rpms/bind
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Utilize system-wide crypto-policies (#1179925)

Browse Source 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2015-05-22 19:07:40 +02:00
parent c501776f39
commit 71f9fb4731
5 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -53,3 +53,4 @@ bind-9.7.2b1.tar.gz
/bind-9.10.2rc2.tar.gz /bind-9.10.2rc2.tar.gz
/bind-9.10.2.tar.gz /bind-9.10.2.tar.gz
/config-13.tar.bz2 /config-13.tar.bz2
/config-14.tar.bz2

7
bind.spec
View File

@ -38,7 +38,7 @@ Source7: bind-9.3.1rc1-sdb_tools-Makefile.in
Source8: dnszone.schema Source8: dnszone.schema
Source12: README.sdb_pgsql Source12: README.sdb_pgsql
Source25: named.conf.sample Source25: named.conf.sample
Source28: config-13.tar.bz2 Source28: config-14.tar.bz2
Source30: ldap2zone.c Source30: ldap2zone.c
Source31: ldap2zone.1 Source31: ldap2zone.1
Source32: named-sdb.8 Source32: named-sdb.8
@ -455,6 +455,7 @@ mkdir -p ${RPM_BUILD_ROOT}/var/log
#chroot #chroot
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/{dev,etc,var,run/named} mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/{dev,etc,var,run/named}
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/var/{log,named,tmp} mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/var/{log,named,tmp}
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/crypto-policies/back-ends
# create symlink as it is on real filesystem # create symlink as it is on real filesystem
pushd ${RPM_BUILD_ROOT}/%{chroot_prefix}/var pushd ${RPM_BUILD_ROOT}/%{chroot_prefix}/var
@ -477,6 +478,7 @@ touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/named.conf
%if %{SDB} %if %{SDB}
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/{dev,etc,var,run/named} mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/{dev,etc,var,run/named}
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var/{log,named,tmp} mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var/{log,named,tmp}
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/etc/crypto-policies/back-ends
# create symlink as it is on real filesystem # create symlink as it is on real filesystem
pushd ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var pushd ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var
@ -930,6 +932,7 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{chroot_prefix}/etc/named %dir %{chroot_prefix}/etc/named
%dir %{chroot_prefix}/etc/pki %dir %{chroot_prefix}/etc/pki
%dir %{chroot_prefix}/etc/pki/dnssec-keys %dir %{chroot_prefix}/etc/pki/dnssec-keys
%dir %{chroot_prefix}/etc/crypto-policies/back-ends
%dir %{chroot_prefix}/var %dir %{chroot_prefix}/var
%dir %{chroot_prefix}/run %dir %{chroot_prefix}/run
%dir %{chroot_prefix}/var/named %dir %{chroot_prefix}/var/named
@ -960,6 +963,7 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{chroot_sdb_prefix}/etc/named %dir %{chroot_sdb_prefix}/etc/named
%dir %{chroot_sdb_prefix}/etc/pki %dir %{chroot_sdb_prefix}/etc/pki
%dir %{chroot_sdb_prefix}/etc/pki/dnssec-keys %dir %{chroot_sdb_prefix}/etc/pki/dnssec-keys
%dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends
%dir %{chroot_sdb_prefix}/var %dir %{chroot_sdb_prefix}/var
%dir %{chroot_sdb_prefix}/run %dir %{chroot_sdb_prefix}/run
%dir %{chroot_sdb_prefix}/var/named %dir %{chroot_sdb_prefix}/var/named
@ -1008,6 +1012,7 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog %changelog
* Fri May 22 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-3 * Fri May 22 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-3
- Don't use ISC's DLV by default (#1223365) - Don't use ISC's DLV by default (#1223365)
- Utilize system-wide crypto-policies (#1179925)
* Thu May 21 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-2 * Thu May 21 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-2
- enable tuning for large systems - increases hardcoded internal limits - enable tuning for large systems - increases hardcoded internal limits

4
named.conf.sample
View File

@ -74,6 +74,10 @@ options
session-keyfile "/run/named/session.key"; session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic"; managed-keys-directory "/var/named/dynamic";
/* In Fedora we use system-wide Crypto Policy */
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
}; };
logging logging

3
setup-named-chroot.sh
View File

@ -2,7 +2,8 @@
ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf ROOTDIR_MOUNT='/etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named /var/named' /usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named /var/named
/etc/crypto-policies/back-ends/bind.config'
usage() usage()
{ {

2
sources
View File

@ -1,2 +1,2 @@
dca7a9967947bffa98547fca6130fc04 bind-9.10.2.tar.gz dca7a9967947bffa98547fca6130fc04 bind-9.10.2.tar.gz
f187d60dd6e0ac1854bf18a70df0b4a0 config-13.tar.bz2 dd419c3869c9bb1d73e044177ec1623c config-14.tar.bz2