new upstream release (2.5.3)
Migration from < 2.5 is included. Migration from < 2.0 is not supported anymore, an error will be raised if somebody tries to do this update.
This commit is contained in:
Petr Špaček
parent
0ff1a10ccb
commit
962215f3dd
|
|
@ -1,4 +1,2 @@
|
|||
/knot-*.tar.xz
|
||||
/knot-2.4.0.tar.xz.asc
|
||||
/knot-2.4.1.tar.xz.asc
|
||||
/knot-2.4.5.tar.xz.asc
|
||||
/knot-*.tar.xz.asc
|
||||
|
|
|
|||
133
knot.spec
133
knot.spec
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
Summary: High-performance authoritative DNS server
|
||||
Name: knot
|
||||
Version: 2.4.5
|
||||
Version: 2.5.3
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3
|
||||
Group: System Environment/Daemons
|
||||
|
|
@ -17,9 +17,12 @@ Source4: %{name}.tmpfiles
|
|||
# Required dependencies
|
||||
BuildRequires: pkgconfig(liburcu) pkgconfig(gnutls) >= 3.0 pkgconfig(nettle) pkgconfig(jansson) lmdb-devel pkgconfig(libedit)
|
||||
# Optional dependencies
|
||||
BuildRequires: pkgconfig(libcap-ng) pkgconfig(libidn) pkgconfig(libsystemd) pkgconfig(libfstrm) pkgconfig(libprotobuf-c)
|
||||
|
||||
BuildRequires: pkgconfig(libcap-ng) pkgconfig(libidn2) pkgconfig(libsystemd) pkgconfig(libfstrm) pkgconfig(libprotobuf-c)
|
||||
BuildRequires: systemd
|
||||
|
||||
Requires: python-lmdb
|
||||
|
||||
Requires(post): python-lmdb
|
||||
Requires(post): systemd %{_sbindir}/runuser
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
|
@ -60,10 +63,11 @@ BuildRequires: python-sphinx
|
|||
%else
|
||||
BuildRequires: python3-sphinx
|
||||
%endif
|
||||
Provides: bundled(jquery)
|
||||
Provides: bundled(jquery) = 3.1.0
|
||||
|
||||
%description doc
|
||||
The package contains documentation for the Knot DNS server.
|
||||
On-line version is available on https://www.knot-dns.cz/documentation/
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
|
@ -81,7 +85,7 @@ CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
|
|||
%define configure_db_sizes --with-conf-mapsize=64 --with-timer-mapsize=16
|
||||
%endif
|
||||
|
||||
%configure %{configure_db_sizes}
|
||||
%configure %{configure_db_sizes} --disable-fastparser # FIXME
|
||||
make %{?_smp_mflags}
|
||||
make html
|
||||
|
||||
|
|
@ -94,10 +98,6 @@ cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
|
|||
[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
|
||||
rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
|
||||
|
||||
# install shell completion scripts
|
||||
install -p -m 0644 -D samples/keymgr-completion.sh %{buildroot}%{_datadir}/bash-completion/completions/keymgr
|
||||
install -p -m 0644 -D samples/keymgr-completion.zsh %{buildroot}%{_datadir}/zsh/site-functions/_keymgr
|
||||
|
||||
# install customized configuration file
|
||||
rm %{buildroot}%{_sysconfdir}/%{name}/*
|
||||
install -p -m 0644 -D %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
|
||||
|
|
@ -132,8 +132,24 @@ exit 0
|
|||
|
||||
%post
|
||||
%systemd_post knot.service
|
||||
# initialize/upgrade KASP database
|
||||
%{_sbindir}/runuser -u knot -- %{_sbindir}/keymgr --dir %{_sharedstatedir}/%{name}/keys --legacy init
|
||||
if [ $1 -gt 1 ] ; then # upgrade
|
||||
if rpm -q --qf=%%{version} knot | grep -q "^1\." ; then # detect versions 1.y.z
|
||||
echo 'Automatic upgrade from Knot DNS versions 1.y.z is not supported anymore'
|
||||
echo 'Contact https://www.knot-dns.cz/support/'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 2.[0-4].z -> 2.5+.z migration
|
||||
if rpm -q --qf=%%{version} knot | grep -q '^2.[0-4]\.' ; then
|
||||
# rename modules
|
||||
echo 'Migrating module names in configuration file /etc/knot/knot.conf'
|
||||
sed -i.rpmsave -e 's/\bmod-online-sign\b/mod-onlinesign/' -e 's/\bmod-synth-record\b/mod-synthrecord/' /etc/knot/knot.conf
|
||||
echo 'Migrating KASP database %{_sharedstatedir}/%{name}/keys from JSON files to LMDB database'
|
||||
# migrate keys into LMDB
|
||||
%{_sbindir}/runuser -u knot -- %{_sbindir}/pykeymgr -i %{_sharedstatedir}/%{name}/keys
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
%preun
|
||||
%systemd_preun knot.service
|
||||
|
|
@ -154,21 +170,19 @@ exit 0
|
|||
%dir %attr(-,knot,knot) %{_localstatedir}/run/%{name}
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_tmpfilesdir}/%{name}.conf
|
||||
%{_libexecdir}/knot1to2
|
||||
%{_bindir}/kjournalprint
|
||||
%{_bindir}/kzonecheck
|
||||
%{_sbindir}/keymgr
|
||||
%{_sbindir}/knotc
|
||||
%{_sbindir}/knotd
|
||||
%{_mandir}/man1/knot1to2.*
|
||||
%{_sbindir}/pykeymgr
|
||||
%{_mandir}/man1/kjournalprint.*
|
||||
%{_mandir}/man1/kzonecheck.*
|
||||
%{_mandir}/man5/knot.conf.*
|
||||
%{_mandir}/man8/keymgr.*
|
||||
%{_mandir}/man8/knotc.*
|
||||
%{_mandir}/man8/knotd.*
|
||||
%{_datadir}/bash-completion/completions/keymgr
|
||||
%{_datadir}/zsh/site-functions/_keymgr
|
||||
%{_mandir}/man8/pykeymgr.*
|
||||
|
||||
%files utils
|
||||
%{_bindir}/kdig
|
||||
|
|
@ -188,11 +202,13 @@ exit 0
|
|||
|
||||
%files devel
|
||||
%{_includedir}/dnssec
|
||||
%{_includedir}/knot
|
||||
%{_includedir}/libknot
|
||||
%{_includedir}/zscanner
|
||||
%{_libdir}/libdnssec.so
|
||||
%{_libdir}/libknot.so
|
||||
%{_libdir}/libzscanner.so
|
||||
%{_libdir}/pkgconfig/knotd.pc
|
||||
%{_libdir}/pkgconfig/libdnssec.pc
|
||||
%{_libdir}/pkgconfig/libknot.pc
|
||||
%{_libdir}/pkgconfig/libzscanner.pc
|
||||
|
|
@ -202,6 +218,93 @@ exit 0
|
|||
%{_pkgdocdir}/html
|
||||
|
||||
%changelog
|
||||
* Mon Jul 31 2017 Petr Spacek <petr.spacek@nic.cz> - 2.5.3-1
|
||||
- new upstream release
|
||||
WARNING: Automatic upgrade from versions 1.y.z is no longer possible.
|
||||
To migrate, upgrade your packages gradually or use contacts listed on
|
||||
https://www.knot-dns.cz/support/ (if you are in trouble).
|
||||
|
||||
Knot DNS 2.5.3 (2017-07-14)
|
||||
===========================
|
||||
|
||||
Features:
|
||||
---------
|
||||
- CSK rollover support for Single-Type Signing Scheme
|
||||
|
||||
Improvements:
|
||||
-------------
|
||||
- Allowed binding to non-local adresses for TCP (Thanks to Julian Brost!)
|
||||
- New documentation section for manual DNSSEC key algorithm rollover
|
||||
- Initial KSK also generated in the submission state
|
||||
- The 'ds' keymgr command with no parameter uses all KSK keys
|
||||
- New debug mode in kjournalprint
|
||||
- Updated keymgr documentation
|
||||
|
||||
Bugfixes:
|
||||
---------
|
||||
- Sometimes missing RRSIG by KSK in submission state.
|
||||
- Minor DNSSEC-related issues
|
||||
|
||||
Knot DNS 2.5.2 (2017-06-23)
|
||||
===========================
|
||||
|
||||
Security:
|
||||
---------
|
||||
- CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
|
||||
|
||||
Improvements:
|
||||
-------------
|
||||
- Extended debug logging for TSIG errors
|
||||
- Better error message for unknown module section in the configuration
|
||||
- Module documentation compilation no longer depends on module configuration
|
||||
- Extended policy section configuration semantic checks
|
||||
- Improved python version compatibility in pykeymgr
|
||||
- Extended migration section in the documentation
|
||||
- Improved DNSSEC event timing on 32-bit systems
|
||||
- New KSK rollover start log info message
|
||||
- NULL qtype support in kdig
|
||||
|
||||
Bugfixes:
|
||||
---------
|
||||
- Failed to process included configuration
|
||||
- dnskey_ttl policy option in the configuration has no effect on DNSKEY TTL
|
||||
- Corner case journal fixes (huge changesets, OpenWRT operation)
|
||||
- Confusing event timestamps in knotc zone-status output
|
||||
- NSEC/NSEC3 bitmap not updated for CDS/CDNSKEY
|
||||
- CDS/CDNSKEY RRSIG not updated
|
||||
|
||||
Knot DNS 2.5.1 (2017-06-07)
|
||||
===========================
|
||||
|
||||
Bugfixes:
|
||||
---------
|
||||
- pykeymgr no longer crash on empty json files in the KASP DB directory
|
||||
- pykeymgr no longer imports keys in the "removed" state
|
||||
- Imported keys in the "removed" state no longer makes knotd to crash
|
||||
- Including an empty configuration directory no longer makes knotd to crash
|
||||
- pykeymgr is distributed and installed to the distribution tarball
|
||||
|
||||
Knot DNS 2.5.0 (2017-06-05)
|
||||
===========================
|
||||
|
||||
Features:
|
||||
---------
|
||||
- KASP database switched from JSON files to LMDB database
|
||||
- KSK rollover support using CDNSKEY and CDS in the automatic DNSSEC signing
|
||||
- Dynamic module loading support with proper module API
|
||||
- Journal can store full zone contents (not only differences)
|
||||
- Zone freeze/thaw support
|
||||
- Updated knotc zone-status output with optional column filters
|
||||
- New '[no]crypto' option in kdig
|
||||
- New keymgr implementation reflecting KASP database changes
|
||||
- New pykeymgr for JSON-based KASP database migration
|
||||
- Removed obsolete knot1to2 utility
|
||||
|
||||
Improvements:
|
||||
-------------
|
||||
- Added libidn2 support to kdig (with libidn fallback)
|
||||
- Maximum timer database switched from configure to the server configuration
|
||||
|
||||
* Mon Jul 10 2017 Petr Spacek <petr.spacek@nic.cz> - 2.4.5-1
|
||||
New upstream release: 2.4.5
|
||||
|
||||
|
|
|
|||
4
sources
4
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (knot-2.4.5.tar.xz.asc) = 0ee880ca5397eeb839476cc708fdba98ee488d9933c127b6f993488dec4d085bbd4561d8acd2fa67f77214ceed13658ec21ee2b415dec2a0660409fa42fafe99
|
||||
SHA512 (knot-2.4.5.tar.xz) = db4919dbe2dc688f401e6611d784d47e1d40a0f8ec8c8cd6240d89ab9dd2ce7dd1976ac7cb24c712ed8aa074e0026ff0a10e9d6d5e685929d271ae554d9a1cff
|
||||
SHA512 (knot-2.5.3.tar.xz) = c93bfdd42c3f1e5b74de7a5bb46841bee75d5153b4c72eb876f11e193a290484620ea8f877bd039c40fc665a9d5d07905a712e8e085c3267da5db5208aa71f08
|
||||
SHA512 (knot-2.5.3.tar.xz.asc) = f9abdf02b1e0e8521b200266bfb82e6978599b5fcb374c210c847ad69b7ec4f9308b5a9e44c09eb4f6bc38ffcdbed25df9bc65ee772a2221f9da6e7ba883dd61
|
||||
|
|
|
|||
Loading…
Reference in New Issue