From 5d85502ebc17c1693644af7d2902f2efa72cec03 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Jun 23 2010 15:24:38 +0000 Subject: - obsolete & provide dnssec-conf and add transition %%trigger --- diff --git a/bind.spec b/bind.spec index ba05cac..373c1a1 100644 --- a/bind.spec +++ b/bind.spec @@ -20,7 +20,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.6.2 -Release: 4.%{PATCHVER}%{?dist} +Release: 5.%{PATCHVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -39,6 +39,7 @@ Source21: Copyright.caching-nameserver Source25: named.conf.sample Source28: config-4.tar.bz2 Source30: ldap2zone.c +Source31: named.iscdlv.key # Common patches Patch5: bind-nonexec.patch @@ -77,6 +78,8 @@ Requires(preun):chkconfig Requires: dnssec-conf Obsoletes: bind-config < 30:9.3.2-34.fc6, caching-nameserver < 31:9.4.1-7.fc8 Provides: bind-config = 30:9.3.2-34.fc6, caching-nameserver = 31:9.4.1-7.fc8 +Obsoletes: dnssec-conf < 1.21-9 +Provides: dnssec-conf = 1.21-9 BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: libidn-devel, libxml2-devel %if %{SDB} @@ -343,6 +346,7 @@ touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28} touch ${RPM_BUILD_ROOT}/etc/rndc.key touch ${RPM_BUILD_ROOT}/etc/rndc.conf +install -m 644 %{SOURCE31} ${RPM_BUILD_ROOT}/etc/named.iscdlv.key mkdir ${RPM_BUILD_ROOT}/etc/named install -m 644 %{SOURCE5} ./rfc1912.txt @@ -431,6 +435,36 @@ fi %triggerpostun -n bind-libs -p /bin/bash -- bind-libs > 32:9.6.1-0.1.b1 /sbin/ldconfig +# Automatically update configuration from "dnssec-conf-based" to "BIND-based" +%triggerpostun -n bind -- dnssec-conf +if [ -r '/etc/named.conf' ]; then +cp -fp /etc/named.conf /etc/named.conf.rpmsave +if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then + if grep -q 'dlv.isc.org.conf' /etc/named.conf; then + # DLV is configured, reconfigure it to new configuration + sed -i -e 's/.*dlv.isc.org.conf.*/include "\/etc\/named.iscdlv.key";/' /etc/named.conf + fi + sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \ + /etc/named.conf + /sbin/service named try-restart > /dev/null 2>&1 || :; +fi +fi + +# Ditto for chroot configuration +if [ -r '/var/named/chroot/etc/named.conf' ]; then +cp -fp /var/named/chroot/etc/named.conf /var/named/chroot/etc/named.conf.rpmsave +if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /var/named/chroot/etc/named.conf; then + if grep -q 'dlv.isc.org.conf' /var/named/chroot/etc/named.conf; then + # DLV is configured, reconfigure it to new configuration + sed -i -e 's/.*dlv.isc.org.conf.*/include "\/etc\/named.iscdlv.key";/' \ + /var/named/chroot/etc/named.conf + fi + sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \ + /var/named/chroot/etc/named.conf + /sbin/service named try-restart > /dev/null 2>&1 || :; +fi +fi + %post chroot if [ "$1" -gt 0 ]; then [ -e %{chroot_prefix}/dev/random ] || \ @@ -467,6 +501,7 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{_sysconfdir}/named %dir %{_localstatedir}/named %config(noreplace) %verify(not link) %{_sysconfdir}/named.conf +%config(noreplace) %verify(not link) %{_sysconfdir}/named.iscdlv.key %config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones %config %verify(not link) %{_localstatedir}/named/named.ca %config %verify(not link) %{_localstatedir}/named/named.localhost @@ -582,6 +617,9 @@ rm -rf ${RPM_BUILD_ROOT} %ghost %{chroot_prefix}/etc/localtime %changelog +* Wed Jun 23 2010 Adam Tkac 32:9.6.2-5.P2 +- obsolete & provide dnssec-conf and add transition %%trigger + * Thu May 20 2010 Adam Tkac 32:9.6.2-4.P2 - update to 9.6.2-P2 diff --git a/named.init b/named.init index 5694427..8fe3bb5 100755 --- a/named.init +++ b/named.init @@ -49,7 +49,7 @@ fi ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key -/usr/lib64/bind /usr/lib/bind' +/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key' mount_chroot_conf() { diff --git a/named.iscdlv.key b/named.iscdlv.key new file mode 100644 index 0000000..15dcc29 --- /dev/null +++ b/named.iscdlv.key @@ -0,0 +1,6 @@ +trusted-keys { + # NOTE: This key is current as of October 2009. + # If it fails to initialize correctly, it may have expired; + # see https://www.isc.org/solutions/dlv for a replacement. + dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh"; +};