283 lines
10 KiB
RPMSpec
283 lines
10 KiB
RPMSpec
%global _hardened_build 1
|
|
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
|
|
|
Summary: High-performance authoritative DNS server
|
|
Name: knot
|
|
Version: 2.1.0
|
|
Release: 1%{?dist}
|
|
License: GPLv3
|
|
Group: System Environment/Daemons
|
|
URL: http://www.knot-dns.cz
|
|
Source0: http://public.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz
|
|
Source1: %{name}.service
|
|
Source2: %{name}.conf
|
|
Source3: %{name}.tmpfiles
|
|
|
|
# Required dependencies
|
|
BuildRequires: pkgconfig(liburcu) pkgconfig(gnutls) >= 3.0 pkgconfig(nettle) pkgconfig(jansson) lmdb-devel
|
|
# Optional dependencies
|
|
BuildRequires: pkgconfig(libcap-ng) pkgconfig(libidn) pkgconfig(libsystemd-daemon) pkgconfig(libsystemd-journal) pkgconfig(libfstrm) pkgconfig(libprotobuf-c)
|
|
|
|
BuildRequires: systemd
|
|
Requires(post): systemd %{_sbindir}/runuser
|
|
Requires(preun): systemd
|
|
Requires(postun): systemd
|
|
|
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
|
%description
|
|
Knot DNS is a high-performance authoritative DNS server implementation.
|
|
|
|
%package libs
|
|
Summary: Libraries used by the Knot DNS server and client applications
|
|
|
|
%description libs
|
|
The package contains shared libraries used by the Knot DNS server and
|
|
utilities.
|
|
|
|
%package devel
|
|
Summary: Development header files for the Knot DNS libraries
|
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
|
%description devel
|
|
The package contains development header files for the Knot DNS libraries
|
|
included in knot-libs package.
|
|
|
|
%package utils
|
|
Summary: DNS client utilities shipped with the Knot DNS server
|
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
|
%description utils
|
|
The package contains DNS client utilities shipped with the Knot DNS server.
|
|
|
|
%package doc
|
|
Summary: Documentation for the Knot DNS server
|
|
License: GPLv3 and BSD and MIT
|
|
BuildArch: noarch
|
|
BuildRequires: python3-sphinx
|
|
Provides: bundled(jquery)
|
|
|
|
%description doc
|
|
The package contains documentation for the Knot DNS server.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
# make sure embedded LMDB library is not used
|
|
rm -vr src/contrib/lmdb
|
|
|
|
%build
|
|
# disable debug code (causes unused warnings)
|
|
CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
|
|
%configure
|
|
make %{?_smp_mflags}
|
|
make html
|
|
|
|
%install
|
|
make install DESTDIR=%{buildroot}
|
|
|
|
# install documentation
|
|
mkdir -p %{buildroot}%{_pkgdocdir}
|
|
cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
|
|
[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
|
|
rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
|
|
|
|
# install shell completion scripts
|
|
install -p -m 0644 -D samples/keymgr-completion.sh %{buildroot}%{_datadir}/bash-completion/completions/keymgr
|
|
install -p -m 0644 -D samples/keymgr-completion.zsh %{buildroot}%{_datadir}/zsh/site-functions/_keymgr
|
|
|
|
# install customized configuration file
|
|
rm %{buildroot}%{_sysconfdir}/%{name}/*
|
|
install -p -m 0644 -D %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
|
|
|
|
# install service file and create rundir
|
|
install -p -m 0644 -D %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
|
install -p -m 0644 -D %{SOURCE3} %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
|
install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
|
|
|
|
# create storage dir and key dir
|
|
mkdir -p %{buildroot}%{_sharedstatedir}
|
|
install -d -m 0775 %{buildroot}%{_sharedstatedir}/%{name}
|
|
install -d -m 0770 %{buildroot}%{_sharedstatedir}/%{name}/keys
|
|
|
|
# install config samples into docdir
|
|
install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
|
|
for sample_file in knot.sample.conf example.com.zone; do
|
|
install -p -m 0644 samples/${sample_file} %{buildroot}%{_pkgdocdir}/samples
|
|
done
|
|
|
|
# remove static libraries and libarchive files
|
|
rm %{buildroot}%{_libdir}/*.a
|
|
rm %{buildroot}%{_libdir}/*.la
|
|
|
|
%check
|
|
make check
|
|
|
|
%pre
|
|
getent group knot >/dev/null || groupadd -r knot
|
|
getent passwd knot >/dev/null || useradd -r -g knot -d %{_sysconfdir}/knot -s /sbin/nologin -c "Knot DNS server" knot
|
|
exit 0
|
|
|
|
%post
|
|
%systemd_post knot.service
|
|
# initialize/upgrade KASP database
|
|
%{_sbindir}/runuser -u knot -- %{_sbindir}/keymgr --dir %{_sharedstatedir}/%{name}/keys init
|
|
|
|
%preun
|
|
%systemd_preun knot.service
|
|
|
|
%postun
|
|
%systemd_postun_with_restart knot.service
|
|
|
|
%post libs -p /sbin/ldconfig
|
|
|
|
%postun libs -p /sbin/ldconfig
|
|
|
|
%files
|
|
%{_pkgdocdir}/samples
|
|
%dir %attr(750,root,knot) %{_sysconfdir}/%{name}
|
|
%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/%{name}/%{name}.conf
|
|
%dir %attr(775,root,knot) %{_sharedstatedir}/%{name}
|
|
%dir %attr(770,root,knot) %{_sharedstatedir}/%{name}/keys
|
|
%dir %attr(-,knot,knot) %{_localstatedir}/run/%{name}
|
|
%{_unitdir}/%{name}.service
|
|
%{_tmpfilesdir}/%{name}.conf
|
|
%{_libexecdir}/knot1to2
|
|
%{_sbindir}/keymgr
|
|
%{_sbindir}/knotc
|
|
%{_sbindir}/knotd
|
|
%{_mandir}/man1/knot1to2.*
|
|
%{_mandir}/man5/knot.conf.*
|
|
%{_mandir}/man8/keymgr.*
|
|
%{_mandir}/man8/knotc.*
|
|
%{_mandir}/man8/knotd.*
|
|
%{_datadir}/bash-completion/completions/keymgr
|
|
%{_datadir}/zsh/site-functions/_keymgr
|
|
|
|
%files utils
|
|
%{_bindir}/kdig
|
|
%{_bindir}/khost
|
|
%{_bindir}/knsec3hash
|
|
%{_bindir}/knsupdate
|
|
%{_mandir}/man1/kdig.*
|
|
%{_mandir}/man1/khost.*
|
|
%{_mandir}/man1/knsec3hash.*
|
|
%{_mandir}/man1/knsupdate.*
|
|
|
|
%files libs
|
|
%doc COPYING AUTHORS NEWS THANKS
|
|
%{_libdir}/libdnssec.so.*
|
|
%{_libdir}/libknot.so.*
|
|
%{_libdir}/libzscanner.so.*
|
|
|
|
%files devel
|
|
%{_includedir}/dnssec
|
|
%{_includedir}/libknot
|
|
%{_includedir}/zscanner
|
|
%{_libdir}/libdnssec.so
|
|
%{_libdir}/libknot.so
|
|
%{_libdir}/libzscanner.so
|
|
%{_libdir}/pkgconfig/libdnssec.pc
|
|
%{_libdir}/pkgconfig/libknot.pc
|
|
%{_libdir}/pkgconfig/libzscanner.pc
|
|
|
|
%files doc
|
|
%dir %{_pkgdocdir}
|
|
%{_pkgdocdir}/html
|
|
|
|
%changelog
|
|
* Thu Jan 14 2016 Jan Vcelak <jvcelak@fedoraproject.org> 2.1.0-1
|
|
- new upstream release:
|
|
+ improvement: Remove implementation limit for the number of network interfaces
|
|
+ improvement: Remove possibly insecure server control over a network socket
|
|
+ fix: Schedule zone bootstrap after slave zone fails to load from disk
|
|
|
|
* Sun Dec 20 2015 Jan Vcelak <jvcelak@fedoraproject.org> 2.1.0-0.1.rc1
|
|
- new upstream pre-release:
|
|
+ feature: Per-thread UDP socket binding using SO_REUSEPORT
|
|
+ feature: Support for dynamic configuration database
|
|
+ feature: DNSSEC, Support for cryptographic tokens via PKCS #11 interface
|
|
+ feature: DNSSEC, Experimental support for online signing
|
|
+ improvement: Support for zone file name patterns
|
|
+ improvement: Configurable location of zone timer database
|
|
+ improvement: Non-blocking network operations and better timeout handling
|
|
+ improvement: Caching of Critical configuration values for better performance
|
|
+ improvement: Logging of ACL failures
|
|
+ improvement: RRL: Add rate-limit-slip zero support to drop all responses
|
|
+ improvement: RRL: Document behavior for different rate-limit-slip options
|
|
+ improvement: kdig: Warning instead of error on TSIG validation failure
|
|
+ improvement: Cleanup of support libraries interfaces (libknot, libzscanner, libdnssec)
|
|
+ fix: synth-record module: Fix application of default configuration options
|
|
+ fix: TSIG: Allow compressed TSIG name when forwarding DDNS updates
|
|
|
|
* Wed Nov 25 2015 Jan Vcelak <jvcelak@fedoraproject.org> 2.0.2-1
|
|
- new upstream release:
|
|
+ security fix: out-of-bound read in packet parser for malformed NAPTR record
|
|
|
|
* Thu Sep 03 2015 Jan Vcelak <jvcelak@fedoraproject.org> 2.0.1-1
|
|
- new upstream release:
|
|
+ fix: do not reload expired zones on 'knotc reload' and server startup
|
|
+ fix: rare race-condition in event scheduling causing delayed event execution
|
|
+ fix: skipping of non-authoritative nodes in NSEC proofs
|
|
+ fix: TC flag setting in RRL slipped answers
|
|
+ fix: disable domain name compression for root label
|
|
+ fix: fix CNAME following when quering for NSEC RR type
|
|
+ fix: fix refreshing of DNSSEC signatures for zone keys
|
|
+ fix: fix binding an unavailable IPv6 address (IP_FREEBIND)
|
|
+ fix: fix infinite loop in knotc zonestatus and memstats
|
|
+ fix: fix memory leak in configuration on server shutdown
|
|
+ fix: fix broken dnsproxy module
|
|
+ fix: fix multi value parsing on big-endian
|
|
+ fix: adapt to Nettle 3 API break causing base64 decoding failures on big-endian
|
|
+ feature: add 'keymgr zone key ds' to show key's DS record
|
|
+ feature: add 'keymgr tsig generate' to generate TSIG keys
|
|
+ feature: add query module scoping to process either all queries or zone queries only
|
|
+ feature: add support for file name globbing in config file includes
|
|
+ feature: add 'request-edns-option' config option to add custom EDNS0 option into server initiated queries
|
|
+ improvement: send minimal responses (remove NS from Authority section for NOERROR)
|
|
+ improvement: update persistent timers only on shutdown for better performance
|
|
+ improvement: allow change of RR TTL over DDNS
|
|
+ improvement: documentation fixes, updates, and improvements in formatting
|
|
+ improvement: install yparser and zscanner header files
|
|
|
|
* Mon Jul 20 2015 Jan Vcelak <jvcelak@fedoraproject.org> 2.0.0-1
|
|
- new upstream release:
|
|
+ feature: possibility to disable zone file synchronization
|
|
+ feature: knsupdate, add input prompt in interactive mode
|
|
+ feature: knsupdate, TSIG algorithm specification in interactive mode
|
|
|
|
* Thu Jun 18 2015 Jan Vcelak <jvcelak@fedoraproject.org> 2.0.0-0.1.rc1
|
|
- new upstream pre-release:
|
|
+ fix: lost NOTIFY message if received during zone transfer
|
|
+ fix: kdig, record correct dnstap SocketProtocol when retrying over TCP
|
|
+ fix: kdig, hide TSIG section with +noall
|
|
+ fix: do not set AA flag for AXFR/IXFR queries
|
|
+ feature: new configuration format in YAML, binary store im LMDB
|
|
+ feature: DNSSEC, separate library, switch to GnuTLS, new utilities
|
|
+ feature: DNSSEC, basic KASP support (generate initial keys, ZSK rollover)
|
|
+ feature: zone parser, split long TXT/SPF strings into multiple strings
|
|
+ feature: kdig, add generic dump style option (+generic)
|
|
+ feature: try all master servers on failure in multi-master environment
|
|
+ feature: improved remotes and ACLs (multiple addresses, multiple keys)
|
|
+ feature: basic support for zone file patterns (%s to substitute zone name)
|
|
+ improvement: do not write class for SOA record (unified with other RR types)
|
|
+ improvement: do not write master server address into the zone file
|
|
+ documentation: manual pages also in HTML and PDF format
|
|
|
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.99.1-4
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
* Mon May 04 2015 Kalev Lember <kalevlember@gmail.com> - 1.99.1-3
|
|
- Rebuilt for nettle soname bump
|
|
|
|
* Fri Feb 13 2015 Jan Vcelak <jvcelak@fedoraproject.org> 1.99.1-2
|
|
- fix BuildRequires for systemd integration
|
|
|
|
* Fri Feb 13 2015 Jan Vcelak <jvcelak@fedoraproject.org> 1.99.1-1
|
|
- new upstream pre-release version:
|
|
+ DNSSEC: switch from OpenSSL to GnuTLS
|
|
+ DNSSEC: initial support for KASP
|
|
- split package into subpackages
|
|
- add documentation building
|
|
- restart daemon on updated
|