1 | %{?!with_munin: %global with_munin 0} |
---|
2 | |
---|
3 | # not ready yet |
---|
4 | %{?!with_python: %global with_python 0} |
---|
5 | |
---|
6 | %if %{with_python} |
---|
7 | %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} |
---|
8 | %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} |
---|
9 | %endif |
---|
10 | |
---|
11 | Summary: Validating, recursive, and caching DNS(SEC) resolver |
---|
12 | Name: unbound |
---|
13 | Version: 1.4.5 |
---|
14 | Release: 1%{?_dist_release} |
---|
15 | License: BSD |
---|
16 | Url: http://www.unbound.net/ |
---|
17 | Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz |
---|
18 | Source1: unbound.init |
---|
19 | Source2: unbound.conf |
---|
20 | Source3: unbound.munin |
---|
21 | Source4: dlv.isc.org.key |
---|
22 | Patch1: unbound-1.2-glob.patch |
---|
23 | |
---|
24 | Group: System Environment/Daemons |
---|
25 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
---|
26 | BuildRequires: flex, openssl-devel , ldns-devel >= 1.5.0, |
---|
27 | BuildRequires: libevent-devel |
---|
28 | %if %{with_python} |
---|
29 | BuildRequires: python-devel swig |
---|
30 | %endif |
---|
31 | # Required for SVN versions |
---|
32 | #BuildRequires: bison |
---|
33 | |
---|
34 | |
---|
35 | Requires(post): chkconfig |
---|
36 | Requires(preun): chkconfig |
---|
37 | Requires(preun): initscripts |
---|
38 | Requires(postun): initscripts |
---|
39 | Requires: ldns >= 1.5.0 |
---|
40 | Requires(pre): shadow-utils |
---|
41 | |
---|
42 | Distribution: Vine Linux |
---|
43 | Vendor: Project Vine |
---|
44 | Packager: iwaim |
---|
45 | |
---|
46 | %description |
---|
47 | Unbound is a validating, recursive, and caching DNS(SEC) resolver. |
---|
48 | |
---|
49 | The C implementation of Unbound is developed and maintained by NLnet |
---|
50 | Labs. It is based on ideas and algorithms taken from a java prototype |
---|
51 | developed by Verisign labs, Nominet, Kirei and ep.net. |
---|
52 | |
---|
53 | Unbound is designed as a set of modular components, so that also |
---|
54 | DNSSEC (secure DNS) validation and stub-resolvers (that do not run |
---|
55 | as a server, but are linked into an application) are easily possible. |
---|
56 | |
---|
57 | %if %{with_munin} |
---|
58 | %package munin |
---|
59 | Summary: Plugin for the munin / munin-node monitoring package |
---|
60 | Group: System Environment/Daemons |
---|
61 | Requires: munin-node |
---|
62 | Requires: %{name} = %{version}-%{release}, bc |
---|
63 | |
---|
64 | %description munin |
---|
65 | Plugin for the munin / munin-node monitoring package |
---|
66 | %endif |
---|
67 | |
---|
68 | %package devel |
---|
69 | Summary: Development package that includes the unbound header files |
---|
70 | Group: Development/Libraries |
---|
71 | Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel |
---|
72 | |
---|
73 | %description devel |
---|
74 | The devel package contains the unbound library and the include files |
---|
75 | |
---|
76 | %package libs |
---|
77 | Summary: Libraries used by the unbound server and client applications |
---|
78 | Group: Applications/System |
---|
79 | Requires(post): /sbin/ldconfig |
---|
80 | Requires(postun): /sbin/ldconfig |
---|
81 | Requires: openssl >= 0.9.8g-12 |
---|
82 | |
---|
83 | %description libs |
---|
84 | Contains libraries used by the unbound server and client applications |
---|
85 | |
---|
86 | %if %{with_python} |
---|
87 | %package python |
---|
88 | Summary: Python modules and extensions for unbound |
---|
89 | Group: Applications/System |
---|
90 | Requires: %{name}-libs = %{version}-%{release} |
---|
91 | |
---|
92 | %description python |
---|
93 | Python modules and extensions for unbound |
---|
94 | %endif |
---|
95 | |
---|
96 | %prep |
---|
97 | %setup -q |
---|
98 | %patch1 -p1 |
---|
99 | |
---|
100 | %build |
---|
101 | %configure --with-ldns= --with-libevent --with-pthreads --with-ssl \ |
---|
102 | --disable-rpath --enable-debug --disable-static \ |
---|
103 | --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ |
---|
104 | --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ |
---|
105 | %if %{with_python} |
---|
106 | --with-pythonmodule --with-pyunbound \ |
---|
107 | %endif |
---|
108 | --enable-sha2 |
---|
109 | %{__make} %{?_smp_mflags} |
---|
110 | |
---|
111 | %install |
---|
112 | rm -rf %{buildroot} |
---|
113 | %{__make} DESTDIR=%{buildroot} install |
---|
114 | install -d 0755 %{buildroot}%{_initrddir} |
---|
115 | install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound |
---|
116 | install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound |
---|
117 | %if %{with_munin} |
---|
118 | # Install munin plugin and its softlinks |
---|
119 | install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d |
---|
120 | install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound |
---|
121 | install -d 0755 %{buildroot}%{_datadir}/munin/plugins/ |
---|
122 | install -m 0755 contrib/unbound_munin_ %{buildroot}%{_datadir}/munin/plugins/unbound |
---|
123 | for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do |
---|
124 | ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin |
---|
125 | done |
---|
126 | %endif |
---|
127 | |
---|
128 | # install DLV key |
---|
129 | install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/unbound/ |
---|
130 | |
---|
131 | # remove static library from install (fedora packaging guidelines) |
---|
132 | rm -rf %{buildroot}%{_libdir}/*.la |
---|
133 | %if %{with_python} |
---|
134 | rm -rf %{buildroot}%{python_sitelib}/*/*.la |
---|
135 | %endif |
---|
136 | |
---|
137 | mkdir -p %{buildroot}%{_localstatedir}/run/unbound |
---|
138 | |
---|
139 | %clean |
---|
140 | rm -rf ${RPM_BUILD_ROOT} |
---|
141 | |
---|
142 | %files |
---|
143 | %defattr(-,root,root,-) |
---|
144 | %doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES |
---|
145 | %attr(0755,root,root) %{_initrddir}/%{name} |
---|
146 | %attr(0755,root,root) %dir %{_sysconfdir}/%{name} |
---|
147 | %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name} |
---|
148 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf |
---|
149 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key |
---|
150 | %{_sbindir}/* |
---|
151 | %{_mandir}/*/* |
---|
152 | |
---|
153 | %if %{with_python} |
---|
154 | %files python |
---|
155 | %{python_sitelib}/* |
---|
156 | %endif |
---|
157 | |
---|
158 | %if %{with_munin} |
---|
159 | %files munin |
---|
160 | %defattr(-,root,root,-) |
---|
161 | %config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound |
---|
162 | %{_datadir}/munin/plugins/unbound* |
---|
163 | %endif |
---|
164 | |
---|
165 | %files devel |
---|
166 | %defattr(-,root,root,-) |
---|
167 | %{_libdir}/libunbound.so |
---|
168 | %{_includedir}/unbound.h |
---|
169 | %doc README |
---|
170 | |
---|
171 | %files libs |
---|
172 | %defattr(-,root,root,-) |
---|
173 | %{_libdir}/libunbound.so.* |
---|
174 | %doc doc/README doc/LICENSE |
---|
175 | |
---|
176 | %pre |
---|
177 | getent group unbound >/dev/null || groupadd -r unbound |
---|
178 | getent passwd unbound >/dev/null || \ |
---|
179 | useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ |
---|
180 | -c "Unbound DNS resolver" unbound |
---|
181 | exit 0 |
---|
182 | |
---|
183 | %post |
---|
184 | /sbin/chkconfig --add %{name} |
---|
185 | # dnssec-conf used to contain our DLV key, but now we include it via unbound |
---|
186 | # If unbound had previously been configured with dnssec-configure, we need |
---|
187 | # to migrate the location of the DLV key file (to keep DLV enabled, and because |
---|
188 | # unbound won't start with a bad location for a DLV key file. |
---|
189 | sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbound.conf |
---|
190 | |
---|
191 | %post libs -p /sbin/ldconfig |
---|
192 | |
---|
193 | %preun |
---|
194 | if [ "$1" -eq 0 ]; then |
---|
195 | /sbin/service %{name} stop >/dev/null 2>&1 |
---|
196 | /sbin/chkconfig --del %{name} |
---|
197 | fi |
---|
198 | |
---|
199 | %postun |
---|
200 | if [ "$1" -ge "1" ]; then |
---|
201 | /sbin/service %{name} condrestart >/dev/null 2>&1 || : |
---|
202 | fi |
---|
203 | |
---|
204 | %postun libs -p /sbin/ldconfig |
---|
205 | |
---|
206 | %changelog |
---|
207 | * Fri Jul 23 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.5-1 |
---|
208 | - new upstream release |
---|
209 | |
---|
210 | * Wed May 5 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.4-1 |
---|
211 | - initial build for Vine Linux: based Fedora 1.4.3-1.fc14 |
---|
212 | - update to 1.4.4 |
---|
213 | - build without munin |
---|
214 | |
---|
215 | * Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1 |
---|
216 | - Update to 1.4.3 that fixes 64bit crasher |
---|
217 | |
---|
218 | * Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1 |
---|
219 | - Updated to 1.4.2 |
---|
220 | - Updated unbound.conf with new options |
---|
221 | - Enabled pre-fetching DNSKEY records (DNSSEC speedup) |
---|
222 | - Enabled re-fetching popular records before they expire |
---|
223 | - Enabled logging of DNSSEC validation errors |
---|
224 | |
---|
225 | * Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5 |
---|
226 | - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues |
---|
227 | with pthreads |
---|
228 | |
---|
229 | * Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3 |
---|
230 | - Change make/configure lines to attempt to fix -lphtread linking issue |
---|
231 | |
---|
232 | * Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2 |
---|
233 | - Removed dependancy for dnssec-conf |
---|
234 | - Added ISC DLV key (formerly in dnssec-conf) |
---|
235 | - Fixup old DLV locations in unbound.conf file via %%post |
---|
236 | - Fix parent child disagreement handling and no-ipv6 present [svn r1953] |
---|
237 | |
---|
238 | * Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1 |
---|
239 | - Updated to 1.4.1 |
---|
240 | - Changed %%define to %%global |
---|
241 | |
---|
242 | * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2 |
---|
243 | - Bump version |
---|
244 | |
---|
245 | * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1 |
---|
246 | - Upgraded to 1.3.4. Security fix with validating NSEC3 records |
---|
247 | |
---|
248 | * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2 |
---|
249 | - rebuilt with new openssl |
---|
250 | |
---|
251 | * Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1 |
---|
252 | - Updated to 1.3.3 |
---|
253 | |
---|
254 | * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3 |
---|
255 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
---|
256 | |
---|
257 | * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2 |
---|
258 | - Added missing glob patch to cvs |
---|
259 | - Place python macros within the %%with_python check |
---|
260 | |
---|
261 | * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1 |
---|
262 | - Updated to 1.3.0 |
---|
263 | - Added unbound-python sub package. disabled for now |
---|
264 | - Patch from svn to fix DLV lookups |
---|
265 | - Patches from svn to detect wrong truncated response from BIND 9.6.1 with |
---|
266 | minimal-responses) |
---|
267 | - Added Default-Start and Default-Stop to unbound.init |
---|
268 | - Re-enabled --enable-sha2 |
---|
269 | - Re-enabled glob.patch |
---|
270 | |
---|
271 | * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7 |
---|
272 | - unbound-iterator.patch was not commited |
---|
273 | |
---|
274 | * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6 |
---|
275 | - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 |
---|
276 | |
---|
277 | * Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5 |
---|
278 | - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys |
---|
279 | |
---|
280 | * Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4 |
---|
281 | - enable DNSSEC only if it is enabled in sysconfig/dnssec |
---|
282 | |
---|
283 | * Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3 |
---|
284 | - add DNSSEC support to initscript and enabled it per default |
---|
285 | - add requires dnssec-conf |
---|
286 | |
---|
287 | * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2 |
---|
288 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
---|
289 | |
---|
290 | * Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1 |
---|
291 | - updated to 1.2.1 |
---|
292 | |
---|
293 | * Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2 |
---|
294 | - rebuild with new openssl |
---|
295 | |
---|
296 | * Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1 |
---|
297 | - Updated to 1.2.0 |
---|
298 | - Added dependancy on minimum SSL for CVE-2008-5077 |
---|
299 | - Added dependancy on bc for unbound-munin |
---|
300 | - Added minimum requirement of libevent 1.4.5. Crashes with older versions |
---|
301 | (note: libevent is stale in EL-4 and not in EL-5, needs fixing there) |
---|
302 | - Removed dependancy on selinux-policy (will get used when available) |
---|
303 | - Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt |
---|
304 | - Enable unwanted-reply-threshold to mitigate against a Kaminsky attack |
---|
305 | - Enable val-clean-additional to drop addition unsigned data from signed |
---|
306 | response. |
---|
307 | - Removed patches (got merged into upstream) |
---|
308 | |
---|
309 | * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7 |
---|
310 | - Modified scandir patch to silently fail when wildcard matches nothing |
---|
311 | - Patch to allow unbound-checkconf to find empty wildcard matches |
---|
312 | |
---|
313 | * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6 |
---|
314 | - Added scandir patch for trusted-keys-file: option, which |
---|
315 | is used to load multiple dnssec keys in bind file format |
---|
316 | |
---|
317 | * Mon Dec 8 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4 |
---|
318 | - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. |
---|
319 | |
---|
320 | * Mon Dec 1 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3 |
---|
321 | - We did not own the /etc/unbound directory (#474020) |
---|
322 | - Fixed cvs anomalies |
---|
323 | |
---|
324 | * Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2 |
---|
325 | - removed all obsolete chroot related stuff |
---|
326 | - label control certs after generation correctly |
---|
327 | |
---|
328 | * Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1 |
---|
329 | - Updated to unbound 1.1.1 which fixes a crasher and |
---|
330 | addresses nlnetlabs bug #219 |
---|
331 | |
---|
332 | * Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3 |
---|
333 | - Remove the chroot, obsoleted by SElinux |
---|
334 | - Add additional munin plugin links supported by unbound plugin |
---|
335 | - Move configuration directory from /var/lib/unbound to /etc/unbound |
---|
336 | - Modified unbound.init and unbound.conf to account for chroot changes |
---|
337 | - Updated unbound.conf with new available options |
---|
338 | - Enabled dns-0x20 protection per default |
---|
339 | |
---|
340 | * Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2 |
---|
341 | - unbound-1.1.0-log_open.patch |
---|
342 | - make sure log is opened before chroot call |
---|
343 | - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 |
---|
344 | - removed /dev/log and /var/run/unbound and /etc/resolv.conf from |
---|
345 | chroot, not needed |
---|
346 | - don't mount files in chroot, it causes problems during updates |
---|
347 | - fixed typo in default config file |
---|
348 | |
---|
349 | * Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1 |
---|
350 | - Updated to version 1.1.0 |
---|
351 | - Updated unbound.conf's statistics options and remote-control |
---|
352 | to work properly for munin |
---|
353 | - Added unbound-munin package |
---|
354 | - Generate unbound remote-control key/certs on first startup |
---|
355 | - Required ldns is now 1.4.0 |
---|
356 | |
---|
357 | * Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5 |
---|
358 | - Only call ldconfig in -libs package |
---|
359 | - Move configure into build section |
---|
360 | - devel subpackage should only depend on libs subpackage |
---|
361 | |
---|
362 | * Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4 |
---|
363 | - Fix CFLAGS getting lost in build |
---|
364 | - Don't enable interface-automatic:yes because that |
---|
365 | causes unbound to listen on 0.0.0.0 instead of 127.0.0.1 |
---|
366 | |
---|
367 | * Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3 |
---|
368 | - Split off unbound-libs, make build verbose |
---|
369 | |
---|
370 | * Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2 |
---|
371 | - FSB compliance, chroot fixes, initscript fixes |
---|
372 | |
---|
373 | * Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1 |
---|
374 | - Upgraded to 1.0.2 |
---|
375 | |
---|
376 | * Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1 |
---|
377 | - upgraded to new release |
---|
378 | |
---|
379 | * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2 |
---|
380 | - Build against ldns-1.3.0 |
---|
381 | |
---|
382 | * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1 |
---|
383 | - Split of -devel package, fixed dependancies, make rpmlint happy |
---|
384 | |
---|
385 | * Thu Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12 |
---|
386 | - Using parts from ports collection entry by Jaap Akkerhuis. |
---|
387 | - Using Fedoraproject wiki guidelines. |
---|
388 | |
---|
389 | * Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11 |
---|
390 | - Initial version. |
---|