- update to 9.7.1b1

- make /var/named/dynamic as a default directory for managed DNSSEC keys
- add patch to get "managed-keys-directory" option working
- patches merged
- bind97-managed-keyfile.patch
- bind97-rh554316.patch

.cvsignore

@@ -1,2 +1,2 @@
-config-6.tar.bz2
+bind-9.7.1b1.tar.gz
-bind-9.7.0-P2.tar.gz
+config-7.tar.bz2

bind.spec

@@ -2,11 +2,11 @@
 # Red Hat BIND package .spec file
 #
 
-%define PATCHVER P2
+#%define PATCHVER P2
 #%define VERSION %{version}
-#%define PREVER rc2
+%define PREVER b1
-#%define VERSION %{version}%{PREVER}
+#%define VERSION %{version}-%{PATCHVER}
-%define VERSION %{version}-%{PATCHVER}
+%define VERSION %{version}%{PREVER}
 
 %{?!SDB:       %define SDB       1}
 %{?!test:      %define test      0}
@@ -20,8 +20,8 @@
 Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
 Name:     bind
 License:  ISC
-Version:  9.7.0
+Version:  9.7.1
-Release:  11.%{PATCHVER}%{?dist}
+Release:  0.1.%{PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -38,7 +38,7 @@ Source8:  dnszone.schema
 Source12: README.sdb_pgsql
 Source21: Copyright.caching-nameserver
 Source25: named.conf.sample
-Source28: config-6.tar.bz2
+Source28: config-7.tar.bz2
 Source30: ldap2zone.c
 Source31: ldap2zone.1
 Source32: named-sdb.8
@@ -57,10 +57,9 @@ Patch101:bind-96-old-api.patch
 Patch102:bind-95-rh452060.patch
 Patch106:bind93-rh490837.patch
 Patch107:bind97-dist-pkcs11.patch
-Patch108:bind97-managed-keyfile.patch
 Patch109:bind97-rh478718.patch
 Patch110:bind97-rh507429.patch
-Patch111:bind97-rh554316.patch
+Patch111:bind97-keysdir.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -193,7 +192,6 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
 %patch10 -p1 -b .PIE
 %patch16 -p1 -b .redhat_doc
 %patch104 -p1 -b .dyndb
-%patch108 -p1 -b .managed-keyfile
 %if %{SDB}
 %patch101 -p1 -b .old-api
 mkdir bin/named-sdb
@@ -244,7 +242,7 @@ mkdir m4
 %patch107 -p1 -b .dist-pkcs11
 %patch109 -p1 -b .rh478718
 %patch110 -p1 -b .rh507429
-%patch111 -p1 -b .rh554316
+%patch111 -p1 -b .keysdir
 
 # Sparc and s390 arches need to use -fPIE
 %ifarch sparcv9 sparc64 s390 s390x
@@ -468,7 +466,8 @@ if grep -Eq '/etc/(named.dnssec.keys|pki/dnssec-keys)' /etc/named.conf; then
   if grep -q 'dlv.isc.org.conf' /etc/named.conf; then
     # DLV is configured, reconfigure it to new configuration
     sed -i -e 's/.*dnssec-lookaside.*dlv\.isc\.org\..*/dnssec-lookaside auto;\
-bindkeys-file "\/etc\/named.iscdlv.key";/' /etc/named.conf
+bindkeys-file "\/etc\/named.iscdlv.key";\
+managed-keys-directory "\/var\/named\/dynamic";/' /etc/named.conf
   fi
   sed -i -e '/.*named\.dnssec\.keys.*/d' -e '/.*pki\/dnssec-keys.*/d' \
     /etc/named.conf
@@ -668,6 +667,14 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon May 31 2010 Adam Tkac <atkac redhat com> 32:9.7.1-0.1.b1
+- update to 9.7.1b1
+- make /var/named/dynamic as a default directory for managed DNSSEC keys
+- add patch to get "managed-keys-directory" option working
+- patches merged
+  - bind97-managed-keyfile.patch
+  - bind97-rh554316.patch
+
 * Fri May 21 2010 Adam Tkac <atkac redhat com> 32:9.7.0-11.P2
 - update dnssec-conf Obsoletes/Provides
 

bind97-keysdir.patch

@@ -0,0 +1,11 @@
+diff -up bind-9.7.1b1/lib/isccfg/namedconf.c.keysdir bind-9.7.1b1/lib/isccfg/namedconf.c
+--- bind-9.7.1b1/lib/isccfg/namedconf.c.keysdir	2010-05-21 14:53:47.547846620 +0200
++++ bind-9.7.1b1/lib/isccfg/namedconf.c	2010-05-21 14:55:37.587846690 +0200
+@@ -849,6 +849,7 @@ options_clauses[] = {
+ 	{ "interface-interval", &cfg_type_uint32, 0 },
+ 	{ "listen-on", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI },
+ 	{ "listen-on-v6", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI },
++	{ "managed-keys-directory", &cfg_type_qstring, 0 },
+ 	{ "match-mapped-addresses", &cfg_type_boolean, 0 },
+ 	{ "memstatistics-file", &cfg_type_qstring, 0 },
+ 	{ "memstatistics", &cfg_type_boolean, 0 },

bind97-managed-keyfile.patch

@@ -1,20 +0,0 @@
-diff -up bind-9.7.0rc2/bin/named/server.c.managed-keyfile bind-9.7.0rc2/bin/named/server.c
---- bind-9.7.0rc2/bin/named/server.c.managed-keyfile	2010-02-15 16:17:26.051369348 +0100
-+++ bind-9.7.0rc2/bin/named/server.c	2010-02-15 16:24:16.408368990 +0100
-@@ -3020,6 +3020,7 @@ configure_zone(const cfg_obj_t *config, 
-  */
- 
- #define KEYZONE "managed-keys.bind"
-+#define KEYFILE "dynamic/managed-keys.bind"
- 
- static isc_result_t
- add_keydata_zone(dns_view_t *view, isc_mem_t *mctx) {
-@@ -3040,7 +3041,7 @@ add_keydata_zone(dns_view_t *view, isc_m
- 	CHECK(dns_zone_setorigin(zone, &zname));
- 	dns_name_free(&zname, mctx);
- 
--	CHECK(dns_zone_setfile(zone, KEYZONE));
-+	CHECK(dns_zone_setfile(zone, KEYFILE));
- 
- 	if (view->hints == NULL)
- 		dns_view_sethints(view, ns_g_server->in_roothints);

bind97-rh554316.patch

@@ -1,20 +0,0 @@
-diff -up bind-9.7.0-P1/lib/dns/validator.c.rh554316 bind-9.7.0-P1/lib/dns/validator.c
---- bind-9.7.0-P1/lib/dns/validator.c.rh554316	2010-02-25 06:26:27.000000000 +0100
-+++ bind-9.7.0-P1/lib/dns/validator.c	2010-03-26 15:37:56.113969498 +0100
-@@ -2211,7 +2211,7 @@ validatezonekey(dns_validator_t *val) {
- 		     result == ISC_R_SUCCESS;
- 		     result = dns_rdataset_next(val->event->sigrdataset))
- 		{
--			dns_keynode_t *keynode = NULL, *nextnode = NULL;
-+			dns_keynode_t *keynode = NULL;
- 
- 			dns_rdata_reset(&sigrdata);
- 			dns_rdataset_current(val->event->sigrdataset,
-@@ -2231,6 +2231,7 @@ validatezonekey(dns_validator_t *val) {
- 			    result == ISC_R_SUCCESS)
- 				atsep = ISC_TRUE;
- 			while (result == ISC_R_SUCCESS) {
-+				dns_keynode_t *nextnode = NULL;
- 				dstkey = dns_keynode_key(keynode);
- 				if (dstkey == NULL) {
- 					dns_keytable_detachkeynode(

sources

@@ -1,2 +1,2 @@
-90bd7f32fd5717b8294313b6b5ccc742  config-6.tar.bz2
+c5adb6cd318a4ff6e6b5468f47056597  bind-9.7.1b1.tar.gz
-47fc341901f00c1d815bef12ab4533de  bind-9.7.0-P2.tar.gz
+2c02006a58d9b9bb9e758816750b0014  config-7.tar.bz2