- Do not allow package to be installed if named:25 userid creation fails

- Give libbind a pkg-config file
- remove restorecon from bind-chroot-admin (not required).
- fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };)
This commit is contained in:
jvdias 2006-03-08 18:17:55 +00:00
parent 7366a5e0eb
commit 505ab59fa4
3 changed files with 30 additions and 16 deletions

View File

@ -85,7 +85,7 @@ function check_dirs()
[ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3 [ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3
[ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] && [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime"; [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] && [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime";
chmod 666 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; chmod 666 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
if [ -d /selinux ] && [ -x /usr/bin/chcon ]; then if [ -d /selinux ] && [ -e /selinux/enforce ] && [ -x /usr/bin/chcon ]; then
for dev in random zero null; do for dev in random zero null; do
/usr/bin/chcon --reference=/dev/$dev ${BIND_CHROOT_PREFIX}/dev/$dev; /usr/bin/chcon --reference=/dev/$dev ${BIND_CHROOT_PREFIX}/dev/$dev;
done done
@ -223,7 +223,6 @@ function sync_files()
chown named:named ${pfx}/var/named/{data{,/*},slaves{,*/}} >/dev/null 2>&1; chown named:named ${pfx}/var/named/{data{,/*},slaves{,*/}} >/dev/null 2>&1;
chmod 770 ${pfx}/var/named/{data,slaves} >/dev/null 2>&1; chmod 770 ${pfx}/var/named/{data,slaves} >/dev/null 2>&1;
chmod 640 ${pfx}/var/named/{data/*,slaves/*} >/dev/null 2>&1; chmod 640 ${pfx}/var/named/{data/*,slaves/*} >/dev/null 2>&1;
[ -x /sbin/restorecon ] && /sbin/restorecon -R $pfx{/var/named,/etc/{named,rndc}.*} -e ${BIND_CHROOT_PREFIX}/proc -e ${BIND_CHROOT_PREFIX}/var/run/dbus -e ${BIND_CHROOT_PREFIX}/dev >/dev/null 2>&1;
} }
case $1 in case $1 in

View File

@ -7,6 +7,8 @@
%{?!test: %define test 0} %{?!test: %define test 0}
%{?!WITH_DBUS: %define WITH_DBUS 1} # + dynamic forwarder table management with D-BUS %{?!WITH_DBUS: %define WITH_DBUS 1} # + dynamic forwarder table management with D-BUS
%{?!DEBUGINFO: %define DEBUGINFO 1} %{?!DEBUGINFO: %define DEBUGINFO 1}
%{?!bind_uid: %define bind_uid 25}
%{?!bind_gid: %define bind_gid 25}
%define bind_dir /var/named %define bind_dir /var/named
%define chroot_prefix %{bind_dir}/chroot %define chroot_prefix %{bind_dir}/chroot
# #
@ -14,7 +16,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: BSD-like License: BSD-like
Version: 9.3.2 Version: 9.3.2
Release: 7 Release: 8
Epoch: 30 Epoch: 30
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
Buildroot: %{_tmppath}/%{name}-root Buildroot: %{_tmppath}/%{name}-root
@ -48,6 +50,7 @@ Source24: Copyright.caching-nameserver
Source25: rfc1912.txt Source25: rfc1912.txt
Source26: bind-chroot-admin.in Source26: bind-chroot-admin.in
Source27: named.rfc1912.zones Source27: named.rfc1912.zones
Source28: libbind.pc
# #
Patch: bind-9.2.0rc3-varrun.patch Patch: bind-9.2.0rc3-varrun.patch
Patch1: bind-9.3.2b2-rndckey.patch Patch1: bind-9.3.2b2-rndckey.patch
@ -164,6 +167,7 @@ If you would like to set up a caching name server, you'll need to install
bind, bind-libs, and bind-utils along with this package. bind, bind-libs, and bind-utils along with this package.
This package replaces the caching-nameserver package. This package replaces the caching-nameserver package.
%package chroot %package chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named(8) Summary: A chroot runtime environment for the ISC BIND DNS server, named(8)
Group: System Environment/Daemons Group: System Environment/Daemons
@ -386,6 +390,9 @@ cp -fp %{SOURCE12} contrib/sdb/pgsql/
%endif %endif
%if %{LIBBIND} %if %{LIBBIND}
gunzip < %{SOURCE9} | (cd $RPM_BUILD_ROOT/usr/share; tar -xpf -) gunzip < %{SOURCE9} | (cd $RPM_BUILD_ROOT/usr/share; tar -xpf -)
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
cp -fp %{SOURCE28} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libbind.pc
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libbind.pc
%endif %endif
%if %{WITH_DBUS} %if %{WITH_DBUS}
mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d
@ -583,6 +590,7 @@ exit 0
%files libbind-devel %files libbind-devel
%defattr(-,root,root) %defattr(-,root,root)
%{_libdir}/libbind.* %{_libdir}/libbind.*
%{_libdir}/pkgconfig/libbind.pc
%{_includedir}/bind %{_includedir}/bind
%{_mandir}/man3/libbind-* %{_mandir}/man3/libbind-*
%{_mandir}/man7/libbind-* %{_mandir}/man7/libbind-*
@ -607,16 +615,15 @@ exit 0
%pre %pre
if [ "$1" -eq 1 ]; then if [ "$1" -eq 1 ]; then
# create named group IFF it does not already exist /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
# - use any free ID between 1 and 499 if group 25 exists: if ! /usr/sbin/useradd -u %{bind_uid} -r -n -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1; then
/usr/sbin/groupadd -g 25 -f -r named >/dev/null 2>&1 || :;
# if named user does not already exist, create it as system user:
if ! /usr/bin/id -u named >/dev/null 2>&1; then if ! /usr/bin/id -u named >/dev/null 2>&1; then
if ! /bin/egrep -q '^[^:]+:[^:]+:25:' /etc/passwd >/dev/null 2>&1 ; then echo 'Creation of named userid '%{bind_uid}' failed.'
/usr/sbin/useradd -u 25 -r -n -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :; echo 'The bind package cannot be installed without a named:named userid and group.'
else if [ -x /usr/bin/logger ]; then
# use any free ID between 1 and 499: /usr/bin/logger -p 'user.crit' 'Creation of named userid '%{bind_uid}' failed - the bind package cannot be installed without a named:named userid and group.';
/usr/sbin/useradd -r -n -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :; fi;
exit 1;
fi; fi;
fi; fi;
fi; fi;
@ -715,7 +722,8 @@ fi;
%post config %post config
if [ "$1" -gt 0 ]; then if [ "$1" -gt 0 ]; then
/usr/bin/chcon system_u:object_r:named_conf_t /etc/named.caching-nameserver.conf >/dev/null 2>&1 || :; /usr/bin/chcon system_u:object_r:named_conf_t /etc/named.caching-nameserver.conf >/dev/null 2>&1 || :;
elif [ "$1" -eq 1 ]; then fi
if [ "$1" -eq 1 ]; then
/usr/sbin/bind-chroot-admin --sync; /usr/sbin/bind-chroot-admin --sync;
fi; fi;
:; :;
@ -796,6 +804,12 @@ rm -rf ${RPM_BUILD_ROOT}
:; :;
%changelog %changelog
* Wed Mar 08 2006 Jason Vas Dias <jvdias@redhat.com> - 30.9.3.2-8
- Do not allow package to be installed if named:25 userid creation fails
- Give libbind a pkg-config file
- remove restorecon from bind-chroot-admin (not required).
- fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };)
* Tue Mar 07 2006 Jason Vas Dias <jvdias@redhat.com> - 30:9.3.2-7 * Tue Mar 07 2006 Jason Vas Dias <jvdias@redhat.com> - 30:9.3.2-7
- fix issues with bind-chroot-admin - fix issues with bind-chroot-admin

View File

@ -11,6 +11,7 @@
// //
options { options {
listen-on port 53 { 127.0.0.1; }; listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named"; directory "/var/named";
dump-file "/var/named/data/cache_dump.db"; dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt"; statistics-file "/var/named/data/named_stats.txt";