1 | %{?!with_munin: %global with_munin 0} |
---|
2 | |
---|
3 | # not ready yet |
---|
4 | %{?!with_python: %global with_python 0} |
---|
5 | %{?!enable_gost: %global enable_gost 0} |
---|
6 | |
---|
7 | %if %{with_python} |
---|
8 | %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} |
---|
9 | %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} |
---|
10 | %endif |
---|
11 | |
---|
12 | Summary: Validating, recursive, and caching DNS(SEC) resolver |
---|
13 | Name: unbound |
---|
14 | Version: 1.4.7 |
---|
15 | Release: 1%{?_dist_release} |
---|
16 | License: BSD |
---|
17 | Url: http://www.unbound.net/ |
---|
18 | Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz |
---|
19 | Source1: unbound.init |
---|
20 | Source2: unbound.conf |
---|
21 | Source3: unbound.munin |
---|
22 | Source4: dlv.isc.org.key |
---|
23 | Patch1: unbound-1.2-glob.patch |
---|
24 | |
---|
25 | Group: System Environment/Daemons |
---|
26 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
---|
27 | BuildRequires: flex, ldns-devel >= 1.5.0, |
---|
28 | BuildRequires: libevent-devel |
---|
29 | BuildRequires: expat-devel |
---|
30 | %if %{with_python} |
---|
31 | BuildRequires: python-devel swig |
---|
32 | %endif |
---|
33 | %if %{enable_gost} |
---|
34 | BuildRequires: openssl-devel >= 1.0.0 |
---|
35 | %else |
---|
36 | BuildRequires: openssl-devel |
---|
37 | %endif |
---|
38 | # Required for SVN versions |
---|
39 | #BuildRequires: bison |
---|
40 | |
---|
41 | |
---|
42 | Requires(post): chkconfig |
---|
43 | Requires(preun): chkconfig |
---|
44 | Requires(preun): initscripts |
---|
45 | Requires(postun): initscripts |
---|
46 | Requires: ldns >= 1.5.0 |
---|
47 | Requires(pre): shadow-utils |
---|
48 | |
---|
49 | Distribution: Vine Linux |
---|
50 | Vendor: Project Vine |
---|
51 | Packager: iwaim |
---|
52 | |
---|
53 | %description |
---|
54 | Unbound is a validating, recursive, and caching DNS(SEC) resolver. |
---|
55 | |
---|
56 | The C implementation of Unbound is developed and maintained by NLnet |
---|
57 | Labs. It is based on ideas and algorithms taken from a java prototype |
---|
58 | developed by Verisign labs, Nominet, Kirei and ep.net. |
---|
59 | |
---|
60 | Unbound is designed as a set of modular components, so that also |
---|
61 | DNSSEC (secure DNS) validation and stub-resolvers (that do not run |
---|
62 | as a server, but are linked into an application) are easily possible. |
---|
63 | |
---|
64 | %if %{with_munin} |
---|
65 | %package munin |
---|
66 | Summary: Plugin for the munin / munin-node monitoring package |
---|
67 | Group: System Environment/Daemons |
---|
68 | Requires: munin-node |
---|
69 | Requires: %{name} = %{version}-%{release}, bc |
---|
70 | |
---|
71 | %description munin |
---|
72 | Plugin for the munin / munin-node monitoring package |
---|
73 | %endif |
---|
74 | |
---|
75 | %package devel |
---|
76 | Summary: Development package that includes the unbound header files |
---|
77 | Group: Development/Libraries |
---|
78 | Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel |
---|
79 | |
---|
80 | %description devel |
---|
81 | The devel package contains the unbound library and the include files |
---|
82 | |
---|
83 | %package libs |
---|
84 | Summary: Libraries used by the unbound server and client applications |
---|
85 | Group: Applications/System |
---|
86 | Requires(post): /sbin/ldconfig |
---|
87 | Requires(postun): /sbin/ldconfig |
---|
88 | Requires: openssl >= 0.9.8g-12 |
---|
89 | |
---|
90 | %description libs |
---|
91 | Contains libraries used by the unbound server and client applications |
---|
92 | |
---|
93 | %if %{with_python} |
---|
94 | %package python |
---|
95 | Summary: Python modules and extensions for unbound |
---|
96 | Group: Applications/System |
---|
97 | Requires: %{name}-libs = %{version}-%{release} |
---|
98 | |
---|
99 | %description python |
---|
100 | Python modules and extensions for unbound |
---|
101 | %endif |
---|
102 | |
---|
103 | %prep |
---|
104 | %setup -q |
---|
105 | %patch1 -p1 |
---|
106 | |
---|
107 | %build |
---|
108 | %configure --with-ldns= --with-libevent --with-pthreads --with-ssl \ |
---|
109 | --disable-rpath --enable-debug --disable-static \ |
---|
110 | --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ |
---|
111 | --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \ |
---|
112 | %if %{with_python} |
---|
113 | --with-pythonmodule --with-pyunbound \ |
---|
114 | %endif |
---|
115 | %if !%{enable_gost} |
---|
116 | --disable-gost \ |
---|
117 | %endif |
---|
118 | --enable-sha2 |
---|
119 | %{__make} %{?_smp_mflags} |
---|
120 | |
---|
121 | %install |
---|
122 | rm -rf %{buildroot} |
---|
123 | %{__make} DESTDIR=%{buildroot} install |
---|
124 | install -d 0755 %{buildroot}%{_initrddir} |
---|
125 | install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound |
---|
126 | install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound |
---|
127 | %if %{with_munin} |
---|
128 | # Install munin plugin and its softlinks |
---|
129 | install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d |
---|
130 | install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound |
---|
131 | install -d 0755 %{buildroot}%{_datadir}/munin/plugins/ |
---|
132 | install -m 0755 contrib/unbound_munin_ %{buildroot}%{_datadir}/munin/plugins/unbound |
---|
133 | for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do |
---|
134 | ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin |
---|
135 | done |
---|
136 | %endif |
---|
137 | |
---|
138 | # install DLV key |
---|
139 | install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/unbound/ |
---|
140 | |
---|
141 | # remove static library from install (fedora packaging guidelines) |
---|
142 | rm -rf %{buildroot}%{_libdir}/*.la |
---|
143 | %if %{with_python} |
---|
144 | rm -rf %{buildroot}%{python_sitelib}/*/*.la |
---|
145 | %endif |
---|
146 | |
---|
147 | mkdir -p %{buildroot}%{_localstatedir}/run/unbound |
---|
148 | |
---|
149 | %clean |
---|
150 | rm -rf ${RPM_BUILD_ROOT} |
---|
151 | |
---|
152 | %files |
---|
153 | %defattr(-,root,root,-) |
---|
154 | %doc doc/README doc/CREDITS doc/LICENSE doc/FEATURES |
---|
155 | %attr(0755,root,root) %{_initrddir}/%{name} |
---|
156 | %attr(0755,root,root) %dir %{_sysconfdir}/%{name} |
---|
157 | %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name} |
---|
158 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf |
---|
159 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key |
---|
160 | %{_sbindir}/* |
---|
161 | %{_mandir}/*/* |
---|
162 | |
---|
163 | %if %{with_python} |
---|
164 | %files python |
---|
165 | %{python_sitelib}/* |
---|
166 | %endif |
---|
167 | |
---|
168 | %if %{with_munin} |
---|
169 | %files munin |
---|
170 | %defattr(-,root,root,-) |
---|
171 | %config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound |
---|
172 | %{_datadir}/munin/plugins/unbound* |
---|
173 | %endif |
---|
174 | |
---|
175 | %files devel |
---|
176 | %defattr(-,root,root,-) |
---|
177 | %{_libdir}/libunbound.so |
---|
178 | %{_includedir}/unbound.h |
---|
179 | %doc README |
---|
180 | |
---|
181 | %files libs |
---|
182 | %defattr(-,root,root,-) |
---|
183 | %{_libdir}/libunbound.so.* |
---|
184 | %doc doc/README doc/LICENSE |
---|
185 | |
---|
186 | %pre |
---|
187 | getent group unbound >/dev/null || groupadd -r unbound |
---|
188 | getent passwd unbound >/dev/null || \ |
---|
189 | useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ |
---|
190 | -c "Unbound DNS resolver" unbound |
---|
191 | exit 0 |
---|
192 | |
---|
193 | %post |
---|
194 | /sbin/chkconfig --add %{name} |
---|
195 | # dnssec-conf used to contain our DLV key, but now we include it via unbound |
---|
196 | # If unbound had previously been configured with dnssec-configure, we need |
---|
197 | # to migrate the location of the DLV key file (to keep DLV enabled, and because |
---|
198 | # unbound won't start with a bad location for a DLV key file. |
---|
199 | sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbound.conf |
---|
200 | |
---|
201 | %post libs -p /sbin/ldconfig |
---|
202 | |
---|
203 | %preun |
---|
204 | if [ "$1" -eq 0 ]; then |
---|
205 | /sbin/service %{name} stop >/dev/null 2>&1 |
---|
206 | /sbin/chkconfig --del %{name} |
---|
207 | fi |
---|
208 | |
---|
209 | %postun |
---|
210 | if [ "$1" -ge "1" ]; then |
---|
211 | /sbin/service %{name} condrestart >/dev/null 2>&1 || : |
---|
212 | fi |
---|
213 | |
---|
214 | %postun libs -p /sbin/ldconfig |
---|
215 | |
---|
216 | %changelog |
---|
217 | * Sun Nov 14 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.7-1 |
---|
218 | - new upstream release |
---|
219 | - add enable_gost flag: default disable |
---|
220 | - add BuildRequires: expat-devel |
---|
221 | |
---|
222 | * Thu Sep 2 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.6-1 |
---|
223 | - new upstream release |
---|
224 | |
---|
225 | * Fri Jul 23 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.5-1 |
---|
226 | - new upstream release |
---|
227 | |
---|
228 | * Wed May 5 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.4-1 |
---|
229 | - initial build for Vine Linux: based Fedora 1.4.3-1.fc14 |
---|
230 | - update to 1.4.4 |
---|
231 | - build without munin |
---|
232 | |
---|
233 | * Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1 |
---|
234 | - Update to 1.4.3 that fixes 64bit crasher |
---|
235 | |
---|
236 | * Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1 |
---|
237 | - Updated to 1.4.2 |
---|
238 | - Updated unbound.conf with new options |
---|
239 | - Enabled pre-fetching DNSKEY records (DNSSEC speedup) |
---|
240 | - Enabled re-fetching popular records before they expire |
---|
241 | - Enabled logging of DNSSEC validation errors |
---|
242 | |
---|
243 | * Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5 |
---|
244 | - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues |
---|
245 | with pthreads |
---|
246 | |
---|
247 | * Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3 |
---|
248 | - Change make/configure lines to attempt to fix -lphtread linking issue |
---|
249 | |
---|
250 | * Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2 |
---|
251 | - Removed dependancy for dnssec-conf |
---|
252 | - Added ISC DLV key (formerly in dnssec-conf) |
---|
253 | - Fixup old DLV locations in unbound.conf file via %%post |
---|
254 | - Fix parent child disagreement handling and no-ipv6 present [svn r1953] |
---|
255 | |
---|
256 | * Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1 |
---|
257 | - Updated to 1.4.1 |
---|
258 | - Changed %%define to %%global |
---|
259 | |
---|
260 | * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2 |
---|
261 | - Bump version |
---|
262 | |
---|
263 | * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1 |
---|
264 | - Upgraded to 1.3.4. Security fix with validating NSEC3 records |
---|
265 | |
---|
266 | * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2 |
---|
267 | - rebuilt with new openssl |
---|
268 | |
---|
269 | * Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1 |
---|
270 | - Updated to 1.3.3 |
---|
271 | |
---|
272 | * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3 |
---|
273 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
---|
274 | |
---|
275 | * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2 |
---|
276 | - Added missing glob patch to cvs |
---|
277 | - Place python macros within the %%with_python check |
---|
278 | |
---|
279 | * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1 |
---|
280 | - Updated to 1.3.0 |
---|
281 | - Added unbound-python sub package. disabled for now |
---|
282 | - Patch from svn to fix DLV lookups |
---|
283 | - Patches from svn to detect wrong truncated response from BIND 9.6.1 with |
---|
284 | minimal-responses) |
---|
285 | - Added Default-Start and Default-Stop to unbound.init |
---|
286 | - Re-enabled --enable-sha2 |
---|
287 | - Re-enabled glob.patch |
---|
288 | |
---|
289 | * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7 |
---|
290 | - unbound-iterator.patch was not commited |
---|
291 | |
---|
292 | * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6 |
---|
293 | - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 |
---|
294 | |
---|
295 | * Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5 |
---|
296 | - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys |
---|
297 | |
---|
298 | * Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4 |
---|
299 | - enable DNSSEC only if it is enabled in sysconfig/dnssec |
---|
300 | |
---|
301 | * Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3 |
---|
302 | - add DNSSEC support to initscript and enabled it per default |
---|
303 | - add requires dnssec-conf |
---|
304 | |
---|
305 | * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2 |
---|
306 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
---|
307 | |
---|
308 | * Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1 |
---|
309 | - updated to 1.2.1 |
---|
310 | |
---|
311 | * Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2 |
---|
312 | - rebuild with new openssl |
---|
313 | |
---|
314 | * Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1 |
---|
315 | - Updated to 1.2.0 |
---|
316 | - Added dependancy on minimum SSL for CVE-2008-5077 |
---|
317 | - Added dependancy on bc for unbound-munin |
---|
318 | - Added minimum requirement of libevent 1.4.5. Crashes with older versions |
---|
319 | (note: libevent is stale in EL-4 and not in EL-5, needs fixing there) |
---|
320 | - Removed dependancy on selinux-policy (will get used when available) |
---|
321 | - Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt |
---|
322 | - Enable unwanted-reply-threshold to mitigate against a Kaminsky attack |
---|
323 | - Enable val-clean-additional to drop addition unsigned data from signed |
---|
324 | response. |
---|
325 | - Removed patches (got merged into upstream) |
---|
326 | |
---|
327 | * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7 |
---|
328 | - Modified scandir patch to silently fail when wildcard matches nothing |
---|
329 | - Patch to allow unbound-checkconf to find empty wildcard matches |
---|
330 | |
---|
331 | * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6 |
---|
332 | - Added scandir patch for trusted-keys-file: option, which |
---|
333 | is used to load multiple dnssec keys in bind file format |
---|
334 | |
---|
335 | * Mon Dec 8 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4 |
---|
336 | - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. |
---|
337 | |
---|
338 | * Mon Dec 1 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3 |
---|
339 | - We did not own the /etc/unbound directory (#474020) |
---|
340 | - Fixed cvs anomalies |
---|
341 | |
---|
342 | * Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2 |
---|
343 | - removed all obsolete chroot related stuff |
---|
344 | - label control certs after generation correctly |
---|
345 | |
---|
346 | * Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1 |
---|
347 | - Updated to unbound 1.1.1 which fixes a crasher and |
---|
348 | addresses nlnetlabs bug #219 |
---|
349 | |
---|
350 | * Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3 |
---|
351 | - Remove the chroot, obsoleted by SElinux |
---|
352 | - Add additional munin plugin links supported by unbound plugin |
---|
353 | - Move configuration directory from /var/lib/unbound to /etc/unbound |
---|
354 | - Modified unbound.init and unbound.conf to account for chroot changes |
---|
355 | - Updated unbound.conf with new available options |
---|
356 | - Enabled dns-0x20 protection per default |
---|
357 | |
---|
358 | * Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2 |
---|
359 | - unbound-1.1.0-log_open.patch |
---|
360 | - make sure log is opened before chroot call |
---|
361 | - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 |
---|
362 | - removed /dev/log and /var/run/unbound and /etc/resolv.conf from |
---|
363 | chroot, not needed |
---|
364 | - don't mount files in chroot, it causes problems during updates |
---|
365 | - fixed typo in default config file |
---|
366 | |
---|
367 | * Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1 |
---|
368 | - Updated to version 1.1.0 |
---|
369 | - Updated unbound.conf's statistics options and remote-control |
---|
370 | to work properly for munin |
---|
371 | - Added unbound-munin package |
---|
372 | - Generate unbound remote-control key/certs on first startup |
---|
373 | - Required ldns is now 1.4.0 |
---|
374 | |
---|
375 | * Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5 |
---|
376 | - Only call ldconfig in -libs package |
---|
377 | - Move configure into build section |
---|
378 | - devel subpackage should only depend on libs subpackage |
---|
379 | |
---|
380 | * Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4 |
---|
381 | - Fix CFLAGS getting lost in build |
---|
382 | - Don't enable interface-automatic:yes because that |
---|
383 | causes unbound to listen on 0.0.0.0 instead of 127.0.0.1 |
---|
384 | |
---|
385 | * Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3 |
---|
386 | - Split off unbound-libs, make build verbose |
---|
387 | |
---|
388 | * Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2 |
---|
389 | - FSB compliance, chroot fixes, initscript fixes |
---|
390 | |
---|
391 | * Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1 |
---|
392 | - Upgraded to 1.0.2 |
---|
393 | |
---|
394 | * Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1 |
---|
395 | - upgraded to new release |
---|
396 | |
---|
397 | * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2 |
---|
398 | - Build against ldns-1.3.0 |
---|
399 | |
---|
400 | * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1 |
---|
401 | - Split of -devel package, fixed dependancies, make rpmlint happy |
---|
402 | |
---|
403 | * Thu Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12 |
---|
404 | - Using parts from ports collection entry by Jaap Akkerhuis. |
---|
405 | - Using Fedoraproject wiki guidelines. |
---|
406 | |
---|
407 | * Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11 |
---|
408 | - Initial version. |
---|