- replace caching-nameserver with bind-config sub-packagebind-9_3_2-6

- fix bug 181730: fix creation of named user & gid
- fix bug 177595: handle case where $ROOTDIR is a link in initscript
- fix bug 177001: bind-config creates symlinks OK now
- fix bug 176388: named.conf is now never replaced by any RPM
- fix bug 176246: remove unecessary creation of rpmsave links
- fix bug 174925: no replacement of named.conf
- fix bug 173963: existing named.conf never modified
- major .spec file cleanup

1 files changed, 244 insertions, 0 deletions

diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in
new file mode 100644
index 0000000..81598a8
--- /dev/null
+++ b/bind-chroot-admin.in
@@ -0,0 +1,244 @@
+#!/bin/bash
+# 
+# Script to control the bind-chroot ISC BIND named(8) server runtime environment.
+#
+# Usage:
+#  [ -e | --enable ] [ -d | --disable ] | [ -s --sync ]
+#
+#  -e | --enable:   enable the bind-chroot environment
+#  -d | --disable:  disable the bind-chroot environment
+#  -s | --sync:     sync files between the bind chroot and / environments,
+#                   so they are correct for the current state of the bind-chroot
+#                   (enabled / disabled)
+# $BIND_CHROOT_PREFIX, default /var/named/chroot, is the location of the chroot.
+# $BIND_DIR, default /var/named, is the default un-chrooted bind directory.
+#
+# Copyright(C) 2006 Jason Vas Dias <jvdias@redhat.com>, Red Hat, Inc.
+#
+#    This software is provided under the terms of the GNU
+#    General Public License (GPL), as published at: 
+#    http://www.gnu.org/licenses/gpl.html .
+#
+#
+BIND_CHROOT_PREFIX=${BIND_CHROOT_PREFIX:-@BIND_CHROOT_PREFIX@}
+BIND_DIR=${BIND_DIR:-@BIND_DIR@}
+
+function usage()
+{
+  echo 'Usage:
+  -e | --enable:   enable the bind-chroot environment
+  -d | --disable:  disable the bind-chroot environment
+  -s | --sync:     sync files between the bind chroot and / environments,
+                   so they are correct for the current state of the bind-chroot
+                   (enabled / disabled)
+  $BIND_CHROOT_PREFIX, default /var/named/chroot, is the location of the chroot.
+  $BIND_DIR, default /var/named, is the default un-chrooted bind directory.
+';
+}
+
+function rootdir()
+{
+    . /etc/sysconfig/named
+    if [ -n "$ROOTDIR" ]; then
+	BIND_CHROOT_PREFIX="$ROOTDIR";
+	BIND_CHROOT_PREFIX=`echo $BIND_CHROOT_PREFIX | sed 's#//*#/#g;s#/$##'`;
+	if [ -L "$BIND_CHROOT_PREFIX" ]; then
+	    BIND_CHROOT_PREFIX=`/usr/bin/readlink "$BIND_CHROOT_PREFIX"`;
+	fi
+	return 0;
+    fi;
+    return 1;
+}
+
+function check_dirs()
+{
+    if [ -z "$BIND_CHROOT_PREFIX" ]; then
+	rootdir;
+	if [ -z "$BIND_CHROOT_PREFIX" ]; then
+	    usage;
+	    exit 1;
+	fi;
+    fi
+    BIND_DIR=`echo $BIND_DIR | sed 's#//*#/#g;s#/$##'`;
+    if [ -L "$BIND_DIR" ]; then
+	BIND_DIR=`/usr/bin/readlink "$BIND_DIR"`;
+    fi
+    BIND_CHROOT_PREFIX=`echo $BIND_CHROOT_PREFIX | sed 's#//*#/#g;s#/$##'`;
+    if [ -L "$BIND_CHROOT_PREFIX" ]; then
+	BIND_CHROOT_PREFIX=`/usr/bin/readlink "$BIND_CHROOT_PREFIX"`;
+    fi
+
+    /bin/mkdir -p ${BIND_DIR}/{slaves,data};
+    /bin/chown root:named ${BIND_DIR};
+    /bin/chown named:named ${BIND_DIR}/{slaves,data};
+    /bin/chmod 750 ${BIND_DIR}
+    /bin/chmod 770 ${BIND_DIR}/{slaves,data};
+        
+    mkdir -p ${BIND_CHROOT_PREFIX}/{etc,proc,dev,var/{run/dbus,run/named,named/{slaves,data}}};
+    /bin/chown root:named ${BIND_CHROOT_PREFIX}/{etc,proc,dev,var/{run,run/dbus,named/}};
+    /bin/chmod 750 ${BIND_CHROOT_PREFIX}/{,etc,proc,dev,var,var/{run,run/dbus,named/}};
+    /bin/chown named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}};
+    /bin/chmod 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}};
+    [ ! -e "${BIND_CHROOT_PREFIX}/dev/random" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/random" c 1 8
+    [ ! -e "${BIND_CHROOT_PREFIX}/dev/zero" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/zero" c 1 5
+    [ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3
+    [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] &&  [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime";
+}
+
+check_dirs;
+
+function replace_with_link()
+{ # replaces $dst second arg file  with link to $src first arg file
+    if [ $# -lt 2 ]; then
+	return 1;
+    fi;
+    src=$1
+    dst=$2    
+    if [ -z "$src" ] || [ -z "$dst" ] || [ "$src" = "$dst" ]; then
+       return 1;
+    fi
+    if [ ! -e "$src" ]; then
+       if [ ! -e "$dst" ]; then
+	   return 1;
+       else
+	   if [ -L "$dst" ]; then
+	       dstlnk=`/usr/bin/readlink "$dst"`;
+	       if [ ! -e "$dstlnk" ] ; then
+		   return 1;
+	       fi	       
+	       rm -f "$dst";
+	       /bin/cp -fp "$dstlnk" "$dst";
+	   fi;
+	   /bin/mv "$dst" "$src";
+       fi
+    fi
+    if [ -e "$dst" ]; then
+       if [ ! -L "$dst" ]; then
+	  if [ ! -s "$dst" ]; then
+	     /bin/rm -f "$dst";
+	  else	     
+	     if [ "$src" -nt "$dst" ] || [ ! "$dst" -nt "$src" ] ; then
+	        /bin/mv "$dst" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;
+	     else # [ "$dst" -nt "$src" ]
+	        /bin/mv "$src" "$src".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;
+	        /bin/mv "$dst" "$src";
+	     fi;
+	  fi;
+       else
+          dstlnk=`/usr/bin/readlink "$dst"`
+	  if [ "$dstlnk" != $src ]; then
+	     /bin/rm -f $dst;
+	     if [ "$dstlnk" != "$dst" ] && [ -s $dstlnk ]; then
+		 if [ "$dstlnk" -nt "$src" ] || [ ! "$dstlnk" -nt "$src" ] ; then		     
+		     /bin/cp -fp "$dstlnk" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;
+		 else
+		     /bin/mv "$src" "$src".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;
+		     /bin/cp -fp "$dstlnk" "$src";
+		 fi;
+	     fi;
+	  else
+	     return 0;
+	  fi;
+       fi;
+    fi; 
+    /bin/ln -sf "$src" "$dst";
+    return $?;
+}
+
+function replace_with_file()
+{
+    if [ $# -lt 2 ]; then
+	return 1;
+    fi;
+    src=$1;
+    dst=$2;
+    if [ -z "$src" ] || [ -z "$dst" ] || [ "$src" = "$dst" ]; then
+       return 1;
+    fi
+    if [ ! -e "$src" ]; then
+       if [ -e "$dst" ]; then
+	  /bin/rm -f $dst;
+       fi;
+       return 1;
+    fi;
+    if [ -e "$dst" ]; then
+       if [ ! -L "$dst" ]; then
+	   /bin/mv "$dst" "$dst".`/bin/date +'%Y-%m-%d_%H-%M-%S.%N'`;
+       else
+	   /bin/rm -f "$dst";
+       fi;
+    fi;
+    /bin/mv -f "$src" "$dst";
+}
+
+function enable_bind_chroot()
+{
+    if /bin/egrep '^ROOTDIR=' /etc/sysconfig/named; then
+	/bin/sed -i -e 's#^ROOTDIR=.*$#ROOTDIR='${BIND_CHROOT_PREFIX}'#' /etc/sysconfig/named ;
+    else
+	echo 'ROOTDIR='${BIND_CHROOT_PREFIX} >> /etc/sysconfig/named;
+    fi
+}
+
+function disable_bind_chroot()
+{
+    /bin/sed -i -e '/^ROOTDIR=/d' /etc/sysconfig/named;    
+}
+
+function sync_files()
+{
+    shopt -q nullglob;
+    ng=$?
+    shopt -s nullglob;
+    pfx=''
+    if rootdir ; then # chroot is enabled
+	/usr/bin/find /{etc/{named.*,rndc.*},${BIND_DIR#/}{/*,/data/*,/slaves/*}}  -maxdepth 0 -type f |
+	while read f;
+        do
+	    replace_with_link ${BIND_CHROOT_PREFIX}/$f $f;
+	done;
+	pfx=${BIND_CHROOT_PREFIX}
+    else              # chroot is disabled	
+	/usr/bin/find /var/named/chroot/{etc/{named.*,rndc.*},var/named{/*,/data/*,/slaves/*}} -maxdepth 0 |
+	while read f; 
+	do
+	    if [ ! -d "$f" ]; then
+		replace_with_file $f ${f#$BIND_CHROOT_PREFIX};
+	    fi;
+	done
+    fi;
+    if [ $ng -eq 1 ]; then
+	shopt -u nullglob;
+    fi;
+    chown root:named ${pfx}/var/named/* >/dev/null 2>&1;
+    chmod 750 ${pfx}/var/named  >/dev/null 2>&1;
+    chmod 640 ${pfx}/var/named/* >/dev/null 2>&1;
+    chown named:named ${pfx}/var/named/{data{,/*},slaves{,*/}} >/dev/null 2>&1;
+    chmod 770 ${pfx}/var/named/{data,slaves} >/dev/null 2>&1;
+    chmod 640 ${pfx}/var/named/{data/*,slaves/*} >/dev/null 2>&1; 
+#    [ -x /sbin/restorecon ] && /sbin/restorecon -R $pfx{/var/named,/etc/{named,rndc}.*}  -e ${BIND_CHROOT_PREFIX}/proc -e ${BIND_CHROOT_PREFIX}/var/run/dbus -e ${BIND_CHROOT_PREFIX}/dev >/dev/null 2>&1;
+}
+
+case $1 in 
+    -e|--enable)
+	enable_bind_chroot;
+	sync_files;
+	/sbin/service named condrestart
+	exit $?;
+	;;
+    -d|--disable)
+	disable_bind_chroot;
+	sync_files;
+	/sbin/service named condrestart
+	exit $?;
+	;;
+    -s|--sync)
+        sync_files;
+	exit $?;
+	;;
+    -q)
+	;;
+    *)
+	usage;
+	exit 1;
+esac
\ No newline at end of file