN_SOURCE"
|
||||
fi
|
||||
|
||||
echo_i "Initializing tokens to ${TOKENPATH}..."
|
||||
softhsm2-util --init-token --free --label "$LABEL" --pin "$PIN" --so-pin "$SO_PIN" | sed -e 's/^/# /'
|
||||
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp -R -- "$GROUPNAME" "$TOKENPATH"
|
||||
chmod -R -- g=rX,o= "$TOKENPATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
|
||||
echo "export PIN_SOURCE=\"$PIN_SOURCE\""
|
||||
echo "export SOPIN_SOURCE=\"$SOPIN_SOURCE\""
|
||||
# These are intentionaly not exported
|
||||
echo "PIN=\"$PIN\""
|
||||
echo "SO_PIN=\"$SO_PIN\""
|
|
@ -0,0 +1,10 @@
|
|||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = @TOKENPATH@
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
|
@ -0,0 +1,3 @@
|
|||
SHA512 (bind-9.17.20.tar.xz) = ae0428b40a3f7a7c3db093da97b05d7901c4e48b2a9a9fac61d02b8e4d192f668ef05baf0f7d07402d88d3ed510f951637d7717a9da3c167b933166267adf070
|
||||
SHA512 (bind-9.17.20.tar.xz.asc) = 16a3689da98601ca28d5acf5a33f9ffdd2ac03c797ceca593f4c1fe19ec07582a9d5305b0a9df84122e7dc085950e686f55c617af7f9f5692666d2944016cfcc
|
||||
SHA512 (isc-logo.pdf) = 08124d14c4884aa6c078ef6b98ec37146319b51ca2dff44b6e38d1742d06778ce053299c15ad28e32dff36847242b2bb586848a1bb7cc5c05d9b2fdf2fd4a0bc
|
|
@ -0,0 +1,63 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/tests/Sanity/Master-server-chrooted
|
||||
# Description: Run basic empty named service and try to resolve localhost on it
|
||||
# Author: Petr Mensik <pemensik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2018 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/tests/Sanity/Master-server-chrooted
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Petr Mensik <pemensik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Run basic empty named-chroot service and try to resolve localhost on it" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: bind" >> $(METADATA)
|
||||
@echo "Requires: bind bind-utils bind-chroot bind-sdb-chroot" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
|
@ -0,0 +1,6 @@
|
|||
PURPOSE of /CoreOS/tests/Sanity/Master-server-chrooted
|
||||
Description: Run basic empty named-chroot service and try to resolve localhost on it
|
||||
Author: Petr Mensik <pemensik@redhat.com>
|
||||
|
||||
Check also clean package both when running and finished.
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1592873
|
|
@ -0,0 +1,73 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/tests/Sanity/Master-server-chrooted
|
||||
# Description: Run basic empty named-chroot service and try to resolve localhost on it
|
||||
# Author: Petr Mensik <pemensik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2018 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="bind"
|
||||
|
||||
test_service()
|
||||
{
|
||||
local SERVICE="$1"
|
||||
local PACKAGE="$2"
|
||||
rlRun "rlServiceStart $SERVICE"
|
||||
rlRun "dig @localhost localhost | grep '^localhost'"
|
||||
rlRun "dig @localhost -x 127.0.0.1 | grep 'PTR[[:space:]]\+localhost.$'" 0 "Reverse address works"
|
||||
rlRun "rpm -V $PACKAGE" 0 "Checking $SERVICE package when running"
|
||||
rlRun "rlServiceRestore $SERVICE"
|
||||
rlRun "rpm -V $PACKAGE" 0 "Checking $SERVICE package when stopped"
|
||||
}
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm bind
|
||||
rlAssertRpm bind-utils
|
||||
rlAssertRpm bind-chroot
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Testing named"
|
||||
test_service named bind
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Testing named-chroot"
|
||||
test_service named-chroot bind-chroot
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Testing named-sdb-chroot"
|
||||
if rpm -q bind-sdb-chroot; then
|
||||
test_service named-sdb-chroot bind-sdb-chroot
|
||||
else
|
||||
rlLog "bind-sdb-chroot not installed, skipping it"
|
||||
fi
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
# noop
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
|
@ -0,0 +1,65 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/bind/Sanity/Master-server-not-chrooted
|
||||
# Description: Set up master nameserver, test it.
|
||||
# Author: Martin Cermak <mcermak@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/bind/Sanity/Master-server-not-chrooted
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE named.conf zonefile
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Set up master nameserver in chrooted env, test it." >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: bind" >> $(METADATA)
|
||||
@echo "Requires: bind bind-chroot redhat-lsb" >> $(METADATA)
|
||||
@echo "Requires: bind-utils" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "RhtsRequires: library(bind/bind-setup)" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
|
@ -0,0 +1,6 @@
|
|||
PURPOSE of /CoreOS/bind/Sanity/Master-server-not-chrooted
|
||||
Description: Set up master nameserver in chrooted env, test it.
|
||||
This is a very basic sanity test for bind9.
|
||||
The main purpose for me was to learn how
|
||||
bind works :-)
|
||||
Author: Martin Cermak <mcermak@redhat.com>
|
|
@ -0,0 +1,11 @@
|
|||
options {
|
||||
directory "/var/named";
|
||||
allow-query { any; };
|
||||
};
|
||||
|
||||
zone "<DOMAIN>" IN {
|
||||
type master;
|
||||
file "<DOMAIN>.zone";
|
||||
allow-update { none; };
|
||||
};
|
||||
|
|
@ -0,0 +1,109 @@
|
|||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/bind/Sanity/Master-server-not-chrooted
|
||||
# Description: Set up master nameserver, test it.
|
||||
# Author: Martin Cermak <mcermak@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2009 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include rhts environment
|
||||
#set -x
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/lib/beakerlib/beakerlib.sh
|
||||
|
||||
# Some heplful functions
|
||||
randomString () {
|
||||
TEMPSTR=`date +%c%N | md5sum | awk '{print $1}'`
|
||||
echo ${TEMPSTR:0:8}
|
||||
unset TEMPSTR
|
||||
}
|
||||
|
||||
randomIp () {
|
||||
echo "192.168.1.`echo $[ $RANDOM / 256 + 1 ]`"
|
||||
}
|
||||
|
||||
randomSerial () {
|
||||
date +%N
|
||||
}
|
||||
|
||||
# Variable declarations
|
||||
CONF="/etc/named.conf"
|
||||
IP1=`randomIp`
|
||||
IP2=`randomIp`
|
||||
IP3=`randomIp`
|
||||
IP4=`randomIp`
|
||||
IP5=`randomIp`
|
||||
SERIAL=`randomSerial`
|
||||
ORIGPWD=`pwd`
|
||||
|
||||
# The test
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
|
||||
rlRun "rlImport bind/bind-setup"
|
||||
|
||||
bsBindSetupStart "$ORIGPWD/named.conf" "off"
|
||||
|
||||
rlRun "TDOMAIN=`randomString`.cz"
|
||||
rlRun "TZONEFILE=$ROOTDIR/var/named/$TDOMAIN.zone"
|
||||
|
||||
# set up /etc/named.conf
|
||||
rlRun "sed -i \"s/<DOMAIN>/$TDOMAIN/g\" $CONF"
|
||||
|
||||
# set up zonefile
|
||||
rlRun "cp $ORIGPWD/zonefile $TZONEFILE"
|
||||
rlRun "chmod a+r $TZONEFILE"
|
||||
rlRun "sed -i \"s/<DOMAIN>/$TDOMAIN/g\" $TZONEFILE"
|
||||
rlRun "sed -i \"s/<IP1>/$IP1/g\" $TZONEFILE"
|
||||
rlRun "sed -i \"s/<IP2>/$IP2/g\" $TZONEFILE"
|
||||
rlRun "sed -i \"s/<IP3>/$IP3/g\" $TZONEFILE"
|
||||
rlRun "sed -i \"s/<IP4>/$IP4/g\" $TZONEFILE"
|
||||
rlRun "sed -i \"s/<IP5>/$IP5/g\" $TZONEFILE"
|
||||
rlRun "sed -i \"s/<SERIAL>/$SERIAL/g\" $TZONEFILE"
|
||||
|
||||
bsBindSetupDone
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
# perform tests
|
||||
rlRun "dig @localhost $TDOMAIN | grep \"^$TDOMAIN\" | head -n 1 | grep \"$IP1\""
|
||||
rlRun "dig @localhost server1.$TDOMAIN | grep \"^server1.$TDOMAIN\" | grep \"$IP2\""
|
||||
rlRun "dig @localhost server2.$TDOMAIN | grep \"^server2.$TDOMAIN\" | grep \"$IP3\""
|
||||
rlRun "dig @localhost dns1.$TDOMAIN | grep \"^dns1.$TDOMAIN\" | grep \"$IP4\""
|
||||
rlRun "dig @localhost dns2.$TDOMAIN | grep \"^dns2.$TDOMAIN\" | grep \"$IP5\""
|
||||
rlRun "dig @localhost ftp.$TDOMAIN | grep \"^ftp.$TDOMAIN\" | grep \"server1.$TDOMAIN\""
|
||||
rlRun "dig @localhost mail.$TDOMAIN | grep \"^mail.$TDOMAIN\" | grep \"server1.$TDOMAIN\""
|
||||
rlRun "dig @localhost mail2.$TDOMAIN | grep \"^mail2.$TDOMAIN\" | grep \"server2.$TDOMAIN\""
|
||||
rlRun "dig @localhost www.$TDOMAIN | grep \"^www.$TDOMAIN\" | grep \"server2.$TDOMAIN\""
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
bsBindSetupCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlRun "rm -rf $TZONEFILE"
|
||||
rlPhaseEnd
|
||||
rlJournalEnd
|
|
@ -0,0 +1,27 @@
|
|||
$ORIGIN <DOMAIN>.
|
||||
$TTL 86400
|
||||
@ IN SOA dns1.<DOMAIN>. hostmaster.<DOMAIN>. (
|
||||
<SERIAL> ; serial
|
||||
21600 ; refresh after 6 hours
|
||||
3600 ; retry after 1 hour
|
||||
604800 ; expire after 1 week
|
||||
86400 ) ; minimum TTL of 1 day
|
||||
|
||||
IN NS dns1.<DOMAIN>.
|
||||
IN NS dns2.<DOMAIN>.
|
||||
|
||||
IN MX 10 mail.<DOMAIN>.
|
||||
IN MX 20 mail2.<DOMAIN>.
|
||||
|
||||
IN A <IP1>
|
||||
|
||||
server1 IN A <IP2>
|
||||
server2 IN A <IP3>
|
||||
dns1 IN A <IP4>
|
||||
dns2 IN A <IP5>
|
||||
|
||||
ftp IN CNAME server1
|
||||
mail IN CNAME server1
|
||||
mail2 IN CNAME server2
|
||||
www IN CNAME server2
|
||||
|
|
@ -0,0 +1,77 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of tests/Run-internal-BIND-test-suite
|
||||
# Description: Run internal BIND test suite
|
||||
# Author: Martin Cermak <mcermak@redhat.com>
|
||||
# Author: Petr Mensik <pemensik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=tests/Run-internal-BIND-test-suite
|
||||
export TESTVERSION=1.3
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE knownerror* setup-named-softhsm.sh bind-systest-filter.sh
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Run internal BIND test suite" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 8h" >> $(METADATA)
|
||||
@echo "RunFor: bind" >> $(METADATA)
|
||||
@echo "Requires: bind rpm-build bind-utils" >> $(METADATA)
|
||||
@echo "Requires: perl-Net-DNS perl-Net-DNS-Nameserver" >> $(METADATA)
|
||||
@echo "Requires: perl-Time-HiRes" >> $(METADATA)
|
||||
@echo "Requires: bind-pkcs11 bind-pkcs11-utils softhsm" >> $(METADATA)
|
||||
@echo "Requires: openssl-devel libtool autoconf" >> $(METADATA)
|
||||
# Try to satisfy all build dependencies from here
|
||||
@echo "Requires: bind-devel" >> $(METADATA)
|
||||
@echo "Requires: net-tools" >> $(METADATA)
|
||||
@echo "Requires: dnf-utils" >> $(METADATA)
|
||||
@echo "Requires: kyua" >> $(METADATA)
|
||||
@echo "Requires: libcmocka-devel" >> $(METADATA)
|
||||
# Obsolete, uses cmocka
|
||||
# @echo "Requires: libatf-c gcc-c++" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Bug: 642970" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
|
@ -0,0 +1,6 @@
|
|||
PURPOSE of tests/Run-internal-BIND-test-suite
|
||||
Description: Run internal BIND test suite
|
||||
Author: Martin Cermak <mcermak@redhat.com>
|
||||
Bug summary: Run internal BIND test suite
|
||||
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=642970
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This script will filter out output from BINDs tests
|
||||
# It supports form from BIND 9.9 and BIND 9.11
|
||||
# Its purpose is to display only failed tests from list of all tests
|
||||
|
||||
CURRENT_TEST=
|
||||
CURRENT_OUTPUT=
|
||||
STATUS_ONLY=
|
||||
|
||||
for P; do
|
||||
case "$P" in
|
||||
-s|--status) STATUS_ONLY=yes; shift ;;
|
||||
esac
|
||||
done
|
||||
|
||||
cat $@ | while read LINE; do
|
||||
if [ "${LINE#S:}" != "$LINE" ]; then
|
||||
CURRENT_TEST=`echo $LINE | cut -d: -f2`
|
||||
CURRENT_OUTPUT="$LINE"$'\n'
|
||||
elif [ "${LINE#R:}" != "$LINE" ]; then
|
||||
# echo "$CURRENT_TEST $LINE"
|
||||
if [ "${LINE/#R:*:*}" != "$LINE" ]; then
|
||||
# more recent results contain test name
|
||||
# R:dlz:FAIL
|
||||
CURRENT_TEST="${LINE#R:}"
|
||||
CURRENT_TEST="${CURRENT_TEST/%:*}"
|
||||
RESULT="${LINE/#*:}"
|
||||
else
|
||||
# S:dlz:time
|
||||
# R:FAIL
|
||||
RESULT="${LINE/#R*:/}"
|
||||
fi
|
||||
if [ "$RESULT" != "PASS" ]; then
|
||||
if [ -n "$STATUS_ONLY" ]; then
|
||||
echo "$RESULT $CURRENT_TEST"
|
||||
else
|
||||
CURRENT_OUTPUT+="$LINE"
|
||||
echo "$CURRENT_OUTPUT"
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
CURRENT_OUTPUT=
|
||||
else
|
||||
CURRENT_OUTPUT+="$LINE"$'\n'
|
||||
fi
|
||||
done
|
|
@ -0,0 +1,2 @@
|
|||
A:System test dlz
|
||||
A:System test idna
|
|
@ -0,0 +1,185 @@
|
|||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of tests/Run-internal-BIND-test-suite
|
||||
# Description: Run internal BIND test suite
|
||||
# Author: Martin Cermak <mcermak@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include rhts environment
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/lib/beakerlib/beakerlib.sh
|
||||
|
||||
PACKAGE="bind"
|
||||
|
||||
# Set those variables to n to skip tests on variants
|
||||
#DEFAULT_VARIANTS="normal pkcs11 sdb"
|
||||
DEFAULT_VARIANTS="normal"
|
||||
#TEST_VARIANTS="normal"
|
||||
|
||||
#
|
||||
# Runs test suite and checks known errors
|
||||
# Prepared to be repeated with another variants
|
||||
run_testsuite()
|
||||
{
|
||||
local RESULT_TEXT="$TMPDIR/test${NAMED_VARIANT}.txt"
|
||||
local FOUNDERROR=`mktemp found-XXXXXXXX.err`
|
||||
local KNOWNERROR=/dev/null
|
||||
|
||||
if [ -f "$ORIG/knownerror${NAMED_VARIANT}.$TAG" ]; then
|
||||
KNOWNERROR=`readlink -f $ORIG/knownerror.$TAG`
|
||||
elif [ -f "$ORIG/knownerror${NAMED_VARIANT}" ]; then
|
||||
KNOWNERROR=`readlink -f $ORIG/knownerror`
|
||||
fi
|
||||
|
||||
# Sometime it can fail. Report just failures that are not known
|
||||
rlRun "make test -j${CORES:-1} &> $RESULT_TEXT" 0-255 "Perform the test."
|
||||
rlRun "grep -C 10 FAIL $RESULT_TEXT" 0-255 "Quickly show the test error (if any)."
|
||||
|
||||
rlRun "$FILTER $RESULT_TEXT" 0 "Showing unsuccessful tests"
|
||||
rlRun "$FILTER -s $RESULT_TEXT > $FOUNDERROR" 0
|
||||
rlRun "ls $KNOWNERROR $FOUNDERROR $RESULT_TEXT" 0 'check if there is needed files'
|
||||
rlLog "`cat $FOUNDERROR`"
|
||||
|
||||
rlAssertLesserOrEqual "Checking number of found errors is in limits" "$(grep '^FAIL' $FOUNDERROR | wc -l)" "$(wc -l <$KNOWNERROR)"
|
||||
cat $FOUNDERROR | while read STATUS TEST ; do
|
||||
if [ "$STATUS" = FAIL ]; then
|
||||
rlRun "grep '$TEST' $KNOWNERROR" 0 "Check $TEST failure is expected"
|
||||
else
|
||||
rlLog "$STATUS $TEST"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
# package assertions
|
||||
rlAssertRpm $PACKAGE
|
||||
rlAssertRpm rpm-build
|
||||
rlAssertRpm perl-Net-DNS-Nameserver
|
||||
|
||||
#pwd
|
||||
ORIG=`pwd`
|
||||
SETUP_SOFTHSM=`readlink -f setup-named-softhsm.sh`
|
||||
FILTER=`readlink -f bind-systest-filter.sh`
|
||||
CORES=`grep 'processor\s*:' /proc/cpuinfo | wc -l`
|
||||
|
||||
TAG=generic
|
||||
if [ -f /etc/os-release ]; then
|
||||
# extract platform tag
|
||||
TAG=`(source /etc/os-release && echo ${PLATFORM_ID#platform:})`
|
||||
fi
|
||||
|
||||
#tempdir
|
||||
rlRun "TMPDIR=\`mktemp -d\`" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TMPDIR"
|
||||
|
||||
# topdir
|
||||
TOPDIR=`rpm -E '%{_topdir}'`
|
||||
|
||||
# cleanup in topdir
|
||||
mkdir -p $TOPDIR/{BUILD,SOURCES,SPECS}
|
||||
rm -rf $TOPDIR/{BUILD,SOURCES,SPECS}/*
|
||||
|
||||
# download src rpm
|
||||
if ! ls bind*.src.rpm; then
|
||||
rlRun "dnf --enablerepo='*-source' download --source bind" 0 "Fetch source from repository"
|
||||
rlRun "rpm -i bind*.src.rpm"
|
||||
fi
|
||||
|
||||
rlRun "rpm --define '_topdir $TOPDIR' -Uvh *rpm &> $TMPDIR/install.txt"
|
||||
rlRun "cd $TOPDIR/SPECS"
|
||||
|
||||
rlRun "dnf -y builddep *.spec"
|
||||
|
||||
# stop bind if it is running
|
||||
rlServiceStop named
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest
|
||||
# rebuild from source
|
||||
rlRun "rpmbuild -ba *.spec &> $TMPDIR/build.txt"
|
||||
|
||||
# the test
|
||||
rlRun "cd $TOPDIR/BUILD/bind*"
|
||||
|
||||
rlLogInfo "Test takes place in `pwd`"
|
||||
|
||||
rlRun "chown -R root ."
|
||||
|
||||
if [ -x "$SETUP_SOFTHSM" ]; then
|
||||
rlRun "eval \"$(bash $SETUP_SOFTHSM -A)\"" 0 "Preparing PKCS#11 token slot"
|
||||
rlRun "pkcs11-tokens" 0 "Testing token slot availability"
|
||||
else
|
||||
rlLog "PKCS#11 not initialized"
|
||||
fi
|
||||
|
||||
if [ -d build ]; then
|
||||
BUILD=build
|
||||
else
|
||||
BUILD=.
|
||||
fi
|
||||
|
||||
rlRun "./bin/tests/system/ifconfig.sh up" 0 "Setup fake network interfaces."
|
||||
|
||||
# required by idna test
|
||||
export LC_ALL=en_US.UTF-8
|
||||
|
||||
rlRun "pushd $BUILD"
|
||||
|
||||
if echo "${TEST_VARIANTS:-$DEFAULT_VARIANTS}" | grep -q normal; then
|
||||
rlLog "Running normal variant"
|
||||
export NAMED_VARIANT= DNSSEC_VARIANT=
|
||||
run_testsuite
|
||||
rlLog "Finished normal variant"
|
||||
fi
|
||||
|
||||
if echo "${TEST_VARIANTS:-$DEFAULT_VARIANTS}" | grep -q sdb; then
|
||||
rlLog "Running sdb variant"
|
||||
export NAMED_VARIANT=-sdb DNSSEC_VARIANT=
|
||||
run_testsuite
|
||||
rlLog "Finished sdb variant"
|
||||
fi
|
||||
|
||||
if echo "${TEST_VARIANTS:-$DEFAULT_VARIANTS}" | grep -q pkcs11; then
|
||||
rlLog "Running pkcs11 variant"
|
||||
# Unfortunately, PKCS11 variant uses shared key storage
|
||||
# It cannot use more threads for that reason
|
||||
export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
|
||||
CORES=1 run_testsuite
|
||||
rlLog "Finished pkcs11 variant"
|
||||
fi
|
||||
|
||||
rlRun "popd"
|
||||
|
||||
rlRun "./bin/tests/system/ifconfig.sh down" 0 "Remove fake network interfaces."
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlBundleLogs "BUILD_LOGS" "$TMPDIR/install.txt" "$TMPDIR/builddeps.txt" "$TMPDIR/build.txt"
|
||||
rlBundleLogs "TEST_LOGS" "$TMPDIR"/test*.txt
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TMPDIR" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalEnd
|
|
@ -0,0 +1,123 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# This script will initialise token storage of softhsm PKCS11 provider
|
||||
# in custom location. Is useful to store tokens in non-standard location.
|
||||
#
|
||||
# Output can be evaluated from bash, it will prepare it for usage of temporary tokens.
|
||||
# Recommended use:
|
||||
# eval $(bash setup-named-softhsm.sh -A)
|
||||
#
|
||||
|
||||
SOFTHSM2_CONF="$1"
|
||||
TOKENPATH="$2"
|
||||
GROUPNAME="$3"
|
||||
# Do not use this script for real keys worth protection
|
||||
# This is intended for crypto accelerators using PKCS11 interface.
|
||||
# Uninitialized token would fail any crypto operation.
|
||||
PIN=1234
|
||||
SO_PIN=1234
|
||||
LABEL=rpm
|
||||
|
||||
set -e
|
||||
|
||||
echo_i()
|
||||
{
|
||||
echo "#" $@
|
||||
}
|
||||
|
||||
random()
|
||||
{
|
||||
if [ -x "$(which openssl 2>/dev/null)" ]; then
|
||||
openssl rand -base64 $1
|
||||
else
|
||||
dd if=/dev/urandom bs=1c count=$1 | base64
|
||||
fi
|
||||
}
|
||||
|
||||
usage()
|
||||
{
|
||||
echo "Usage: $0 -A [token directory] [group]"
|
||||
echo " or: $0 <config file> <token directory> [group]"
|
||||
}
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" -a -z "$TOKENPATH" ]; then
|
||||
TOKENPATH=$(mktemp -d /var/tmp/softhsm-XXXXXX)
|
||||
fi
|
||||
|
||||
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$SOFTHSM2_CONF" = "-A" ]; then
|
||||
# Automagic mode instead
|
||||
MODE=secure
|
||||
SOFTHSM2_CONF="$TOKENPATH/softhsm2.conf"
|
||||
PIN_SOURCE="$TOKENPATH/pin"
|
||||
SOPIN_SOURCE="$TOKENPATH/so-pin"
|
||||
TOKENPATH="$TOKENPATH/tokens"
|
||||
else
|
||||
MODE=legacy
|
||||
fi
|
||||
|
||||
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH"
|
||||
|
||||
umask 0022
|
||||
|
||||
if ! [ -f "$SOFTHSM2_CONF" ]; then
|
||||
cat << SED > "$SOFTHSM2_CONF"
|
||||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = ${TOKENPATH}
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
||||
SED
|
||||
else
|
||||
echo_i "Config file $SOFTHSM2_CONF already exists" >&2
|
||||
fi
|
||||
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
touch "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod 0600 "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp "$GROUPNAME" "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
chmod g+r "$PIN_SOURCE" "$SOPIN_SOURCE"
|
||||
fi
|
||||
fi
|
||||
|
||||
export SOFTHSM2_CONF
|
||||
|
||||
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null
|
||||
then
|
||||
echo_i "Token in ${TOKENPATH} is already initialized" >&2
|
||||
|
||||
[ -f "$PIN_SOURCE" ] && PIN=$(cat "$PIN_SOURCE")
|
||||
[ -f "$SOPIN_SOURCE" ] && SO_PIN=$(cat "$SOPIN_SOURCE")
|
||||
else
|
||||
PIN=$(random 6)
|
||||
SO_PIN=$(random 18)
|
||||
if [ -n "$PIN_SOURCE" ]; then
|
||||
echo -n "$PIN" > "$PIN_SOURCE"
|
||||
echo -n "$SO_PIN" > "$SOPIN_SOURCE"
|
||||
fi
|
||||
|
||||
echo_i "Initializing tokens to ${TOKENPATH}..."
|
||||
softhsm2-util --init-token --free --label "$LABEL" --pin "$PIN" --so-pin "$SO_PIN" | sed -e 's/^/# /'
|
||||
|
||||
if [ -n "$GROUPNAME" ]; then
|
||||
chgrp -R -- "$GROUPNAME" "$TOKENPATH"
|
||||
chmod -R -- g=rX,o= "$TOKENPATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
|
||||
echo "export PIN_SOURCE=\"$PIN_SOURCE\""
|
||||
echo "export SOPIN_SOURCE=\"$SOPIN_SOURCE\""
|
||||
# These are intentionaly not exported
|
||||
echo "PIN=\"$PIN\""
|
||||
echo "SO_PIN=\"$SO_PIN\""
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- Master-server-chrooted
|
||||
- Master-server-not-chrooted
|
||||
- Run-internal-BIND-test-suite
|
||||
required_packages:
|
||||
- bind
|
||||
- bind-chroot
|
||||
- bind-sdb-chroot
|
||||
- redhat-lsb
|
||||
- bind-utils
|
||||
- dnf-utils
|
||||
- kyua
|
||||
- bind-devel
|
||||
- perl-Net-DNS
|
||||
- perl-Net-DNS-Nameserver
|
||||
- perl-Time-HiRes
|
||||
- softhsm
|
||||
- bind-pkcs11
|
||||
- bind-pkcs11-utils
|
|
@ -0,0 +1 @@
|
|||
. 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
|
Loading…
Reference in New Issue