From 2fc1c6e8a506e6206de9bbb9d7e7e3d164224984 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Tue, 3 Nov 2009 11:06:16 +0000 Subject: [PATCH] - update to 9.7.0b1 - add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC keys --- .cvsignore | 2 +- bind-9.5-libidn.patch | 46 +++++++++++----------- bind-9.5-sdb.patch | 55 ++++++++++++++------------- bind-96-dyndb.patch | 82 ++++++++++++++++++++-------------------- bind.spec | 38 ++++++++++++++++++- bind97-dist-pkcs11.patch | 22 +++++++++++ named.sysconfig | 4 ++ sources | 2 +- 8 files changed, 156 insertions(+), 95 deletions(-) create mode 100644 bind97-dist-pkcs11.patch diff --git a/.cvsignore b/.cvsignore index 2815858..ac145c1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -bind-9.7.0a3.tar.gz +bind-9.7.0b1.tar.gz config-4.tar.bz2 diff --git a/bind-9.5-libidn.patch b/bind-9.5-libidn.patch index b8e9ba5..fccfa61 100644 --- a/bind-9.5-libidn.patch +++ b/bind-9.5-libidn.patch @@ -1,6 +1,6 @@ -diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c ---- bind-9.7.0a3/bin/dig/dighost.c.libidn 2009-09-01 02:22:24.000000000 +0200 -+++ bind-9.7.0a3/bin/dig/dighost.c 2009-09-16 12:58:36.044643387 +0200 +diff -up bind-9.7.0b1/bin/dig/dighost.c.libidn bind-9.7.0b1/bin/dig/dighost.c +--- bind-9.7.0b1/bin/dig/dighost.c.libidn 2009-09-16 01:48:09.000000000 +0200 ++++ bind-9.7.0b1/bin/dig/dighost.c 2009-10-20 10:49:26.719056220 +0200 @@ -44,6 +44,11 @@ #include #endif @@ -13,7 +13,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c #include #ifdef DIG_SIGCHASE #include -@@ -147,6 +152,14 @@ static void idn_check_result(idn_result +@@ -153,6 +158,14 @@ static void idn_check_result(idn_result int idnoptions = 0; #endif @@ -28,7 +28,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c /*% * Exit Codes: * -@@ -1029,6 +1042,9 @@ setup_system(void) { +@@ -1184,6 +1197,9 @@ setup_system(void) { dig_searchlist_t *domain = NULL; lwres_result_t lwresult; unsigned int lwresflags; @@ -38,7 +38,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c debug("setup_system()"); -@@ -1087,8 +1103,15 @@ setup_system(void) { +@@ -1242,8 +1258,15 @@ setup_system(void) { #ifdef WITH_IDN initialize_idn(); @@ -55,7 +55,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c if (keyfile[0] != 0) setup_file_key(); else if (keysecret[0] != 0) -@@ -1789,12 +1812,18 @@ setup_lookup(dig_lookup_t *lookup) { +@@ -1957,12 +1980,18 @@ setup_lookup(dig_lookup_t *lookup) { idn_result_t mr; char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; #endif @@ -75,7 +75,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c REQUIRE(lookup != NULL); INSIST(!free_now); -@@ -1831,6 +1860,16 @@ setup_lookup(dig_lookup_t *lookup) { +@@ -1999,6 +2028,16 @@ setup_lookup(dig_lookup_t *lookup) { mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, utf8_textname, sizeof(utf8_textname)); idn_check_result(mr, "convert textname to UTF-8"); @@ -92,7 +92,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c #endif /* -@@ -1850,6 +1889,15 @@ setup_lookup(dig_lookup_t *lookup) { +@@ -2018,6 +2057,15 @@ setup_lookup(dig_lookup_t *lookup) { lookup->origin = ISC_LIST_HEAD(search_list); lookup->need_search = ISC_FALSE; } @@ -108,7 +108,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c #else if ((count_dots(lookup->textname) >= ndots) || !usesearch) { lookup->origin = NULL; /* Force abs lookup */ -@@ -1876,6 +1924,20 @@ setup_lookup(dig_lookup_t *lookup) { +@@ -2044,6 +2092,20 @@ setup_lookup(dig_lookup_t *lookup) { IDN_IDNCONV | IDN_LENCHECK, utf8_textname, idn_textname, sizeof(idn_textname)); idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); @@ -129,7 +129,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c #else if (lookup->origin != NULL) { debug("trying origin %s", lookup->origin->origin); -@@ -1931,6 +1993,13 @@ setup_lookup(dig_lookup_t *lookup) { +@@ -2099,6 +2161,13 @@ setup_lookup(dig_lookup_t *lookup) { result = dns_name_fromtext(lookup->name, &b, dns_rootname, 0, &lookup->namebuf); @@ -143,7 +143,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c #else len = strlen(lookup->textname); isc_buffer_init(&b, lookup->textname, len); -@@ -3449,7 +3518,7 @@ destroy_libs(void) { +@@ -3617,7 +3686,7 @@ destroy_libs(void) { void * ptr; dig_message_t *chase_msg; #endif @@ -152,7 +152,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c isc_result_t result; #endif -@@ -3488,6 +3557,10 @@ destroy_libs(void) { +@@ -3656,6 +3725,10 @@ destroy_libs(void) { result = dns_name_settotextfilter(NULL); check_result(result, "dns_name_settotextfilter"); #endif @@ -163,7 +163,7 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c dns_name_destroy(); if (commctx != NULL) { -@@ -3664,6 +3737,79 @@ idn_check_result(idn_result_t r, const c +@@ -3834,6 +3907,79 @@ idn_check_result(idn_result_t r, const c } } #endif /* WITH_IDN */ @@ -243,19 +243,19 @@ diff -up bind-9.7.0a3/bin/dig/dighost.c.libidn bind-9.7.0a3/bin/dig/dighost.c #ifdef DIG_SIGCHASE void -diff -up bind-9.7.0a3/bin/dig/Makefile.in.libidn bind-9.7.0a3/bin/dig/Makefile.in ---- bind-9.7.0a3/bin/dig/Makefile.in.libidn 2009-09-03 01:48:01.000000000 +0200 -+++ bind-9.7.0a3/bin/dig/Makefile.in 2009-09-16 12:59:00.314643312 +0200 +diff -up bind-9.7.0b1/bin/dig/Makefile.in.libidn bind-9.7.0b1/bin/dig/Makefile.in +--- bind-9.7.0b1/bin/dig/Makefile.in.libidn 2009-09-22 10:47:55.000000000 +0200 ++++ bind-9.7.0b1/bin/dig/Makefile.in 2009-10-20 10:50:06.201543709 +0200 @@ -46,10 +46,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${LWRESDEPLIBS} - LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \ -- ${ISCCFGLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCCFGLIBS} @IDNLIBS@ @LIBS@ -lidn + LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ +- ${ISCLIBS} @IDNLIBS@ @LIBS@ ++ ${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn - NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCNOSYMLIBS} \ -- ${ISCCFGLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCCFGLIBS} @IDNLIBS@ @LIBS@ -lidn + NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ +- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ ++ ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn SUBDIRS = diff --git a/bind-9.5-sdb.patch b/bind-9.5-sdb.patch index 726a96f..458aa4f 100644 --- a/bind-9.5-sdb.patch +++ b/bind-9.5-sdb.patch @@ -1,25 +1,26 @@ -diff -up bind-9.7.0a3/bin/Makefile.in.sdb bind-9.7.0a3/bin/Makefile.in ---- bind-9.7.0a3/bin/Makefile.in.sdb 2009-06-10 02:27:21.000000000 +0200 -+++ bind-9.7.0a3/bin/Makefile.in 2009-09-16 12:55:29.034655166 +0200 -@@ -19,7 +19,8 @@ srcdir = @srcdir@ +diff -up bind-9.7.0b1/bin/Makefile.in.sdb bind-9.7.0b1/bin/Makefile.in +--- bind-9.7.0b1/bin/Makefile.in.sdb 2009-10-05 14:07:08.000000000 +0200 ++++ bind-9.7.0b1/bin/Makefile.in 2009-10-20 11:01:21.011555584 +0200 +@@ -19,8 +19,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ --SUBDIRS = named rndc dig dnssec tests tools nsupdate check confgen -+SUBDIRS = named named-sdb rndc dig dnssec tests tools nsupdate check \ -+ confgen sdb_tools +-SUBDIRS = named rndc dig dnssec tests tools nsupdate \ +- check confgen @PKCS11_TOOLS@ ++SUBDIRS = named named-sdb rndc dig dnssec tests tools nsupdate \ ++ check confgen @PKCS11_TOOLS@ sdb_tools TARGETS = @BIND9_MAKE_RULES@ -diff -up bind-9.7.0a3/bin/named/Makefile.in.sdb bind-9.7.0a3/bin/named/Makefile.in ---- bind-9.7.0a3/bin/named/Makefile.in.sdb 2009-09-16 12:55:28.994644340 +0200 -+++ bind-9.7.0a3/bin/named/Makefile.in 2009-09-16 12:56:40.424643332 +0200 +diff -up bind-9.7.0b1/bin/named/Makefile.in.sdb bind-9.7.0b1/bin/named/Makefile.in +--- bind-9.7.0b1/bin/named/Makefile.in.sdb 2009-10-20 11:01:20.971545269 +0200 ++++ bind-9.7.0b1/bin/named/Makefile.in 2009-10-20 11:01:35.191543713 +0200 @@ -45,7 +45,7 @@ CINCLUDES = -I${srcdir}/include -I${srcd ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} --CDEFINES = -DBIND9 @USE_DLZ@ -+CDEFINES = -DBIND9 +-CDEFINES = -DBIND9 @USE_DLZ@ @USE_PKCS11@ ++CDEFINES = -DBIND9 @USE_PKCS11@ CWARNINGS = @@ -63,9 +64,9 @@ diff -up bind-9.7.0a3/bin/named/Makefile.in.sdb bind-9.7.0a3/bin/named/Makefile. ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 - -@DLZ_DRIVER_RULES@ -diff -up bind-9.7.0a3/bin/named-sdb/main.c.sdb bind-9.7.0a3/bin/named-sdb/main.c ---- bind-9.7.0a3/bin/named-sdb/main.c.sdb 2009-09-16 12:55:29.014643786 +0200 -+++ bind-9.7.0a3/bin/named-sdb/main.c 2009-09-16 12:55:29.034655166 +0200 +diff -up bind-9.7.0b1/bin/named-sdb/main.c.sdb bind-9.7.0b1/bin/named-sdb/main.c +--- bind-9.7.0b1/bin/named-sdb/main.c.sdb 2009-10-20 11:01:20.991546005 +0200 ++++ bind-9.7.0b1/bin/named-sdb/main.c 2009-10-20 11:01:21.011555584 +0200 @@ -75,6 +75,9 @@ * Include header files for database drivers here. */ @@ -76,7 +77,7 @@ diff -up bind-9.7.0a3/bin/named-sdb/main.c.sdb bind-9.7.0a3/bin/named-sdb/main.c /* * Include DLZ drivers if appropriate. -@@ -757,6 +760,10 @@ setup(void) { +@@ -766,6 +769,10 @@ setup(void) { ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); @@ -87,7 +88,7 @@ diff -up bind-9.7.0a3/bin/named-sdb/main.c.sdb bind-9.7.0a3/bin/named-sdb/main.c isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting BIND %s%s", ns_g_version, saved_command_line); -@@ -840,6 +847,57 @@ setup(void) { +@@ -849,6 +856,57 @@ setup(void) { isc_result_totext(result)); #endif @@ -145,7 +146,7 @@ diff -up bind-9.7.0a3/bin/named-sdb/main.c.sdb bind-9.7.0a3/bin/named-sdb/main.c ns_server_create(ns_g_mctx, &ns_g_server); } -@@ -867,6 +925,10 @@ cleanup(void) { +@@ -876,6 +934,10 @@ cleanup(void) { dns_name_destroy(); @@ -156,9 +157,9 @@ diff -up bind-9.7.0a3/bin/named-sdb/main.c.sdb bind-9.7.0a3/bin/named-sdb/main.c isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "exiting"); ns_log_shutdown(); -diff -up bind-9.7.0a3/bin/named-sdb/Makefile.in.sdb bind-9.7.0a3/bin/named-sdb/Makefile.in ---- bind-9.7.0a3/bin/named-sdb/Makefile.in.sdb 2009-09-16 12:55:29.014643786 +0200 -+++ bind-9.7.0a3/bin/named-sdb/Makefile.in 2009-09-16 12:57:05.617143628 +0200 +diff -up bind-9.7.0b1/bin/named-sdb/Makefile.in.sdb bind-9.7.0b1/bin/named-sdb/Makefile.in +--- bind-9.7.0b1/bin/named-sdb/Makefile.in.sdb 2009-10-20 11:01:20.991546005 +0200 ++++ bind-9.7.0b1/bin/named-sdb/Makefile.in 2009-10-20 11:01:21.011555584 +0200 @@ -28,10 +28,10 @@ top_srcdir = @top_srcdir@ # # Add database drivers here. @@ -208,10 +209,10 @@ diff -up bind-9.7.0a3/bin/named-sdb/Makefile.in.sdb bind-9.7.0a3/bin/named-sdb/M + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-sdb@EXEEXT@ ${DESTDIR}${sbindir} @DLZ_DRIVER_RULES@ -diff -up bind-9.7.0a3/configure.in.sdb bind-9.7.0a3/configure.in ---- bind-9.7.0a3/configure.in.sdb 2009-09-04 02:44:54.000000000 +0200 -+++ bind-9.7.0a3/configure.in 2009-09-16 12:55:29.044644803 +0200 -@@ -3144,6 +3144,8 @@ AC_CONFIG_FILES([ +diff -up bind-9.7.0b1/configure.in.sdb bind-9.7.0b1/configure.in +--- bind-9.7.0b1/configure.in.sdb 2009-10-16 06:16:17.000000000 +0200 ++++ bind-9.7.0b1/configure.in 2009-10-20 11:01:21.011555584 +0200 +@@ -3206,6 +3206,8 @@ AC_CONFIG_FILES([ bin/confgen/unix/Makefile bin/named/Makefile bin/named/unix/Makefile @@ -220,11 +221,11 @@ diff -up bind-9.7.0a3/configure.in.sdb bind-9.7.0a3/configure.in bin/rndc/Makefile bin/dig/Makefile bin/nsupdate/Makefile -@@ -3165,6 +3167,7 @@ AC_CONFIG_FILES([ +@@ -3227,6 +3229,7 @@ AC_CONFIG_FILES([ bin/tests/headerdep_test.sh bin/tools/Makefile bin/dnssec/Makefile + bin/sdb_tools/Makefile + bin/pkcs11/Makefile doc/Makefile doc/arm/Makefile - doc/misc/Makefile diff --git a/bind-96-dyndb.patch b/bind-96-dyndb.patch index 4966fd1..b249f2f 100644 --- a/bind-96-dyndb.patch +++ b/bind-96-dyndb.patch @@ -1,6 +1,6 @@ -diff -up bind-9.7.0a3/bin/named/main.c.dyndb bind-9.7.0a3/bin/named/main.c ---- bind-9.7.0a3/bin/named/main.c.dyndb 2009-09-01 20:40:25.000000000 +0200 -+++ bind-9.7.0a3/bin/named/main.c 2009-09-16 10:47:35.744643926 +0200 +diff -up bind-9.7.0b1/bin/named/main.c.dyndb bind-9.7.0b1/bin/named/main.c +--- bind-9.7.0b1/bin/named/main.c.dyndb 2009-10-05 19:30:49.000000000 +0200 ++++ bind-9.7.0b1/bin/named/main.c 2009-10-20 10:39:55.439045751 +0200 @@ -45,6 +45,7 @@ #include @@ -9,7 +9,7 @@ diff -up bind-9.7.0a3/bin/named/main.c.dyndb bind-9.7.0a3/bin/named/main.c #include #include #include -@@ -844,6 +845,8 @@ setup(void) { +@@ -853,6 +854,8 @@ setup(void) { static void cleanup(void) { @@ -18,9 +18,9 @@ diff -up bind-9.7.0a3/bin/named/main.c.dyndb bind-9.7.0a3/bin/named/main.c destroy_managers(); ns_server_destroy(&ns_g_server); -diff -up bind-9.7.0a3/bin/named/server.c.dyndb bind-9.7.0a3/bin/named/server.c ---- bind-9.7.0a3/bin/named/server.c.dyndb 2009-09-10 03:49:29.000000000 +0200 -+++ bind-9.7.0a3/bin/named/server.c 2009-09-16 10:47:35.744643926 +0200 +diff -up bind-9.7.0b1/bin/named/server.c.dyndb bind-9.7.0b1/bin/named/server.c +--- bind-9.7.0b1/bin/named/server.c.dyndb 2009-10-12 22:48:11.000000000 +0200 ++++ bind-9.7.0b1/bin/named/server.c 2009-10-20 10:39:55.439045751 +0200 @@ -58,6 +58,7 @@ #ifdef DLZ #include @@ -156,7 +156,7 @@ diff -up bind-9.7.0a3/bin/named/server.c.dyndb bind-9.7.0a3/bin/named/server.c /* * Parse the global default pseudo-config file. */ -@@ -4944,6 +5044,8 @@ loadconfig(ns_server_t *server) { +@@ -4945,6 +5045,8 @@ loadconfig(ns_server_t *server) { static isc_result_t reload(ns_server_t *server) { isc_result_t result; @@ -165,9 +165,9 @@ diff -up bind-9.7.0a3/bin/named/server.c.dyndb bind-9.7.0a3/bin/named/server.c CHECK(loadconfig(server)); result = load_zones(server, ISC_FALSE); -diff -up /dev/null bind-9.7.0a3/lib/dns/dynamic_db.c ---- /dev/null 2009-09-16 12:27:54.710000266 +0200 -+++ bind-9.7.0a3/lib/dns/dynamic_db.c 2009-09-16 10:47:35.744643926 +0200 +diff -up /dev/null bind-9.7.0b1/lib/dns/dynamic_db.c +--- /dev/null 2009-10-20 12:29:23.540001947 +0200 ++++ bind-9.7.0b1/lib/dns/dynamic_db.c 2009-10-20 10:39:55.439045751 +0200 @@ -0,0 +1,364 @@ +/* + * Copyright (C) 2008-2009 Red Hat, Inc. @@ -533,9 +533,9 @@ diff -up /dev/null bind-9.7.0a3/lib/dns/dynamic_db.c + + return args->timermgr; +} -diff -up /dev/null bind-9.7.0a3/lib/dns/include/dns/dynamic_db.h ---- /dev/null 2009-09-16 12:27:54.710000266 +0200 -+++ bind-9.7.0a3/lib/dns/include/dns/dynamic_db.h 2009-09-16 10:47:35.744643926 +0200 +diff -up /dev/null bind-9.7.0b1/lib/dns/include/dns/dynamic_db.h +--- /dev/null 2009-10-20 12:29:23.540001947 +0200 ++++ bind-9.7.0b1/lib/dns/include/dns/dynamic_db.h 2009-10-20 10:39:55.439045751 +0200 @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008-2009 Red Hat, Inc. @@ -587,9 +587,9 @@ diff -up /dev/null bind-9.7.0a3/lib/dns/include/dns/dynamic_db.h +isc_timermgr_t *dns_dyndb_get_timermgr(dns_dyndb_arguments_t *args); + +#endif -diff -up bind-9.7.0a3/lib/dns/include/dns/log.h.dyndb bind-9.7.0a3/lib/dns/include/dns/log.h ---- bind-9.7.0a3/lib/dns/include/dns/log.h.dyndb 2009-01-18 00:47:43.000000000 +0100 -+++ bind-9.7.0a3/lib/dns/include/dns/log.h 2009-09-16 10:47:35.744643926 +0200 +diff -up bind-9.7.0b1/lib/dns/include/dns/log.h.dyndb bind-9.7.0b1/lib/dns/include/dns/log.h +--- bind-9.7.0b1/lib/dns/include/dns/log.h.dyndb 2009-01-18 00:47:43.000000000 +0100 ++++ bind-9.7.0b1/lib/dns/include/dns/log.h 2009-10-20 10:39:55.439045751 +0200 @@ -73,6 +73,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodul #define DNS_LOGMODULE_HINTS (&dns_modules[24]) #define DNS_LOGMODULE_ACACHE (&dns_modules[25]) @@ -598,21 +598,21 @@ diff -up bind-9.7.0a3/lib/dns/include/dns/log.h.dyndb bind-9.7.0a3/lib/dns/inclu ISC_LANG_BEGINDECLS -diff -up bind-9.7.0a3/lib/dns/include/dns/Makefile.in.dyndb bind-9.7.0a3/lib/dns/include/dns/Makefile.in ---- bind-9.7.0a3/lib/dns/include/dns/Makefile.in.dyndb 2008-11-15 00:47:33.000000000 +0100 -+++ bind-9.7.0a3/lib/dns/include/dns/Makefile.in 2009-09-16 10:47:35.744643926 +0200 -@@ -23,7 +23,7 @@ top_srcdir = @top_srcdir@ +diff -up bind-9.7.0b1/lib/dns/include/dns/Makefile.in.dyndb bind-9.7.0b1/lib/dns/include/dns/Makefile.in +--- bind-9.7.0b1/lib/dns/include/dns/Makefile.in.dyndb 2009-10-09 01:48:10.000000000 +0200 ++++ bind-9.7.0b1/lib/dns/include/dns/Makefile.in 2009-10-20 10:42:34.949043781 +0200 +@@ -22,7 +22,7 @@ top_srcdir = @top_srcdir@ + @BIND9_VERSION@ - HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h \ - cert.h compress.h \ + HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h compress.h \ - db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h \ + db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h dynamic_db.h \ - dnssec.h ds.h events.h fixedname.h iptable.h journal.h keyflags.h \ - keytable.h keyvalues.h lib.h log.h master.h masterdump.h \ - message.h name.h ncache.h \ -diff -up bind-9.7.0a3/lib/dns/include/dns/types.h.dyndb bind-9.7.0a3/lib/dns/include/dns/types.h ---- bind-9.7.0a3/lib/dns/include/dns/types.h.dyndb 2009-09-01 02:22:27.000000000 +0200 -+++ bind-9.7.0a3/lib/dns/include/dns/types.h 2009-09-16 10:47:35.744643926 +0200 + dnssec.h ds.h events.h fixedname.h iptable.h journal.h \ + keyflags.h keytable.h keyvalues.h lib.h log.h \ + master.h masterdump.h message.h name.h ncache.h nsec.h \ +diff -up bind-9.7.0b1/lib/dns/include/dns/types.h.dyndb bind-9.7.0b1/lib/dns/include/dns/types.h +--- bind-9.7.0b1/lib/dns/include/dns/types.h.dyndb 2009-09-01 02:22:27.000000000 +0200 ++++ bind-9.7.0b1/lib/dns/include/dns/types.h 2009-10-20 10:39:55.439045751 +0200 @@ -60,6 +60,7 @@ typedef struct dns_dbtable dns_dbtable typedef void dns_dbversion_t; typedef struct dns_dlzimplementation dns_dlzimplementation_t; @@ -621,9 +621,9 @@ diff -up bind-9.7.0a3/lib/dns/include/dns/types.h.dyndb bind-9.7.0a3/lib/dns/inc typedef struct dns_sdlzimplementation dns_sdlzimplementation_t; typedef struct dns_decompress dns_decompress_t; typedef struct dns_dispatch dns_dispatch_t; -diff -up bind-9.7.0a3/lib/dns/log.c.dyndb bind-9.7.0a3/lib/dns/log.c ---- bind-9.7.0a3/lib/dns/log.c.dyndb 2007-06-19 01:47:40.000000000 +0200 -+++ bind-9.7.0a3/lib/dns/log.c 2009-09-16 10:47:35.744643926 +0200 +diff -up bind-9.7.0b1/lib/dns/log.c.dyndb bind-9.7.0b1/lib/dns/log.c +--- bind-9.7.0b1/lib/dns/log.c.dyndb 2007-06-19 01:47:40.000000000 +0200 ++++ bind-9.7.0b1/lib/dns/log.c 2009-10-20 10:39:55.439045751 +0200 @@ -79,6 +79,7 @@ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns { "dns/hints", 0 }, { "dns/acache", 0 }, @@ -632,9 +632,9 @@ diff -up bind-9.7.0a3/lib/dns/log.c.dyndb bind-9.7.0a3/lib/dns/log.c { NULL, 0 } }; -diff -up bind-9.7.0a3/lib/dns/Makefile.in.dyndb bind-9.7.0a3/lib/dns/Makefile.in ---- bind-9.7.0a3/lib/dns/Makefile.in.dyndb 2009-09-16 10:47:35.714664894 +0200 -+++ bind-9.7.0a3/lib/dns/Makefile.in 2009-09-16 10:47:35.744643926 +0200 +diff -up bind-9.7.0b1/lib/dns/Makefile.in.dyndb bind-9.7.0b1/lib/dns/Makefile.in +--- bind-9.7.0b1/lib/dns/Makefile.in.dyndb 2009-10-20 10:39:55.429046304 +0200 ++++ bind-9.7.0b1/lib/dns/Makefile.in 2009-10-20 10:43:14.571543754 +0200 @@ -57,8 +57,8 @@ DSTOBJS = @DST_EXTRA_OBJS@ \ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ cache.@O@ callbacks.@O@ compress.@O@ \ @@ -645,7 +645,7 @@ diff -up bind-9.7.0a3/lib/dns/Makefile.in.dyndb bind-9.7.0a3/lib/dns/Makefile.in + journal.@O@ keydata.@O@ keytable.@O@ lib.@O@ log.@O@ lookup.@O@ \ master.@O@ masterdump.@O@ message.@O@ \ name.@O@ ncache.@O@ nsec.@O@ nsec3.@O@ order.@O@ peer.@O@ \ - portlist.@O@ \ + portlist.@O@ private.@O@ \ @@ -84,7 +84,7 @@ DSTSRCS = @DST_EXTRA_SRCS@ \ DNSSRCS = acache.c acl.c adb.c byaddr.c \ cache.c callbacks.c compress.c \ @@ -667,9 +667,9 @@ diff -up bind-9.7.0a3/lib/dns/Makefile.in.dyndb bind-9.7.0a3/lib/dns/Makefile.in libdns.@SA@: ${OBJS} ${AR} ${ARFLAGS} $@ ${OBJS} ${RANLIB} $@ -diff -up bind-9.7.0a3/lib/isccfg/namedconf.c.dyndb bind-9.7.0a3/lib/isccfg/namedconf.c ---- bind-9.7.0a3/lib/isccfg/namedconf.c.dyndb 2009-09-02 18:10:03.000000000 +0200 -+++ bind-9.7.0a3/lib/isccfg/namedconf.c 2009-09-16 10:52:11.257143715 +0200 +diff -up bind-9.7.0b1/lib/isccfg/namedconf.c.dyndb bind-9.7.0b1/lib/isccfg/namedconf.c +--- bind-9.7.0b1/lib/isccfg/namedconf.c.dyndb 2009-10-13 01:48:02.000000000 +0200 ++++ bind-9.7.0b1/lib/isccfg/namedconf.c 2009-10-20 10:39:55.439045751 +0200 @@ -87,6 +87,7 @@ static cfg_type_t cfg_type_controls; static cfg_type_t cfg_type_controls_sockaddr; static cfg_type_t cfg_type_destinationlist; @@ -678,7 +678,7 @@ diff -up bind-9.7.0a3/lib/isccfg/namedconf.c.dyndb bind-9.7.0a3/lib/isccfg/named static cfg_type_t cfg_type_ixfrdifftype; static cfg_type_t cfg_type_key; static cfg_type_t cfg_type_logfile; -@@ -791,6 +792,7 @@ namedconf_or_view_clauses[] = { +@@ -798,6 +799,7 @@ namedconf_or_view_clauses[] = { { "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI }, /* only 1 DLZ per view allowed */ { "dlz", &cfg_type_dynamically_loadable_zones, 0 }, @@ -686,7 +686,7 @@ diff -up bind-9.7.0a3/lib/isccfg/namedconf.c.dyndb bind-9.7.0a3/lib/isccfg/named { "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI }, { "trusted-keys", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI }, { "managed-keys", &cfg_type_managedkeys, CFG_CLAUSEFLAG_MULTI }, -@@ -1561,6 +1563,40 @@ static cfg_type_t cfg_type_dialuptype = +@@ -1571,6 +1573,40 @@ static cfg_type_t cfg_type_dialuptype = &cfg_rep_string, dialup_enums }; diff --git a/bind.spec b/bind.spec index 6f2ec3c..7d0abed 100644 --- a/bind.spec +++ b/bind.spec @@ -5,7 +5,7 @@ #%define PATCHVER P1 #%define PREVER rc1 #%define VERSION %{version}-%{PATCHVER} -%define PREVER a3 +%define PREVER b1 %define VERSION %{version}%{PREVER} %{?!SDB: %define SDB 1} @@ -13,6 +13,7 @@ %{?!bind_uid: %define bind_uid 25} %{?!bind_gid: %define bind_gid 25} %{?!GSSTSIG: %define GSSTSIG 1} +%{?!PKCS11: %define PKCS11 1} %define bind_dir /var/named %define chroot_prefix %{bind_dir}/chroot # @@ -20,7 +21,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.7.0 -Release: 0.5.%{PREVER}%{?dist} +Release: 0.6.%{PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -51,6 +52,7 @@ Patch99: bind-96-libtool2.patch Patch101:bind-96-old-api.patch Patch102:bind-95-rh452060.patch Patch106:bind93-rh490837.patch +Patch107:bind97-dist-pkcs11.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -94,6 +96,19 @@ which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. +%if %{PKCS11} +%package pkcs11 +Summary: Bind PKCS#11 tools for using DNSSEC +Group: System Environment/Daemons +Requires: engine_pkcs11 opensc +#BuildRequires: opensc-devel + +%description pkcs11 +This is a set of PKCS#11 utilities that when used together create rsa +keys in a PKCS11 keystore, such as provided by opencryptoki. The keys +will have a label of "zone,zsk|ksk,xxx" and an id of the keytag in hex. +%endif + %if %{SDB} %package sdb Summary: BIND server with database backends and DLZ support @@ -213,6 +228,7 @@ mkdir m4 %patch102 -p1 -b .rh452060 %patch106 -p0 -b .rh490837 +%patch107 -p1 -b .dist-pkcs11 # Sparc and s390 arches need to use -fPIE %ifarch sparcv9 sparc64 s390 s390x @@ -242,6 +258,9 @@ libtoolize -c -f; aclocal -I m4 --force; autoconf -f --with-pic \ --disable-static \ --disable-openssl-version-check \ +%if %{PKCS11} + --with-pkcs11=%{_libdir}/pkcs11/PKCS11_API.so \ +%endif %if %{SDB} --with-dlz-ldap=yes \ --with-dlz-postgres=yes \ @@ -592,7 +611,22 @@ rm -rf ${RPM_BUILD_ROOT} %ghost %{chroot_prefix}/dev/zero %ghost %{chroot_prefix}/etc/localtime +%if %{PKCS11} +%files pkcs11 +%defattr(-,root,root,-) +%doc README.pkcs11 NSEC3-NOTES +%{_sbindir}/pkcs11-destroy +%{_sbindir}/pkcs11-keygen +%{_sbindir}/pkcs11-list +%{_mandir}/man8/pkcs11* +%endif + %changelog +* Mon Nov 03 2009 Adam Tkac 32:9.7.0-0.6.b1 +- update to 9.7.0b1 +- add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC + keys + * Thu Oct 08 2009 Adam Tkac 32:9.7.0-0.5.a3 - don't package named-bootconf utility, it is very outdated and unneeded diff --git a/bind97-dist-pkcs11.patch b/bind97-dist-pkcs11.patch new file mode 100644 index 0000000..cf8c9f0 --- /dev/null +++ b/bind97-dist-pkcs11.patch @@ -0,0 +1,22 @@ +diff -up bind-9.7.0b1/configure.in.dist-pkcs11 bind-9.7.0b1/configure.in +--- bind-9.7.0b1/configure.in.dist-pkcs11 2009-11-03 11:37:25.481430279 +0100 ++++ bind-9.7.0b1/configure.in 2009-11-03 11:41:04.573930858 +0100 +@@ -721,15 +721,16 @@ AC_ARG_WITH(pkcs11, + case "$use_pkcs11" in + no|'') + AC_MSG_RESULT(disabled) +- USE_PKCS11='' + PKCS11_TOOLS='' + ;; + yes|*) + AC_MSG_RESULT(using OpenSSL with PKCS11 support) +- USE_PKCS11='-DUSE_PKCS11' + PKCS11_TOOLS=pkcs11 + ;; + esac ++# We don't want to automatically load engine because it needs to have openct, ++# opencryptoki and friends installed. ++USE_PKCS11='' + AC_SUBST(USE_PKCS11) + AC_SUBST(PKCS11_TOOLS) + diff --git a/named.sysconfig b/named.sysconfig index da4c724..d503526 100644 --- a/named.sysconfig +++ b/named.sysconfig @@ -36,3 +36,7 @@ # named process. If you set this option to "yes" then # /var/named/ directory become writable by named user # and named will be able to write core dumps there. +# +# OPTIONS="-E pkcs11" -- Enable loading of DNSSEC keys from PKCS11 compatible +# keystores. Make sure you have bind-pkcs11 package +# installed. diff --git a/sources b/sources index fd500e6..9004ced 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -ff61597579dcb629213c7421b26e9457 bind-9.7.0a3.tar.gz +da182c92166e63f0fe758e8e5a691053 bind-9.7.0b1.tar.gz de68e10e91e05ab100be879b5bcaa6cb config-4.tar.bz2