diff options
| author | jvdias <jvdias@fedoraproject.org> | 2006-03-07 04:25:38 +0000 |
|---|---|---|
| committer | jvdias <jvdias@fedoraproject.org> | 2006-03-07 04:25:38 +0000 |
| commit | 0cd02aa18f76fca3a52a81df26804036142b80f2 (patch) | |
| tree | 50113d49e103cbfa315b4aa95de5be0053b309c2 | |
| parent | b3f861a9645ba094769c7e2ba0cee5c4ac596ff5 (diff) | |
| download | bind-0cd02aa18f76fca3a52a81df26804036142b80f2.tar.gz bind-0cd02aa18f76fca3a52a81df26804036142b80f2.tar.xz bind-0cd02aa18f76fca3a52a81df26804036142b80f2.zip | |
- replace caching-nameserver with bind-config sub-packagebind-9_3_2-6
- fix bug 181730: fix creation of named user & gid
- fix bug 177595: handle case where $ROOTDIR is a link in initscript
- fix bug 177001: bind-config creates symlinks OK now
- fix bug 176388: named.conf is now never replaced by any RPM
- fix bug 176246: remove unecessary creation of rpmsave links
- fix bug 174925: no replacement of named.conf
- fix bug 173963: existing named.conf never modified
- major .spec file cleanup
| -rw-r--r-- | Copyright.caching-nameserver | 5 | ||||
| -rw-r--r-- | bind-chroot-admin.in | 244 | ||||
| -rw-r--r-- | bind.spec | 745 | ||||
| -rw-r--r-- | localdomain.zone | 10 | ||||
| -rw-r--r-- | localhost.zone | 12 | ||||
| -rw-r--r-- | named.broadcast | 8 | ||||
| -rw-r--r-- | named.caching-nameserver.conf | 33 | ||||
| -rwxr-xr-x | named.init | 24 | ||||
| -rw-r--r-- | named.ip6.local | 9 | ||||
| -rw-r--r-- | named.local | 9 | ||||
| -rw-r--r-- | named.rfc1912.zones | 48 | ||||
| -rw-r--r-- | named.root | 80 | ||||
| -rw-r--r-- | named.zero | 8 |
13 files changed, 888 insertions, 347 deletions
diff --git a/Copyright.caching-nameserver b/Copyright.caching-nameserver new file mode 100644 index 0000000..8666932 --- /dev/null +++ b/Copyright.caching-nameserver @@ -0,0 +1,5 @@ + +The files included in this package are obtained from +ftp://ftp.internic.net/domain/, where they are made +available for free to anybody. In other words, this package +is created under a Public Domain license. diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in new file mode 100644 index 0000000..81598a8 --- /dev/null +++ b/bind-chroot-admin.in @@ -0,0 +1,244 @@ +#!/bin/bash +# +# Script to control the bind-chroot ISC BIND named(8) server runtime environment. +# +# Usage: +# [ -e | --enable ] [ -d | --disable ] | [ -s --sync ] +# +# -e | --enable: enable the bind-chroot environment +# -d | --disable: disable the bind-chroot environment +# -s | --sync: sync files between the bind chroot and / environments, +# so they are correct for the current state of the bind-chroot +# (enabled / disabled) +# $BIND_CHROOT_PREFIX, default /var/named/chroot, is the location of the chroot. +# $BIND_DIR, default /var/named, is the default un-chrooted bind directory. +# +# Copyright(C) 2006 Jason Vas Dias <jvdias@redhat.com>, Red Hat, Inc. +# +# This software is provided under the terms of the GNU +# General Public License (GPL), as published at: +# http://www.gnu.org/licenses/gpl.html . +# +# +BIND_CHROOT_PREFIX=${BIND_CHROOT_PREFIX:-@BIND_CHROOT_PREFIX@} +BIND_DIR=${BIND_DIR:-@BIND_DIR@} + +function usage() +{ + echo 'Usage: + -e | --enable: enable the bind-chroot environment + -d | --disable: disable the bind-chroot environment + -s | --sync: sync files between the bind chroot and / environments, + so they are correct for the current state of the bind-chroot + (enabled / disabled) + $BIND_CHROOT_PREFIX, default /var/named/chroot, is the location of the chroot. + $BIND_DIR, default /var/named, is the default un-chrooted bind directory. +'; +} + +function rootdir() +{ + . /etc/sysconfig/named + if [ -n "$ROOTDIR" ]; then + BIND_CHROOT_PREFIX="$ROOTDIR"; + BIND_CHROOT_PREFIX=`echo $BIND_CHROOT_PREFIX | sed 's#//*#/#g;s#/$##'`; + if [ -L "$BIND_CHROOT_PREFIX" ]; then + BIND_CHROOT_PREFIX=`/usr/bin/readlink "$BIND_CHROOT_PREFIX"`; + fi + return 0; + fi; + return 1; +} + +function check_dirs() +{ + if [ -z "$BIND_CHROOT_PREFIX" ]; then + rootdir; + if [ -z "$BIND_CHROOT_PREFIX" ]; then + usage; + exit 1; + fi; + fi + BIND_DIR=`echo $BIND_DIR | sed 's#//*#/#g;s#/$##'`; + if [ -L "$BIND_DIR" ]; then + BIND_DIR=`/usr/bin/readlink "$BIND_DIR"`; + fi + BIND_CHROOT_PREFIX=`echo $BIND_CHROOT_PREFIX | sed 's#//*#/#g;s#/$##'`; + if [ -L "$BIND_CHROOT_PREFIX" ]; then + BIND_CHROOT_PREFIX=`/usr/bin/readlink "$BIND_CHROOT_PREFIX"`; + fi + + /bin/mkdir -p ${BIND_DIR}/{slaves,data}; + /bin/chown root:named ${BIND_DIR}; + /bin/chown named:named ${BIND_DIR}/{slaves,data}; + /bin/chmod 750 ${BIND_DIR} + /bin/chmod 770 ${BIND_DIR}/{slaves,data}; + + mkdir -p ${BIND_CHROOT_PREFIX}/{etc,proc,dev,var/{run/dbus,run/named,named/{slaves,data}}}; + /bin/chown root:named ${BIND_CHROOT_PREFIX}/{etc,proc,dev,var/{run,run/dbus,named/}}; + /bin/chmod 750 ${BIND_CHROOT_PREFIX}/{,etc,proc,dev,var,var/{run,run/dbus,named/}}; + /bin/chown named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}}; + /bin/chmod 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}}; + [ ! -e "${BIND_CHROOT_PREFIX}/dev/random" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/random" c 1 8 + [ ! -e "${BIND_CHROOT_PREFIX}/dev/zero" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/zero" c 1 5 + [ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3 + [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] && [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime"; +} + +check_dirs; + +function replace_with_link() +{ # replaces $dst second arg file with link to $src first arg file + if [ $# -lt 2 ]; then + return 1; + fi; + src=$1 + dst=$2 + if [ -z "$src" ] || [ -z "$dst" ] || [ "$src" = "$dst" ]; then + return 1; + fi + if [ ! -e "$src" ]; then + if [ ! -e "$dst" ]; then + return 1; + else + if [ -L "$dst" ]; then + dstlnk=`/usr/bin/readlink "$dst"`; + if [ ! -e "$dstlnk" ] ; then + return 1; + fi + rm -f "$dst"; + /bin/cp -fp "$dstlnk" "$dst"; + fi; + /bin/mv "$dst" "$src"; + fi + fi + if [ -e "$dst" ]; then + if [ ! -L "$dst" ]; then + if [ ! -s "$dst" ]; then + /bin/rm -f "$dst"; + else + if [ "$src" -nt "$dst" ] || [ ! "$dst" -nt "$src" ] ; then + /bin/mv "$dst" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`; + else # [ "$dst" -nt "$src" ] + /bin/mv "$src" "$src".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`; + /bin/mv "$dst" "$src"; + fi; + fi; + else + dstlnk=`/usr/bin/readlink "$dst"` + if [ "$dstlnk" != $src ]; then + /bin/rm -f $dst; + if [ "$dstlnk" != "$dst" ] && [ -s $dstlnk ]; then + if [ "$dstlnk" -nt "$src" ] || [ ! "$dstlnk" -nt "$src" ] ; then + /bin/cp -fp "$dstlnk" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`; + else + /bin/mv "$src" "$src".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`; + /bin/cp -fp "$dstlnk" "$src"; + fi; + fi; + else + return 0; + fi; + fi; + fi; + /bin/ln -sf "$src" "$dst"; + return $?; +} + +function replace_with_file() +{ + if [ $# -lt 2 ]; then + return 1; + fi; + src=$1; + dst=$2; + if [ -z "$src" ] || [ -z "$dst" ] || [ "$src" = "$dst" ]; then + return 1; + fi + if [ ! -e "$src" ]; then + if [ -e "$dst" ]; then + /bin/rm -f $dst; + fi; + return 1; + fi; + if [ -e "$dst" ]; then + if [ ! -L "$dst" ]; then + /bin/mv "$dst" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`; + else + /bin/rm -f "$dst"; + fi; + fi; + /bin/mv -f "$src" "$dst"; +} + +function enable_bind_chroot() +{ + if /bin/egrep '^ROOTDIR=' /etc/sysconfig/named; then + /bin/sed -i -e 's#^ROOTDIR=.*$#ROOTDIR='${BIND_CHROOT_PREFIX}'#' /etc/sysconfig/named ; + else + echo 'ROOTDIR='${BIND_CHROOT_PREFIX} >> /etc/sysconfig/named; + fi +} + +function disable_bind_chroot() +{ + /bin/sed -i -e '/^ROOTDIR=/d' /etc/sysconfig/named; +} + +function sync_files() +{ + shopt -q nullglob; + ng=$? + shopt -s nullglob; + pfx='' + if rootdir ; then # chroot is enabled + /usr/bin/find /{etc/{named.*,rndc.*},${BIND_DIR#/}{/*,/data/*,/slaves/*}} -maxdepth 0 -type f | + while read f; + do + replace_with_link ${BIND_CHROOT_PREFIX}/$f $f; + done; + pfx=${BIND_CHROOT_PREFIX} + else # chroot is disabled + /usr/bin/find /var/named/chroot/{etc/{named.*,rndc.*},var/named{/*,/data/*,/slaves/*}} -maxdepth 0 | + while read f; + do + if [ ! -d "$f" ]; then + replace_with_file $f ${f#$BIND_CHROOT_PREFIX}; + fi; + done + fi; + if [ $ng -eq 1 ]; then + shopt -u nullglob; + fi; + chown root:named ${pfx}/var/named/* >/dev/null 2>&1; + chmod 750 ${pfx}/var/named >/dev/null 2>&1; + chmod 640 ${pfx}/var/named/* >/dev/null 2>&1; + chown named:named ${pfx}/var/named/{data{,/*},slaves{,*/}} >/dev/null 2>&1; + chmod 770 ${pfx}/var/named/{data,slaves} >/dev/null 2>&1; + chmod 640 ${pfx}/var/named/{data/*,slaves/*} >/dev/null 2>&1; +# [ -x /sbin/restorecon ] && /sbin/restorecon -R $pfx{/var/named,/etc/{named,rndc}.*} -e ${BIND_CHROOT_PREFIX}/proc -e ${BIND_CHROOT_PREFIX}/var/run/dbus -e ${BIND_CHROOT_PREFIX}/dev >/dev/null 2>&1; +} + +case $1 in + -e|--enable) + enable_bind_chroot; + sync_files; + /sbin/service named condrestart + exit $?; + ;; + -d|--disable) + disable_bind_chroot; + sync_files; + /sbin/service named condrestart + exit $?; + ;; + -s|--sync) + sync_files; + exit $?; + ;; + -q) + ;; + *) + usage; + exit 1; +esac
\ No newline at end of file @@ -1,91 +1,107 @@ -%define posix_threads 0 -%{?!SDB: %define SDB 1} -%{?!LIBBIND:%define LIBBIND 1} -%{?!efence: %define efence 0} -%{?!test: %define test 0} -%{?!WITH_DBUS: %define WITH_DBUS 1} # + dynamic forwarder table management with D-BUS -# Usage: export RPM='/usr/bin/rpmbuild --define "test 1"'; make $arch; -Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. -Name: bind -License: BSD-like -Version: 9.3.2 -Release: 4.1 -Epoch: 30 -Url: http://www.isc.org/products/BIND/ -Buildroot: %{_tmppath}/%{name}-root -Group: System Environment/Daemons -Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz -#Source1: bind-manpages-2.tar.bz2 -# Finally, ISC are distributing man named.conf(5) and nslookup(8) ! -Source1: named.sysconfig -Source2: named.init -Source3: named.logrotate -Source4: keygen.c -Source5: rfc1912.txt -Source6: bind-chroot.tar.gz -Source7: bind-9.3.1rc1-sdb_tools-Makefile.in -Source8: dnszone.schema -Source9: libbind-man.tar.gz -Source10: named-dbus.conf -Source11: named.service -Source12: README.sdb_pgsql -Source13: namedSetForwarders -Source14: namedGetForwarders -Source15: filter_requires.sh -# http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt -Patch: bind-9.2.0rc3-varrun.patch -Patch1: bind-9.3.2b2-rndckey.patch -Patch2: bind-9.3.1beta2-openssl-suffix.patch -Patch3: bind-posixthreads.patch -Patch4: bind-bsdcompat.patch -Patch5: bind-nonexec.patch -Patch6: bind-9.2.2-nsl.patch -Patch7: bind-9.2.4rc7-pie.patch -Patch8: bind-9.3.0-handle-send-errors.patch -Patch9: bind-9.3.0-missing-dnssec-tools.patch -Patch10: bind-9.3.2b1-PIE.patch -Patch11: bind-9.3.2b2-sdbsrc.patch -Patch12: bind-9.3.1rc1-sdb.patch -Patch13: bind-9.3.1rc1-fix_libbind_includedir.patch -Patch14: libbind-9.3.1rc1-fix_h_errno.patch -Patch15: bind-9.3.2b2-dbus.patch -Patch16: bind-9.3.2-redhat_doc.patch -Patch17: bind-9.3.2b1-fix_sdb_ldap.patch -Patch18: bind-9.3.1-reject_resolv_conf_errors.patch -Patch19: bind-9.3.1-next_server_on_referral.patch -Patch20: bind-9.3.2b2-no_servfail_stops.patch -Patch21: bind-9.3.2b1-fix_sdb_pgsql.patch -Patch22: bind-9.3.1-sdb_dbus.patch -Patch23: bind-9.3.1-dbus_archdep_libdir.patch -Patch24: bind-9.3.1-t_no_default_lookups.patch -Patch25: bind-9.3.1-fix_no_dbus_daemon.patch -Patch26: bind-9.3.1-flush-cache.patch -Patch27: bind-9.3.1-dbus_restart.patch -Patch28: bind-9.3.2rc1-dbus-0.6.patch -Patch29: bind-9.3.2-bz177854.patch -Requires(pre,preun): shadow-utils -Requires(post,preun): chkconfig -Requires(post): textutils, fileutils, sed, grep -Requires: bind-libs = %{epoch}:%{version}-%{release}, bind-utils = %{epoch}:%{version}-%{release}, glibc >= 2.2, /bin/usleep -#Requires: kernel >= 2.4 -#Requires: glibc >= 2.3.2-5 +# +# Red Hat BIND package .spec file +# +%{?!SDB: %define SDB 1} +%{?!LIBBIND: %define LIBBIND 1} +%{?!efence: %define efence 0} +%{?!test: %define test 0} +%{?!WITH_DBUS: %define WITH_DBUS 1} # + dynamic forwarder table management with D-BUS +%{?!DEBUGINFO: %define DEBUGINFO 1} +%define bind_dir /var/named +%define chroot_prefix %{bind_dir}/chroot +# +Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. +Name: bind +License: BSD-like +Version: 9.3.2 +Release: 6 +Epoch: 30 +Url: http://www.isc.org/products/BIND/ +Buildroot: %{_tmppath}/%{name}-root +Group: System Environment/Daemons +# +Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz +Source1: named.sysconfig +Source2: named.init +Source3: named.logrotate +Source4: keygen.c +Source5: rfc1912.txt +Source6: bind-chroot.tar.gz +Source7: bind-9.3.1rc1-sdb_tools-Makefile.in +Source8: http://www.venaas.no/ldap/bind-sdb/dnszone.schema +Source9: libbind-man.tar.gz +Source10: named-dbus.conf +Source11: named.service +Source12: README.sdb_pgsql +Source13: namedSetForwarders +Source14: namedGetForwarders +Source15: filter_requires.sh +Source16: named.caching-nameserver.conf +Source17: named.root +Source18: named.local +Source19: localhost.zone +Source20: localdomain.zone +Source21: named.ip6.local +Source22: named.broadcast +Source23: named.zero +Source24: Copyright.caching-nameserver +Source25: rfc1912.txt +Source26: bind-chroot-admin.in +Source27: named.rfc1912.zones +# +Patch: bind-9.2.0rc3-varrun.patch +Patch1: bind-9.3.2b2-rndckey.patch +Patch2: bind-9.3.1beta2-openssl-suffix.patch +Patch3: bind-posixthreads.patch +Patch4: bind-bsdcompat.patch +Patch5: bind-nonexec.patch +Patch6: bind-9.2.2-nsl.patch +Patch7: bind-9.2.4rc7-pie.patch +Patch8: bind-9.3.0-handle-send-errors.patch +Patch9: bind-9.3.0-missing-dnssec-tools.patch +Patch10: bind-9.3.2b1-PIE.patch +Patch11: bind-9.3.2b2-sdbsrc.patch +Patch12: bind-9.3.1rc1-sdb.patch +Patch13: bind-9.3.1rc1-fix_libbind_includedir.patch +Patch14: libbind-9.3.1rc1-fix_h_errno.patch +Patch15: bind-9.3.2b2-dbus.patch +Patch16: bind-9.3.2-redhat_doc.patch +Patch17: bind-9.3.2b1-fix_sdb_ldap.patch +Patch18: bind-9.3.1-reject_resolv_conf_errors.patch +Patch19: bind-9.3.1-next_server_on_referral.patch +Patch20: bind-9.3.2b2-no_servfail_stops.patch +Patch21: bind-9.3.2b1-fix_sdb_pgsql.patch +Patch22: bind-9.3.1-sdb_dbus.patch +Patch23: bind-9.3.1-dbus_archdep_libdir.patch +Patch24: bind-9.3.1-t_no_default_lookups.patch +Patch25: bind-9.3.1-fix_no_dbus_daemon.patch +Patch26: bind-9.3.1-flush-cache.patch +Patch27: bind-9.3.1-dbus_restart.patch +Patch28: bind-9.3.2rc1-dbus-0.6.patch +Patch29: bind-9.3.2-bz177854.patch +# +Requires(pre,preun): shadow-utils +Requires(post,preun): chkconfig +Requires(post): textutils, fileutils, sed, grep +Requires: bind-libs = %{epoch}:%{version}-%{release}, glibc >= 2.2, /bin/usleep %if %{SDB} %if %{WITH_DBUS} -BuildRequires: openssl-devel gcc dbus-devel glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar openldap-devel postgresql-devel +BuildRequires: openssl-devel gcc dbus-devel glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar openldap-devel postgresql-devel %else -BuildRequires: openssl-devel gcc glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar openldap-devel postgresql-devel +BuildRequires: openssl-devel gcc glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar openldap-devel postgresql-devel %endif %else %if %{WITH_DBUS} -BuildRequires: openssl-devel gcc dbus-devel glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar +BuildRequires: openssl-devel gcc dbus-devel glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar %else -BuildRequires: openssl-devel gcc glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar +BuildRequires: openssl-devel gcc glibc-devel >= 2.2.5-26 glibc-kernheaders >= 2.4-7.10 libtool pkgconfig tar %endif %endif # fix bug 176100: do not Require: perl just for namedGetForwarders ! %define __perl_requires %SOURCE15 %define __find_requires %SOURCE15 %define _use_internal_dependency_generator 0 +# %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS @@ -94,16 +110,18 @@ which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. -%package libs -Summary: Libraries used by various DNS packages -Group: Applications/System + +%package libs +Summary: Libraries used by various DNS packages +Group: Applications/System %description libs Contains libraries used by both the bind server package as well as the utils packages. -%package utils -Summary: Utilities for querying DNS name servers. -Group: Applications/System + +%package utils +Summary: Utilities for querying DNS name servers. +Group: Applications/System Requires: bind-libs = %{epoch}:%{version}-%{release} %description utils @@ -116,16 +134,48 @@ network addresses. You should install bind-utils if you need to get information from DNS name servers. -%package devel -Summary: Include files and libraries needed for bind DNS development. -Group: Development/Libraries -Requires: bind-libs = %{epoch}:%{version}-%{release} + +%package devel +Summary: Include files and libraries needed for bind DNS development. +Group: Development/Libraries +Requires: bind-libs = %{epoch}:%{version}-%{release} %description devel The bind-devel package contains all the include files and the library required for DNS (Domain Name System) development for BIND versions 9.x.x. + +%package config +Summary: Default BIND configuration files for a caching nameserver +Group: System Environment/Daemons +Obsoletes: caching-nameserver +Provides: caching-nameserver +Requires: bind = %{epoch}:%{version}-%{release} + +%description config +The bind-config package includes the configuration files which will make +the ISC BIND named DNS name server act as a simple caching nameserver. +A caching nameserver is a DNS Resolver, as defined in RFC 1035, section 7. +ISC BIND named(8) provides a very efficient, flexible and robust resolver as +well as a server of authoritative DNS data - many users use this package +along with BIND to implement their primary system DNS resolver service. +If you would like to set up a caching name server, you'll need to install +bind, bind-libs, and bind-utils along with this package. +This package replaces the caching-nameserver package. + +%package chroot +Summary: A chroot runtime environment for the ISC BIND DNS server, named(8) +Group: System Environment/Daemons +Prefix: %{chroot_prefix} +Requires: bind = %{epoch}:%{version}-%{release} + +%description chroot +This package contains a tree of files which can be used as a +chroot(2) jail for the named(8) program from the BIND package. +Based off code from Jan "Yenya" Kasprzak <kas@fi.muni.cz> + + %if %{LIBBIND} %package libbind-devel @@ -140,16 +190,6 @@ necessary to develop software that uses it. %endif -%package chroot -Summary: A chrooted tree for the BIND nameserver -Group: System Environment/Daemons -Prefix: /var/named/chroot -Requires: bind = %{epoch}:%{version}-%{release} - -%description chroot -This package contains a tree of files which can be used as a -chroot(2) jail for the named(8) program from the BIND package. -Based off code from Jan "Yenya" Kasprzak <kas@fi.muni.cz> %if %{SDB} @@ -173,15 +213,17 @@ zone database. %endif + %prep %setup -q -n %{name}-%{version} %patch -p1 -b .varrun %patch1 -p1 -b .key %patch2 -p1 -b .openssl_suffix +#%define posix_threads 0 #%if %{posix_threads} #%patch3 -p1 -b .posixthreads +#^- This patch is no longer required and would not work anyway (see BZ 87525). #%endif -# This patch is no longer required and would not work anyway (see BZ 87525). %patch4 -p1 -b .bsdcompat %patch5 -p1 -b .nonexec %patch6 -p1 -b .nsl @@ -254,6 +296,7 @@ cp -fp bin/named/include/named/{dbus_mgr.h,dbus_service.h,globals.h,server.h,log %endif %endif + %build libtoolize --copy --force; aclocal; autoconf cp -f /usr/share/libtool/config.{guess,sub} . @@ -292,11 +335,16 @@ make %{?_smp_mflags} if [ $? -ne 0 ]; then exit $?; fi; -cp %{SOURCE5} doc/rfc -gzip -9 doc/rfc/* + + +%if !%{DEBUGINFO} +%define debug_package %{nil} +%endif %install rm -rf $RPM_BUILD_ROOT +cp %{SOURCE5} doc/rfc +gzip -9 doc/rfc/* mkdir -p ${RPM_BUILD_ROOT}/etc/{rc.d/init.d,logrotate.d} mkdir -p ${RPM_BUILD_ROOT}/usr/{bin,lib,sbin,include} mkdir -p ${RPM_BUILD_ROOT}/var/named @@ -305,14 +353,15 @@ mkdir -p ${RPM_BUILD_ROOT}/var/named/data mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8} mkdir -p ${RPM_BUILD_ROOT}/var/run/named #chroot -mkdir -p ${RPM_BUILD_ROOT}/%{prefix} -tar --no-same-owner -zxvf %{SOURCE6} --directory ${RPM_BUILD_ROOT}/%{prefix} +mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix} +tar --no-same-owner -zxvf %{SOURCE6} --directory ${RPM_BUILD_ROOT}/%{chroot_prefix} # these are required to prevent them being erased during upgrade of previous # versions that included them (bug #130121): -touch ${RPM_BUILD_ROOT}/%{prefix}/etc/named.conf -touch ${RPM_BUILD_ROOT}/%{prefix}/etc/rndc.key -touch ${RPM_BUILD_ROOT}/%{prefix}/dev/null -touch ${RPM_BUILD_ROOT}/%{prefix}/dev/random +touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/named.conf +touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/named.rfc1912.zones +touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/rndc.key +touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/dev/null +touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/dev/random #end chroot make DESTDIR=$RPM_BUILD_ROOT install install -c -m 640 bin/rndc/rndc.conf $RPM_BUILD_ROOT%{_sysconfdir} @@ -378,32 +427,218 @@ cp -fp lib/isc/include/isc/hash.h $RPM_BUILD_ROOT/%{_includedir}/isc find $RPM_BUILD_ROOT/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';'; # /usr/lib/rpm/brp-compress # +# Ghost config files: +touch $RPM_BUILD_ROOT/etc/named.conf +# bind-config files: +mkdir -p $RPM_BUILD_ROOT/{etc,var/named} +install -m 644 %{SOURCE16} $RPM_BUILD_ROOT/etc/named.caching-nameserver.conf +install -m 644 %{SOURCE27} $RPM_BUILD_ROOT/etc/named.rfc1912.zones +install -m 644 %{SOURCE17} $RPM_BUILD_ROOT/var/named/named.ca +install -m 644 %{SOURCE18} $RPM_BUILD_ROOT/var/named/named.local +install -m 644 %{SOURCE19} $RPM_BUILD_ROOT/var/named/localhost.zone +install -m 644 %{SOURCE20} $RPM_BUILD_ROOT/var/named/localdomain.zone +install -m 644 %{SOURCE21} $RPM_BUILD_ROOT/var/named/named.ip6.local +install -m 644 %{SOURCE22} $RPM_BUILD_ROOT/var/named/named.broadcast +install -m 644 %{SOURCE23} $RPM_BUILD_ROOT/var/named/named.zero +for f in /etc/named.caching-nameserver.conf /var/named/{named.ca,named.local,localhost.zone,localdomain.zone,named.ip6.local,named.broadcast,named.zero}; do + touch $RPM_BUILD_ROOT/%{chroot_prefix}/$f; +done +install -m 644 %{SOURCE24} ./rfc1912.txt +install -m 644 %{SOURCE25} ./Copyright +# bind-chroot-admin script: +sed -e 's^@BIND_CHROOT_PREFIX@^'%{chroot_prefix}'^;s^@BIND_DIR@^'%{bind_dir}'^' < %SOURCE26 > bind-chroot-admin; +install -m 754 bind-chroot-admin $RPM_BUILD_ROOT/%{_sbindir} +%if !%{DEBUGINFO} +echo 'WARNING - NOT generating debuginfo!' +/usr/lib/rpm/brp-compress +exit 0 +%endif :; + +%files +%defattr(-,root,root) +%attr(750,root,named) %dir /var/named +%attr(770,named,named) %dir /var/named/slaves +%attr(770,named,named) %dir /var/named/data +%attr(770,named,named) %dir /var/run/named +%attr(754,root,root) %config /etc/rc.d/init.d/named +%config(noreplace) /etc/sysconfig/named +%verify(not size,not md5) %config(noreplace) %attr(0640,root,named) /etc/rndc.key +# %verify(not size,not md5) %config(noreplace) %attr(0640,root,named) /etc/rndc.conf +# ^- Let the named internal default rndc.conf be used - +# rndc.conf not required unless it differs from default. +%ghost %config(noreplace) /etc/named.conf +# ^- Ensure something owns named.conf, even though it may not be installed at all +%ghost %config(noreplace) /etc/rndc.conf +%config(noreplace) /etc/logrotate.d/named +%{_sbindir}/dnssec* +%{_sbindir}/lwresd +%{_sbindir}/named +%{_sbindir}/named-bootconf +%{_sbindir}/named-check* +%{_sbindir}/rndc* +%{_sbindir}/dns-keygen +%{_sbindir}/bind-chroot-admin +%{_mandir}/man5/named.conf.5* +%{_mandir}/man5/rndc.conf.5* +%{_mandir}/man8/rndc.8* +%{_mandir}/man8/named.8* +%{_mandir}/man8/lwresd.8* +%{_mandir}/man8/dnssec*.8* +%{_mandir}/man8/named-checkconf.8* +%{_mandir}/man8/named-checkzone.8* +%{_mandir}/man8/rndc-confgen.8* +%doc CHANGES COPYRIGHT README +%doc doc/arm doc/misc +%if %{WITH_DBUS} +%doc doc/README.DBUS +%attr(644,root,root) %config /etc/dbus-1/system.d/named.conf +%attr(644,root,root) %config /usr/share/dbus-1/services/named.service +%attr(754,root,root) /usr/sbin/namedGetForwarders +%attr(754,root,root) /usr/sbin/namedSetForwarders +%endif + +%files libs +%defattr(-,root,root) +%{_libdir}/*so* + +%files utils +%defattr(-,root,root) +%{_bindir}/dig +%{_bindir}/host +%{_bindir}/nslookup +%{_bindir}/nsupdate +%{_mandir}/man1/host.1* +%{_mandir}/man8/nsupdate.8* +%{_mandir}/man1/dig.1* +%{_mandir}/man1/nslookup.1* + +%files devel +%defattr(-,root,root) +%{_libdir}/libbind9.a +%{_libdir}/libdns.a +%{_libdir}/libisc.a +%{_libdir}/libisccc.a +%{_libdir}/libisccfg.a +%{_libdir}/liblwres.a +%{_includedir}/bind9 +%{_includedir}/dns +%{_includedir}/dst +%{_includedir}/isc +%{_includedir}/isccc +%{_includedir}/isccfg +%{_includedir}/lwres +%{_mandir}/man3/lwres* +%{_bindir}/isc-config.sh +%doc doc/draft doc/rfc + +%files config +%defattr(-,root,root) +%config /etc/named.caching-nameserver.conf +%ghost %config %{chroot_prefix}/etc/named.caching-nameserver.conf +%config /etc/named.rfc1912.zones +%ghost %config %{chroot_prefix}/etc/named.rfc1912.zones +%ghost %config(noreplace) /etc/named.conf +%ghost %config(noreplace) %{chroot_prefix}/etc/named.conf +%defattr(-,named,named) +%config /var/named/named.ca +%ghost %config %{chroot_prefix}/var/named/named.ca +%config /var/named/named.local +%ghost %config %{chroot_prefix}/var/named/named.local +%config /var/named/localhost.zone +%ghost %config %{chroot_prefix}/var/named/localhost.zone +%config /var/named/localdomain.zone +%ghost %config %{chroot_prefix}/var/named/localdomain.zone +%config /var/named/named.ip6.local +%ghost %config %{chroot_prefix}/var/named/named.ip6.local +%config /var/named/named.broadcast +%ghost %config %{chroot_prefix}/var/named/named.broadcast +%config /var/named/named.zero +%ghost %config %{chroot_prefix}/var/named/named.zero +%defattr(-,root,root) +%doc Copyright +%doc rfc1912.txt + +%files chroot +%defattr(-,root,root) +%attr(750,root,named) %dir %prefix +%attr(750,root,named) %dir %prefix/dev +%attr(750,root,named) %dir %prefix/etc +%attr(750,root,named) %dir %prefix/var +%attr(770,root,named) %dir %prefix/var/run +%attr(770,named,named) %dir %prefix/var/tmp +%attr(770,named,named) %dir %prefix/var/run/named +%attr(750,root,named) %dir %prefix/var/named +%attr(770,named,named) %dir %prefix/var/named/slaves +%attr(770,named,named) %dir %prefix/var/named/data +%ghost %config(noreplace) %prefix/etc/named.conf +%ghost %config(noreplace) %prefix/etc/named.caching-nameserver.conf +%ghost %config(noreplace) %prefix/etc/rndc.key +%ghost %prefix/dev/null +%ghost %prefix/dev/random + +%if %{LIBBIND} + +%files libbind-devel +%defattr(-,root,root) +%{_libdir}/libbind.* +%{_includedir}/bind +%{_mandir}/man3/libbind-* +%{_mandir}/man7/libbind-* +%{_mandir}/man5/libbind-* + +%endif + +%if %{SDB} + +%files sdb +%defattr(-,root,named) +%{_sbindir}/named_sdb +%config /etc/openldap/schema/dnszone.schema +%{_sbindir}/zone2ldap +%{_sbindir}/ldap2zone +%{_sbindir}/zonetodb +%{_mandir}/man1/zone2ldap.1* +%doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql + +%endif + + %pre -/usr/sbin/groupadd -g 25 named >/dev/null 2>&1 || :; -/usr/sbin/useradd -c "Named" -u 25 -g named \ - -s /sbin/nologin -r -d /var/named named >/dev/null 2>&1 || :; +if [ "$1" -eq 1 ]; then + # create named group IFF it does not already exist + # - use any free ID between 1 and 499 if group 25 exists: + /usr/sbin/groupadd -g 25 -f -r named >/dev/null 2>&1 || :; + # if named user does not already exist, create it as system user: + if ! /usr/bin/id -u named > /dev/null 2>&1; then + if ! /bin/egrep -q '^[^:]+:[^:]+:25:' /etc/passwd >/dev/null 2>&1 ; then + /usr/sbin/useradd -u 25 -r -n -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :; + else + # use any free ID between 1 and 499: + /usr/sbin/useradd -r -n -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :; + fi; + fi; +fi; +:; %post if [ "$1" -eq 1 ]; then /sbin/chkconfig --add named - if [ -f /etc/named.boot -a ! -f /etc/named.conf ]; then - if [ -x /usr/sbin/named-bootconf ]; then - cat /etc/named.boot | /usr/sbin/named-bootconf > /etc/named.conf - chmod 644 /etc/named.conf - fi + if [ -f /etc/named.boot -a -x /usr/sbin/named-bootconf -a ! -f /etc/named.conf ]; then + # Convert BIND 4 named.bootconf syntax to BIND 9 syntax (should never be used!) + cat /etc/named.boot | /usr/sbin/named-bootconf > /etc/named.bootconf-converted.conf + if [ "$?" -eq 0 ]; then + chmod 644 /etc/named.bootconf-converted.conf + cp -fp /etc/named.bootconf-converted.conf /etc/named.conf; + fi; fi - if grep -q '@KEY@' /etc/rndc.key; then - sed -e "s/@KEY@/`/usr/sbin/dns-keygen`/" /etc/rndc.key >/etc/rndc.key.tmp - mv -f /etc/rndc.key.tmp /etc/rndc.key + if /bin/egrep -q '@KEY@' /etc/rndc.key; then + /bin/sed -i -e "s^@KEY@^`/usr/sbin/dns-keygen`^" /etc/rndc.key ; + chmod 0640 /etc/rndc.key + chown root:named /etc/rndc.key fi - if [ ! -s /etc/named.conf ]; then - echo -e '// Default named.conf generated by install of bind-'%{version}'-'%{release}'\noptions {\n\tdirectory "/var/named";\n\tdump-file "/var/named/data/cache_dump.db";\n\tstatistics-file "/var/named/data/named_stats.txt";\n};\ninclude "/etc/rndc.key";\n' > /etc/named.conf; - fi; - [ -d /selinux ] && [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key /etc/rndc.conf /etc/named.conf >/dev/null 2>&1 - chmod 0640 /etc/rndc.conf /etc/rndc.key - chown root:named /etc/rndc.conf /etc/rndc.key /etc/named.conf + [ -d /selinux ] && [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.conf /etc/named.conf >/dev/null 2>&1 ; /sbin/ldconfig fi :; @@ -422,15 +657,6 @@ if [ "$1" -ge 1 ]; then /etc/rc.d/init.d/named condrestart >/dev/null 2>&1 || : fi; /sbin/ldconfig - -%postun utils -# because bind-utils depends on bind, it gets uninstalled first, -# so bind's preun's 'service named stop' will fail (no rndc). -if [ $1 = 0 ]; then - if [ -f /var/lock/subsys/named ]; then - /etc/rc.d/init.d/named stop >/dev/null 2>&1 || :; - fi; -fi; :; %triggerpostun -- bind < 8.2.2_P5-15 @@ -472,134 +698,60 @@ if [ "$1" -gt 0 ]; then fi :; -%clean -rm -rf ${RPM_BUILD_ROOT} -# ${RPM_BUILD_DIR}/%{name}-%{version} +%postun utils +if [ $1 = 0 ]; then + if [ -f /var/lock/subsys/named ]; then + /etc/rc.d/init.d/named stop >/dev/null 2>&1 || :; + fi; +fi; :; + %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig -%files -%defattr(-,root,root) -%doc CHANGES COPYRIGHT README -%doc doc/arm doc/misc -%if %{WITH_DBUS} -%doc doc/README.DBUS -%attr(644,root,root) %config /etc/dbus-1/system.d/named.conf -%attr(644,root,root) %config /usr/share/dbus-1/services/named.service -%attr(754,root,root) /usr/sbin/namedGetForwarders -%attr(754,root,root) /usr/sbin/namedSetForwarders -%endif -%config(noreplace) /etc/logrotate.d/named -%attr(754,root,root) %config /etc/rc.d/init.d/named -%config(noreplace) /etc/sysconfig/named -%verify(not size,not md5) %config(noreplace) %attr(0640,root,named) /etc/rndc.conf -%verify(not size,not md5) %config(noreplace) %attr(0640,root,named) /etc/rndc.key -%{_sbindir}/dnssec* -%{_sbindir}/lwresd -%{_sbindir}/named -%{_sbindir}/named-bootconf -%{_sbindir}/named-check* -%{_sbindir}/rndc* -%{_sbindir}/dns-keygen +%post config +if [ "$1" -gt 0 ]; then + /usr/bin/chcon system_u:object_r:named_conf_t /etc/named.caching-nameserver.conf >/dev/null 2>&1 || :; +elif [ "$1" -eq 1 ]; then + /usr/sbin/bind-chroot-admin --sync; +fi; +:; -%{_mandir}/man5/named.conf.5* -%{_mandir}/man5/rndc.conf.5* -%{_mandir}/man8/rndc.8* -%{_mandir}/man8/named.8* -%{_mandir}/man8/lwresd.8* -%{_mandir}/man8/dnssec*.8* -%{_mandir}/man8/named-checkconf.8* -%{_mandir}/man8/named-checkzone.8* -%{_mandir}/man8/rndc-confgen.8* +%postun config +if [ "$1" -eq 0 ]; then + /usr/sbin/bind-chroot-admin --sync +fi; +:; -%attr(750,root,named) %dir /var/named -%attr(770,named,named) %dir /var/named/slaves -%attr(770,named,named) %dir /var/named/data -%attr(770,named,named) %dir /var/run/named -%files libs -%defattr(-,root,root) -%{_libdir}/*so* +%post chroot +if [ "$1" -gt 0 ]; then + chown named:named "%{prefix}/var/named/data" + /usr/sbin/bind-chroot-admin --enable; +fi; +:; -%files utils -%defattr(-,root,root) -%{_bindir}/dig -%{_bindir}/host -%{_bindir}/nslookup -%{_bindir}/nsupdate -%{_mandir}/man1/host.1* -%{_mandir}/man8/nsupdate.8* -%{_mandir}/man1/dig.1* -%{_mandir}/man1/nslookup.1* +%preun chroot +if [ "$1" = "0" ]; then + /usr/sbin/bind-chroot-admin --disable; +fi +:; -%files devel -%defattr(-,root,root) -%{_libdir}/libbind9.a -%{_libdir}/libdns.a -%{_libdir}/libisc.a -%{_libdir}/libisccc.a -%{_libdir}/libisccfg.a -%{_libdir}/liblwres.a -%{_includedir}/bind9 -%{_includedir}/dns -%{_includedir}/dst -%{_includedir}/isc -%{_includedir}/isccc -%{_includedir}/isccfg -%{_includedir}/lwres -%{_mandir}/man3/lwres* -%{_bindir}/isc-config.sh -%doc doc/draft doc/rfc %if %{LIBBIND} -%files libbind-devel -%defattr(-,root,root) -%{_libdir}/libbind.* -%{_includedir}/bind -%{_mandir}/man3/libbind-* -%{_mandir}/man7/libbind-* -%{_mandir}/man5/libbind-* - %post libbind-devel -p /sbin/ldconfig %postun libbind-devel -p /sbin/ldconfig %endif -%files chroot -%defattr(-,root,root) -%attr(750,root,named) %dir %prefix -%attr(750,root,named) %dir %prefix/dev -%attr(750,root,named) %dir %prefix/etc -%attr(750,root,named) %dir %prefix/var -%attr(770,root,named) %dir %prefix/var/run -%attr(770,named,named) %dir %prefix/var/tmp -%attr(770,named,named) %dir %prefix/var/run/named -%attr(750,root,named) %dir %prefix/var/named -%attr(770,named,named) %dir %prefix/var/named/slaves -%attr(770,named,named) %dir %prefix/var/named/data -%ghost %prefix/etc/named.conf -%ghost %prefix/etc/rndc.key -%ghost %prefix/dev/null -%ghost %prefix/dev/random %if %{SDB} -%files sdb -%defattr(-,root,named) -%{_sbindir}/named_sdb -%config /etc/openldap/schema/dnszone.schema -%{_sbindir}/zone2ldap -%{_sbindir}/ldap2zone -%{_sbindir}/zonetodb -%{_mandir}/man1/zone2ldap.1* -%doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql - %post sdb if [ "$1" -ge 1 ]; then # check that dnszone.schema is installed in OpenLDAP's slapd.conf @@ -640,119 +792,24 @@ fi; %endif # SDB -%post chroot -safe_replace() -{ - f1=$1; - f2=$2; - o=$3; - g=$4; - m=$5; - dc=$6; - if /usr/bin/test "x" = "x$f1" -o "x" = "x$f2" -o "$f1" = "$f2"; then - return 1; - fi; - if /usr/bin/test -r $f1 -a -s $f1 -a '!' -L $f1; then - if /usr/bin/test -r $f2 -a -s $f2 -a '!' -L $f2; then - /bin/mv $f1 $f1'.rpmsave' >/dev/null 2>&1 || :; - /bin/mv $f2 $f1 > /dev/null 2>&1 || :; - else - /bin/rm -f $f2 > /dev/null 2>&1 || :; - fi; - /bin/mv $f1 $f2 > /dev/null 2>&1 || :; - /bin/ln -s $f2 $f1 > /dev/null 2>&1 || :; - else - /bin/rm -f $f1 > /dev/null 2>&1 || :; - if /usr/bin/test -r $f2 -a -s $f2; then - /bin/ln -s $f2 $f1 > /dev/null 2>&1 || :; - else - if /usr/bin/test "x$dc" != "x"; then - echo $dc > $f2; - /bin/ln -s $f2 $f1 > /dev/null 2>&1 || :; - else - return 2; - fi; - fi; - fi; - chown $o':'$g $f2; - chmod $m $f2; - return 0; -} -if /usr/bin/test -r /etc/sysconfig/named && /bin/egrep -q '^ROOTDIR=' /etc/sysconfig/named; then - :; -else - echo ROOTDIR="%{prefix}" >>/etc/sysconfig/named; -fi -if /usr/bin/test -r /etc/localtime; then - /bin/cp -fp /etc/localtime "%{prefix}/etc/localtime" -fi -safe_replace /etc/rndc.key "%{prefix}/etc/rndc.key" root named 644 ''; -r=$?; -if /usr/bin/test "$r" -eq 2; then - /bin/rm -f /etc/rndc.key - echo -e 'key "rndckey" {\nalgorithm hmac-md5;\nsecret "'`/usr/sbin/dns-keygen`'"\n};' > /etc/rndc.key; - safe_replace /etc/rndc.key "%{prefix}/etc/rndc.key" root named 644 ''; -fi; -default_ndc='include "/etc/rndc.key";' -if [ -f /etc/named.custom ]; then - default_ndc='include "/etc/rndc.key";\ninclude "/etc/named.custom";' - safe_replace /etc/named.custom "%{prefix}/etc/named.custom" root named 644 '' || :; -fi -safe_replace /etc/named.conf "%{prefix}/etc/named.conf" root named 644 "$default_ndc" -/usr/bin/find /var/named -xdev -type f | /bin/egrep -v '/var/named/chroot' | while read f; -do - d=`/usr/bin/dirname $f`; - if test '!' -d "%{prefix}$d"; then - mkdir -p "%{prefix}$d"; - chown named:named "%{prefix}$d"; - chmod 655 "%{prefix}$d"; - fi; - safe_replace $f "%{prefix}$f" named named 644 '' || :; -done -[ ! -e "%{prefix}/dev/random" ] && mknod "%{prefix}/dev/random" c 1 8 -[ ! -e "%{prefix}/dev/zero" ] && mknod "%{prefix}/dev/zero" c 1 5 -[ ! -e "%{prefix}/dev/null" ] && mknod "%{prefix}/dev/null" c 1 3 -chmod a+r "%{prefix}/dev/random" "%{prefix}/dev/null" "%{prefix}/dev/" -chown root:named "%{prefix}/var/named" -chown named:named "%{prefix}/var/named/slaves" -chown named:named "%{prefix}/var/named/data" -/etc/init.d/named condrestart >/dev/null 2>&1 || :; -[ -d /selinux ] && [ -x /sbin/restorecon ] && /sbin/restorecon -e %{prefix}/proc -e %{prefix}/var/run/dbus -R %{prefix} >/dev/null 2>&1 -:; - -%preun chroot -if [ "$1" = "0" ]; then - /usr/bin/find /var/named/chroot -xdev -type f | while read f; - do - F=`echo $f | sed 's#/var/named/chroot##'`; - if /usr/bin/test -L $F && test `/usr/bin/readlink $F` = $f; then - /bin/rm -f $F; - /bin/mv $f $F; - fi; - done - if test -r /etc/sysconfig/named && grep -q '^ROOTDIR=' /etc/sysconfig/named; then - named_tmp=`/bin/mktemp /tmp/XXXXXX` - grep -v '^ROOTDIR='%{prefix} /etc/sysconfig/named > $named_tmp - mv -f $named_tmp /etc/sysconfig/named - [ -d /selinux ] && [ -x /sbin/restorecon ] && /sbin/restorecon /etc/sysconfig/named - fi - /etc/init.d/named condrestart >/dev/null 2>&1 || :; -fi -:; - -%triggerpostun -n bind-chroot -- bind-chroot -# Fix mess left by bind-chroot-9.2.2's %preun (bug 131803) -if [ "$1" -gt 0 ]; then - if test -r /etc/sysconfig/named && grep -q '^ROOTDIR=' /etc/sysconfig/named; then - :; - else - echo 'ROOTDIR='%{prefix} >> /etc/sysconfig/named - /etc/init.d/named condrestart >/dev/null 2>&1 || :; - fi; -fi; +%clean +# rm -rf ${RPM_BUILD_ROOT} +echo 'WARNING ! REMOVED CLEAN & DEBUGINFO!' +# ${RPM_BUILD_DIR}/%{name}-%{version} :; %changelog +* Mon Mar 06 2006 Jason Vas Dias <jvdias@redhat.com> - 30:9.3.2-6 +- replace caching-nameserver with bind-config sub-package +- fix bug 181730: fix creation of named user & gid +- fix bug 177595: handle case where $ROOTDIR is a link in initscript +- fix bug 177001: bind-config creates symlinks OK now +- fix bug 176388: named.conf is now never replaced by any RPM +- fix bug 176246: remove unecessary creation of rpmsave links +- fix bug 174925: no replacement of named.conf +- fix bug 173963: existing named.conf never modified +- major .spec file cleanup + * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 30:9.3.2-4.1 - bump again for double-long bug on ppc(64) diff --git a/localdomain.zone b/localdomain.zone new file mode 100644 index 0000000..a9b047b --- /dev/null +++ b/localdomain.zone @@ -0,0 +1,10 @@ +$TTL 86400 +@ IN SOA localhost root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + IN NS localhost +localhost IN A 127.0.0.1 + diff --git a/localhost.zone b/localhost.zone new file mode 100644 index 0000000..61b70d6 --- /dev/null +++ b/localhost.zone @@ -0,0 +1,12 @@ +$TTL 86400 +@ IN SOA @ root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + IN NS @ + IN A 127.0.0.1 + IN AAAA ::1 + diff --git a/named.broadcast b/named.broadcast new file mode 100644 index 0000000..dca18f6 --- /dev/null +++ b/named.broadcast @@ -0,0 +1,8 @@ +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + IN NS localhost. diff --git a/named.caching-nameserver.conf b/named.caching-nameserver.conf new file mode 100644 index 0000000..043641b --- /dev/null +++ b/named.caching-nameserver.conf @@ -0,0 +1,33 @@ +// +// named.caching-nameserver.conf +// +// Provided by Red Hat bind-config package to configure the +// ISC BIND named(8) DNS server as a caching only nameserver +// (as a localhost DNS resolver only). +// +// DO NOT EDIT THIS FILE - use system-config-bind or an editor +// to create named.conf - edits to this file will be lost on +// bind-config package upgrade. +// +options { + listen-on port 53 { 127.0.0.1; }; + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + memstatistics-file "/var/named/data/named_mem_stats.txt"; + query-source port 53; + query-source-v6 port 53; + allow-query { localhost; }; +}; +logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; +}; +view localhost_resolver { + match-clients { localhost; }; + match-destinations { localhost; }; + recursion yes; + include "/etc/named.rfc1912.zones"; +}; @@ -19,7 +19,13 @@ [ -r /etc/sysconfig/named ] && . /etc/sysconfig/named -[ -n "$ROOTDIR" ] && ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'` +if [ -n "$ROOTDIR" ]; then + ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`; + rdl=`/usr/bin/readlink $ROOTDIR`; + if [ -n "$rdl" ]; then + ROOTDIR="$rdl"; + fi; +fi RETVAL=0 named='named' @@ -42,8 +48,20 @@ nmdcOption() fi; done; } -named_conf=`nmdcOption $OPTIONS`; -[ -r ${ROOTDIR}/${named_conf:-etc/named.conf} ] || exit 1 + +named_c_option=`nmdcOption $OPTIONS`; +named_conf=${named_c_option:-etc/named.conf}; + +if [ ! -r ${named_conf} ] ; then + if [ -z "$named_c_option" ] && [ -r ${ROOTDIR}/etc/named.caching-nameserver.conf ]; then + named_conf='/etc/named.caching-nameserver.conf'; + OPTIONS="$OPTIONS -c ${named_conf}"; + else + echo Locating $ROOTDIR/${named_conf} failed: + failure + echo; + fi; +fi; start() { # Start daemons. diff --git a/named.ip6.local b/named.ip6.local new file mode 100644 index 0000000..4e0eb5e --- /dev/null +++ b/named.ip6.local @@ -0,0 +1,9 @@ +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1997022700 ; Serial + 28800 ; Refresh + 14400 ; Retry + 3600000 ; Expire + 86400 ) ; Minimum + IN NS localhost. +1 IN PTR localhost. diff --git a/named.local b/named.local new file mode 100644 index 0000000..479251a --- /dev/null +++ b/named.local @@ -0,0 +1,9 @@ +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1997022700 ; Serial + 28800 ; Refresh + 14400 ; Retry + 3600000 ; Expire + 86400 ) ; Minimum + IN NS localhost. +1 IN PTR localhost. diff --git a/named.rfc1912.zones b/named.rfc1912.zones new file mode 100644 index 0000000..179c772 --- /dev/null +++ b/named.rfc1912.zones @@ -0,0 +1,48 @@ +// named.rfc1912.zones: +// +// Provided by Red Hat bind-config package +// +// ISC BIND named zone configuration for zones recommended by +// RFC 1912 section 4.1 : localhost TLDs and address zones +// + +zone "." IN { + type hint; + file "named.ca"; +}; + +zone "localdomain" IN { + type master; + file "localdomain.zone"; + allow-update { none; }; +}; + +zone "localhost" IN { + type master; + file "localhost.zone"; + allow-update { none; }; +}; + +zone "0.0.127.in-addr.arpa" IN { + type master; + file "named.local"; + allow-update { none; }; +}; + +zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { + type master; + file "named.ip6.local"; + allow-update { none; }; +}; + +zone "255.in-addr.arpa" IN { + type master; + file "named.broadcast"; + allow-update { none; }; +}; + +zone "0.in-addr.arpa" IN { + type master; + file "named.zero"; + allow-update { none; }; +}; diff --git a/named.root b/named.root new file mode 100644 index 0000000..c6c435c --- /dev/null +++ b/named.root @@ -0,0 +1,80 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jan 29, 2004 +; related version of root zone: 2004012900 +; +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +; +; formerly NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; formerly C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; formerly TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 +; +; formerly NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; formerly NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +; +; formerly NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; formerly AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +; +; formerly NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +; +; operated by VeriSign, Inc. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +; +; operated by RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +; +; operated by ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 +; +; operated by WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +; End of File diff --git a/named.zero b/named.zero new file mode 100644 index 0000000..dca18f6 --- /dev/null +++ b/named.zero @@ -0,0 +1,8 @@ +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + IN NS localhost. |