rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Make named home writeable (#1422680)

Browse Source 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
This commit is contained in:
Petr Menšík 2018-03-28 20:19:28 +02:00
parent de74eb1feb
commit 0188ce47c6
2 changed files with 16 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
bind.spec
View File

@ -44,7 +44,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.11.3 Version: 9.11.3
Release: 8%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
# #
@ -86,7 +86,6 @@ Patch102:bind-95-rh452060.patch
Patch106:bind93-rh490837.patch Patch106:bind93-rh490837.patch
Patch109:bind97-rh478718.patch Patch109:bind97-rh478718.patch
Patch112:bind97-rh645544.patch Patch112:bind97-rh645544.patch
Patch119:bind97-rh693982.patch
Patch130:bind-9.9.1-P2-dlz-libdb.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch
Patch131:bind-9.9.1-P2-multlib-conflict.patch Patch131:bind-9.9.1-P2-multlib-conflict.patch
Patch133:bind99-rh640538.patch Patch133:bind99-rh640538.patch
@ -135,6 +134,8 @@ Provides: caching-nameserver = 31:9.4.1-7.fc8
Obsoletes: dnssec-conf < 1.27-2 Obsoletes: dnssec-conf < 1.27-2
Provides: dnssec-conf = 1.27-2 Provides: dnssec-conf = 1.27-2
BuildRequires: gcc, make BuildRequires: gcc, make
# FIXME: Enter correct version of policy changing the directory
Conflicts: selinux-policy < 3.13.1-283.34
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
BuildRequires: libidn2-devel, libxml2-devel, GeoIP-devel BuildRequires: libidn2-devel, libxml2-devel, GeoIP-devel
BuildRequires: systemd BuildRequires: systemd
@ -430,7 +431,6 @@ are used for building ISC DHCP.
%patch106 -p0 -b .rh490837 %patch106 -p0 -b .rh490837
%patch109 -p1 -b .rh478718 %patch109 -p1 -b .rh478718
%patch112 -p1 -b .rh645544 %patch112 -p1 -b .rh645544
%patch119 -p1 -b .rh693982
%patch130 -p1 -b .libdb %patch130 -p1 -b .libdb
%patch131 -p1 -b .multlib-conflict %patch131 -p1 -b .multlib-conflict
%patch140 -p1 -b .rh1410433 %patch140 -p1 -b .rh1410433
@ -1105,19 +1105,20 @@ rm -rf ${RPM_BUILD_ROOT}
# Hide configuration # Hide configuration
%defattr(0640,root,named,0750) %defattr(0640,root,named,0750)
%dir %{_sysconfdir}/named %dir %{_sysconfdir}/named
%dir %{_localstatedir}/named
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf %config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones %config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
%config %verify(not link) %{_localstatedir}/named/named.ca %defattr(0660,root,named,01770)
%config %verify(not link) %{_localstatedir}/named/named.localhost %dir %{_localstatedir}/named
%config %verify(not link) %{_localstatedir}/named/named.loopback
%config %verify(not link) %{_localstatedir}/named/named.empty
%defattr(0660,named,named,0770) %defattr(0660,named,named,0770)
%dir %{_localstatedir}/named/slaves %dir %{_localstatedir}/named/slaves
%dir %{_localstatedir}/named/data %dir %{_localstatedir}/named/data
%dir %{_localstatedir}/named/dynamic %dir %{_localstatedir}/named/dynamic
%ghost %{_localstatedir}/log/named.log %ghost %{_localstatedir}/log/named.log
%defattr(0640,root,named,0750) %defattr(0640,root,named,0750)
%config %verify(not link) %{_localstatedir}/named/named.ca
%config %verify(not link) %{_localstatedir}/named/named.localhost
%config %verify(not link) %{_localstatedir}/named/named.loopback
%config %verify(not link) %{_localstatedir}/named/named.empty
%ghost %config(noreplace) %{_sysconfdir}/rndc.key %ghost %config(noreplace) %{_sysconfdir}/rndc.key
# ^- rndc.key now created on first install only if it does not exist # ^- rndc.key now created on first install only if it does not exist
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf %ghost %config(noreplace) %{_sysconfdir}/rndc.conf
@ -1254,12 +1255,13 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{chroot_prefix}/etc/crypto-policies/back-ends %dir %{chroot_prefix}/etc/crypto-policies/back-ends
%dir %{chroot_prefix}/var %dir %{chroot_prefix}/var
%dir %{chroot_prefix}/run %dir %{chroot_prefix}/run
%dir %{chroot_prefix}/var/named
%ghost %config(noreplace) %{chroot_prefix}/etc/named.conf %ghost %config(noreplace) %{chroot_prefix}/etc/named.conf
%defattr(-,root,root,-) %defattr(-,root,root,-)
%dir %{chroot_prefix}/usr %dir %{chroot_prefix}/usr
%dir %{chroot_prefix}/%{_libdir} %dir %{chroot_prefix}/%{_libdir}
%dir %{chroot_prefix}/%{_libdir}/bind %dir %{chroot_prefix}/%{_libdir}/bind
%defattr(0660,root,named,01770)
%dir %{chroot_prefix}/var/named
%defattr(0660,named,named,0770) %defattr(0660,named,named,0770)
%dir %{chroot_prefix}/var/tmp %dir %{chroot_prefix}/var/tmp
%dir %{chroot_prefix}/var/log %dir %{chroot_prefix}/var/log
@ -1287,8 +1289,9 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends %dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends
%dir %{chroot_sdb_prefix}/var %dir %{chroot_sdb_prefix}/var
%dir %{chroot_sdb_prefix}/run %dir %{chroot_sdb_prefix}/run
%dir %{chroot_sdb_prefix}/var/named
%ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf %ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf
%defattr(0660,root,named,01770)
%dir %{chroot_sdb_prefix}/var/named
%defattr(-,root,root,-) %defattr(-,root,root,-)
%dir %{chroot_sdb_prefix}/usr %dir %{chroot_sdb_prefix}/usr
%dir %{chroot_sdb_prefix}/%{_libdir} %dir %{chroot_sdb_prefix}/%{_libdir}
@ -1396,6 +1399,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog %changelog
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-9
- Make named home writeable (#1422680)
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-8 * Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-8
- Require C++ on build when shipped atf library is used - Require C++ on build when shipped atf library is used

36
bind97-rh693982.patch
View File

@ -1,36 +0,0 @@
diff --git a/bin/named/server.c b/bin/named/server.c
index 20a6e31..dececd5 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8126,15 +8126,6 @@ load_configuration(const char *filename, ns_server_t *server,
ns_os_changeuser();
}
- /*
- * Check that the working directory is writable.
- */
- if (!isc_file_isdirwritable(".")) {
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
- "the working directory is not writable");
- }
-
#ifdef HAVE_LMDB
/*
* Reopen NZD databases.
@@ -8209,6 +8200,15 @@ load_configuration(const char *filename, ns_server_t *server,
"config file");
}
+ /*
+ * Check that the working directory is writable.
+ */
+ if (!isc_file_isdirwritable(".")) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
+ "the working directory is not writable");
+ }
+
/*
* Set the default value of the query logging flag depending
* whether a "queries" category has been defined. This is