- obsolete dnssec-conf

- automatically update configuration from old dnssec-conf based - improve default configuration; enable DLV by default - remove obsolete triggerpostun from bind-libs subpackage
2010-02-15 16:07:02 +00:00 · 2010-02-15 16:07:02 +00:00 · 34adbeb306
commit 34adbeb306
parent 7f138a6ba9
7 changed files with 53 additions and 27 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,2 +1,2 @@
 config-5.tar.bz2
 bind-9.7.0rc2.tar.gz
 config-6.tar.bz2
--- a/bind.spec
+++ b/bind.spec
@ -20,7 +20,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.7.0
-Release:  0.13.%{PREVER}%{?dist}
+Release:  0.14.%{PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -37,7 +37,7 @@ Source8:  dnszone.schema
 Source12: README.sdb_pgsql
 Source21: Copyright.caching-nameserver
 Source25: named.conf.sample
-Source28: config-5.tar.bz2
+Source28: config-6.tar.bz2
 Source30: ldap2zone.c
 # Common patches
@ -52,6 +52,7 @@ Patch101:bind-96-old-api.patch
 Patch102:bind-95-rh452060.patch
 Patch106:bind93-rh490837.patch
 Patch107:bind97-dist-pkcs11.patch
 Patch108:bind97-managed-keyfile.patch
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@ -73,9 +74,12 @@ Requires:       mktemp
 Requires(post): grep, chkconfig
 Requires(pre):  shadow-utils
 Requires(preun):chkconfig
-Requires:       dnssec-conf
+Obsoletes:      bind-config < 30:9.3.2-34.fc6
-Obsoletes:      bind-config < 30:9.3.2-34.fc6, caching-nameserver < 31:9.4.1-7.fc8
+Provides:       bind-config = 30:9.3.2-34.fc6
-Provides:       bind-config = 30:9.3.2-34.fc6, caching-nameserver = 31:9.4.1-7.fc8
+Obsoletes:      caching-nameserver < 31:9.4.1-7.fc8
 Provides:       caching-nameserver = 31:9.4.1-7.fc8
 Obsoletes:      dnssec-conf < 1.22-6
 Provides:       dnssec-conf = 1.22-5
 BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
 BuildRequires:  libidn-devel, libxml2-devel
 %if %{SDB}
@ -180,6 +184,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
 %patch10 -p1 -b .PIE
 %patch16 -p1 -b .redhat_doc
 %patch104 -p1 -b .dyndb
 %patch108 -p1 -b .managed-keyfile
 %if %{SDB}
 %patch101 -p1 -b .old-api
 mkdir bin/named-sdb
@ -362,6 +367,7 @@ tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}
 touch ${RPM_BUILD_ROOT}/etc/rndc.key
 touch ${RPM_BUILD_ROOT}/etc/rndc.conf
 mkdir ${RPM_BUILD_ROOT}/etc/named
 install -m 644 bind.keys ${RPM_BUILD_ROOT}/etc/named.iscdlv.key
 install -m 644 %{SOURCE5}  ./rfc1912.txt
 install -m 644 %{SOURCE21} ./Copyright
@ -397,14 +403,6 @@ if [ "$1" -eq 1 ]; then
  # rndc.key has to have correct perms and ownership, CVE-2007-6283
  [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
  [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
  # Check DNSSEC settings if this is a fresh install
  if [ -r /etc/sysconfig/dnssec ]; then
    . /etc/sysconfig/dnssec
    [ -x /usr/sbin/dnssec-configure ] && \
      dnssec-configure -b --norestart --dnssec="$DNSSEC" --dlv="$DLV" > \
        /dev/null 2>&1
  fi;
 fi
 :;
@ -442,12 +440,14 @@ fi
 %postun libs
 /sbin/ldconfig
-# bind-libs between 32:9.6.1-0.1.b1 and 32:9.6.1-0.4.rc1 have bigger SOnames
+# Automatically update configuration from "dnssec-conf-based" to "BIND-based"
-# than current bind - https://bugzilla.redhat.com/show_bug.cgi?id=509635.
+%triggerpostun -n bind -- dnssec-conf
-# Remove this trigger when SOnames get bigger and also correct the %%postun
+[ -r '/etc/named.conf' ] || exit 0
-# section above (use %%postun libs -p /sbin/ldconfig)
+cp -fp /etc/named.conf /etc/named.conf.rpmsave
-%triggerpostun -n bind-libs -p /bin/bash -- bind-libs > 32:9.6.1-0.1.b1
+if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then
-/sbin/ldconfig
+  sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
    /etc/named.conf
 fi
 %post chroot
 if [ "$1" -gt 0 ]; then
@ -483,6 +483,7 @@ rm -rf ${RPM_BUILD_ROOT}
 %defattr(-,root,root,-)
 %{_libdir}/bind
 %config(noreplace) %{_sysconfdir}/sysconfig/named
 %config(noreplace) %attr(-,root,named) %{_sysconfdir}/named.iscdlv.key
 %{_sysconfdir}/rc.d/init.d/named
 %{_sysconfdir}/NetworkManager/dispatcher.d/13-named
 %{_sbindir}/arpaname
@ -623,6 +624,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 %changelog
 * Mon Feb 15 2010 Adam Tkac <atkac redhat com> 32:9.7.0-0.14.rc2
 - obsolete dnssec-conf
 - automatically update configuration from old dnssec-conf based
 - improve default configuration; enable DLV by default
 - remove obsolete triggerpostun from bind-libs subpackage
 * Thu Jan 28 2010 Adam Tkac <atkac redhat com> 32:9.7.0-0.13.rc2
 - update to 9.7.0rc2
--- a/bind97-managed-keyfile.patch
+++ b/bind97-managed-keyfile.patch
@ -0,0 +1,20 @@
 diff -up bind-9.7.0rc2/bin/named/server.c.managed-keyfile bind-9.7.0rc2/bin/named/server.c
 --- bind-9.7.0rc2/bin/named/server.c.managed-keyfile	2010-02-15 16:17:26.051369348 +0100
 +++ bind-9.7.0rc2/bin/named/server.c	2010-02-15 16:24:16.408368990 +0100
@@ -3020,6 +3020,7 @@ configure_zone(const cfg_obj_t *config, 
  */
 #define KEYZONE "managed-keys.bind"
 +#define KEYFILE "dynamic/managed-keys.bind"
 static isc_result_t
 add_keydata_zone(dns_view_t *view, isc_mem_t *mctx) {
@@ -3040,7 +3041,7 @@ add_keydata_zone(dns_view_t *view, isc_m
 	CHECK(dns_zone_setorigin(zone, &zname));
 	dns_name_free(&zname, mctx);
 -	CHECK(dns_zone_setfile(zone, KEYZONE));
 +	CHECK(dns_zone_setfile(zone, KEYFILE));
 	if (view->hints == NULL)
 		dns_view_sethints(view, ns_g_server->in_roothints);
--- a/named.conf.sample
+++ b/named.conf.sample
@ -57,6 +57,9 @@ options
 	/* Enable DNSSEC validation on recursive servers */
 	dnssec-validation yes;
 	/* Enable DLV by default, use built-in ISC DLV key. */
 	dnssec-lookaside auto;
 };
 logging 
--- a/named.init
+++ b/named.init
@ -22,7 +22,6 @@
 . /etc/rc.d/init.d/functions
 [ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
 [ -r /etc/sysconfig/dnssec ] && . /etc/sysconfig/dnssec
 RETVAL=0
 export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab}
@ -43,13 +42,9 @@ if [ -n "$ROOTDIR" ]; then
   fi;
 fi
 [ -x /usr/sbin/dnssec-configure ] && [ -r /etc/named.conf ] && \
  [ /etc/sysconfig/dnssec -nt /etc/named.conf ] && \
   /usr/sbin/dnssec-configure -b --norestart --dnssec="$DNSSEC" --dlv="$DLV"
 ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /var/named /etc/named.conf
 /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
-/usr/lib64/bind /usr/lib/bind'
+/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key'
 mount_chroot_conf()
 {
--- a/named.sysconfig
+++ b/named.sysconfig
@ -22,6 +22,7 @@
 #          - /etc/rndc.key
 #          - /etc/named.rfc1912.zones
 #          - /etc/named.dnssec.keys
 #	   - /etc/named.iscdlv.key
 #
 #	Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
 #	line to your /etc/rsyslog.conf file. Otherwise your logging becomes
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 4c35a2aac8d8054ea2154906bf57fb52  config-5.tar.bz2
 9b8a31ac279868264e5bcbacd7991149  bind-9.7.0rc2.tar.gz
 90bd7f32fd5717b8294313b6b5ccc742  config-6.tar.bz2